Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/49ae42-0e9a-4e24-ba15-25ef2990f166/1/qRAIQEv8_uUWpvalkCyEjzJ4Tf8.roa
File:                     qRAIQEv8_uUWpvalkCyEjzJ4Tf8.roa (raw, json)
Hash identifier:          TnKCI6gDCEgabytb40dlHeHz8sczaNdn0D4tSDYnFr0=
Subject key identifier:   A9:10:08:40:4B:FC:FE:E5:16:A6:F6:A5:90:2C:84:8F:32:78:4D:FF
Certificate issuer:       /CN=eca33c96f02a9f0bef25cd3806a2467ca165637b
Certificate serial:       018CC94E59A55413B567A894BCDD628A5D93
Authority key identifier: EC:A3:3C:96:F0:2A:9F:0B:EF:25:CD:38:06:A2:46:7C:A1:65:63:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7KM8lvAqnwvvJc04BqJGfKFlY3s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/49ae42-0e9a-4e24-ba15-25ef2990f166/1/qRAIQEv8_uUWpvalkCyEjzJ4Tf8.roa
Signing time:             Tue 02 Jan 2024 08:33:24 +0000
ROA not before:           Tue 02 Jan 2024 08:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199571
IP address blocks:        37.9.136.0/21 maxlen: 21
                          185.219.228.0/22 maxlen: 22
                          2a02:e640::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/49ae42-0e9a-4e24-ba15-25ef2990f166/1/7KM8lvAqnwvvJc04BqJGfKFlY3s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/49ae42-0e9a-4e24-ba15-25ef2990f166/1/7KM8lvAqnwvvJc04BqJGfKFlY3s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7KM8lvAqnwvvJc04BqJGfKFlY3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 20:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:59:a5:54:13:b5:67:a8:94:bc:dd:62:8a:5d:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eca33c96f02a9f0bef25cd3806a2467ca165637b
        Validity
            Not Before: Jan  2 08:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a91008404bfcfee516a6f6a5902c848f32784dff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:ea:9e:16:ad:2d:a3:2f:e1:8d:94:49:6b:38:
                    c9:1e:1b:b9:a9:f4:90:67:7a:6b:d7:be:7c:81:dc:
                    fb:a2:17:b4:1d:2a:53:09:f3:c6:ec:ca:21:8e:1e:
                    63:2b:90:dd:40:9d:cc:2a:40:a1:80:54:a0:e9:31:
                    0b:47:2e:7e:61:75:cc:f9:80:a1:29:4a:62:00:37:
                    bd:9f:58:97:97:38:ef:8b:7d:ff:ec:32:a3:9e:20:
                    2b:85:2e:9f:f2:d2:06:23:72:3b:19:7b:3c:c2:1c:
                    df:a6:13:4c:ec:79:41:14:9e:25:3f:6f:7e:43:c9:
                    4c:92:7d:4b:69:21:62:9a:6c:43:d7:71:38:3d:4f:
                    9f:15:02:00:d9:ed:64:8f:c2:aa:9b:ce:e2:64:21:
                    13:63:8d:1d:09:02:01:2b:12:18:9e:5b:0a:49:67:
                    6f:00:80:55:9d:24:41:fa:92:09:cf:86:6d:d1:ba:
                    e4:cf:a3:6b:68:5f:02:38:6a:3c:d3:0b:db:e6:e8:
                    0b:8c:66:9d:88:e9:24:4f:34:16:aa:80:94:af:ed:
                    a1:fb:27:d5:b4:ec:63:06:c7:91:48:b4:db:88:84:
                    34:e2:8e:07:15:fc:1b:14:0b:5c:3c:c4:16:3b:9b:
                    39:37:d8:7c:88:7f:5c:55:42:26:82:78:03:80:79:
                    33:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:10:08:40:4B:FC:FE:E5:16:A6:F6:A5:90:2C:84:8F:32:78:4D:FF
            X509v3 Authority Key Identifier:
