Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/1cdf84-a35b-4f52-9ee1-f6489f551f15/1/QS7nzrslgrOe-Po2XHX5CmZJ11Y.roa
File:                     QS7nzrslgrOe-Po2XHX5CmZJ11Y.roa (raw, json)
Hash identifier:          uxEJqWyrdEMpQcFF6cncECgrspKFOEvOfqeOF7UthTE=
Subject key identifier:   41:2E:E7:CE:BB:25:82:B3:9E:F8:FA:36:5C:75:F9:0A:66:49:D7:56
Certificate issuer:       /CN=94b50928a96cb9e9120ff3cb635b3f7d70c97ce0
Certificate serial:       018D5EC73A615D766A97DB50FB0F47600879
Authority key identifier: 94:B5:09:28:A9:6C:B9:E9:12:0F:F3:CB:63:5B:3F:7D:70:C9:7C:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lLUJKKlsuekSD_PLY1s_fXDJfOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/1cdf84-a35b-4f52-9ee1-f6489f551f15/1/QS7nzrslgrOe-Po2XHX5CmZJ11Y.roa
Signing time:             Wed 31 Jan 2024 09:08:51 +0000
ROA not before:           Wed 31 Jan 2024 09:08:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20668
IP address blocks:        185.16.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/1cdf84-a35b-4f52-9ee1-f6489f551f15/1/lLUJKKlsuekSD_PLY1s_fXDJfOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/1cdf84-a35b-4f52-9ee1-f6489f551f15/1/lLUJKKlsuekSD_PLY1s_fXDJfOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lLUJKKlsuekSD_PLY1s_fXDJfOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5e:c7:3a:61:5d:76:6a:97:db:50:fb:0f:47:60:08:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94b50928a96cb9e9120ff3cb635b3f7d70c97ce0
        Validity
            Not Before: Jan 31 09:08:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=412ee7cebb2582b39ef8fa365c75f90a6649d756
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:38:05:f5:7e:24:56:85:e0:d3:c9:74:dd:63:
                    6f:43:eb:a2:d9:56:dc:5e:43:10:5d:9d:72:de:02:
                    59:24:fc:25:cd:22:ce:09:c0:c4:94:d3:a7:59:52:
                    3f:8b:2c:f0:1b:1e:a3:4e:4f:53:a6:33:cf:7c:62:
                    be:a1:91:1f:29:bb:9b:ae:0d:9d:4c:66:75:93:3a:
                    e6:08:4f:c5:2a:84:aa:12:aa:6b:6a:a5:82:16:cd:
                    88:ea:69:9b:c1:b2:d3:dd:a9:0e:47:10:85:32:9d:
                    81:b0:88:cb:f3:05:03:2a:68:f0:cd:eb:93:e3:33:
                    09:8c:d4:d8:92:ef:a5:8b:a2:b6:6a:0d:2b:f6:1f:
                    aa:79:34:90:ec:31:60:7e:a5:8c:72:9d:2a:8b:d1:
                    51:9d:03:09:1b:2c:29:d9:69:8c:f0:24:66:af:d3:
                    ad:8b:aa:a1:69:29:9a:0b:52:70:c3:28:15:93:09:
                    75:18:65:5d:35:b6:18:45:da:ba:30:7a:7c:d7:07:
                    bc:3e:7a:e0:ae:5d:0a:f2:e4:80:a0:08:43:a2:90:
                    99:86:ce:17:61:99:81:9b:86:ef:f0:84:9f:0c:54:
                    f7:31:42:40:10:ca:7a:8d:b2:ad:18:e3:ab:16:9b:
                    e2:50:bb:e5:0c:d4:f4:31:35:8a:07:76:45:88:b3:
                    9e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:2E:E7:CE:BB:25:82:B3:9E:F8:FA:36:5C:75:F9:0A:66:49:D7:56
            X509v3 Authority Key Identifier:
