Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/9ad9dc-b84c-4a59-bb1c-0cc3b4caf683/1/Q82hmbK31GWFtGPExGhCRFgX-Nw.roa
File:                     Q82hmbK31GWFtGPExGhCRFgX-Nw.roa (raw, json)
Hash identifier:          oXGUgmNZ0TnBQfyeD6ksZIEnRlYziiF/U32gndNXJ5c=
Subject key identifier:   43:CD:A1:99:B2:B7:D4:65:85:B4:63:C4:C4:68:42:44:58:17:F8:DC
Certificate issuer:       /CN=e9c87469978095d8aff63272804bb2f35d149103
Certificate serial:       018CC56EACE0BA5EEE405824791BC9EEEFB3
Authority key identifier: E9:C8:74:69:97:80:95:D8:AF:F6:32:72:80:4B:B2:F3:5D:14:91:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6ch0aZeAldiv9jJygEuy810UkQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/9ad9dc-b84c-4a59-bb1c-0cc3b4caf683/1/Q82hmbK31GWFtGPExGhCRFgX-Nw.roa
Signing time:             Mon 01 Jan 2024 14:30:13 +0000
ROA not before:           Mon 01 Jan 2024 14:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204394
IP address blocks:        185.250.100.0/22 maxlen: 22
                          2a0e:e580::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/9ad9dc-b84c-4a59-bb1c-0cc3b4caf683/1/6ch0aZeAldiv9jJygEuy810UkQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/9ad9dc-b84c-4a59-bb1c-0cc3b4caf683/1/6ch0aZeAldiv9jJygEuy810UkQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6ch0aZeAldiv9jJygEuy810UkQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ac:e0:ba:5e:ee:40:58:24:79:1b:c9:ee:ef:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9c87469978095d8aff63272804bb2f35d149103
        Validity
            Not Before: Jan  1 14:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43cda199b2b7d46585b463c4c46842445817f8dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b0:47:08:1c:00:80:d8:89:46:a0:be:f0:0f:
                    ad:f5:0e:6c:10:24:44:f7:83:27:17:08:e9:61:e5:
                    70:5d:96:ea:74:1c:2e:82:db:ec:59:f4:1e:43:9f:
                    04:8f:70:f9:56:9f:76:da:f0:cc:11:64:1a:d7:46:
                    91:75:2d:8a:d7:7c:a4:60:73:b7:4e:db:45:b0:66:
                    c9:53:c2:75:6e:2e:6b:92:9e:60:a8:87:6b:99:ea:
                    39:39:67:bb:d5:22:d6:92:1f:44:78:40:20:e8:17:
                    e3:8f:e7:5a:b0:8e:47:bd:5b:ef:2f:51:96:0c:a1:
                    90:06:9d:c6:f5:b4:2c:b5:be:36:93:0d:6f:4d:a9:
                    57:86:68:fa:49:3e:86:18:fc:42:7b:fe:1c:fb:62:
                    bc:aa:83:c9:7a:6c:af:69:c7:8f:38:e9:9d:14:b2:
                    a4:05:29:fc:d3:30:14:b8:55:6a:09:99:62:8d:a5:
                    96:a7:ed:f4:0f:c1:14:8b:ab:92:d8:e7:ab:98:50:
                    45:d4:b8:72:5b:3e:7b:44:7e:cd:6b:fb:77:be:06:
                    e0:ab:95:0c:cb:d7:14:27:bc:b9:6a:94:51:aa:5a:
                    bc:24:eb:99:d5:27:b5:2d:72:04:98:7d:9d:32:8e:
                    d6:f5:b7:51:fb:e7:5c:0d:3a:14:d8:de:d4:ba:d4:
                    ef:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:CD:A1:99:B2:B7:D4:65:85:B4:63:C4:C4:68:42:44:58:17:F8:DC
            X509v3 Authority Key Identifier:
