Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/981839-9dfa-42d3-acb1-6218828ed896/1/QSlw35T018bS9HDX-KMHLrpMuOw.roa
File:                     QSlw35T018bS9HDX-KMHLrpMuOw.roa (raw, json)
Hash identifier:          jcQehnE3yRgffBvAFI1OMPNKfI+l9JbbPSfH5c9a7ns=
Subject key identifier:   41:29:70:DF:94:F4:D7:C6:D2:F4:70:D7:F8:A3:07:2E:BA:4C:B8:EC
Certificate issuer:       /CN=0a220da9b6e295855b627fea610e1cb61646894b
Certificate serial:       018CC26D69487B1E86CBA20953A4A1E33490
Authority key identifier: 0A:22:0D:A9:B6:E2:95:85:5B:62:7F:EA:61:0E:1C:B6:16:46:89:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CiINqbbilYVbYn_qYQ4cthZGiUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/981839-9dfa-42d3-acb1-6218828ed896/1/QSlw35T018bS9HDX-KMHLrpMuOw.roa
Signing time:             Mon 01 Jan 2024 00:29:59 +0000
ROA not before:           Mon 01 Jan 2024 00:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196754
IP address blocks:        195.88.248.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/981839-9dfa-42d3-acb1-6218828ed896/1/CiINqbbilYVbYn_qYQ4cthZGiUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/981839-9dfa-42d3-acb1-6218828ed896/1/CiINqbbilYVbYn_qYQ4cthZGiUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CiINqbbilYVbYn_qYQ4cthZGiUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:69:48:7b:1e:86:cb:a2:09:53:a4:a1:e3:34:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a220da9b6e295855b627fea610e1cb61646894b
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=412970df94f4d7c6d2f470d7f8a3072eba4cb8ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:32:d2:a1:05:13:5f:df:44:25:0c:87:c3:55:
                    3e:50:3f:50:46:6d:0b:7d:06:b0:8d:ec:ea:54:d2:
                    fa:89:d2:a2:61:b0:bf:f8:78:73:4c:83:3c:8a:40:
                    be:92:0e:40:48:d5:90:d6:19:7e:46:c8:f9:a4:f3:
                    cb:56:80:65:63:7d:95:7f:27:1c:59:d7:1f:79:a4:
                    f7:42:14:f2:e1:da:f1:46:5b:89:0c:7d:f2:ac:40:
                    3e:48:03:9b:89:73:aa:87:ae:c2:eb:0a:26:e7:29:
                    35:86:9a:5b:54:d9:08:cc:40:c8:ca:5d:04:66:bf:
                    cb:9f:c1:ba:56:d8:84:21:7d:1c:8a:fa:67:e4:1d:
                    36:58:e9:f5:23:b6:be:7e:8f:0d:dd:ae:ba:19:7a:
                    4c:2d:1b:19:b4:eb:1a:7a:09:ea:93:fa:e0:6f:c7:
                    7f:55:da:ca:47:40:43:35:bc:6b:4e:3e:41:3a:cd:
                    07:ec:c2:62:8f:e3:e3:8e:c2:7a:08:df:b4:89:0d:
                    73:81:67:18:18:37:7c:ad:6c:0f:88:79:f0:6b:aa:
                    1d:f8:54:46:ba:19:7a:76:37:03:b9:e9:05:be:2e:
                    f5:cf:87:3a:7a:b6:57:1e:95:cc:91:0a:1d:e3:c2:
                    26:81:a2:ab:13:18:09:53:6c:22:26:36:2a:79:77:
                    42:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:29:70:DF:94:F4:D7:C6:D2:F4:70:D7:F8:A3:07:2E:BA:4C:B8:EC
            X509v3 Authority Key Identifier:
