Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/940550-daab-4c9d-8440-f8c9e0962354/1/qk1gfyznG77fYf8jJg8i1X1uTR4.roa
File:                     qk1gfyznG77fYf8jJg8i1X1uTR4.roa (raw, json)
Hash identifier:          ET7IuPxEqcZV9VUIx7iPVEtUHQ+6RcTE/u/ZEp3Tmdw=
Subject key identifier:   AA:4D:60:7F:2C:E7:1B:BE:DF:61:FF:23:26:0F:22:D5:7D:6E:4D:1E
Certificate issuer:       /CN=f6954d0103a7a3e652354a74489f86daf9a1a59d
Certificate serial:       018F954C1E209797D3B781D22DADD9184AFE
Authority key identifier: F6:95:4D:01:03:A7:A3:E6:52:35:4A:74:48:9F:86:DA:F9:A1:A5:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9pVNAQOno-ZSNUp0SJ-G2vmhpZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/940550-daab-4c9d-8440-f8c9e0962354/1/qk1gfyznG77fYf8jJg8i1X1uTR4.roa
Signing time:             Mon 20 May 2024 09:19:04 +0000
ROA not before:           Mon 20 May 2024 09:19:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58265
IP address blocks:        185.200.224.0/22 maxlen: 24
                          193.138.156.0/22 maxlen: 24
                          193.169.184.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/940550-daab-4c9d-8440-f8c9e0962354/1/9pVNAQOno-ZSNUp0SJ-G2vmhpZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/940550-daab-4c9d-8440-f8c9e0962354/1/9pVNAQOno-ZSNUp0SJ-G2vmhpZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9pVNAQOno-ZSNUp0SJ-G2vmhpZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 21:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:95:4c:1e:20:97:97:d3:b7:81:d2:2d:ad:d9:18:4a:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6954d0103a7a3e652354a74489f86daf9a1a59d
        Validity
            Not Before: May 20 09:19:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa4d607f2ce71bbedf61ff23260f22d57d6e4d1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9e:ee:4e:db:e0:49:99:ea:98:d8:f1:b0:83:
                    1d:a3:3d:99:d4:d8:5b:9a:2f:98:3b:15:81:db:62:
                    7d:06:5b:9b:c4:27:49:31:4a:45:1f:32:de:5e:d4:
                    96:d2:a7:b0:9a:b2:42:ef:65:ab:4e:f8:af:8c:55:
                    e6:c0:ab:ff:f6:32:11:79:fe:b0:5c:8e:c4:da:af:
                    73:e2:3c:29:fd:f7:34:b2:91:4a:1e:c5:78:36:20:
                    78:de:29:90:ab:d6:dc:44:78:6c:b0:45:67:13:63:
                    97:d2:36:32:c1:a9:41:5c:1b:ef:be:5b:6f:31:0b:
                    49:7d:66:14:08:96:2f:b7:75:36:3c:bf:f7:a0:1f:
                    70:4d:e8:a2:bf:05:35:ba:56:c2:75:e3:4e:33:e2:
                    c7:0c:78:33:61:d2:c9:97:78:06:7f:04:7c:a7:e2:
                    eb:03:b3:81:34:bf:b9:19:e6:d5:f5:38:54:7f:40:
                    05:66:75:fa:79:89:59:b9:33:fd:5a:ef:2f:14:20:
                    73:f3:09:34:74:52:22:a9:d9:c6:33:61:5d:1e:52:
                    32:5d:f0:02:5c:a2:e7:ea:65:cc:3e:99:45:51:20:
                    32:13:7a:26:d1:10:d1:38:ef:e2:c1:53:fc:d3:13:
                    b3:4d:f4:5b:88:1f:e2:ad:e8:3d:a3:3e:83:a7:43:
                    5d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:4D:60:7F:2C:E7:1B:BE:DF:61:FF:23:26:0F:22:D5:7D:6E:4D:1E
            X509v3 Authority Key Identifier:
