Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/bQTJcnSf8cv06dYjcW3vS-wUSa4.roa
File:                     bQTJcnSf8cv06dYjcW3vS-wUSa4.roa (raw, json)
Hash identifier:          dTq4ea9f3Z/Er4pdHR40SFq/rgIgCHMDTdeLAQHMkqM=
Subject key identifier:   6D:04:C9:72:74:9F:F1:CB:F4:E9:D6:23:71:6D:EF:4B:EC:14:49:AE
Certificate issuer:       /CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
Certificate serial:       018CC4924B17BC181AECD679525A130A6F5E
Authority key identifier: 7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/bQTJcnSf8cv06dYjcW3vS-wUSa4.roa
Signing time:             Mon 01 Jan 2024 10:29:30 +0000
ROA not before:           Mon 01 Jan 2024 10:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41219
IP address blocks:        185.88.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:4b:17:bc:18:1a:ec:d6:79:52:5a:13:0a:6f:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
        Validity
            Not Before: Jan  1 10:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d04c972749ff1cbf4e9d623716def4bec1449ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:98:cd:9b:55:38:cd:0b:69:6c:ac:a0:36:a4:
                    92:79:cf:b4:c4:e7:bf:36:d6:90:e0:cd:6d:cd:8d:
                    33:dd:bd:f9:66:d1:30:5b:3a:7e:79:9f:bd:5a:e2:
                    f9:07:1a:b5:2d:e0:fe:17:5b:75:68:b8:6a:3a:8e:
                    98:7d:36:17:e6:ad:8d:6d:fc:1c:7e:96:17:4c:3a:
                    f5:c3:ff:a0:92:25:37:c1:78:c9:fe:3d:2d:56:4f:
                    26:a3:ca:64:60:53:ba:5a:2b:3b:b4:24:8f:d7:d8:
                    34:3e:e2:01:41:d7:30:b8:25:d2:6e:05:42:57:fd:
                    52:36:2b:eb:96:61:a0:8f:fc:ac:0d:98:70:6c:36:
                    90:68:a6:c0:d4:6c:d8:00:37:03:a6:26:bc:40:f4:
                    f3:41:e3:fc:9d:51:89:1b:28:d7:23:82:94:be:d4:
                    28:02:df:01:64:95:3e:70:8a:b0:51:cb:de:7a:c2:
                    6a:c0:a3:99:30:ed:e1:b1:57:4f:39:68:37:67:ab:
                    ec:0a:2e:a9:8a:f2:ad:ea:5d:6d:c7:36:17:68:8c:
                    b6:88:67:36:0e:b7:3f:8a:e6:ab:3c:4c:9d:86:ae:
                    43:31:86:68:05:e7:55:af:33:32:97:37:68:6b:e4:
                    be:b4:d9:1f:d3:cd:eb:d2:3d:4d:51:04:dc:fb:82:
                    c1:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:04:C9:72:74:9F:F1:CB:F4:E9:D6:23:71:6D:EF:4B:EC:14:49:AE
            X509v3 Authority Key Identifier:
                keyid:7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/bQTJcnSf8cv06dYjcW3vS-wUSa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:c5:d9:c9:e9:9f:27:3c:e9:10:e1:60:fb:e5:b3:a2:cb:b9:
         56:e4:46:bc:45:1f:14:27:16:02:d5:26:08:ca:0a:3f:2b:65:
         bb:89:5b:40:53:e3:0a:42:eb:cb:a7:01:d9:4a:d0:50:a0:1d:
         09:7d:b2:ef:44:14:6e:46:36:6e:f5:be:9c:48:b1:14:48:48:
         8a:26:e2:f9:d5:66:b4:bf:c1:eb:7a:94:82:00:06:7b:8a:9a:
         48:75:59:91:1b:a0:6d:cd:78:98:84:aa:f9:64:7d:83:51:09:
         34:b4:11:74:91:d6:08:43:76:c5:a5:f1:1f:d1:c0:d2:b8:f8:
         04:12:e4:44:a3:7a:0e:ef:75:fe:bf:3d:53:71:28:36:75:a1:
         df:f0:4c:7a:5e:3f:e1:43:14:c2:45:27:ac:05:28:5c:15:51:
         24:de:51:b6:47:9a:b6:18:53:2d:3f:38:14:97:89:c7:96:aa:
         ed:00:f0:d8:e5:80:f1:d4:5e:8b:94:d5:d0:2c:96:93:7c:1f:
         e1:c5:17:45:7f:d7:a8:bc:dc:b8:1b:14:06:46:65:a6:3d:43:
         33:f6:d3:7b:72:70:62:12:6b:5b:1c:8e:24:d3:00:4f:e6:bf:
         cd:7b:c8:31:30:25:ae:0f:53:99:df:e7:12:f8:77:61:68:00:
         19:54:58:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkksXvBga7NZ5UloTCm9eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZWYwNjllN2UzZWQ1YmY3MGY2ODJjZTQwYzU4MTBmZjNl
NWUzNzgwHhcNMjQwMTAxMTAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDA0Yzk3Mjc0OWZmMWNiZjRlOWQ2MjM3MTZkZWY0YmVjMTQ0OWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpjNm1U4zQtpbKygNqSSec+0xOe/
NtaQ4M1tzY0z3b35ZtEwWzp+eZ+9WuL5Bxq1LeD+F1t1aLhqOo6YfTYX5q2Nbfwc
fpYXTDr1w/+gkiU3wXjJ/j0tVk8mo8pkYFO6Wis7tCSP19g0PuIBQdcwuCXSbgVC
V/1SNivrlmGgj/ysDZhwbDaQaKbA1GzYADcDpia8QPTzQeP8nVGJGyjXI4KUvtQo
At8BZJU+cIqwUcveesJqwKOZMO3hsVdPOWg3Z6vsCi6pivKt6l1txzYXaIy2iGc2
Drc/iuarPEydhq5DMYZoBedVrzMylzdoa+S+tNkf083r0j1NUQTc+4LB/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0EyXJ0n/HL9OnWI3Ft70vsFEmuMB8GA1UdIwQY
MBaAFHrvBp5+PtW/cPaCzkDFgQ/z5eN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmIt
OTAwMDM0ZjAwZDllLzEvYlFUSmNuU2Y4Y3YwNmRZamNXM3ZTLXdVU2E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmItOTAwMDM0ZjAwZDll
LzEvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuViAMA0G
CSqGSIb3DQEBCwUAA4IBAQCZxdnJ6Z8nPOkQ4WD75bOiy7lW5Ea8RR8UJxYC1SYI
ygo/K2W7iVtAU+MKQuvLpwHZStBQoB0JfbLvRBRuRjZu9b6cSLEUSEiKJuL51Wa0
v8HrepSCAAZ7ippIdVmRG6BtzXiYhKr5ZH2DUQk0tBF0kdYIQ3bFpfEf0cDSuPgE
EuREo3oO73X+vz1TcSg2daHf8Ex6Xj/hQxTCRSesBShcFVEk3lG2R5q2GFMtPzgU
l4nHlqrtAPDY5YDx1F6LlNXQLJaTfB/hxRdFf9eovNy4GxQGRmWmPUMz9tN7cnBi
EmtbHI4k0wBP5r/Ne8gxMCWuD1OZ3+cS+HdhaAAZVFhX
-----END CERTIFICATE-----