Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/70d450-80e4-44f9-99f3-21bc63f165f8/1/bQGrRQYpdkn-sGYjT5ch7Xk8JqU.roa
File:                     bQGrRQYpdkn-sGYjT5ch7Xk8JqU.roa (raw, json)
Hash identifier:          BgS3NmPWcWBqzHaNBXbWmdG/EnX7PQMv1x9H+jub4nU=
Subject key identifier:   6D:01:AB:45:06:29:76:49:FE:B0:66:23:4F:97:21:ED:79:3C:26:A5
Certificate issuer:       /CN=716752b91747957dccff0e71da674f329d832de3
Certificate serial:       018CC64A0CB2C8974D1B8CD1170232A36FE1
Authority key identifier: 71:67:52:B9:17:47:95:7D:CC:FF:0E:71:DA:67:4F:32:9D:83:2D:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cWdSuRdHlX3M_w5x2mdPMp2DLeM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/70d450-80e4-44f9-99f3-21bc63f165f8/1/bQGrRQYpdkn-sGYjT5ch7Xk8JqU.roa
Signing time:             Mon 01 Jan 2024 18:29:50 +0000
ROA not before:           Mon 01 Jan 2024 18:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211937
IP address blocks:        185.230.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/70d450-80e4-44f9-99f3-21bc63f165f8/1/cWdSuRdHlX3M_w5x2mdPMp2DLeM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/70d450-80e4-44f9-99f3-21bc63f165f8/1/cWdSuRdHlX3M_w5x2mdPMp2DLeM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cWdSuRdHlX3M_w5x2mdPMp2DLeM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:0c:b2:c8:97:4d:1b:8c:d1:17:02:32:a3:6f:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=716752b91747957dccff0e71da674f329d832de3
        Validity
            Not Before: Jan  1 18:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d01ab4506297649feb066234f9721ed793c26a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:62:aa:3b:0e:51:0d:e2:56:55:3c:2d:16:83:
                    9d:d1:e5:c8:35:31:a7:b2:ca:04:30:ea:ed:5d:c3:
                    70:f9:db:79:05:89:44:72:89:44:69:c5:44:72:78:
                    dc:6f:0a:8d:4d:27:75:4a:96:a9:b5:13:01:76:4e:
                    df:f5:20:8d:2f:ba:7c:e8:90:a8:e6:c4:a8:ca:2c:
                    a8:67:01:7b:29:cc:cc:b7:e5:57:e1:51:f4:50:cd:
                    2a:95:ce:9a:ef:37:e5:b1:2d:91:40:41:24:62:85:
                    44:66:c6:cd:49:b9:31:a1:eb:1e:a2:bf:9e:71:dc:
                    e0:1f:27:8d:21:78:8e:7a:37:e1:82:d5:f5:b9:28:
                    40:ce:98:56:79:d1:e6:37:49:80:d1:79:c9:b5:25:
                    7a:ad:1d:5d:99:83:3a:ee:7a:62:39:63:0c:04:c9:
                    5b:b1:63:2a:a0:88:7f:25:a3:fa:6d:24:f0:25:8e:
                    d7:4e:b3:a0:b8:53:5a:5b:07:3a:21:a5:81:84:e9:
                    a3:69:33:41:55:c3:8e:e0:73:04:cd:a8:a0:41:46:
                    12:d4:74:88:85:5c:a9:9b:d6:b9:23:97:99:7e:bd:
                    eb:18:e4:bc:9a:92:6e:94:80:9b:df:a3:29:71:0e:
                    aa:8e:18:88:b7:c8:d6:74:29:e1:53:3b:91:e3:6b:
                    4e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:01:AB:45:06:29:76:49:FE:B0:66:23:4F:97:21:ED:79:3C:26:A5
            X509v3 Authority Key Identifier:
