Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/2f7a6e-e8c1-4f62-95f9-64bfb79900d6/1/q_lZmzFWbVM_hbxZ9bnEaLj0Rh8.roa
File:                     q_lZmzFWbVM_hbxZ9bnEaLj0Rh8.roa (raw, json)
Hash identifier:          bz2XRSzVqx3UbABJvrpPct/6COsjnjg4IXSmomO8Sd0=
Subject key identifier:   AB:F9:59:9B:31:56:6D:53:3F:85:BC:59:F5:B9:C4:68:B8:F4:46:1F
Certificate issuer:       /CN=4020f4d4c7528d8a827ec724918fe2df534bd905
Certificate serial:       018FF859D46D79EE8A7C26801724554B5F30
Authority key identifier: 40:20:F4:D4:C7:52:8D:8A:82:7E:C7:24:91:8F:E2:DF:53:4B:D9:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QCD01MdSjYqCfsckkY_i31NL2QU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/2f7a6e-e8c1-4f62-95f9-64bfb79900d6/1/q_lZmzFWbVM_hbxZ9bnEaLj0Rh8.roa
Signing time:             Sat 08 Jun 2024 14:56:27 +0000
ROA not before:           Sat 08 Jun 2024 14:56:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215133
IP address blocks:        185.115.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/2f7a6e-e8c1-4f62-95f9-64bfb79900d6/1/QCD01MdSjYqCfsckkY_i31NL2QU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/2f7a6e-e8c1-4f62-95f9-64bfb79900d6/1/QCD01MdSjYqCfsckkY_i31NL2QU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QCD01MdSjYqCfsckkY_i31NL2QU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 17:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f8:59:d4:6d:79:ee:8a:7c:26:80:17:24:55:4b:5f:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4020f4d4c7528d8a827ec724918fe2df534bd905
        Validity
            Not Before: Jun  8 14:56:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abf9599b31566d533f85bc59f5b9c468b8f4461f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:13:68:36:cf:8e:c2:be:ba:1f:78:35:cf:02:
                    6a:4b:ac:cb:b0:2e:bb:2c:7c:75:dc:93:89:60:86:
                    18:8d:d7:f4:90:78:71:de:11:9e:f0:a8:f9:1e:4c:
                    93:64:5a:aa:3c:c2:a1:6b:a5:d3:0a:2b:9c:48:05:
                    43:07:79:56:8e:85:1e:53:92:e0:b4:15:3e:ea:53:
                    0a:7a:69:a9:ba:d8:39:5c:70:80:05:f6:3e:9d:a7:
                    5d:cd:a7:63:32:42:6a:8c:38:98:03:ea:77:df:ba:
                    7f:6c:fb:24:bd:76:2f:95:40:4b:f0:8d:b8:a4:05:
                    04:a3:ec:86:65:22:c4:7e:93:8a:70:8a:63:d7:38:
                    0f:13:e8:5d:c1:63:02:9c:fa:f4:d2:ae:0e:70:88:
                    1b:40:6c:2b:a9:7f:67:ff:6f:29:8b:52:97:09:29:
                    9c:ff:13:14:52:6f:eb:36:7a:04:20:17:b8:41:4a:
                    7b:00:13:29:54:4d:41:0a:e2:fd:ca:19:08:8c:5e:
                    93:80:43:76:65:77:ec:43:fd:4a:43:e0:3d:41:0c:
                    62:c2:74:b7:16:0c:1e:a0:cc:f3:78:e9:f4:ef:5f:
                    35:44:ec:3e:e8:e1:ff:4c:61:ea:88:a3:19:5b:d1:
                    09:4b:ba:c9:ab:69:3f:ad:92:7b:b9:4b:5b:25:58:
                    f4:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:F9:59:9B:31:56:6D:53:3F:85:BC:59:F5:B9:C4:68:B8:F4:46:1F
            X509v3 Authority Key Identifier:
