Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/QRfdQovIQ-p1eAUybp7e2CuBUzI.roa
File:                     QRfdQovIQ-p1eAUybp7e2CuBUzI.roa (raw, json)
Hash identifier:          pmX/nsqpvE4HD08ycTBM21/FhgMJt6IpDiTCsJNPozg=
Subject key identifier:   41:17:DD:42:8B:C8:43:EA:75:78:05:32:6E:9E:DE:D8:2B:81:53:32
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       018CC500BC4854DC52B7AB16F11E670FCBC3
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/QRfdQovIQ-p1eAUybp7e2CuBUzI.roa
Signing time:             Mon 01 Jan 2024 12:30:08 +0000
ROA not before:           Mon 01 Jan 2024 12:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20764
IP address blocks:        185.121.71.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:bc:48:54:dc:52:b7:ab:16:f1:1e:67:0f:cb:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  1 12:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4117dd428bc843ea757805326e9eded82b815332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:58:77:e5:29:97:21:b6:19:a4:bb:91:82:39:
                    92:fb:2d:a9:1a:90:1d:b8:5a:c3:f8:4d:b6:85:ed:
                    b9:93:dc:1e:a6:55:11:c2:3a:d3:c5:f5:0e:01:23:
                    9b:04:cc:c1:57:26:d3:5f:8d:71:ce:43:43:91:d0:
                    fd:67:74:b4:c4:4e:af:74:79:d4:5a:9f:55:c4:b9:
                    cd:50:4e:f9:be:f7:be:cc:90:12:59:8d:f1:42:b8:
                    3e:b2:32:c4:fb:2d:86:8c:fb:61:cf:19:e0:79:77:
                    84:cb:a3:25:9e:04:ba:61:5c:ea:57:75:1e:68:5c:
                    84:89:ec:e2:38:ce:c8:3c:b1:3e:e6:ec:44:b7:37:
                    ad:ea:46:6f:b6:b5:d6:60:74:15:90:e3:fb:ec:66:
                    f2:1d:bd:33:e5:08:ad:8c:2d:20:da:69:bd:ea:e6:
                    e7:e2:04:29:1c:86:2b:b7:a6:42:6a:56:5e:60:b1:
                    cf:e5:c8:24:01:be:83:38:40:1f:bc:0e:b0:9b:00:
                    68:74:9b:fe:2a:e1:f4:28:88:61:43:67:87:92:ff:
                    ad:0e:6e:32:4d:4d:ff:12:29:2f:47:f6:5b:bc:4a:
                    87:7a:c8:af:1e:22:4a:a6:6c:4a:de:97:0e:7d:7f:
                    45:7f:5c:ca:c2:4a:83:72:73:33:4a:1a:fc:1e:df:
                    52:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:17:DD:42:8B:C8:43:EA:75:78:05:32:6E:9E:DE:D8:2B:81:53:32
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/QRfdQovIQ-p1eAUybp7e2CuBUzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:d9:19:6a:61:14:ec:fa:58:e2:4c:76:2f:c6:1d:86:a8:cc:
         ac:0a:4e:b5:d2:eb:ec:8c:81:67:77:7a:4e:7e:43:b5:cc:b0:
         2c:f7:f4:9f:9f:28:12:7c:bf:87:14:75:9b:9d:96:88:e9:eb:
         aa:6e:e7:54:30:ef:4a:34:cf:3f:b7:09:62:17:5e:33:32:b0:
         3f:70:c7:1f:a5:ec:dd:3b:52:c4:bc:86:39:86:25:27:d1:f4:
         c0:5a:3c:f1:e9:9c:ba:6f:85:d4:af:7c:4f:0f:f6:9c:03:66:
         0f:c8:a9:88:8a:eb:62:b7:46:29:ba:bd:95:14:9d:b5:4e:7c:
         22:25:26:07:6f:59:89:f7:53:30:19:99:0f:ab:d7:6a:e9:69:
         98:80:80:e8:b6:48:d5:1b:e2:cb:ed:0f:cf:76:d2:28:86:5c:
         eb:54:c2:8e:84:bb:15:06:c3:ac:77:ab:1f:d0:fe:cd:b5:a2:
         ad:b6:6d:92:2c:21:b2:64:c6:f9:34:49:7f:d2:19:8d:99:3f:
         d4:2b:35:c1:47:5f:98:4f:9c:6d:fd:92:65:40:e1:04:90:51:
         8a:22:43:c3:14:8d:88:3e:3f:ab:ec:b0:98:06:d6:cc:92:1c:
         c3:54:f6:5f:12:46:66:ec:de:cf:4d:69:f0:f0:0d:d4:aa:a5:
         12:53:e3:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALxIVNxSt6sW8R5nD8vDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwMTAxMTIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTE3ZGQ0MjhiYzg0M2VhNzU3ODA1MzI2ZTllZGVkODJiODE1MzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01h35SmXIbYZpLuRgjmS+y2pGpAd
uFrD+E22he25k9weplURwjrTxfUOASObBMzBVybTX41xzkNDkdD9Z3S0xE6vdHnU
Wp9VxLnNUE75vve+zJASWY3xQrg+sjLE+y2GjPthzxngeXeEy6MlngS6YVzqV3Ue
aFyEieziOM7IPLE+5uxEtzet6kZvtrXWYHQVkOP77GbyHb0z5QitjC0g2mm96ubn
4gQpHIYrt6ZCalZeYLHP5cgkAb6DOEAfvA6wmwBodJv+KuH0KIhhQ2eHkv+tDm4y
TU3/EikvR/ZbvEqHesivHiJKpmxK3pcOfX9Ff1zKwkqDcnMzShr8Ht9SDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEEX3UKLyEPqdXgFMm6e3tgrgVMyMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvUVJmZFFvdklRLXAxZUFVeWJwN2UyQ3VCVXpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXlHMA0G
CSqGSIb3DQEBCwUAA4IBAQBA2RlqYRTs+ljiTHYvxh2GqMysCk610uvsjIFnd3pO
fkO1zLAs9/SfnygSfL+HFHWbnZaI6euqbudUMO9KNM8/twliF14zMrA/cMcfpezd
O1LEvIY5hiUn0fTAWjzx6Zy6b4XUr3xPD/acA2YPyKmIiutit0Ypur2VFJ21Tnwi
JSYHb1mJ91MwGZkPq9dq6WmYgIDotkjVG+LL7Q/PdtIohlzrVMKOhLsVBsOsd6sf
0P7NtaKttm2SLCGyZMb5NEl/0hmNmT/UKzXBR1+YT5xt/ZJlQOEEkFGKIkPDFI2I
Pj+r7LCYBtbMkhzDVPZfEkZm7N7PTWnw8A3UqqUSU+Mq
-----END CERTIFICATE-----