Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/qjDbsdJJ4B0hvhs4zKkI-qZbh0A.roa
File:                     qjDbsdJJ4B0hvhs4zKkI-qZbh0A.roa (raw, json)
Hash identifier:          RtCwlzgLZNN+KXLOJ09ilP/0bRCp3GWD5ykRCZU0PPE=
Subject key identifier:   AA:30:DB:B1:D2:49:E0:1D:21:BE:1B:38:CC:A9:08:FA:A6:5B:87:40
Certificate issuer:       /CN=307d887c02e07c9e474d1f8e21049caa6ce3fbd3
Certificate serial:       018CC425307E1A49A5B52E71856435ACABB1
Authority key identifier: 30:7D:88:7C:02:E0:7C:9E:47:4D:1F:8E:21:04:9C:AA:6C:E3:FB:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/qjDbsdJJ4B0hvhs4zKkI-qZbh0A.roa
Signing time:             Mon 01 Jan 2024 08:30:20 +0000
ROA not before:           Mon 01 Jan 2024 08:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209479
IP address blocks:        85.14.154.0/23 maxlen: 23
                          217.171.24.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:30:7e:1a:49:a5:b5:2e:71:85:64:35:ac:ab:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307d887c02e07c9e474d1f8e21049caa6ce3fbd3
        Validity
            Not Before: Jan  1 08:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa30dbb1d249e01d21be1b38cca908faa65b8740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:19:99:b4:f2:c2:12:1c:05:85:3a:a9:ac:12:
                    82:5a:72:eb:f2:7a:85:87:2d:a5:22:57:ac:db:c1:
                    c9:ab:1a:e8:4d:12:74:bc:4c:d0:91:11:bc:a1:ca:
                    a5:bf:7b:b5:41:92:56:57:15:97:cc:3b:f3:df:40:
                    84:fb:fc:2e:f1:b2:e5:d2:cc:bc:bd:65:8c:ad:c5:
                    15:84:50:3e:36:56:75:ae:9c:49:04:c4:07:76:e3:
                    94:93:93:73:f5:86:c4:2b:a2:50:12:9a:da:3b:ea:
                    5e:26:73:12:d7:65:96:f6:8b:67:9c:78:10:a9:5e:
                    8c:6b:0f:0b:eb:1c:b9:0b:8b:87:3a:19:32:5f:e5:
                    f5:93:c3:73:a1:d3:b7:89:8a:86:33:f3:4f:bc:9d:
                    59:35:5f:d5:c8:69:a4:f3:85:f9:a0:81:d7:e5:30:
                    3e:a1:ab:f5:5f:ab:03:ba:b7:51:a1:aa:7e:34:b3:
                    5d:e8:18:ce:59:5f:ca:1e:bc:b7:af:9f:b7:a3:04:
                    54:f8:73:fe:f5:3e:24:b5:f4:cf:63:08:a3:2d:d5:
                    69:2c:c5:67:6d:f4:c1:db:c9:7a:d8:c9:17:24:60:
                    3b:1b:cd:84:b4:e7:21:7b:3b:6b:f8:3b:e6:25:29:
                    05:52:c5:f1:a8:1e:54:1e:3a:f9:71:00:cb:66:3a:
                    48:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:30:DB:B1:D2:49:E0:1D:21:BE:1B:38:CC:A9:08:FA:A6:5B:87:40
            X509v3 Authority Key Identifier:
                keyid:30:7D:88:7C:02:E0:7C:9E:47:4D:1F:8E:21:04:9C:AA:6C:E3:FB:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/qjDbsdJJ4B0hvhs4zKkI-qZbh0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.14.154.0/23