                keyid:EC:A3:3C:96:F0:2A:9F:0B:EF:25:CD:38:06:A2:46:7C:A1:65:63:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7KM8lvAqnwvvJc04BqJGfKFlY3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/49ae42-0e9a-4e24-ba15-25ef2990f166/1/qRAIQEv8_uUWpvalkCyEjzJ4Tf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/49ae42-0e9a-4e24-ba15-25ef2990f166/1/7KM8lvAqnwvvJc04BqJGfKFlY3s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.9.136.0/21
                  185.219.228.0/22
                IPv6:
                  2a02:e640::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:35:eb:c3:ea:4c:e6:55:26:96:85:c1:5c:e0:36:74:c9:66:
         9a:bf:f2:17:1e:51:69:a6:d9:ba:6c:a9:f9:71:a0:8a:26:b9:
         07:dc:e5:bd:5c:d7:c3:5f:3d:1f:9c:b3:6f:7b:3e:3d:fd:25:
         f8:4e:7c:62:51:86:90:98:53:1b:fd:8a:f3:d4:ba:60:f5:a5:
         e0:57:01:3e:60:df:54:2c:78:b6:f7:33:c6:cb:4a:6b:81:b5:
         4a:d4:aa:db:cd:23:6f:22:f6:4d:92:b8:60:ec:a6:07:b4:68:
         ba:4e:44:9e:f6:87:4c:da:53:de:dc:32:f2:90:bf:04:e4:f6:
         9a:ee:e1:83:b9:e8:33:d1:55:bc:d3:84:27:62:74:1e:15:00:
         3c:41:23:79:c9:ca:e1:80:90:aa:ae:dc:b3:d3:b0:2a:c2:ac:
         6a:b0:7c:e2:1a:33:a9:83:bc:12:50:2a:b0:5b:5d:45:5d:d1:
         66:7f:07:f2:00:71:99:bd:c0:21:9b:3d:bb:37:89:4a:90:f4:
         06:75:1c:07:c4:07:77:82:53:58:b5:00:25:16:14:4d:e7:35:
         77:d1:9f:10:14:2a:4c:e0:84:23:19:42:4f:ca:3b:6f:e4:95:
         69:9b:02:b3:2e:8f:dd:9d:00:4e:2f:26:e1:21:a0:0f:00:ce:
         4d:84:74:5b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJTlmlVBO1Z6iUvN1iil2TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjYTMzYzk2ZjAyYTlmMGJlZjI1Y2QzODA2YTI0NjdjYTE2
NTYzN2IwHhcNMjQwMTAyMDgzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTEwMDg0MDRiZmNmZWU1MTZhNmY2YTU5MDJjODQ4ZjMyNzg0ZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOqeFq0toy/hjZRJazjJHhu5qfSQ
Z3pr1758gdz7ohe0HSpTCfPG7Mohjh5jK5DdQJ3MKkChgFSg6TELRy5+YXXM+YCh
KUpiADe9n1iXlzjvi33/7DKjniArhS6f8tIGI3I7GXs8whzfphNM7HlBFJ4lP29+
Q8lMkn1LaSFimmxD13E4PU+fFQIA2e1kj8Kqm87iZCETY40dCQIBKxIYnlsKSWdv
AIBVnSRB+pIJz4Zt0brkz6NraF8COGo80wvb5ugLjGadiOkkTzQWqoCUr+2h+yfV
tOxjBseRSLTbiIQ04o4HFfwbFAtcPMQWO5s5N9h8iH9cVUImgngDgHkzZwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKkQCEBL/P7lFqb2pZAshI8yeE3/MB8GA1UdIwQY
MBaAFOyjPJbwKp8L7yXNOAaiRnyhZWN7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0tNOGx2QXFud3Z2SmMwNEJxSkdmS0ZsWTNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi80OWFlNDItMGU5YS00ZTI0LWJhMTUt
MjVlZjI5OTBmMTY2LzEvcVJBSVFFdjhfdVVXcHZhbGtDeUVqeko0VGY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi80OWFlNDItMGU5YS00ZTI0LWJhMTUtMjVlZjI5OTBmMTY2
LzEvN0tNOGx2QXFud3Z2SmMwNEJxSkdmS0ZsWTNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDJQmIAwQC
udvkMA0EAgACMAcDBQMqAuZAMA0GCSqGSIb3DQEBCwUAA4IBAQAhNevD6kzmVSaW
hcFc4DZ0yWaav/IXHlFpptm6bKn5caCKJrkH3OW9XNfDXz0fnLNvez49/SX4Tnxi
UYaQmFMb/Yrz1Lpg9aXgVwE+YN9ULHi29zPGy0prgbVK1KrbzSNvIvZNkrhg7KYH
tGi6TkSe9odM2lPe3DLykL8E5Paa7uGDuegz0VW804QnYnQeFQA8QSN5ycrhgJCq
rtyz07AqwqxqsHziGjOpg7wSUCqwW11FXdFmfwfyAHGZvcAhmz27N4lKkPQGdRwH
xAd3glNYtQAlFhRN5zV30Z8QFCpM4IQjGUJPyjtv5JVpmwKzLo/dnQBOLybhIaAP
AM5NhHRb
-----END CERTIFICATE-----