Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/85d097-0153-4902-af7a-b8c331a848aa/1/6qQ3IStxm87jE8bCMDlCUF4KBRY.roa
File:                     6qQ3IStxm87jE8bCMDlCUF4KBRY.roa (raw, json)
Hash identifier:          sYQNNf9sRQ2gKmZTiuUaNyBqO4ZTPPJidtlH0sPrfL4=
Subject key identifier:   EA:A4:37:21:2B:71:9B:CE:E3:13:C6:C2:30:39:42:50:5E:0A:05:16
Certificate issuer:       /CN=a84471a66f7907107e4534716bfa4208d406969f
Certificate serial:       018CC94AD185D4BCF7A63E8428339D4AD987
Authority key identifier: A8:44:71:A6:6F:79:07:10:7E:45:34:71:6B:FA:42:08:D4:06:96:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qERxpm95BxB-RTRxa_pCCNQGlp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/85d097-0153-4902-af7a-b8c331a848aa/1/6qQ3IStxm87jE8bCMDlCUF4KBRY.roa
Signing time:             Tue 02 Jan 2024 08:29:32 +0000
ROA not before:           Tue 02 Jan 2024 08:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198153
IP address blocks:        185.197.0.0/22 maxlen: 22
                          79.98.64.0/21 maxlen: 30
                          2a03:ad80::/32 maxlen: 126

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/85d097-0153-4902-af7a-b8c331a848aa/1/qERxpm95BxB-RTRxa_pCCNQGlp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/85d097-0153-4902-af7a-b8c331a848aa/1/qERxpm95BxB-RTRxa_pCCNQGlp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qERxpm95BxB-RTRxa_pCCNQGlp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 14:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:d1:85:d4:bc:f7:a6:3e:84:28:33:9d:4a:d9:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a84471a66f7907107e4534716bfa4208d406969f
        Validity
            Not Before: Jan  2 08:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eaa437212b719bcee313c6c2303942505e0a0516
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2f:f6:20:e8:18:d8:fc:4d:07:d2:5e:70:1f:
                    36:31:4f:cf:a3:4e:31:9b:cf:3e:04:bb:a0:9e:37:
                    5e:20:c6:a5:fb:2e:8a:63:29:39:5b:84:1f:f5:ee:
                    e0:1a:0e:0a:0f:07:3c:99:fd:74:c9:22:16:21:92:
                    3d:dc:5f:94:cc:73:91:69:36:39:f0:26:4d:af:f8:
                    5d:a8:ad:73:55:a0:42:14:a6:30:91:cc:82:8c:dc:
                    f2:39:34:b2:f6:df:fb:90:a7:a6:98:2e:db:ca:80:
                    84:43:ec:06:9d:09:c0:59:ff:33:b2:b6:b8:94:1a:
                    16:72:11:b9:47:98:92:cc:b2:93:df:e1:4e:00:e1:
                    6b:cd:30:d6:50:99:8a:fb:84:b8:a4:29:b1:32:8f:
                    45:16:6a:19:43:58:89:9b:29:3c:94:bb:bd:ff:1a:
                    89:d3:37:71:73:6d:34:66:7c:5f:f7:8e:ae:80:09:
                    9b:a5:b4:30:0d:78:3c:c3:7a:56:c2:92:89:da:24:
                    cd:f3:9d:6f:08:9f:77:22:ce:e6:9e:6e:67:b3:cb:
                    a3:da:90:bf:b6:e1:36:35:2c:d1:6e:00:eb:7d:1b:
                    4b:e3:20:ee:7f:72:99:1b:15:c2:ac:f8:44:89:3a:
                    63:8c:08:92:44:99:2c:31:69:51:21:0d:4a:d4:1b:
                    34:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:A4:37:21:2B:71:9B:CE:E3:13:C6:C2:30:39:42:50:5E:0A:05:16
            X509v3 Authority Key Identifier:
