Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/qcHScd_8o7rK5YSXpZO5VVvs8uI.roa
File:                     qcHScd_8o7rK5YSXpZO5VVvs8uI.roa (raw, json)
Hash identifier:          SIDRUPvlGd1NDdzDCtFkJISj+UvEcsi+qhg69RyZo8U=
Subject key identifier:   A9:C1:D2:71:DF:FC:A3:BA:CA:E5:84:97:A5:93:B9:55:5B:EC:F2:E2
Certificate issuer:       /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial:       018DAC54E7A4338BC6C6A87C1A2102F10A1C
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/qcHScd_8o7rK5YSXpZO5VVvs8uI.roa
Signing time:             Thu 15 Feb 2024 10:34:21 +0000
ROA not before:           Thu 15 Feb 2024 10:34:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198154
IP address blocks:        46.36.100.0/24 maxlen: 24
                          46.36.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:54:e7:a4:33:8b:c6:c6:a8:7c:1a:21:02:f1:0a:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
        Validity
            Not Before: Feb 15 10:34:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9c1d271dffca3bacae58497a593b9555becf2e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:26:58:ce:07:5e:6b:83:1c:51:96:50:6e:89:
                    90:99:77:be:79:9a:a4:e0:58:c0:f2:df:24:a8:14:
                    7c:d1:12:b9:c6:2e:e9:29:4a:2a:9f:f3:67:94:d6:
                    77:a9:f7:20:00:40:6d:87:b5:5d:f1:0b:fc:77:3f:
                    37:f5:b9:75:94:ad:82:66:a6:35:b1:23:dc:16:57:
                    b2:d7:11:70:3c:da:1d:2e:76:a2:6b:df:67:6b:7c:
                    c9:de:1e:13:6f:23:58:80:a0:ea:37:57:d8:3d:c8:
                    76:01:cd:da:8b:53:62:1b:fd:1c:60:2f:81:6b:7f:
                    91:1b:e5:7b:f7:aa:83:f8:ff:ee:e2:f4:c8:73:f1:
                    79:af:98:b3:10:a7:32:b0:af:67:02:ae:b0:a1:a9:
                    33:24:e2:80:9e:4b:94:4b:ab:6f:cd:84:82:6f:71:
                    ae:37:ff:15:1d:80:b6:59:07:4c:59:11:35:74:ad:
                    a0:bf:2a:ac:06:67:f9:59:56:f4:f6:9b:d4:ff:e3:
                    4c:55:d1:ca:f1:bd:48:fd:2c:a1:42:83:ea:ef:a9:
                    63:3a:a0:b6:74:2c:2f:5c:8c:cf:7f:51:ba:63:ae:
                    2d:8d:9d:b1:fe:3d:d7:23:6b:4a:ed:2f:47:1f:0f:
                    8c:9f:3b:0e:c5:95:1c:27:0c:a5:a0:a3:ed:7f:a4:
                    49:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:C1:D2:71:DF:FC:A3:BA:CA:E5:84:97:A5:93:B9:55:5B:EC:F2:E2
            X509v3 Authority Key Identifier:
                keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/qcHScd_8o7rK5YSXpZO5VVvs8uI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.100.0/24
                  46.36.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:20:44:09:fa:fa:8c:b2:0f:8d:02:5a:53:72:21:66:ae:5b:
         75:22:12:2a:da:69:40:48:4b:7b:8b:0d:1a:67:c9:55:7d:82:
         8d:1b:e8:1e:c7:70:a4:60:4d:8c:67:86:db:2a:d8:0a:f5:47:
         51:a7:a8:31:92:6a:d3:f3:6c:90:4c:f1:fd:77:18:b1:05:ea:
         8a:21:c2:97:d7:c2:7c:0b:1c:f5:3b:b2:2c:8c:15:40:d2:94:
         70:33:6b:e2:a5:8b:7e:bb:35:db:eb:71:7e:49:ef:3f:69:bf:
         8b:e8:58:a3:e9:54:c2:fd:ee:b6:19:19:09:b2:ff:cd:3f:17:
         38:e0:de:04:5c:f5:52:b3:61:d0:ae:ef:74:4c:af:b2:bd:b4:
         78:84:92:fe:e6:6c:2a:03:33:ee:1c:71:83:26:85:31:0f:e0:
         3a:29:66:19:ee:e7:5b:e8:5c:e0:31:a4:04:79:bb:b7:f4:14:
         4a:67:e6:97:02:6e:1b:c2:d0:21:05:ff:c4:21:65:b8:36:3e:
         08:20:c9:1c:0e:e3:49:88:a9:c8:9b:88:08:9e:11:ed:6d:35:
         5f:d1:3b:d0:ba:3e:21:3e:ab:67:ec:41:bf:46:85:d8:70:ae:
         6c:da:cd:b3:10:5d:e1:6b:2c:8a:4a:54:18:be:21:da:bb:6a:
         3b:2d:ef:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2sVOekM4vGxqh8GiEC8QocMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjQwMjE1MTAzNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWMxZDI3MWRmZmNhM2JhY2FlNTg0OTdhNTkzYjk1NTViZWNmMmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiZYzgdea4McUZZQbomQmXe+eZqk
4FjA8t8kqBR80RK5xi7pKUoqn/NnlNZ3qfcgAEBth7Vd8Qv8dz839bl1lK2CZqY1
sSPcFley1xFwPNodLnaia99na3zJ3h4TbyNYgKDqN1fYPch2Ac3ai1NiG/0cYC+B
a3+RG+V796qD+P/u4vTIc/F5r5izEKcysK9nAq6woakzJOKAnkuUS6tvzYSCb3Gu
N/8VHYC2WQdMWRE1dK2gvyqsBmf5WVb09pvU/+NMVdHK8b1I/SyhQoPq76ljOqC2
dCwvXIzPf1G6Y64tjZ2x/j3XI2tK7S9HHw+MnzsOxZUcJwyloKPtf6RJVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKnB0nHf/KO6yuWEl6WTuVVb7PLiMB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvcWNIU2NkXzhvN3JLNVlTWHBaTzVWVnZzOHVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiRkAwQA
LiRmMA0GCSqGSIb3DQEBCwUAA4IBAQAgIEQJ+vqMsg+NAlpTciFmrlt1IhIq2mlA
SEt7iw0aZ8lVfYKNG+gex3CkYE2MZ4bbKtgK9UdRp6gxkmrT82yQTPH9dxixBeqK
IcKX18J8Cxz1O7IsjBVA0pRwM2vipYt+uzXb63F+Se8/ab+L6Fij6VTC/e62GRkJ
sv/NPxc44N4EXPVSs2HQru90TK+yvbR4hJL+5mwqAzPuHHGDJoUxD+A6KWYZ7udb
6FzgMaQEebu39BRKZ+aXAm4bwtAhBf/EIWW4Nj4IIMkcDuNJiKnIm4gInhHtbTVf
0TvQuj4hPqtn7EG/RoXYcK5s2s2zEF3hayyKSlQYviHau2o7Le8o
-----END CERTIFICATE-----