Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/QSjWOlmunixr-NKnJQBJxMdk8sc.roa
File:                     QSjWOlmunixr-NKnJQBJxMdk8sc.roa (raw, json)
Hash identifier:          mLSCr/qQ0+EsCUBLDANCUQTNsVCwNLI1JXqnbrro2t8=
Subject key identifier:   41:28:D6:3A:59:AE:9E:2C:6B:F8:D2:A7:25:00:49:C4:C7:64:F2:C7
Certificate issuer:       /CN=ac9092bbc2cacae247774f62b0fdbdc44a974cf2
Certificate serial:       018CEA9EBE4743D0824B9C83BA7D88EDE479
Authority key identifier: AC:90:92:BB:C2:CA:CA:E2:47:77:4F:62:B0:FD:BD:C4:4A:97:4C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rJCSu8LKyuJHd09isP29xEqXTPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/QSjWOlmunixr-NKnJQBJxMdk8sc.roa
Signing time:             Mon 08 Jan 2024 19:48:41 +0000
ROA not before:           Mon 08 Jan 2024 19:48:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.206.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/rJCSu8LKyuJHd09isP29xEqXTPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/rJCSu8LKyuJHd09isP29xEqXTPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rJCSu8LKyuJHd09isP29xEqXTPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ea:9e:be:47:43:d0:82:4b:9c:83:ba:7d:88:ed:e4:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac9092bbc2cacae247774f62b0fdbdc44a974cf2
        Validity
            Not Before: Jan  8 19:48:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4128d63a59ae9e2c6bf8d2a7250049c4c764f2c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d0:d9:39:a9:09:67:7d:27:d8:4e:bd:cb:d6:
                    b1:da:16:25:e4:67:13:7f:f1:5d:e9:83:2f:bf:8f:
                    76:68:ea:02:ee:13:79:cc:a2:d2:b4:d2:6d:4e:93:
                    13:b3:66:74:1e:84:e5:34:8b:be:2d:bf:f9:42:ad:
                    45:4b:1d:21:0b:c5:91:16:8a:78:a9:1d:4f:e7:7e:
                    9a:8d:31:93:ef:17:50:b1:22:db:0d:f5:98:5b:28:
                    29:8a:1f:ad:9a:82:c2:c8:a3:16:b1:71:8c:02:23:
                    bf:17:2a:77:8f:48:7e:e5:61:21:88:43:cf:24:1e:
                    88:e8:81:c1:7a:08:64:45:d0:e8:fd:92:28:91:d9:
                    f5:b0:ab:31:30:85:87:fa:26:d6:6c:9f:20:a0:7e:
                    95:2f:73:88:cb:2b:72:40:6d:b3:12:d1:9c:52:97:
                    02:a4:69:ee:5d:11:be:3a:ef:bc:c3:ed:f5:d4:81:
                    df:dd:f1:75:88:84:25:25:03:d8:d1:5e:d8:fa:b8:
                    a6:2e:79:ba:0f:19:a4:1e:62:6c:f5:83:48:67:9e:
                    08:fd:32:f4:17:ce:31:83:d6:f6:48:1b:ec:f1:8e:
                    6a:a4:da:6a:8f:98:4b:65:06:c2:38:5f:4e:51:bd:
                    e4:0b:7d:28:8e:94:fb:c7:20:f8:37:e6:27:07:1a:
                    3e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:28:D6:3A:59:AE:9E:2C:6B:F8:D2:A7:25:00:49:C4:C7:64:F2:C7
            X509v3 Authority Key Identifier:
