Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/qkPUpv7EfEa1hjo6XLc5ctcVzzQ.roa
File:                     qkPUpv7EfEa1hjo6XLc5ctcVzzQ.roa (raw, json)
Hash identifier:          dYy2Lk7HPK9Qpo+/Lqr3ZkTjKF3m9HvL3gnPpmZ5lzA=
Subject key identifier:   AA:43:D4:A6:FE:C4:7C:46:B5:86:3A:3A:5C:B7:39:72:D7:15:CF:34
Certificate issuer:       /CN=52056867e4d2885e99b549ed6fb786330adf8f44
Certificate serial:       018CC424CBFF72BD348F23D669BF2E3F09F3
Authority key identifier: 52:05:68:67:E4:D2:88:5E:99:B5:49:ED:6F:B7:86:33:0A:DF:8F:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/qkPUpv7EfEa1hjo6XLc5ctcVzzQ.roa
Signing time:             Mon 01 Jan 2024 08:29:55 +0000
ROA not before:           Mon 01 Jan 2024 08:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30876
IP address blocks:        213.180.156.0/23 maxlen: 23
                          213.180.156.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:cb:ff:72:bd:34:8f:23:d6:69:bf:2e:3f:09:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52056867e4d2885e99b549ed6fb786330adf8f44
        Validity
            Not Before: Jan  1 08:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa43d4a6fec47c46b5863a3a5cb73972d715cf34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:fb:8b:3c:7b:fa:6c:2f:47:52:42:58:5a:bd:
                    ab:0a:1f:c2:67:69:ac:38:9d:e5:d5:c6:ee:21:11:
                    64:13:70:69:90:ab:f3:be:8f:a4:c5:d0:d5:eb:be:
                    2e:6f:19:36:b4:a4:5b:de:a8:02:6c:ff:99:f3:7e:
                    44:25:a1:22:ca:24:98:62:e0:e0:fc:e6:90:ac:b3:
                    29:80:5e:16:f3:b0:c9:04:65:60:9f:7b:21:6c:db:
                    d2:e4:a3:c3:62:8b:64:e6:a2:b7:e6:70:0a:52:a2:
                    9f:79:13:03:a0:9f:8e:62:b9:6c:77:f9:86:17:0e:
                    e1:38:fd:a3:fc:af:3d:d3:0e:0f:1e:00:eb:87:15:
                    b4:54:a7:34:da:dd:d7:9c:8d:df:17:ee:da:51:69:
                    bf:05:f4:f5:21:c0:11:ef:88:a8:9d:e8:ab:64:72:
                    5c:05:ac:53:12:b3:1c:23:76:80:fe:25:69:0a:e2:
                    27:d6:23:1e:f4:dc:f5:e5:e0:bc:d4:92:10:98:9a:
                    15:1c:9e:6c:d7:0f:e9:f3:0a:68:ec:7f:21:dc:b0:
                    63:c0:05:cf:dc:54:16:b5:9c:43:6f:f6:f7:16:ad:
                    c1:06:d8:8c:49:e8:90:e7:ea:ed:b5:bf:b6:d1:f6:
                    db:3a:83:7d:6d:04:1a:f3:16:64:95:89:c5:90:62:
                    1c:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:43:D4:A6:FE:C4:7C:46:B5:86:3A:3A:5C:B7:39:72:D7:15:CF:34
            X509v3 Authority Key Identifier:
                keyid:52:05:68:67:E4:D2:88:5E:99:B5:49:ED:6F:B7:86:33:0A:DF:8F:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/qkPUpv7EfEa1hjo6XLc5ctcVzzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.180.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:81:4b:1a:c0:93:23:e0:52:06:32:5c:03:34:74:c6:70:70:
         07:0d:8d:ff:63:68:8e:a0:61:5b:56:1b:7c:5f:cc:24:c4:5a:
         04:da:c6:18:17:d1:77:5c:71:7b:6d:a9:ad:20:f4:1a:24:f1:
         bd:fa:60:43:5f:bf:a9:1b:e8:65:ba:b1:f6:dd:35:56:5e:54:
         ce:04:9b:e5:b0:b3:52:c7:cb:0e:25:46:fa:cd:51:db:ea:7a:
         b7:ae:02:c8:3f:12:4f:e6:be:a4:80:4c:b8:38:a4:60:17:dc:
         ac:e0:f0:b1:6d:b8:84:44:71:e8:44:45:e2:b8:66:93:67:83:
         e2:d4:ea:55:e0:0c:99:51:b0:fb:02:6d:40:f1:c0:be:44:dd:
         bf:76:7e:1c:63:b4:18:13:20:8c:4a:07:87:06:a3:aa:56:5e:
         83:58:37:43:19:c5:9d:55:36:56:25:ce:e5:7c:32:d4:1f:55:
         9e:7e:d5:39:d2:f4:bd:74:5a:9b:ee:2d:d0:93:86:20:d9:8a:
         38:9c:51:23:b8:68:cc:9d:26:23:76:31:0e:67:5f:62:ba:b3:
         be:62:f7:8f:85:ea:76:da:81:db:85:19:7b:01:e7:e1:d5:8f:
         03:5b:bd:f6:c8:0f:56:c2:10:aa:69:97:39:9e:77:66:69:74:
         d9:7d:fd:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJMv/cr00jyPWab8uPwnzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMDU2ODY3ZTRkMjg4NWU5OWI1NDllZDZmYjc4NjMzMGFk
ZjhmNDQwHhcNMjQwMTAxMDgyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTQzZDRhNmZlYzQ3YzQ2YjU4NjNhM2E1Y2I3Mzk3MmQ3MTVjZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/uLPHv6bC9HUkJYWr2rCh/CZ2ms
OJ3l1cbuIRFkE3BpkKvzvo+kxdDV674ubxk2tKRb3qgCbP+Z835EJaEiyiSYYuDg
/OaQrLMpgF4W87DJBGVgn3shbNvS5KPDYotk5qK35nAKUqKfeRMDoJ+OYrlsd/mG
Fw7hOP2j/K890w4PHgDrhxW0VKc02t3XnI3fF+7aUWm/BfT1IcAR74ioneirZHJc
BaxTErMcI3aA/iVpCuIn1iMe9Nz15eC81JIQmJoVHJ5s1w/p8wpo7H8h3LBjwAXP
3FQWtZxDb/b3Fq3BBtiMSeiQ5+rttb+20fbbOoN9bQQa8xZklYnFkGIcWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpD1Kb+xHxGtYY6Oly3OXLXFc80MB8GA1UdIwQY
MBaAFFIFaGfk0ohembVJ7W+3hjMK349EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWdWb1otVFNpRjZadFVudGI3ZUdNd3JmajBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9iMjdkNDUtMDhjYy00N2ExLWFjNWEt
NWY0ODM2MDgzYTMwLzEvcWtQVXB2N0VmRWExaGpvNlhMYzVjdGNWenpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9iMjdkNDUtMDhjYy00N2ExLWFjNWEtNWY0ODM2MDgzYTMw
LzEvVWdWb1otVFNpRjZadFVudGI3ZUdNd3JmajBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1bScMA0G
CSqGSIb3DQEBCwUAA4IBAQCUgUsawJMj4FIGMlwDNHTGcHAHDY3/Y2iOoGFbVht8
X8wkxFoE2sYYF9F3XHF7bamtIPQaJPG9+mBDX7+pG+hlurH23TVWXlTOBJvlsLNS
x8sOJUb6zVHb6nq3rgLIPxJP5r6kgEy4OKRgF9ys4PCxbbiERHHoREXiuGaTZ4Pi
1OpV4AyZUbD7Am1A8cC+RN2/dn4cY7QYEyCMSgeHBqOqVl6DWDdDGcWdVTZWJc7l
fDLUH1WeftU50vS9dFqb7i3Qk4Yg2Yo4nFEjuGjMnSYjdjEOZ19iurO+YvePhep2
2oHbhRl7Aefh1Y8DW732yA9WwhCqaZc5nndmaXTZff3R
-----END CERTIFICATE-----