                  217.171.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:38:35:03:9d:50:a6:b7:79:80:b2:cf:79:fd:99:13:2d:b1:
         7a:9f:a1:03:03:fc:3b:fc:c2:94:27:f2:b8:a5:d6:b2:1a:75:
         4d:26:b9:d1:6d:73:1e:4a:ee:48:1d:a3:0c:3f:c4:46:1a:44:
         3c:87:eb:0e:19:ba:31:9f:dc:92:0b:59:7d:f9:78:7e:06:86:
         8e:c1:e1:68:57:f1:85:39:5b:0f:87:27:e0:95:7d:fa:5f:77:
         57:63:ce:3a:38:d6:bc:95:29:07:ad:01:e6:71:32:94:8f:4c:
         68:82:57:8a:aa:78:2a:30:e1:ef:5c:8a:80:7d:31:c3:bb:ea:
         66:b4:11:93:f6:ad:12:6d:e9:e8:0b:f2:31:86:af:27:40:a4:
         bb:44:4f:99:03:49:96:1f:9b:69:48:46:b2:15:0d:da:8f:b5:
         05:00:23:99:b4:90:5b:19:d1:23:f8:3d:94:fb:60:b9:18:1e:
         4b:38:fb:27:6c:85:c8:d0:65:72:51:ae:0e:b8:53:c4:35:c8:
         ce:4c:50:d0:95:ac:16:9e:d8:42:fe:c9:6e:4f:ad:08:b9:03:
         7b:b9:ec:65:12:c9:19:f2:0a:08:bd:e8:af:7e:e0:11:5d:db:
         4e:8c:e8:7b:ba:69:d9:30:83:e0:e2:9e:39:6d:6c:4c:f0:16:
         95:17:bb:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJTB+GkmltS5xhWQ1rKuxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Q4ODdjMDJlMDdjOWU0NzRkMWY4ZTIxMDQ5Y2FhNmNl
M2ZiZDMwHhcNMjQwMTAxMDgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTMwZGJiMWQyNDllMDFkMjFiZTFiMzhjY2E5MDhmYWE2NWI4NzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRmZtPLCEhwFhTqprBKCWnLr8nqF
hy2lIles28HJqxroTRJ0vEzQkRG8ocqlv3u1QZJWVxWXzDvz30CE+/wu8bLl0sy8
vWWMrcUVhFA+NlZ1rpxJBMQHduOUk5Nz9YbEK6JQEpraO+peJnMS12WW9otnnHgQ
qV6Maw8L6xy5C4uHOhkyX+X1k8NzodO3iYqGM/NPvJ1ZNV/VyGmk84X5oIHX5TA+
oav1X6sDurdRoap+NLNd6BjOWV/KHry3r5+3owRU+HP+9T4ktfTPYwijLdVpLMVn
bfTB28l62MkXJGA7G82EtOcheztr+DvmJSkFUsXxqB5UHjr5cQDLZjpI6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKow27HSSeAdIb4bOMypCPqmW4dAMB8GA1UdIwQY
MBaAFDB9iHwC4HyeR00fjiEEnKps4/vTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUgySWZBTGdmSjVIVFItT0lRU2NxbXpqLTlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9iMjBkODMtNjEyYy00YjYyLTk3YTMt
MWE1ZTVmMTkxYmZhLzEvcWpEYnNkSko0QjBodmhzNHpLa0ktcVpiaDBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9iMjBkODMtNjEyYy00YjYyLTk3YTMtMWE1ZTVmMTkxYmZh
LzEvTUgySWZBTGdmSjVIVFItT0lRU2NxbXpqLTlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVQ6aAwQB
2asYMA0GCSqGSIb3DQEBCwUAA4IBAQCSODUDnVCmt3mAss95/ZkTLbF6n6EDA/w7
/MKUJ/K4pdayGnVNJrnRbXMeSu5IHaMMP8RGGkQ8h+sOGboxn9ySC1l9+Xh+BoaO
weFoV/GFOVsPhyfglX36X3dXY846ONa8lSkHrQHmcTKUj0xogleKqngqMOHvXIqA
fTHDu+pmtBGT9q0SbenoC/Ixhq8nQKS7RE+ZA0mWH5tpSEayFQ3aj7UFACOZtJBb
GdEj+D2U+2C5GB5LOPsnbIXI0GVyUa4OuFPENcjOTFDQlawWnthC/sluT60IuQN7
uexlEskZ8goIveivfuARXdtOjOh7umnZMIPg4p45bWxM8BaVF7vm
-----END CERTIFICATE-----