Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/QBow7vJX7fbv8FUbyo1d7zTY3vE.roa
File:                     QBow7vJX7fbv8FUbyo1d7zTY3vE.roa (raw, json)
Hash identifier:          ijoUQpj1ZT3s2bB+6buaO2r+uvdvzWd5GhwxeIag0Hc=
Subject key identifier:   40:1A:30:EE:F2:57:ED:F6:EF:F0:55:1B:CA:8D:5D:EF:34:D8:DE:F1
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018F9F5F28FACE7BFA8504D2E2D9161DA5FA
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/QBow7vJX7fbv8FUbyo1d7zTY3vE.roa
Signing time:             Wed 22 May 2024 08:16:04 +0000
ROA not before:           Wed 22 May 2024 08:16:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197537
IP address blocks:        89.251.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 22:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9f:5f:28:fa:ce:7b:fa:85:04:d2:e2:d9:16:1d:a5:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: May 22 08:16:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=401a30eef257edf6eff0551bca8d5def34d8def1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:18:b8:c2:3f:1f:0d:46:d2:ee:00:7d:91:b3:
                    96:02:fd:56:40:16:4d:4a:4a:84:2f:f7:27:66:d9:
                    2d:e5:7c:f7:23:ed:e0:eb:e7:4e:11:97:11:05:85:
                    38:8a:8e:07:ca:eb:d2:f0:e9:2f:13:b6:b8:49:91:
                    06:8b:7e:30:02:cc:68:59:df:6c:3d:dc:61:b6:b1:
                    c4:60:f1:3f:e0:25:f2:d0:42:5f:5f:bf:e8:35:b8:
                    20:6d:9b:cd:be:b9:92:6a:b7:bb:47:54:5d:3b:c5:
                    89:47:e0:68:b9:3e:a4:2a:98:a8:07:c1:90:bc:83:
                    4e:db:d2:c5:b5:3d:fb:14:16:45:fd:9e:33:bf:8c:
                    f2:58:86:d8:b9:c2:06:7f:9a:bd:23:08:7c:ba:53:
                    8c:fc:f3:86:0c:48:3a:41:63:ab:b5:39:39:2f:44:
                    73:21:89:17:34:1b:cd:0b:d6:a9:72:a3:5c:fd:b1:
                    d3:56:40:9e:fd:4e:2f:7e:85:cb:0f:84:28:9a:bf:
                    e3:7c:29:e5:87:75:47:5a:e7:f8:23:39:52:01:f7:
                    ab:6f:96:5d:f3:0b:72:08:e0:e8:91:fc:42:1c:16:
                    6c:57:94:df:24:ff:f5:ef:c4:2b:d1:cc:27:f6:96:
                    91:97:a0:13:bb:62:1c:43:11:da:88:d1:b8:78:bd:
                    d8:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:1A:30:EE:F2:57:ED:F6:EF:F0:55:1B:CA:8D:5D:EF:34:D8:DE:F1
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/QBow7vJX7fbv8FUbyo1d7zTY3vE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:6c:9e:44:8e:88:9a:ba:e7:34:8e:79:74:b0:34:b4:6c:80:
         20:8b:39:cf:37:a9:1d:7f:a7:f5:24:49:c4:7b:ff:46:01:dd:
         3e:cd:42:2f:57:d6:df:83:71:ed:b8:3f:93:09:4e:67:5d:f7:
         34:55:78:90:57:74:b9:b4:94:15:f9:6d:74:32:51:74:e9:1e:
         eb:1d:78:6b:77:ac:ee:95:56:77:61:b5:46:fe:47:60:1f:18:
         48:72:db:e0:27:2a:05:c6:cf:23:48:d4:c5:e2:92:af:64:e7:
         85:13:cf:27:6e:c3:14:80:fa:af:4a:5f:b2:8a:74:53:64:34:
         db:a5:a0:8d:4b:35:25:ee:74:0c:10:26:48:ce:74:32:98:73:
         87:1e:8a:87:87:12:92:f2:9c:be:c7:2c:18:c5:0a:56:67:eb:
         40:15:ab:13:2d:8c:ef:29:c5:28:d2:ec:b0:2d:92:40:d5:96:
         79:bb:b6:17:f3:32:e8:9c:bc:e6:83:c8:7f:ae:fc:f2:64:2b:
         66:93:95:80:11:94:b4:31:16:4c:0f:ae:17:e3:6c:77:84:fd:
         be:75:5a:72:ac:39:cb:94:19:d8:46:5f:e1:29:a7:3c:e8:64:
         de:86:4d:20:86:96:ba:d5:2d:aa:f4:9d:f6:4e:db:85:5c:60:
         40:71:52:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+fXyj6znv6hQTS4tkWHaX6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwNTIyMDgxNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDFhMzBlZWYyNTdlZGY2ZWZmMDU1MWJjYThkNWRlZjM0ZDhkZWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Bi4wj8fDUbS7gB9kbOWAv1WQBZN
SkqEL/cnZtkt5Xz3I+3g6+dOEZcRBYU4io4HyuvS8OkvE7a4SZEGi34wAsxoWd9s
PdxhtrHEYPE/4CXy0EJfX7/oNbggbZvNvrmSare7R1RdO8WJR+BouT6kKpioB8GQ
vINO29LFtT37FBZF/Z4zv4zyWIbYucIGf5q9Iwh8ulOM/POGDEg6QWOrtTk5L0Rz
IYkXNBvNC9apcqNc/bHTVkCe/U4vfoXLD4Qomr/jfCnlh3VHWuf4IzlSAferb5Zd
8wtyCODokfxCHBZsV5TfJP/178Qr0cwn9paRl6ATu2IcQxHaiNG4eL3YZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAaMO7yV+327/BVG8qNXe802N7xMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvUUJvdzd2Slg3ZmJ2OEZVYnlvMWQ3elRZM3ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsXMA0G
CSqGSIb3DQEBCwUAA4IBAQBnbJ5Ejoiauuc0jnl0sDS0bIAgiznPN6kdf6f1JEnE
e/9GAd0+zUIvV9bfg3HtuD+TCU5nXfc0VXiQV3S5tJQV+W10MlF06R7rHXhrd6zu
lVZ3YbVG/kdgHxhIctvgJyoFxs8jSNTF4pKvZOeFE88nbsMUgPqvSl+yinRTZDTb
paCNSzUl7nQMECZIznQymHOHHoqHhxKS8py+xywYxQpWZ+tAFasTLYzvKcUo0uyw
LZJA1ZZ5u7YX8zLonLzmg8h/rvzyZCtmk5WAEZS0MRZMD64X42x3hP2+dVpyrDnL
lBnYRl/hKac86GTehk0ghpa61S2q9J32TtuFXGBAcVJ0
-----END CERTIFICATE-----