                keyid:AC:90:92:BB:C2:CA:CA:E2:47:77:4F:62:B0:FD:BD:C4:4A:97:4C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rJCSu8LKyuJHd09isP29xEqXTPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/QSjWOlmunixr-NKnJQBJxMdk8sc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/rJCSu8LKyuJHd09isP29xEqXTPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:1e:e7:13:35:8f:09:b3:ff:6e:9c:d5:b3:39:10:03:77:24:
         9a:05:a1:c9:00:22:65:d7:1a:ac:3d:7e:a8:33:97:c5:a2:fa:
         b4:5c:51:28:28:fd:f5:46:6f:f1:d4:46:fb:c1:db:86:5d:86:
         24:44:8a:0e:92:bb:4b:a4:19:d7:c4:5f:ee:63:a7:eb:10:c8:
         e7:ac:20:b2:bd:1b:79:8c:32:78:64:aa:fc:fe:3c:d6:fd:df:
         0b:bb:55:f1:1c:7b:6c:99:a6:82:f2:ef:ad:cb:96:6b:e6:f8:
         41:81:27:06:82:82:a7:c4:c4:19:7f:30:ff:e5:17:69:2f:2a:
         3b:29:58:e2:14:d4:8d:bf:60:a5:5b:c7:af:89:52:b5:ae:2f:
         53:57:54:6d:74:ac:77:d9:e3:e7:92:96:7e:5d:08:56:c5:25:
         c5:90:bf:a6:8a:6b:7e:4c:da:d8:f2:8d:d5:89:2d:95:df:4e:
         88:19:d2:0f:b5:66:86:28:a5:90:4b:82:20:95:b8:81:25:c6:
         8a:64:d4:88:1e:ec:47:85:63:89:de:08:2d:b9:18:c6:dd:e8:
         6c:88:07:8a:db:b4:cb:67:94:9f:45:fa:6b:5b:69:d1:d5:4a:
         1c:21:43:8f:7c:5b:03:e5:6e:12:1f:ac:7d:43:c1:49:6f:25:
         31:e5:3d:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzqnr5HQ9CCS5yDun2I7eR5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOTA5MmJiYzJjYWNhZTI0Nzc3NGY2MmIwZmRiZGM0NGE5
NzRjZjIwHhcNMjQwMTA4MTk0ODQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTI4ZDYzYTU5YWU5ZTJjNmJmOGQyYTcyNTAwNDljNGM3NjRmMmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtDZOakJZ30n2E69y9ax2hYl5GcT
f/Fd6YMvv492aOoC7hN5zKLStNJtTpMTs2Z0HoTlNIu+Lb/5Qq1FSx0hC8WRFop4
qR1P536ajTGT7xdQsSLbDfWYWygpih+tmoLCyKMWsXGMAiO/Fyp3j0h+5WEhiEPP
JB6I6IHBeghkRdDo/ZIokdn1sKsxMIWH+ibWbJ8goH6VL3OIyytyQG2zEtGcUpcC
pGnuXRG+Ou+8w+311IHf3fF1iIQlJQPY0V7Y+rimLnm6DxmkHmJs9YNIZ54I/TL0
F84xg9b2SBvs8Y5qpNpqj5hLZQbCOF9OUb3kC30ojpT7xyD4N+YnBxo+MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEEo1jpZrp4sa/jSpyUAScTHZPLHMB8GA1UdIwQY
MBaAFKyQkrvCysriR3dPYrD9vcRKl0zyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckpDU3U4TEt5dUpIZDA5aXNQMjl4RXFYVFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9jOTYzNDktMGEyMi00MjQ3LTk5NDMt
YTNmYzE5NmFhYmIzLzEvUVNqV09sbXVuaXhyLU5LbkpRQkp4TWRrOHNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9jOTYzNDktMGEyMi00MjQ3LTk5NDMtYTNmYzE5NmFhYmIz
LzEvckpDU3U4TEt5dUpIZDA5aXNQMjl4RXFYVFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc59MA0G
CSqGSIb3DQEBCwUAA4IBAQAIHucTNY8Js/9unNWzORADdySaBaHJACJl1xqsPX6o
M5fFovq0XFEoKP31Rm/x1Eb7wduGXYYkRIoOkrtLpBnXxF/uY6frEMjnrCCyvRt5
jDJ4ZKr8/jzW/d8Lu1XxHHtsmaaC8u+ty5Zr5vhBgScGgoKnxMQZfzD/5RdpLyo7
KVjiFNSNv2ClW8eviVK1ri9TV1RtdKx32ePnkpZ+XQhWxSXFkL+mimt+TNrY8o3V
iS2V306IGdIPtWaGKKWQS4IglbiBJcaKZNSIHuxHhWOJ3ggtuRjG3ehsiAeK27TL
Z5SfRfprW2nR1UocIUOPfFsD5W4SH6x9Q8FJbyUx5T3s
-----END CERTIFICATE-----