Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/9770a1-59bd-415a-bade-b282dd674823/1/QNstPQE9ZulDLKdz8jmTmvilx7o.roa
File:                     QNstPQE9ZulDLKdz8jmTmvilx7o.roa (raw, json)
Hash identifier:          Q8sF2hSBUCyfSRRRg9gV0DcvIyX77Fnorxv/6suBlBY=
Subject key identifier:   40:DB:2D:3D:01:3D:66:E9:43:2C:A7:73:F2:39:93:9A:F8:A5:C7:BA
Certificate issuer:       /CN=d4d1f325bf8ae694a19f28fd407cd5bb500e1b3e
Certificate serial:       018CC6B913A8C72A196B774BD8553871023A
Authority key identifier: D4:D1:F3:25:BF:8A:E6:94:A1:9F:28:FD:40:7C:D5:BB:50:0E:1B:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1NHzJb-K5pShnyj9QHzVu1AOGz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/9770a1-59bd-415a-bade-b282dd674823/1/QNstPQE9ZulDLKdz8jmTmvilx7o.roa
Signing time:             Mon 01 Jan 2024 20:31:07 +0000
ROA not before:           Mon 01 Jan 2024 20:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.116.0/24 maxlen: 24
                          2001:7f8:c7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/9770a1-59bd-415a-bade-b282dd674823/1/1NHzJb-K5pShnyj9QHzVu1AOGz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/9770a1-59bd-415a-bade-b282dd674823/1/1NHzJb-K5pShnyj9QHzVu1AOGz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1NHzJb-K5pShnyj9QHzVu1AOGz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:13:a8:c7:2a:19:6b:77:4b:d8:55:38:71:02:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4d1f325bf8ae694a19f28fd407cd5bb500e1b3e
        Validity
            Not Before: Jan  1 20:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40db2d3d013d66e9432ca773f239939af8a5c7ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d2:b1:96:54:ba:1d:6b:d5:75:da:63:9f:84:
                    ba:de:0c:17:ab:2f:5d:35:fa:38:6d:61:ee:94:01:
                    a0:51:24:4d:74:22:fb:87:f0:8a:0f:dc:87:d2:81:
                    8b:fc:99:9e:a5:4f:5b:ce:44:b4:20:d4:b6:92:d1:
                    fa:b3:d7:5d:b6:f3:a1:7a:60:7d:8d:40:67:e1:c6:
                    a4:8b:05:67:3a:d2:98:af:e1:2c:9f:db:a0:ed:67:
                    ec:dd:80:fd:65:9f:b8:45:31:35:0d:af:93:e6:f7:
                    ec:97:1f:5d:0e:bc:d8:00:11:72:7d:d8:0a:28:6b:
                    72:df:10:4b:12:88:14:a9:79:3a:ed:53:72:6f:0c:
                    87:95:ff:05:b6:28:2c:c1:c4:22:d5:7c:4b:cd:74:
                    d1:2b:e5:66:e3:5a:60:65:cc:22:0f:76:f4:70:d8:
                    89:f9:f2:aa:a7:c8:11:26:67:ba:13:39:06:34:3f:
                    4c:b4:7c:ed:73:7b:43:86:9a:2d:08:b3:09:8b:10:
                    ea:6d:59:40:b9:43:44:3b:e1:07:2e:6a:12:6f:3a:
                    48:c7:80:62:d7:18:c5:2f:ed:6e:33:09:01:90:a8:
                    3e:2c:e6:74:fb:f6:7c:50:cb:f5:cf:bd:4b:43:27:
                    44:d3:12:d6:68:d6:2a:b0:d0:e6:6b:32:6f:74:9d:
                    db:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:DB:2D:3D:01:3D:66:E9:43:2C:A7:73:F2:39:93:9A:F8:A5:C7:BA
            X509v3 Authority Key Identifier:
