Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/Qpt_WE7u7qPmZQvhid6Wdj14J-Q.roa
File:                     Qpt_WE7u7qPmZQvhid6Wdj14J-Q.roa (raw, json)
Hash identifier:          +cZhAWwD80FbGGP1sJdoVLy5zcq2Q13OMjQP9BRud4A=
Subject key identifier:   42:9B:7F:58:4E:EE:EE:A3:E6:65:0B:E1:89:DE:96:76:3D:78:27:E4
Certificate issuer:       /CN=de14a429e6658abb70a3792c172d7ed62eb8fa26
Certificate serial:       018EBDB9780C8AD22995297DB4AC85C7682D
Authority key identifier: DE:14:A4:29:E6:65:8A:BB:70:A3:79:2C:17:2D:7E:D6:2E:B8:FA:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3hSkKeZlirtwo3ksFy1-1i64-iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/Qpt_WE7u7qPmZQvhid6Wdj14J-Q.roa
Signing time:             Mon 08 Apr 2024 12:40:32 +0000
ROA not before:           Mon 08 Apr 2024 12:40:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60472
IP address blocks:        185.128.11.0/24 maxlen: 26
                          2a0f:5ac0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/3hSkKeZlirtwo3ksFy1-1i64-iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/3hSkKeZlirtwo3ksFy1-1i64-iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3hSkKeZlirtwo3ksFy1-1i64-iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Nov 2024 08:27:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:b9:78:0c:8a:d2:29:95:29:7d:b4:ac:85:c7:68:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de14a429e6658abb70a3792c172d7ed62eb8fa26
        Validity
            Not Before: Apr  8 12:40:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=429b7f584eeeeea3e6650be189de96763d7827e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:dc:02:24:ee:ca:c6:59:bf:59:1b:94:15:58:
                    bb:33:dc:ae:e3:6d:3d:f1:0d:52:65:01:33:34:11:
                    e2:14:6d:da:8c:09:90:bd:81:cb:4b:65:dc:b4:e4:
                    4d:e8:7b:4b:32:d0:c5:10:e1:6b:6d:27:94:e1:01:
                    56:4b:ce:60:3c:c4:db:fa:61:b4:08:00:bb:b6:b1:
                    01:74:3c:ef:13:5e:d9:6f:6d:81:8a:ca:c2:ee:bd:
                    9c:1e:c8:6a:21:ea:39:24:1c:0d:19:6c:ab:36:a2:
                    d1:17:30:11:f5:b7:ad:30:4d:84:19:53:9b:b6:24:
                    16:f2:a7:f5:ed:f6:f1:bf:73:d9:dd:b5:40:9b:fd:
                    b2:c4:f9:4c:71:14:3a:cb:de:8b:39:6b:a1:a5:55:
                    27:8a:fa:5d:22:61:6e:ef:6f:5c:97:e6:a3:b5:0e:
                    6d:12:ca:d0:6a:73:a2:12:72:7d:24:3f:25:31:d9:
                    6e:57:45:cf:56:8a:d9:9b:2e:bd:9e:33:33:89:87:
                    d7:f0:55:e5:fd:11:95:5f:47:99:92:77:31:8c:a2:
                    21:86:b9:7e:93:40:f3:ad:f8:80:2a:76:4b:b0:08:
                    52:aa:46:e7:ec:af:32:a8:58:c9:cc:ca:22:e2:a0:
                    75:bf:81:98:18:aa:04:e0:41:4e:f4:a7:47:16:3a:
                    51:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:9B:7F:58:4E:EE:EE:A3:E6:65:0B:E1:89:DE:96:76:3D:78:27:E4
            X509v3 Authority Key Identifier:
