Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/QKGiLmjWMTEkveUIL6UZ5q0SEOs.roa
File:                     QKGiLmjWMTEkveUIL6UZ5q0SEOs.roa (raw, json)
Hash identifier:          3bV/k8iRKu3mHQg27t48OxF+5AiEfzpTb/vWuEwl8KY=
Subject key identifier:   40:A1:A2:2E:68:D6:31:31:24:BD:E5:08:2F:A5:19:E6:AD:12:10:EB
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649D4F445ABE825DEC9948038469973
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/QKGiLmjWMTEkveUIL6UZ5q0SEOs.roa
Signing time:             Mon 01 Jan 2024 18:29:36 +0000
ROA not before:           Mon 01 Jan 2024 18:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21337
IP address blocks:        195.34.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:d4:f4:45:ab:e8:25:de:c9:94:80:38:46:99:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40a1a22e68d6313124bde5082fa519e6ad1210eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0e:2f:d2:04:b5:83:f1:fd:90:f9:bc:0c:26:
                    98:18:44:8a:e1:51:75:22:ef:f8:f5:61:dc:be:b2:
                    e4:23:34:0d:12:e4:0c:0d:96:92:e7:9f:04:d4:c0:
                    e7:7c:c5:32:07:02:58:6f:c5:e7:3b:6b:4a:bc:65:
                    7d:cd:ba:94:de:91:de:37:4f:1f:14:2e:fe:be:11:
                    30:30:ac:8b:35:08:a3:22:e4:6d:f4:f0:b9:d7:1a:
                    b1:96:09:16:62:2f:ba:d9:06:eb:9e:14:a3:75:2d:
                    42:58:6a:40:8f:b3:16:13:a9:ad:c4:59:ed:32:e4:
                    aa:96:f8:5d:0d:98:60:1b:ac:54:cd:93:fa:aa:36:
                    f8:6f:6d:dc:54:0b:a5:44:95:7e:7a:45:c8:ab:35:
                    ce:65:cc:74:b0:fe:53:20:05:58:34:db:31:dc:04:
                    d9:79:a4:fb:41:ca:4e:4e:69:fe:46:65:79:9d:3c:
                    29:18:e0:6f:56:12:3c:03:47:5d:d3:5e:9a:3b:26:
                    96:2a:20:ef:45:60:b7:ae:b3:ad:28:52:f9:8d:71:
                    32:4b:f5:66:3a:c5:42:bf:cd:fd:ee:9e:21:c2:02:
                    dc:b6:d6:17:08:d1:59:fe:1d:1b:77:37:57:5f:3f:
                    12:27:a2:70:b8:8c:c6:78:df:00:e5:2f:c8:22:84:
                    da:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:A1:A2:2E:68:D6:31:31:24:BD:E5:08:2F:A5:19:E6:AD:12:10:EB
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/QKGiLmjWMTEkveUIL6UZ5q0SEOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.34.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:7f:90:c7:df:48:1d:1a:04:c0:b6:05:eb:e1:53:f3:0d:7e:
         75:8d:f0:b3:4a:4c:9d:84:e4:19:8b:d8:6f:21:ab:60:4d:fd:
         e1:56:58:9b:1b:5c:3b:df:a6:ed:f8:e5:20:e1:14:58:90:9b:
         08:b6:53:c8:b4:b8:9c:4d:08:51:c3:14:41:f7:4b:e2:79:26:
         09:c0:d2:9c:fd:71:12:cc:d4:3a:46:2a:ae:4e:2a:79:44:b5:
         24:79:00:a8:1f:f3:b6:39:f5:62:41:ad:ce:a8:f0:8a:8d:df:
         79:48:ac:57:15:a0:d6:29:60:94:fb:19:1a:2d:42:6e:cf:4d:
         4a:f7:a9:84:7f:55:c4:51:9e:fa:5d:f4:43:1e:f0:60:e5:4f:
         65:74:19:17:dd:ea:3f:b5:bb:dd:e9:a5:dc:4a:dd:f7:90:62:
         6b:6d:d0:51:71:76:19:ea:60:20:bb:c7:52:b1:ea:c1:f9:8b:
         3a:20:f6:b3:71:a7:82:2b:f2:97:89:f4:7c:36:56:9f:b2:ae:
         bb:73:a5:ea:df:4a:95:9f:19:58:5a:38:bc:9d:4a:2b:0a:95:
         9b:8d:ce:0d:bb:62:d1:26:d5:65:c0:9d:8e:9d:59:2f:52:1a:
         e6:36:0e:a9:82:f6:9e:83:b0:68:3c:7e:55:3c:3d:0f:a1:15:
         3b:86:64:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSdT0RavoJd7JlIA4RplzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGExYTIyZTY4ZDYzMTMxMjRiZGU1MDgyZmE1MTllNmFkMTIxMGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjg4v0gS1g/H9kPm8DCaYGESK4VF1
Iu/49WHcvrLkIzQNEuQMDZaS558E1MDnfMUyBwJYb8XnO2tKvGV9zbqU3pHeN08f
FC7+vhEwMKyLNQijIuRt9PC51xqxlgkWYi+62QbrnhSjdS1CWGpAj7MWE6mtxFnt
MuSqlvhdDZhgG6xUzZP6qjb4b23cVAulRJV+ekXIqzXOZcx0sP5TIAVYNNsx3ATZ
eaT7QcpOTmn+RmV5nTwpGOBvVhI8A0dd016aOyaWKiDvRWC3rrOtKFL5jXEyS/Vm
OsVCv8397p4hwgLcttYXCNFZ/h0bdzdXXz8SJ6JwuIzGeN8A5S/IIoTaqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEChoi5o1jExJL3lCC+lGeatEhDrMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvUUtHaUxtaldNVEVrdmVVSUw2VVo1cTBTRU9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyJwMA0G
CSqGSIb3DQEBCwUAA4IBAQAXf5DH30gdGgTAtgXr4VPzDX51jfCzSkydhOQZi9hv
IatgTf3hVlibG1w736bt+OUg4RRYkJsItlPItLicTQhRwxRB90vieSYJwNKc/XES
zNQ6RiquTip5RLUkeQCoH/O2OfViQa3OqPCKjd95SKxXFaDWKWCU+xkaLUJuz01K
96mEf1XEUZ76XfRDHvBg5U9ldBkX3eo/tbvd6aXcSt33kGJrbdBRcXYZ6mAgu8dS
serB+Ys6IPazcaeCK/KXifR8Nlafsq67c6Xq30qVnxlYWji8nUorCpWbjc4Nu2LR
JtVlwJ2OnVkvUhrmNg6pgvaeg7BoPH5VPD0PoRU7hmTZ
-----END CERTIFICATE-----