                keyid:0A:22:0D:A9:B6:E2:95:85:5B:62:7F:EA:61:0E:1C:B6:16:46:89:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CiINqbbilYVbYn_qYQ4cthZGiUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/981839-9dfa-42d3-acb1-6218828ed896/1/QSlw35T018bS9HDX-KMHLrpMuOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/981839-9dfa-42d3-acb1-6218828ed896/1/CiINqbbilYVbYn_qYQ4cthZGiUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e0:1f:b2:e8:58:36:89:24:5a:ff:bc:c7:33:a8:af:b8:8e:62:
         8b:a9:90:f3:73:41:35:e3:48:13:f0:da:50:89:38:b3:6b:d8:
         27:0b:85:ef:a2:69:54:b0:21:d3:97:62:88:a0:d2:3b:4a:4c:
         0f:e2:87:8f:08:58:ac:45:3b:76:3f:f6:9a:d5:2e:ca:b6:d1:
         28:dd:95:e0:12:5c:d0:37:c9:5a:14:4b:a6:56:36:cc:8b:07:
         54:3b:00:48:fb:4b:9a:c8:76:c8:ac:02:20:e6:ae:7e:15:4d:
         f1:d7:f6:2d:29:77:74:40:73:e5:ba:06:aa:7b:31:7b:a4:7b:
         b2:93:54:e3:0a:96:d3:a8:78:6a:48:5e:e6:e0:2a:99:1c:9d:
         9f:bf:32:14:44:3e:43:37:c0:6b:bb:92:8c:21:96:d8:5d:08:
         17:e0:ef:90:bd:bd:88:c0:f4:4c:af:27:0e:71:75:59:46:07:
         7f:5f:32:06:f4:b2:43:34:a7:7d:05:18:db:b4:19:d2:8d:42:
         32:f7:6d:83:28:91:09:d4:db:23:80:54:3c:38:57:ad:d4:d2:
         82:81:f9:04:8c:04:c2:36:4c:c4:7e:88:03:2e:4b:45:af:66:
         ab:a8:d8:d6:12:56:ff:b5:c4:96:fd:e1:44:34:6d:1f:44:5a:
         d6:e4:80:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWlIex6Gy6IJU6Sh4zSQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMjIwZGE5YjZlMjk1ODU1YjYyN2ZlYTYxMGUxY2I2MTY0
Njg5NGIwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTI5NzBkZjk0ZjRkN2M2ZDJmNDcwZDdmOGEzMDcyZWJhNGNiOGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjLSoQUTX99EJQyHw1U+UD9QRm0L
fQawjezqVNL6idKiYbC/+HhzTIM8ikC+kg5ASNWQ1hl+Rsj5pPPLVoBlY32Vfycc
WdcfeaT3QhTy4drxRluJDH3yrEA+SAObiXOqh67C6wom5yk1hppbVNkIzEDIyl0E
Zr/Ln8G6VtiEIX0civpn5B02WOn1I7a+fo8N3a66GXpMLRsZtOsaegnqk/rgb8d/
VdrKR0BDNbxrTj5BOs0H7MJij+PjjsJ6CN+0iQ1zgWcYGDd8rWwPiHnwa6od+FRG
uhl6djcDuekFvi71z4c6erZXHpXMkQod48ImgaKrExgJU2wiJjYqeXdCLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEEpcN+U9NfG0vRw1/ijBy66TLjsMB8GA1UdIwQY
MBaAFAoiDam24pWFW2J/6mEOHLYWRolLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2lJTnFiYmlsWVZiWW5fcVlRNGN0aFpHaVVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85ODE4MzktOWRmYS00MmQzLWFjYjEt
NjIxODgyOGVkODk2LzEvUVNsdzM1VDAxOGJTOUhEWC1LTUhMcnBNdU93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85ODE4MzktOWRmYS00MmQzLWFjYjEtNjIxODgyOGVkODk2
LzEvQ2lJTnFiYmlsWVZiWW5fcVlRNGN0aFpHaVVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1j4MA0G
CSqGSIb3DQEBCwUAA4IBAQDgH7LoWDaJJFr/vMczqK+4jmKLqZDzc0E140gT8NpQ
iTiza9gnC4XvomlUsCHTl2KIoNI7SkwP4oePCFisRTt2P/aa1S7KttEo3ZXgElzQ
N8laFEumVjbMiwdUOwBI+0uayHbIrAIg5q5+FU3x1/YtKXd0QHPlugaqezF7pHuy
k1TjCpbTqHhqSF7m4CqZHJ2fvzIURD5DN8Bru5KMIZbYXQgX4O+Qvb2IwPRMrycO
cXVZRgd/XzIG9LJDNKd9BRjbtBnSjUIy922DKJEJ1NsjgFQ8OFet1NKCgfkEjATC
NkzEfogDLktFr2arqNjWElb/tcSW/eFENG0fRFrW5ICO
-----END CERTIFICATE-----