                keyid:DE:14:A4:29:E6:65:8A:BB:70:A3:79:2C:17:2D:7E:D6:2E:B8:FA:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3hSkKeZlirtwo3ksFy1-1i64-iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/Qpt_WE7u7qPmZQvhid6Wdj14J-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/3hSkKeZlirtwo3ksFy1-1i64-iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.11.0/24
                IPv6:
                  2a0f:5ac0::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:83:ad:cd:49:6b:a9:d4:9f:02:6a:31:e3:a4:7d:d7:48:86:
         a3:92:fe:7f:20:f9:25:4d:20:b5:4f:fd:00:31:be:03:0f:01:
         d9:3b:a6:54:ff:f7:15:dd:c8:ea:73:40:3c:6a:ca:b9:25:40:
         6b:3e:c5:5f:06:a6:6e:48:be:2a:cd:1b:cd:9e:b6:ba:af:e6:
         72:00:a2:7b:01:af:20:79:7a:ab:51:e5:50:39:92:31:98:11:
         d3:c4:f8:fa:d2:0c:d9:bb:91:55:dc:77:34:a6:a7:de:22:76:
         8c:f9:4c:75:89:85:fe:11:dc:a7:9c:27:1e:06:5f:3b:61:fc:
         bb:90:7d:9d:aa:a4:33:90:46:88:82:20:90:42:ea:87:43:18:
         37:2b:af:a6:44:74:cf:30:f8:fe:11:a1:a2:01:1b:62:74:96:
         6c:48:ce:00:9f:f3:3a:15:d5:91:2c:2a:50:97:81:cc:5c:7d:
         4a:93:5e:39:50:01:17:ac:e6:42:26:65:74:13:1a:fd:3e:bc:
         ce:7f:06:c6:22:09:e2:7a:92:4a:5e:53:1c:52:ec:4c:ac:4e:
         55:9c:37:ca:7b:a4:f0:90:45:7a:15:2d:1c:35:61:6f:5f:46:
         90:82:62:0f:38:e9:4e:38:fa:66:8a:05:f7:d5:26:c8:5a:ae:
         5a:8c:b1:00
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY69uXgMitIplSl9tKyFx2gtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMTRhNDI5ZTY2NThhYmI3MGEzNzkyYzE3MmQ3ZWQ2MmVi
OGZhMjYwHhcNMjQwNDA4MTI0MDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjliN2Y1ODRlZWVlZWEzZTY2NTBiZTE4OWRlOTY3NjNkNzgyN2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNwCJO7Kxlm/WRuUFVi7M9yu4209
8Q1SZQEzNBHiFG3ajAmQvYHLS2XctORN6HtLMtDFEOFrbSeU4QFWS85gPMTb+mG0
CAC7trEBdDzvE17Zb22BisrC7r2cHshqIeo5JBwNGWyrNqLRFzAR9betME2EGVOb
tiQW8qf17fbxv3PZ3bVAm/2yxPlMcRQ6y96LOWuhpVUnivpdImFu729cl+ajtQ5t
EsrQanOiEnJ9JD8lMdluV0XPVorZmy69njMziYfX8FXl/RGVX0eZkncxjKIhhrl+
k0DzrfiAKnZLsAhSqkbn7K8yqFjJzMoi4qB1v4GYGKoE4EFO9KdHFjpRCwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEKbf1hO7u6j5mUL4YnelnY9eCfkMB8GA1UdIwQY
MBaAFN4UpCnmZYq7cKN5LBctftYuuPomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2hTa0tlWmxpcnR3bzNrc0Z5MS0xaTY0LWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi83M2QxOTctMzNjMC00MmU4LWEyOTEt
MDVkOWMxY2Q3NDI1LzEvUXB0X1dFN3U3cVBtWlF2aGlkNldkajE0Si1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi83M2QxOTctMzNjMC00MmU4LWEyOTEtMDVkOWMxY2Q3NDI1
LzEvM2hTa0tlWmxpcnR3bzNrc0Z5MS0xaTY0LWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYALMA0E
AgACMAcDBQAqD1rAMA0GCSqGSIb3DQEBCwUAA4IBAQCCg63NSWup1J8CajHjpH3X
SIajkv5/IPklTSC1T/0AMb4DDwHZO6ZU//cV3cjqc0A8asq5JUBrPsVfBqZuSL4q
zRvNnra6r+ZyAKJ7Aa8geXqrUeVQOZIxmBHTxPj60gzZu5FV3Hc0pqfeInaM+Ux1
iYX+EdynnCceBl87Yfy7kH2dqqQzkEaIgiCQQuqHQxg3K6+mRHTPMPj+EaGiARti
dJZsSM4An/M6FdWRLCpQl4HMXH1Kk145UAEXrOZCJmV0Exr9PrzOfwbGIgniepJK
XlMcUuxMrE5VnDfKe6TwkEV6FS0cNWFvX0aQgmIPOOlOOPpmigX31SbIWq5ajLEA
-----END CERTIFICATE-----