                keyid:E9:C8:74:69:97:80:95:D8:AF:F6:32:72:80:4B:B2:F3:5D:14:91:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6ch0aZeAldiv9jJygEuy810UkQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/9ad9dc-b84c-4a59-bb1c-0cc3b4caf683/1/Q82hmbK31GWFtGPExGhCRFgX-Nw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/9ad9dc-b84c-4a59-bb1c-0cc3b4caf683/1/6ch0aZeAldiv9jJygEuy810UkQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.100.0/22
                IPv6:
                  2a0e:e580::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:cf:50:8d:36:b6:44:01:0c:0c:7a:08:c6:f7:d5:2b:80:49:
         d0:2b:22:08:61:f6:df:3d:26:13:00:e5:38:54:72:c0:08:63:
         25:e8:f6:81:72:49:d5:70:45:1b:66:88:2f:5e:fc:29:4b:5f:
         d1:6a:38:a2:00:46:5d:23:88:a6:84:a2:d0:c4:86:3a:cc:c9:
         4c:9d:8e:6e:ea:f1:3a:ba:66:f6:72:3e:94:d2:26:92:fe:bb:
         1a:c2:08:52:8f:50:4b:f8:cf:82:29:c3:d0:ab:da:0b:8d:58:
         69:4a:67:05:4d:23:74:3e:08:6a:d0:3a:fe:9c:32:3a:49:a8:
         ed:e7:20:f0:66:4d:47:99:ad:52:00:fa:29:c5:75:e7:6c:41:
         62:62:93:57:7a:d8:d7:98:d2:18:89:e6:f8:da:8e:fd:a2:28:
         bf:eb:b1:bf:e6:36:f4:ba:a5:78:1a:df:b8:c7:a3:74:3a:ec:
         0a:fd:0c:6a:0a:5b:56:2e:fa:42:51:3d:c9:ff:64:e3:73:b5:
         9c:bc:65:80:0d:2c:fd:5d:18:fc:74:75:cf:7e:13:12:2d:3b:
         79:57:09:3e:4e:87:65:86:46:2d:a9:ee:45:ca:94:9d:a6:02:
         b8:2e:82:d7:2a:a3:03:df:98:60:b1:6f:b4:5a:82:76:04:63:
         2e:17:a6:da
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbqzgul7uQFgkeRvJ7u+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5Yzg3NDY5OTc4MDk1ZDhhZmY2MzI3MjgwNGJiMmYzNWQx
NDkxMDMwHhcNMjQwMTAxMTQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2NkYTE5OWIyYjdkNDY1ODViNDYzYzRjNDY4NDI0NDU4MTdmOGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7BHCBwAgNiJRqC+8A+t9Q5sECRE
94MnFwjpYeVwXZbqdBwugtvsWfQeQ58Ej3D5Vp922vDMEWQa10aRdS2K13ykYHO3
TttFsGbJU8J1bi5rkp5gqIdrmeo5OWe71SLWkh9EeEAg6Bfjj+dasI5HvVvvL1GW
DKGQBp3G9bQstb42kw1vTalXhmj6ST6GGPxCe/4c+2K8qoPJemyvacePOOmdFLKk
BSn80zAUuFVqCZlijaWWp+30D8EUi6uS2OermFBF1LhyWz57RH7Na/t3vgbgq5UM
y9cUJ7y5apRRqlq8JOuZ1Se1LXIEmH2dMo7W9bdR++dcDToU2N7UutTvcwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEPNoZmyt9RlhbRjxMRoQkRYF/jcMB8GA1UdIwQY
MBaAFOnIdGmXgJXYr/YycoBLsvNdFJEDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmNoMGFaZUFsZGl2OWpKeWdFdXk4MTBVa1FNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC85YWQ5ZGMtYjg0Yy00YTU5LWJiMWMt
MGNjM2I0Y2FmNjgzLzEvUTgyaG1iSzMxR1dGdEdQRXhHaENSRmdYLU53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC85YWQ5ZGMtYjg0Yy00YTU5LWJiMWMtMGNjM2I0Y2FmNjgz
LzEvNmNoMGFaZUFsZGl2OWpKeWdFdXk4MTBVa1FNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufpkMA0E
AgACMAcDBQMqDuWAMA0GCSqGSIb3DQEBCwUAA4IBAQClz1CNNrZEAQwMegjG99Ur
gEnQKyIIYfbfPSYTAOU4VHLACGMl6PaBcknVcEUbZogvXvwpS1/RajiiAEZdI4im
hKLQxIY6zMlMnY5u6vE6umb2cj6U0iaS/rsawghSj1BL+M+CKcPQq9oLjVhpSmcF
TSN0Pghq0Dr+nDI6Sajt5yDwZk1Hma1SAPopxXXnbEFiYpNXetjXmNIYieb42o79
oii/67G/5jb0uqV4Gt+4x6N0OuwK/QxqCltWLvpCUT3J/2Tjc7WcvGWADSz9XRj8
dHXPfhMSLTt5Vwk+TodlhkYtqe5FypSdpgK4LoLXKqMD35hgsW+0WoJ2BGMuF6ba
-----END CERTIFICATE-----