                keyid:F6:95:4D:01:03:A7:A3:E6:52:35:4A:74:48:9F:86:DA:F9:A1:A5:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9pVNAQOno-ZSNUp0SJ-G2vmhpZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/940550-daab-4c9d-8440-f8c9e0962354/1/qk1gfyznG77fYf8jJg8i1X1uTR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/940550-daab-4c9d-8440-f8c9e0962354/1/9pVNAQOno-ZSNUp0SJ-G2vmhpZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.224.0/22
                  193.138.156.0/22
                  193.169.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:b0:68:31:0b:88:ff:f0:31:c0:5d:77:98:51:81:ee:c0:77:
         4a:a9:8f:13:6c:3c:1c:06:2d:08:56:39:2d:d4:e7:70:5a:b9:
         a2:57:6a:e0:52:ea:1b:46:1b:63:51:f0:09:68:91:ad:01:f2:
         78:a5:83:e3:79:2e:5e:12:6a:ad:6d:84:dc:55:6f:64:3f:81:
         20:41:77:3d:5d:dd:be:21:3e:49:12:16:ae:d4:15:b0:7c:de:
         b2:e3:b2:7b:76:3c:18:4d:a6:e1:cd:68:81:74:4e:fe:65:ac:
         e5:65:be:00:d8:49:76:3f:e4:e6:fd:90:90:d3:2c:c5:b6:3c:
         23:0b:b9:72:29:ef:0e:f1:9c:d1:19:5e:4d:36:9a:81:28:c6:
         76:66:67:3c:46:b4:34:22:27:0b:b7:4b:e4:c2:c5:c4:49:af:
         22:c8:5d:8a:ca:b6:f1:36:70:14:02:cb:6b:fa:90:41:df:44:
         35:99:98:49:a5:7a:a1:f3:c1:e1:60:93:8d:98:f9:b7:42:8c:
         ba:c3:ec:91:40:ca:5b:e1:9d:bd:72:2c:60:81:19:69:a0:18:
         36:6e:a8:17:d6:bb:15:d5:69:08:8b:bf:f7:0d:15:3c:66:11:
         af:3c:b8:6b:be:7f:9f:97:34:e8:38:f9:47:61:a0:ac:5c:fa:
         7a:17:3a:1e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY+VTB4gl5fTt4HSLa3ZGEr+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2OTU0ZDAxMDNhN2EzZTY1MjM1NGE3NDQ4OWY4NmRhZjlh
MWE1OWQwHhcNMjQwNTIwMDkxOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTRkNjA3ZjJjZTcxYmJlZGY2MWZmMjMyNjBmMjJkNTdkNmU0ZDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZ7uTtvgSZnqmNjxsIMdoz2Z1Nhb
mi+YOxWB22J9BlubxCdJMUpFHzLeXtSW0qewmrJC72WrTvivjFXmwKv/9jIRef6w
XI7E2q9z4jwp/fc0spFKHsV4NiB43imQq9bcRHhssEVnE2OX0jYywalBXBvvvltv
MQtJfWYUCJYvt3U2PL/3oB9wTeiivwU1ulbCdeNOM+LHDHgzYdLJl3gGfwR8p+Lr
A7OBNL+5GebV9ThUf0AFZnX6eYlZuTP9Wu8vFCBz8wk0dFIiqdnGM2FdHlIyXfAC
XKLn6mXMPplFUSAyE3om0RDROO/iwVP80xOzTfRbiB/ireg9oz6Dp0NdfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKpNYH8s5xu+32H/IyYPItV9bk0eMB8GA1UdIwQY
MBaAFPaVTQEDp6PmUjVKdEifhtr5oaWdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXBWTkFRT25vLVpTTlVwMFNKLUcydm1ocFowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85NDA1NTAtZGFhYi00YzlkLTg0NDAt
ZjhjOWUwOTYyMzU0LzEvcWsxZ2Z5em5HNzdmWWY4akpnOGkxWDF1VFI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy85NDA1NTAtZGFhYi00YzlkLTg0NDAtZjhjOWUwOTYyMzU0
LzEvOXBWTkFRT25vLVpTTlVwMFNKLUcydm1ocFowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCucjgAwQC
wYqcAwQBwam4MA0GCSqGSIb3DQEBCwUAA4IBAQBksGgxC4j/8DHAXXeYUYHuwHdK
qY8TbDwcBi0IVjkt1OdwWrmiV2rgUuobRhtjUfAJaJGtAfJ4pYPjeS5eEmqtbYTc
VW9kP4EgQXc9Xd2+IT5JEhau1BWwfN6y47J7djwYTabhzWiBdE7+ZazlZb4A2El2
P+Tm/ZCQ0yzFtjwjC7lyKe8O8ZzRGV5NNpqBKMZ2Zmc8RrQ0IicLt0vkwsXESa8i
yF2KyrbxNnAUAstr+pBB30Q1mZhJpXqh88HhYJONmPm3Qoy6w+yRQMpb4Z29cixg
gRlpoBg2bqgX1rsV1WkIi7/3DRU8ZhGvPLhrvn+flzToOPlHYaCsXPp6Fzoe
-----END CERTIFICATE-----