                keyid:71:67:52:B9:17:47:95:7D:CC:FF:0E:71:DA:67:4F:32:9D:83:2D:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cWdSuRdHlX3M_w5x2mdPMp2DLeM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/70d450-80e4-44f9-99f3-21bc63f165f8/1/bQGrRQYpdkn-sGYjT5ch7Xk8JqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/70d450-80e4-44f9-99f3-21bc63f165f8/1/cWdSuRdHlX3M_w5x2mdPMp2DLeM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:e8:5a:f1:fd:a0:83:61:11:44:e3:84:75:09:28:ea:63:65:
         27:b5:d1:25:0d:f6:55:fd:44:1a:d8:26:a8:0a:9d:d6:f2:2b:
         35:db:96:76:b8:68:0d:ea:44:3e:ed:8d:61:6a:f9:b2:c7:75:
         d7:1e:76:d5:dd:db:4b:ab:36:6c:83:e7:6a:89:bf:e9:b0:a3:
         3d:81:14:48:4c:2c:e2:60:6f:9a:30:46:1e:96:6b:90:ee:f0:
         4a:12:da:4d:25:6e:c2:57:29:aa:e9:a3:ff:f8:8a:65:7e:ce:
         31:58:7c:87:cd:0c:51:ae:2d:41:9c:a6:24:c8:d8:4b:d6:f2:
         8d:b2:f8:4d:16:2a:72:eb:34:e9:d5:52:fc:42:d3:94:1d:05:
         c6:3c:61:6c:0e:90:46:ce:17:f2:f0:d6:84:67:2a:e8:24:e3:
         d0:cd:a8:aa:bd:45:00:56:7e:56:0c:ce:cb:2e:0d:95:e9:ff:
         f3:9d:30:4f:f6:91:e1:33:84:03:b9:d9:13:f8:16:f2:06:99:
         a7:a7:6a:e7:19:0e:ff:e7:98:06:39:11:51:e5:3d:4a:94:68:
         5c:1d:4c:e7:e2:61:cd:51:a5:9c:11:c6:48:a1:c2:12:2a:15:
         b7:9e:cb:b0:d4:ab:d1:03:50:d3:a2:2d:6f:9d:85:de:e1:7c:
         24:b6:5e:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSgyyyJdNG4zRFwIyo2/hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxNjc1MmI5MTc0Nzk1N2RjY2ZmMGU3MWRhNjc0ZjMyOWQ4
MzJkZTMwHhcNMjQwMTAxMTgyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDAxYWI0NTA2Mjk3NjQ5ZmViMDY2MjM0Zjk3MjFlZDc5M2MyNmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWKqOw5RDeJWVTwtFoOd0eXINTGn
ssoEMOrtXcNw+dt5BYlEcolEacVEcnjcbwqNTSd1SpaptRMBdk7f9SCNL7p86JCo
5sSoyiyoZwF7KczMt+VX4VH0UM0qlc6a7zflsS2RQEEkYoVEZsbNSbkxoeseor+e
cdzgHyeNIXiOejfhgtX1uShAzphWedHmN0mA0XnJtSV6rR1dmYM67npiOWMMBMlb
sWMqoIh/JaP6bSTwJY7XTrOguFNaWwc6IaWBhOmjaTNBVcOO4HMEzaigQUYS1HSI
hVypm9a5I5eZfr3rGOS8mpJulICb36MpcQ6qjhiIt8jWdCnhUzuR42tO8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0Bq0UGKXZJ/rBmI0+XIe15PCalMB8GA1UdIwQY
MBaAFHFnUrkXR5V9zP8OcdpnTzKdgy3jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1dkU3VSZEhsWDNNX3c1eDJtZFBNcDJETGVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi83MGQ0NTAtODBlNC00NGY5LTk5ZjMt
MjFiYzYzZjE2NWY4LzEvYlFHclJRWXBka24tc0dZalQ1Y2g3WGs4SnFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi83MGQ0NTAtODBlNC00NGY5LTk5ZjMtMjFiYzYzZjE2NWY4
LzEvY1dkU3VSZEhsWDNNX3c1eDJtZFBNcDJETGVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuebHMA0G
CSqGSIb3DQEBCwUAA4IBAQAL6Frx/aCDYRFE44R1CSjqY2UntdElDfZV/UQa2Cao
Cp3W8is125Z2uGgN6kQ+7Y1havmyx3XXHnbV3dtLqzZsg+dqib/psKM9gRRITCzi
YG+aMEYelmuQ7vBKEtpNJW7CVymq6aP/+Iplfs4xWHyHzQxRri1BnKYkyNhL1vKN
svhNFipy6zTp1VL8QtOUHQXGPGFsDpBGzhfy8NaEZyroJOPQzaiqvUUAVn5WDM7L
Lg2V6f/znTBP9pHhM4QDudkT+BbyBpmnp2rnGQ7/55gGORFR5T1KlGhcHUzn4mHN
UaWcEcZIocISKhW3nsuw1KvRA1DToi1vnYXe4Xwktl56
-----END CERTIFICATE-----