Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/QzpM-pNAImjjzyaU7YXzta6Hv3U.roa
File:                     QzpM-pNAImjjzyaU7YXzta6Hv3U.roa (raw, json)
Hash identifier:          jv/wZHrutuOEJxexoBMtFm0NbpRFA034+NoYb84eXv4=
Subject key identifier:   43:3A:4C:FA:93:40:22:68:E3:CF:26:94:ED:85:F3:B5:AE:87:BF:75
Certificate issuer:       /CN=3cd37ec23719b2f142f46e6f3317664034adf598
Certificate serial:       018CC6B92E0D4D3FAE8E8D015CD00216F09E
Authority key identifier: 3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/QzpM-pNAImjjzyaU7YXzta6Hv3U.roa
Signing time:             Mon 01 Jan 2024 20:31:13 +0000
ROA not before:           Mon 01 Jan 2024 20:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47554
IP address blocks:        185.170.236.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2e:0d:4d:3f:ae:8e:8d:01:5c:d0:02:16:f0:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cd37ec23719b2f142f46e6f3317664034adf598
        Validity
            Not Before: Jan  1 20:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=433a4cfa93402268e3cf2694ed85f3b5ae87bf75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:31:fc:ef:32:fc:0e:05:61:86:62:63:ae:61:
                    9d:c7:c6:af:d7:22:9b:3f:45:de:f9:35:ea:b6:07:
                    26:12:02:5f:0b:28:4a:1b:2a:52:82:6a:20:1a:fe:
                    76:33:06:e1:71:ce:77:b0:19:ae:f8:7a:6e:ae:29:
                    7e:d4:91:dd:86:3b:d1:68:25:b7:5a:ed:5d:38:f7:
                    32:18:b7:f4:6a:28:84:27:00:e3:23:28:d0:aa:c7:
                    ff:63:62:27:0a:b6:ae:ad:f5:82:58:7d:89:ae:ee:
                    9a:15:95:38:f8:44:2b:fc:37:b9:3c:49:f2:df:8f:
                    3f:e6:93:69:dd:e4:10:22:3a:23:d2:73:5c:7f:4f:
                    16:0a:4a:26:19:62:87:ef:95:fc:7a:00:96:26:cf:
                    c0:2f:c4:23:81:90:30:0e:c9:cc:23:ca:75:a2:f9:
                    95:00:12:90:d1:be:61:e8:43:ca:4b:73:a9:21:72:
                    ec:9c:44:fb:1f:23:68:b7:96:5b:e0:2e:78:01:6c:
                    9e:66:ba:d8:a1:e5:5c:43:07:8d:d0:1e:2c:00:a5:
                    5f:df:a3:fb:a1:eb:3e:ee:68:bb:c5:0c:21:fb:d4:
                    9b:7d:94:76:42:d3:17:31:6e:43:64:91:b4:d9:be:
                    d8:c1:4a:0d:b8:5f:69:a7:0a:8a:e5:3d:7f:b6:a5:
                    08:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:3A:4C:FA:93:40:22:68:E3:CF:26:94:ED:85:F3:B5:AE:87:BF:75
            X509v3 Authority Key Identifier:
                keyid:3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/QzpM-pNAImjjzyaU7YXzta6Hv3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:3a:90:b2:9e:fc:ca:45:ec:ca:6d:a7:88:cf:cc:08:f6:1b:
         91:aa:fa:38:67:b7:82:1b:a7:6d:28:cc:b5:f6:35:f9:69:ea:
         38:89:a8:85:f4:d4:20:bc:bb:e9:37:b7:7b:d9:fe:ee:ba:bc:
         40:7b:78:c3:fd:90:75:30:09:dc:0b:04:e5:2c:cb:f1:a4:16:
         96:a0:0e:47:ec:e6:45:1c:6c:bf:f6:67:a2:81:7f:76:c0:86:
         4d:e0:a2:8f:81:2e:01:26:02:cd:8b:5f:a0:e7:c4:bb:8f:9a:
         5e:75:6f:dc:db:d5:1a:42:b1:65:43:7a:c3:36:3b:78:86:20:
         9a:40:53:e5:f3:c7:ec:70:1d:74:24:3a:a4:f2:b6:43:e3:aa:
         43:c0:51:6c:27:60:54:e8:ea:e1:ff:c9:25:6e:70:59:7a:b1:
         8f:79:a4:73:d6:bb:e4:08:57:47:91:32:71:43:06:d7:9a:d2:
         e4:cf:54:09:a7:66:4a:75:43:7b:ca:a0:75:b7:8b:45:27:03:
         68:7c:06:ed:36:68:ee:f6:92:34:2a:be:84:49:7c:a4:b6:66:
         17:0b:4d:11:f8:0a:3c:20:a0:2f:37:dd:98:0f:8b:4e:91:68:
         64:75:be:98:bf:dd:82:03:98:fc:ca:4f:79:cb:e9:de:27:6e:
         24:5f:d5:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuS4NTT+ujo0BXNACFvCeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZDM3ZWMyMzcxOWIyZjE0MmY0NmU2ZjMzMTc2NjQwMzRh
ZGY1OTgwHhcNMjQwMTAxMjAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzNhNGNmYTkzNDAyMjY4ZTNjZjI2OTRlZDg1ZjNiNWFlODdiZjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzH87zL8DgVhhmJjrmGdx8av1yKb
P0Xe+TXqtgcmEgJfCyhKGypSgmogGv52Mwbhcc53sBmu+Hpuril+1JHdhjvRaCW3
Wu1dOPcyGLf0aiiEJwDjIyjQqsf/Y2InCraurfWCWH2Jru6aFZU4+EQr/De5PEny
348/5pNp3eQQIjoj0nNcf08WCkomGWKH75X8egCWJs/AL8QjgZAwDsnMI8p1ovmV
ABKQ0b5h6EPKS3OpIXLsnET7HyNot5Zb4C54AWyeZrrYoeVcQweN0B4sAKVf36P7
oes+7mi7xQwh+9SbfZR2QtMXMW5DZJG02b7YwUoNuF9ppwqK5T1/tqUI+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEM6TPqTQCJo488mlO2F87Wuh791MB8GA1UdIwQY
MBaAFDzTfsI3GbLxQvRubzMXZkA0rfWYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYt
YTkzODhmMzFiNDdlLzEvUXpwTS1wTkFJbWpqenlhVTdZWHp0YTZIdjNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYtYTkzODhmMzFiNDdl
LzEvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuarsMA0G
CSqGSIb3DQEBCwUAA4IBAQBpOpCynvzKRezKbaeIz8wI9huRqvo4Z7eCG6dtKMy1
9jX5aeo4iaiF9NQgvLvpN7d72f7uurxAe3jD/ZB1MAncCwTlLMvxpBaWoA5H7OZF
HGy/9meigX92wIZN4KKPgS4BJgLNi1+g58S7j5pedW/c29UaQrFlQ3rDNjt4hiCa
QFPl88fscB10JDqk8rZD46pDwFFsJ2BU6Orh/8klbnBZerGPeaRz1rvkCFdHkTJx
QwbXmtLkz1QJp2ZKdUN7yqB1t4tFJwNofAbtNmju9pI0Kr6ESXyktmYXC00R+Ao8
IKAvN92YD4tOkWhkdb6Yv92CA5j8yk95y+neJ24kX9V8
-----END CERTIFICATE-----