Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/rQDiDyBnQ1S9iL-K8jsKPH_kYpU.roa
File:                     rQDiDyBnQ1S9iL-K8jsKPH_kYpU.roa (raw, json)
Hash identifier:          MQMjbW3QfpLT+eChO4vxBTu1oW6ETezdM/KGvQHT1js=
Subject key identifier:   AD:00:E2:0F:20:67:43:54:BD:88:BF:8A:F2:3B:0A:3C:7F:E4:62:95
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018DC5AA2C9CD69BA923A2DCEAB2B5C40ACC
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/rQDiDyBnQ1S9iL-K8jsKPH_kYpU.roa
Signing time:             Tue 20 Feb 2024 08:38:00 +0000
ROA not before:           Tue 20 Feb 2024 08:38:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215655
IP address blocks:        194.60.228.0/24 maxlen: 24
                          194.60.229.0/24 maxlen: 24
                          194.60.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 15:42:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c5:aa:2c:9c:d6:9b:a9:23:a2:dc:ea:b2:b5:c4:0a:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Feb 20 08:38:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad00e20f20674354bd88bf8af23b0a3c7fe46295
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:c8:90:16:3e:26:e6:1f:8a:17:5e:5f:44:19:
                    63:a6:12:a6:e4:ac:1e:e5:47:76:56:61:67:cd:5c:
                    21:85:3f:84:4c:25:6b:1d:9f:97:e3:81:a0:bb:84:
                    7a:eb:8a:13:b3:5f:41:67:71:b6:df:b5:b5:fc:40:
                    b4:b7:c8:5c:76:f8:e8:e5:26:5b:7d:fb:70:cd:36:
                    e1:c6:82:af:a9:e1:9b:1a:c1:df:11:3c:35:2d:94:
                    eb:18:a0:9e:31:18:03:b9:6f:37:a7:dc:36:09:42:
                    85:a0:26:30:bf:a4:a0:44:ac:62:91:d8:1e:8d:34:
                    40:88:fc:68:f9:3d:7e:82:1f:42:7c:05:a6:79:ad:
                    17:0d:3d:98:54:f0:e3:96:e7:15:1a:4b:9c:f1:c7:
                    dc:ab:77:60:b3:17:53:fc:3f:c8:e3:6a:08:b4:e0:
                    c1:20:55:76:85:4d:75:89:89:e2:e3:fd:b4:c1:05:
                    3a:3d:b6:33:d8:9e:90:00:9f:33:8e:bf:5e:49:7e:
                    f5:6e:ea:f2:7a:90:e3:5b:64:c9:5b:86:4f:6e:fb:
                    56:96:33:28:25:ba:c4:b5:41:0a:39:ef:6b:f5:cb:
                    43:90:8a:5e:2b:da:4d:b3:bc:0e:d8:90:fd:0e:a1:
                    d1:0c:19:69:20:68:cf:15:28:6e:cd:72:23:e3:a8:
                    f4:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:00:E2:0F:20:67:43:54:BD:88:BF:8A:F2:3B:0A:3C:7F:E4:62:95
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/rQDiDyBnQ1S9iL-K8jsKPH_kYpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.228.0-194.60.230.255

    Signature Algorithm: sha256WithRSAEncryption
         92:76:a4:13:67:a8:c3:f5:6d:47:c9:f1:16:88:5f:d1:2a:53:
         03:4b:2e:b4:93:51:c6:30:fe:dc:e7:96:79:40:6b:7d:c0:ee:
         b9:05:9a:ab:d8:7c:b4:a7:9c:b4:37:17:79:41:91:99:08:01:
         55:86:38:3d:6d:76:cd:be:25:7d:05:84:65:83:7b:5a:53:ee:
         32:6b:b1:da:6f:75:a4:41:ba:6f:5a:3a:e8:37:a8:8f:17:cf:
         92:7a:4e:94:14:f3:1b:a8:7b:66:3c:82:6a:c5:c8:50:3e:1b:
         16:ca:23:cd:87:da:22:b3:29:91:58:cb:9f:0e:29:b6:58:1c:
         f8:ea:4f:9e:40:83:c5:d1:cb:b2:da:fc:dd:2d:e4:77:ef:28:
         57:00:6c:ab:af:b0:44:b3:72:01:ce:2f:59:de:dc:d5:51:75:
         0d:c6:d1:07:c7:65:11:4f:58:e9:b4:6b:a8:da:cc:c8:34:bb:
         6a:60:59:6a:ae:7e:51:d4:90:d2:73:12:3e:c0:cc:6d:96:52:
         29:bd:51:62:07:92:d7:35:47:b0:32:6a:38:a7:a6:b8:35:f2:
         3e:d1:f8:fc:0a:c3:5c:7e:a8:49:38:69:e8:18:a3:4c:6c:24:
         9e:1d:b0:06:2e:06:1f:95:a7:5d:bb:44:28:54:77:c1:4a:23:
         80:30:c5:58
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY3Fqiyc1pupI6Lc6rK1xArMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwMjIwMDgzODAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDAwZTIwZjIwNjc0MzU0YmQ4OGJmOGFmMjNiMGEzYzdmZTQ2Mjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiciQFj4m5h+KF15fRBljphKm5Kwe
5Ud2VmFnzVwhhT+ETCVrHZ+X44Ggu4R664oTs19BZ3G237W1/EC0t8hcdvjo5SZb
fftwzTbhxoKvqeGbGsHfETw1LZTrGKCeMRgDuW83p9w2CUKFoCYwv6SgRKxikdge
jTRAiPxo+T1+gh9CfAWmea0XDT2YVPDjlucVGkuc8cfcq3dgsxdT/D/I42oItODB
IFV2hU11iYni4/20wQU6PbYz2J6QAJ8zjr9eSX71buryepDjW2TJW4ZPbvtWljMo
JbrEtUEKOe9r9ctDkIpeK9pNs7wO2JD9DqHRDBlpIGjPFShuzXIj46j0XwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFK0A4g8gZ0NUvYi/ivI7Cjx/5GKVMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvclFEaUR5Qm5RMVM5aUwtSzhqc0tQSF9rWXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALCPOQD
BADCPOYwDQYJKoZIhvcNAQELBQADggEBAJJ2pBNnqMP1bUfJ8RaIX9EqUwNLLrST
UcYw/tznlnlAa33A7rkFmqvYfLSnnLQ3F3lBkZkIAVWGOD1tds2+JX0FhGWDe1pT
7jJrsdpvdaRBum9aOug3qI8Xz5J6TpQU8xuoe2Y8gmrFyFA+GxbKI82H2iKzKZFY
y58OKbZYHPjqT55Ag8XRy7La/N0t5HfvKFcAbKuvsESzcgHOL1ne3NVRdQ3G0QfH
ZRFPWOm0a6jazMg0u2pgWWquflHUkNJzEj7AzG2WUim9UWIHktc1R7Ayajinprg1
8j7R+PwKw1x+qEk4aegYo0xsJJ4dsAYuBh+Vp127RChUd8FKI4AwxVg=
-----END CERTIFICATE-----