                keyid:94:B5:09:28:A9:6C:B9:E9:12:0F:F3:CB:63:5B:3F:7D:70:C9:7C:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lLUJKKlsuekSD_PLY1s_fXDJfOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/1cdf84-a35b-4f52-9ee1-f6489f551f15/1/QS7nzrslgrOe-Po2XHX5CmZJ11Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/1cdf84-a35b-4f52-9ee1-f6489f551f15/1/lLUJKKlsuekSD_PLY1s_fXDJfOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.16.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:ba:41:54:f5:ed:a6:6b:34:5d:58:04:67:b2:3b:0f:25:24:
         87:e3:12:5f:cf:95:04:d9:4e:88:9c:bd:12:7f:65:fb:93:7d:
         29:2a:a9:ee:d0:61:88:eb:fb:b0:52:57:ff:ec:62:d5:88:3d:
         b6:0b:a3:16:fc:94:d4:f3:c6:54:c9:a6:84:3e:3c:8f:f3:b2:
         0e:dc:7b:5e:62:ad:54:73:ba:91:62:ff:76:f2:2c:99:f8:02:
         21:25:a4:a4:bd:9b:f8:b6:a0:f6:f8:ce:4e:6a:59:2c:87:48:
         ae:de:14:a4:2e:d8:19:43:3c:b6:2e:99:61:20:52:40:9a:7b:
         0d:18:55:72:85:62:d0:f4:61:06:11:e4:1b:f0:46:e8:4a:fe:
         51:a3:27:e8:22:a1:38:2f:60:b8:8b:b6:b3:86:23:e3:fe:fd:
         ce:75:a3:56:74:1a:19:24:9e:76:cf:1b:39:09:6b:16:b8:01:
         d8:75:db:ff:ba:61:2a:19:f6:dd:37:11:03:a7:d8:b0:d8:af:
         b3:99:d7:c6:34:fa:95:37:73:64:4d:92:37:f8:0f:a7:88:b8:
         53:0b:de:1e:ac:15:cb:4d:77:f3:84:70:84:6a:9e:25:15:88:
         99:46:78:e2:15:f2:bb:b8:9f:ce:e7:ba:eb:30:05:a0:cd:4f:
         30:da:d9:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1exzphXXZql9tQ+w9HYAh5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0YjUwOTI4YTk2Y2I5ZTkxMjBmZjNjYjYzNWIzZjdkNzBj
OTdjZTAwHhcNMjQwMTMxMDkwODUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTJlZTdjZWJiMjU4MmIzOWVmOGZhMzY1Yzc1ZjkwYTY2NDlkNzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDgF9X4kVoXg08l03WNvQ+ui2Vbc
XkMQXZ1y3gJZJPwlzSLOCcDElNOnWVI/iyzwGx6jTk9TpjPPfGK+oZEfKbubrg2d
TGZ1kzrmCE/FKoSqEqpraqWCFs2I6mmbwbLT3akORxCFMp2BsIjL8wUDKmjwzeuT
4zMJjNTYku+li6K2ag0r9h+qeTSQ7DFgfqWMcp0qi9FRnQMJGywp2WmM8CRmr9Ot
i6qhaSmaC1JwwygVkwl1GGVdNbYYRdq6MHp81we8Pnrgrl0K8uSAoAhDopCZhs4X
YZmBm4bv8ISfDFT3MUJAEMp6jbKtGOOrFpviULvlDNT0MTWKB3ZFiLOeHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEEu5867JYKznvj6Nlx1+QpmSddWMB8GA1UdIwQY
MBaAFJS1CSipbLnpEg/zy2NbP31wyXzgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbExVSktLbHN1ZWtTRF9QTFkxc19mWERKZk9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8xY2RmODQtYTM1Yi00ZjUyLTllZTEt
ZjY0ODlmNTUxZjE1LzEvUVM3bnpyc2xnck9lLVBvMlhIWDVDbVpKMTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8xY2RmODQtYTM1Yi00ZjUyLTllZTEtZjY0ODlmNTUxZjE1
LzEvbExVSktLbHN1ZWtTRF9QTFkxc19mWERKZk9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRD7MA0G
CSqGSIb3DQEBCwUAA4IBAQBzukFU9e2mazRdWARnsjsPJSSH4xJfz5UE2U6InL0S
f2X7k30pKqnu0GGI6/uwUlf/7GLViD22C6MW/JTU88ZUyaaEPjyP87IO3HteYq1U
c7qRYv928iyZ+AIhJaSkvZv4tqD2+M5Oalksh0iu3hSkLtgZQzy2LplhIFJAmnsN
GFVyhWLQ9GEGEeQb8EboSv5RoyfoIqE4L2C4i7azhiPj/v3OdaNWdBoZJJ52zxs5
CWsWuAHYddv/umEqGfbdNxEDp9iw2K+zmdfGNPqVN3NkTZI3+A+niLhTC94erBXL
TXfzhHCEap4lFYiZRnjiFfK7uJ/O57rrMAWgzU8w2tkw
-----END CERTIFICATE-----