                keyid:A8:44:71:A6:6F:79:07:10:7E:45:34:71:6B:FA:42:08:D4:06:96:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qERxpm95BxB-RTRxa_pCCNQGlp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/85d097-0153-4902-af7a-b8c331a848aa/1/6qQ3IStxm87jE8bCMDlCUF4KBRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/85d097-0153-4902-af7a-b8c331a848aa/1/qERxpm95BxB-RTRxa_pCCNQGlp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.98.64.0/21
                  185.197.0.0/22
                IPv6:
                  2a03:ad80::/32

    Signature Algorithm: sha256WithRSAEncryption
         bc:94:36:03:a2:1b:78:35:8c:1f:85:30:9c:a6:d0:ee:b8:83:
         d1:1e:6f:ab:02:3a:09:93:ac:76:17:45:ee:e6:9c:47:66:bb:
         43:4b:06:46:92:ce:5e:33:e8:8a:1e:47:90:25:61:1c:be:09:
         52:91:d8:3d:07:31:11:05:d9:2e:0b:75:dc:42:ac:79:7e:5f:
         f9:59:44:ac:ca:54:4c:78:f8:1a:fb:56:79:6f:f3:c5:67:82:
         43:4a:70:c5:79:fa:e2:6f:5b:d7:b3:b6:fd:24:a0:f6:54:c1:
         91:be:c5:b3:9a:7c:c3:3c:10:60:dc:8a:08:b8:2e:d3:63:21:
         c2:fd:9c:41:44:a8:25:22:b2:0e:92:e7:03:5c:c6:a4:87:1f:
         b0:ae:34:24:37:61:2d:50:a9:ba:d9:a7:74:a0:dd:9f:73:76:
         a9:1f:6f:3e:f3:9d:78:5d:55:cc:fc:fd:8d:2c:81:78:34:8e:
         ce:e9:1b:84:ac:a8:32:92:54:84:d9:08:cb:44:e7:b5:bd:f6:
         2e:a1:96:8d:26:e4:36:15:e6:8e:63:41:da:d2:e4:3c:67:7f:
         c3:59:79:fb:78:af:00:af:60:e2:b2:54:72:4d:d1:b9:a5:ae:
         93:0a:c0:27:50:8d:4c:71:6d:23:77:02:32:9a:36:a8:09:d0:
         87:a6:23:9b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJStGF1Lz3pj6EKDOdStmHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDQ3MWE2NmY3OTA3MTA3ZTQ1MzQ3MTZiZmE0MjA4ZDQw
Njk2OWYwHhcNMjQwMTAyMDgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWE0MzcyMTJiNzE5YmNlZTMxM2M2YzIzMDM5NDI1MDVlMGEwNTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqy/2IOgY2PxNB9JecB82MU/Po04x
m88+BLugnjdeIMal+y6KYyk5W4Qf9e7gGg4KDwc8mf10ySIWIZI93F+UzHORaTY5
8CZNr/hdqK1zVaBCFKYwkcyCjNzyOTSy9t/7kKemmC7byoCEQ+wGnQnAWf8zsra4
lBoWchG5R5iSzLKT3+FOAOFrzTDWUJmK+4S4pCmxMo9FFmoZQ1iJmyk8lLu9/xqJ
0zdxc200Znxf946ugAmbpbQwDXg8w3pWwpKJ2iTN851vCJ93Is7mnm5ns8uj2pC/
tuE2NSzRbgDrfRtL4yDuf3KZGxXCrPhEiTpjjAiSRJksMWlRIQ1K1Bs0HwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOqkNyErcZvO4xPGwjA5QlBeCgUWMB8GA1UdIwQY
MBaAFKhEcaZveQcQfkU0cWv6QgjUBpafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVSeHBtOTVCeEItUlRSeGFfcENDTlFHbHA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC84NWQwOTctMDE1My00OTAyLWFmN2Et
YjhjMzMxYTg0OGFhLzEvNnFRM0lTdHhtODdqRThiQ01EbENVRjRLQlJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC84NWQwOTctMDE1My00OTAyLWFmN2EtYjhjMzMxYTg0OGFh
LzEvcUVSeHBtOTVCeEItUlRSeGFfcENDTlFHbHA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDT2JAAwQC
ucUAMA0EAgACMAcDBQAqA62AMA0GCSqGSIb3DQEBCwUAA4IBAQC8lDYDoht4NYwf
hTCcptDuuIPRHm+rAjoJk6x2F0Xu5pxHZrtDSwZGks5eM+iKHkeQJWEcvglSkdg9
BzERBdkuC3XcQqx5fl/5WUSsylRMePga+1Z5b/PFZ4JDSnDFefrib1vXs7b9JKD2
VMGRvsWzmnzDPBBg3IoIuC7TYyHC/ZxBRKglIrIOkucDXMakhx+wrjQkN2EtUKm6
2ad0oN2fc3apH28+8514XVXM/P2NLIF4NI7O6RuErKgyklSE2QjLROe1vfYuoZaN
JuQ2FeaOY0Ha0uQ8Z3/DWXn7eK8Ar2DislRyTdG5pa6TCsAnUI1McW0jdwIymjao
CdCHpiOb
-----END CERTIFICATE-----