                keyid:D4:D1:F3:25:BF:8A:E6:94:A1:9F:28:FD:40:7C:D5:BB:50:0E:1B:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1NHzJb-K5pShnyj9QHzVu1AOGz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/9770a1-59bd-415a-bade-b282dd674823/1/QNstPQE9ZulDLKdz8jmTmvilx7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/9770a1-59bd-415a-bade-b282dd674823/1/1NHzJb-K5pShnyj9QHzVu1AOGz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.116.0/24
                IPv6:
                  2001:7f8:c7::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:84:69:84:df:60:30:db:5b:e6:e1:0d:64:d1:53:9f:f5:26:
         22:30:d0:1b:bc:a8:e0:fa:15:34:67:f6:61:7c:67:9f:06:36:
         85:7b:ea:b4:a3:e3:e0:ba:dd:6b:8a:c3:94:a3:ec:a2:9d:25:
         33:b8:1f:6f:cd:43:6e:6a:a6:7c:1f:01:b0:99:b0:de:45:33:
         b7:1c:64:53:b1:1b:9a:cd:ed:76:4f:be:32:e3:5f:d6:24:44:
         39:30:08:a9:d0:c4:ab:31:36:e2:2a:a9:fb:9f:15:b6:62:cb:
         8c:b3:6c:ad:e8:97:72:6a:54:f3:f2:b8:8f:b2:1e:e9:02:0a:
         b8:23:e9:bf:c5:03:7d:6f:2e:77:2f:26:5b:be:fa:27:23:be:
         b0:b3:04:24:f8:82:a9:bf:c6:b3:75:b3:8a:b3:32:d0:ec:41:
         53:0a:cd:56:55:80:56:4b:80:27:79:88:35:20:dc:7b:6a:bc:
         fe:52:00:40:11:0e:6a:b6:96:5b:cf:f7:c2:f0:5c:15:f8:b1:
         99:96:ad:61:93:7e:87:fe:00:aa:14:39:92:33:9a:26:63:85:
         1c:c8:7d:ec:97:21:5b:cd:e9:cc:44:0c:2f:a2:be:47:2c:27:
         69:18:cf:d7:b9:b6:4d:75:36:8e:d3:17:cd:33:91:f5:05:d1:
         40:56:ac:1f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuROoxyoZa3dL2FU4cQI6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZDFmMzI1YmY4YWU2OTRhMTlmMjhmZDQwN2NkNWJiNTAw
ZTFiM2UwHhcNMjQwMTAxMjAzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGRiMmQzZDAxM2Q2NmU5NDMyY2E3NzNmMjM5OTM5YWY4YTVjN2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9KxllS6HWvVddpjn4S63gwXqy9d
Nfo4bWHulAGgUSRNdCL7h/CKD9yH0oGL/JmepU9bzkS0INS2ktH6s9ddtvOhemB9
jUBn4cakiwVnOtKYr+Esn9ug7Wfs3YD9ZZ+4RTE1Da+T5vfslx9dDrzYABFyfdgK
KGty3xBLEogUqXk67VNybwyHlf8FtigswcQi1XxLzXTRK+Vm41pgZcwiD3b0cNiJ
+fKqp8gRJme6EzkGND9MtHztc3tDhpotCLMJixDqbVlAuUNEO+EHLmoSbzpIx4Bi
1xjFL+1uMwkBkKg+LOZ0+/Z8UMv1z71LQydE0xLWaNYqsNDmazJvdJ3bcQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEDbLT0BPWbpQyync/I5k5r4pce6MB8GA1UdIwQY
MBaAFNTR8yW/iuaUoZ8o/UB81btQDhs+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU5IekpiLUs1cFNobnlqOVFIelZ1MUFPR3o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi85NzcwYTEtNTliZC00MTVhLWJhZGUt
YjI4MmRkNjc0ODIzLzEvUU5zdFBRRTladWxETEtkejhqbVRtdmlseDdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi85NzcwYTEtNTliZC00MTVhLWJhZGUtYjI4MmRkNjc0ODIz
LzEvMU5IekpiLUs1cFNobnlqOVFIelZ1MUFPR3o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQF0MA8E
AgACMAkDBwAgAQf4AMcwDQYJKoZIhvcNAQELBQADggEBACyEaYTfYDDbW+bhDWTR
U5/1JiIw0Bu8qOD6FTRn9mF8Z58GNoV76rSj4+C63WuKw5Sj7KKdJTO4H2/NQ25q
pnwfAbCZsN5FM7ccZFOxG5rN7XZPvjLjX9YkRDkwCKnQxKsxNuIqqfufFbZiy4yz
bK3ol3JqVPPyuI+yHukCCrgj6b/FA31vLncvJlu++icjvrCzBCT4gqm/xrN1s4qz
MtDsQVMKzVZVgFZLgCd5iDUg3HtqvP5SAEARDmq2llvP98LwXBX4sZmWrWGTfof+
AKoUOZIzmiZjhRzIfeyXIVvN6cxEDC+ivkcsJ2kYz9e5tk11No7TF80zkfUF0UBW
rB8=
-----END CERTIFICATE-----