Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qb-X0iw-_pzMzQc9_a8Iz0kdIzE.roa
File:                     qb-X0iw-_pzMzQc9_a8Iz0kdIzE.roa (raw, json)
Hash identifier:          dtHNGfvtngcGXEUcpXhndhgbb+3uXA0TQQ+gujc/oc4=
Subject key identifier:   A9:BF:97:D2:2C:3E:FE:9C:CC:CD:07:3D:FD:AF:08:CF:49:1D:23:31
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DD0D1B6180748A789E65D411C3352D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qb-X0iw-_pzMzQc9_a8Iz0kdIzE.roa
Signing time:             Tue 02 Jan 2024 06:29:39 +0000
ROA not before:           Tue 02 Jan 2024 06:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211167
IP address blocks:        85.208.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:0d:1b:61:80:74:8a:78:9e:65:d4:11:c3:35:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9bf97d22c3efe9ccccd073dfdaf08cf491d2331
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:18:51:16:1d:82:c9:a2:23:cf:15:9d:96:ee:
                    59:19:0e:56:68:ff:60:ae:21:ab:50:f8:f5:ab:2a:
                    e0:fc:37:fb:b0:30:f5:a5:c1:68:67:31:28:23:05:
                    54:9f:8a:7b:f7:8a:4e:cb:83:3d:e0:2a:48:59:e9:
                    9d:de:7e:4e:ba:1f:31:30:3c:ff:80:e0:a8:2e:cb:
                    85:fe:48:98:3b:8a:0d:70:93:8b:c9:2f:05:35:ca:
                    d8:3b:d5:37:50:3e:91:14:d2:6a:fa:4e:95:d3:c6:
                    c1:b3:2c:20:fe:40:c9:60:d8:dc:32:91:47:40:24:
                    7a:f5:dd:04:c8:53:8a:51:7d:f4:a8:e1:91:e0:67:
                    0c:2a:5d:b5:32:7e:f3:f6:8b:05:10:19:ee:4a:e3:
                    7a:35:16:38:83:7e:70:18:89:e8:e8:4a:e8:bd:ca:
                    1c:95:e0:7c:43:fa:a3:f5:1b:8d:05:7a:89:05:07:
                    27:45:42:8f:43:6b:99:13:70:5d:39:d6:b1:9e:9e:
                    a1:f4:cc:41:a1:10:81:84:11:52:12:bd:d0:44:ed:
                    5b:73:d8:7b:47:79:53:33:c9:ec:1b:a2:e3:92:fc:
                    5d:d2:04:d6:20:39:f2:66:77:9d:04:22:3b:3e:0c:
                    29:c4:6c:cb:15:9a:d1:7a:7a:52:e4:ce:66:9e:a0:
                    97:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:BF:97:D2:2C:3E:FE:9C:CC:CD:07:3D:FD:AF:08:CF:49:1D:23:31
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qb-X0iw-_pzMzQc9_a8Iz0kdIzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:62:9f:31:48:ec:34:00:18:86:aa:e6:7f:2f:e2:a7:cd:0d:
         6f:61:16:aa:d3:df:73:4c:18:38:16:04:a1:39:e7:78:b3:0b:
         b4:bc:80:32:f7:72:30:ea:ba:c9:53:37:73:c6:69:ba:27:7a:
         df:d8:ac:a3:1d:25:ca:5a:ba:d7:63:60:84:61:c5:31:05:dc:
         68:e5:d4:32:00:6d:75:cf:0d:0a:73:15:23:70:ae:45:bf:85:
         eb:0f:49:a0:7d:4a:13:8a:98:b5:2e:ed:d1:d1:ef:22:dd:77:
         4b:bb:5b:63:a6:7a:ca:81:a5:7d:d6:af:94:2a:73:5f:b4:33:
         96:1f:57:64:bb:a4:0c:b9:a6:e0:a1:a3:a4:ed:80:53:57:f8:
         6e:b1:f2:8c:b6:d3:f4:af:44:1d:31:40:16:b6:6f:21:a2:6e:
         55:35:a5:c6:a5:dd:56:20:d4:0b:5a:c6:c7:36:49:df:63:6e:
         b0:03:e4:6d:62:c6:24:17:55:95:ec:95:9d:3a:80:3e:b7:a9:
         95:9a:a0:29:b5:0c:b0:6a:30:dc:be:4f:9c:69:e4:d9:d5:a7:
         fe:9a:fa:08:5a:b4:78:4d:8a:14:cf:26:c4:d9:67:ec:86:b2:
         e0:fb:97:79:77:99:ac:af:94:b1:0e:21:06:66:bd:0e:f6:52:
         47:8e:2a:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3Q0bYYB0inieZdQRwzUtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWJmOTdkMjJjM2VmZTljY2NjZDA3M2RmZGFmMDhjZjQ5MWQyMzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBhRFh2CyaIjzxWdlu5ZGQ5WaP9g
riGrUPj1qyrg/Df7sDD1pcFoZzEoIwVUn4p794pOy4M94CpIWemd3n5Ouh8xMDz/
gOCoLsuF/kiYO4oNcJOLyS8FNcrYO9U3UD6RFNJq+k6V08bBsywg/kDJYNjcMpFH
QCR69d0EyFOKUX30qOGR4GcMKl21Mn7z9osFEBnuSuN6NRY4g35wGIno6Erovcoc
leB8Q/qj9RuNBXqJBQcnRUKPQ2uZE3BdOdaxnp6h9MxBoRCBhBFSEr3QRO1bc9h7
R3lTM8nsG6Ljkvxd0gTWIDnyZnedBCI7PgwpxGzLFZrRenpS5M5mnqCX0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKm/l9IsPv6czM0HPf2vCM9JHSMxMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcWItWDBpdy1fcHpNelFjOV9hOEl6MGtkSXpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdCJMA0G
CSqGSIb3DQEBCwUAA4IBAQBYYp8xSOw0ABiGquZ/L+KnzQ1vYRaq099zTBg4FgSh
Oed4swu0vIAy93Iw6rrJUzdzxmm6J3rf2KyjHSXKWrrXY2CEYcUxBdxo5dQyAG11
zw0KcxUjcK5Fv4XrD0mgfUoTipi1Lu3R0e8i3XdLu1tjpnrKgaV91q+UKnNftDOW
H1dku6QMuabgoaOk7YBTV/husfKMttP0r0QdMUAWtm8hom5VNaXGpd1WINQLWsbH
NknfY26wA+RtYsYkF1WV7JWdOoA+t6mVmqAptQywajDcvk+caeTZ1af+mvoIWrR4
TYoUzybE2WfshrLg+5d5d5msr5SxDiEGZr0O9lJHjipK
-----END CERTIFICATE-----