                keyid:40:20:F4:D4:C7:52:8D:8A:82:7E:C7:24:91:8F:E2:DF:53:4B:D9:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QCD01MdSjYqCfsckkY_i31NL2QU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/2f7a6e-e8c1-4f62-95f9-64bfb79900d6/1/q_lZmzFWbVM_hbxZ9bnEaLj0Rh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/2f7a6e-e8c1-4f62-95f9-64bfb79900d6/1/QCD01MdSjYqCfsckkY_i31NL2QU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:01:e0:aa:36:42:4f:63:9e:1a:60:87:2f:d3:b3:b3:b8:87:
         1c:89:41:c2:c7:5c:00:52:52:9c:ed:5a:5f:46:28:97:91:81:
         17:4b:d9:8a:5c:b7:6f:37:1b:3d:cd:e7:1c:79:0b:b3:a7:13:
         ee:3b:5d:49:9d:3e:35:59:66:39:b2:2f:ac:3c:d4:9a:f9:e8:
         bb:ee:86:b3:97:e9:2b:5f:56:2b:3f:b1:d3:31:a5:63:bb:fd:
         ff:58:d3:8c:75:21:61:bf:d2:32:d3:b1:3d:0f:6c:83:fd:2f:
         ae:45:ce:ae:36:b2:55:6d:86:f6:5a:de:b1:9b:99:88:b1:83:
         94:36:b1:e9:f6:e4:d6:73:4e:0e:35:85:7a:e6:1d:de:ac:b6:
         ce:68:70:59:f0:a1:23:81:97:ac:77:88:8c:ad:5f:1e:2f:cb:
         4b:2c:ee:ba:80:8f:36:6a:4b:fa:d7:7c:cb:92:ed:f5:bb:05:
         28:57:53:fe:d0:b1:72:9f:1a:1c:63:5f:2b:21:9a:86:43:ad:
         61:79:6e:96:91:dc:fc:e4:8a:29:9f:45:f1:22:b5:01:b4:71:
         56:6e:47:76:2f:18:e6:da:44:46:cc:de:23:0d:1a:ca:a6:39:
         e1:15:0c:60:53:23:55:6a:ab:7b:05:81:8b:76:c8:28:31:18:
         19:4c:1d:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/4WdRtee6KfCaAFyRVS18wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwMjBmNGQ0Yzc1MjhkOGE4MjdlYzcyNDkxOGZlMmRmNTM0
YmQ5MDUwHhcNMjQwNjA4MTQ1NjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmY5NTk5YjMxNTY2ZDUzM2Y4NWJjNTlmNWI5YzQ2OGI4ZjQ0NjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBNoNs+Owr66H3g1zwJqS6zLsC67
LHx13JOJYIYYjdf0kHhx3hGe8Kj5HkyTZFqqPMKha6XTCiucSAVDB3lWjoUeU5Lg
tBU+6lMKemmputg5XHCABfY+naddzadjMkJqjDiYA+p337p/bPskvXYvlUBL8I24
pAUEo+yGZSLEfpOKcIpj1zgPE+hdwWMCnPr00q4OcIgbQGwrqX9n/28pi1KXCSmc
/xMUUm/rNnoEIBe4QUp7ABMpVE1BCuL9yhkIjF6TgEN2ZXfsQ/1KQ+A9QQxiwnS3
FgweoMzzeOn07181ROw+6OH/TGHqiKMZW9EJS7rJq2k/rZJ7uUtbJVj0SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKv5WZsxVm1TP4W8WfW5xGi49EYfMB8GA1UdIwQY
MBaAFEAg9NTHUo2Kgn7HJJGP4t9TS9kFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUNEMDFNZFNqWXFDZnNja2tZX2kzMU5MMlFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8yZjdhNmUtZThjMS00ZjYyLTk1Zjkt
NjRiZmI3OTkwMGQ2LzEvcV9sWm16RldiVk1faGJ4WjlibkVhTGowUmg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8yZjdhNmUtZThjMS00ZjYyLTk1ZjktNjRiZmI3OTkwMGQ2
LzEvUUNEMDFNZFNqWXFDZnNja2tZX2kzMU5MMlFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXOgMA0G
CSqGSIb3DQEBCwUAA4IBAQADAeCqNkJPY54aYIcv07OzuIcciUHCx1wAUlKc7Vpf
RiiXkYEXS9mKXLdvNxs9zecceQuzpxPuO11JnT41WWY5si+sPNSa+ei77oazl+kr
X1YrP7HTMaVju/3/WNOMdSFhv9Iy07E9D2yD/S+uRc6uNrJVbYb2Wt6xm5mIsYOU
NrHp9uTWc04ONYV65h3erLbOaHBZ8KEjgZesd4iMrV8eL8tLLO66gI82akv613zL
ku31uwUoV1P+0LFynxocY18rIZqGQ61heW6Wkdz85Iopn0XxIrUBtHFWbkd2Lxjm
2kRGzN4jDRrKpjnhFQxgUyNVaqt7BYGLdsgoMRgZTB2D
-----END CERTIFICATE-----