Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/QhUBJ9DU2EmnOcO2z5FiHs70pFM.roa
File:                     QhUBJ9DU2EmnOcO2z5FiHs70pFM.roa (raw, json)
Hash identifier:          rD7JHu8zI2QRMow6yoRVpk6NmnrrqPgh2r6Ot78mVDg=
Subject key identifier:   42:15:01:27:D0:D4:D8:49:A7:39:C3:B6:CF:91:62:1E:CE:F4:A4:53
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       018CC7935910854FD23A48D520D2E12EF249
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/QhUBJ9DU2EmnOcO2z5FiHs70pFM.roa
Signing time:             Tue 02 Jan 2024 00:29:31 +0000
ROA not before:           Tue 02 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        194.233.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:59:10:85:4f:d2:3a:48:d5:20:d2:e1:2e:f2:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  2 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42150127d0d4d849a739c3b6cf91621ecef4a453
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d4:4b:35:9c:16:16:63:2c:1f:ae:13:ca:9e:
                    6f:4b:23:51:72:7c:67:13:b7:6f:94:34:98:46:60:
                    b2:63:b3:1d:1b:f1:c2:86:52:ae:d6:43:0a:8e:b5:
                    ce:cd:ca:29:b4:92:f9:18:4d:6d:17:f0:85:32:50:
                    f2:3c:16:2e:df:86:1b:69:99:e7:11:1d:ea:f7:89:
                    d1:53:10:95:ee:56:33:bb:6a:4f:8f:86:41:ed:6b:
                    30:4c:f3:0e:c3:cc:46:a7:e2:a0:96:0c:07:7c:0c:
                    d2:aa:5b:6a:eb:93:d7:f4:7c:a3:5c:c6:68:35:cb:
                    8b:7c:c3:15:b4:5c:e6:58:32:83:fd:e9:ba:d2:61:
                    f7:08:a3:13:5a:15:74:ca:25:29:1e:92:48:07:9f:
                    6d:b9:3a:24:0c:93:39:09:8a:bd:a6:14:a6:57:e1:
                    77:1d:60:6a:55:fd:cb:04:14:26:08:19:eb:7b:66:
                    b9:a1:7c:0b:fb:43:bf:af:89:8c:20:5c:a8:95:83:
                    f2:c6:c5:3c:08:e0:2c:d7:73:43:97:7e:2a:9a:d9:
                    71:fa:3a:62:43:bc:28:64:36:b6:37:02:22:e4:32:
                    e0:5f:85:d9:e0:d0:c8:c9:aa:35:3d:e8:54:67:3c:
                    d2:aa:d4:df:90:7f:ec:b3:d0:cb:f9:9f:6a:b8:f9:
                    2a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:15:01:27:D0:D4:D8:49:A7:39:C3:B6:CF:91:62:1E:CE:F4:A4:53
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/QhUBJ9DU2EmnOcO2z5FiHs70pFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.233.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:f8:74:a0:7d:cb:a6:db:6f:fd:0e:28:e5:88:4f:76:4e:75:
         bf:22:dd:b7:fb:11:cc:f9:e0:f3:cb:fc:06:32:18:70:33:c3:
         88:08:7a:5a:16:b0:a9:6d:f0:97:b9:bd:b3:9b:32:2d:73:05:
         af:b2:5a:7d:e4:9a:16:3a:75:29:12:d1:25:8a:95:ce:4b:91:
         83:3c:ab:c8:6f:44:d7:b6:eb:05:e2:79:58:b1:2f:cf:83:b3:
         09:0b:c7:04:7c:4b:64:c0:d1:55:7c:7a:28:7f:da:e4:98:16:
         dc:11:26:ae:f2:0a:37:c8:32:ee:48:cb:9a:92:d6:5f:f9:b6:
         df:50:da:d3:fd:22:f0:84:19:97:09:b9:b1:fa:1c:5c:e0:ef:
         c4:f3:60:7b:5e:f4:8b:5c:ad:07:f1:a6:32:b9:5c:9c:2a:0a:
         91:7f:4c:93:87:ea:d2:c8:22:a0:2a:6b:d5:77:95:92:9c:1f:
         c0:a8:b3:57:1a:6b:bf:1c:83:c7:01:eb:69:ae:ab:ea:2c:18:
         f6:41:45:ac:0b:04:34:46:1e:2e:12:ab:39:19:5d:45:59:68:
         02:13:27:56:28:58:68:37:85:02:6e:ea:48:7b:c4:bd:d9:69:
         da:30:76:7d:67:e2:b7:07:04:ed:b9:1b:d8:9a:cb:9e:ed:9a:
         df:36:cc:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk1kQhU/SOkjVINLhLvJJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjQwMTAyMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjE1MDEyN2QwZDRkODQ5YTczOWMzYjZjZjkxNjIxZWNlZjRhNDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtRLNZwWFmMsH64Typ5vSyNRcnxn
E7dvlDSYRmCyY7MdG/HChlKu1kMKjrXOzcoptJL5GE1tF/CFMlDyPBYu34YbaZnn
ER3q94nRUxCV7lYzu2pPj4ZB7WswTPMOw8xGp+KglgwHfAzSqltq65PX9HyjXMZo
NcuLfMMVtFzmWDKD/em60mH3CKMTWhV0yiUpHpJIB59tuTokDJM5CYq9phSmV+F3
HWBqVf3LBBQmCBnre2a5oXwL+0O/r4mMIFyolYPyxsU8COAs13NDl34qmtlx+jpi
Q7woZDa2NwIi5DLgX4XZ4NDIyao1PehUZzzSqtTfkH/ss9DL+Z9quPkqNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIVASfQ1NhJpznDts+RYh7O9KRTMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvUWhVQko5RFUyRW1uT2NPMno1RmlIczcwcEZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwumWMA0G
CSqGSIb3DQEBCwUAA4IBAQCw+HSgfcum22/9DijliE92TnW/It23+xHM+eDzy/wG
MhhwM8OICHpaFrCpbfCXub2zmzItcwWvslp95JoWOnUpEtElipXOS5GDPKvIb0TX
tusF4nlYsS/Pg7MJC8cEfEtkwNFVfHoof9rkmBbcESau8go3yDLuSMuaktZf+bbf
UNrT/SLwhBmXCbmx+hxc4O/E82B7XvSLXK0H8aYyuVycKgqRf0yTh+rSyCKgKmvV
d5WSnB/AqLNXGmu/HIPHAetprqvqLBj2QUWsCwQ0Rh4uEqs5GV1FWWgCEydWKFho
N4UCbupIe8S92WnaMHZ9Z+K3BwTtuRvYmsue7ZrfNsyK
-----END CERTIFICATE-----