Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/QCRFtO7YJ9HGdZAwftGrKTaa2Ss.roa
File:                     QCRFtO7YJ9HGdZAwftGrKTaa2Ss.roa (raw, json)
Hash identifier:          ihZbPKzHftxw9xZkbHXbKgpavEc4wGJh9MRi6xbhbyo=
Subject key identifier:   40:24:45:B4:EE:D8:27:D1:C6:75:90:30:7E:D1:AB:29:36:9A:D9:2B
Certificate issuer:       /CN=ad80679b96ca322bfa85500cab206c6d47412edf
Certificate serial:       018CC26D74FC57FA20EE1A72E71335B47CFA
Authority key identifier: AD:80:67:9B:96:CA:32:2B:FA:85:50:0C:AB:20:6C:6D:47:41:2E:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/QCRFtO7YJ9HGdZAwftGrKTaa2Ss.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        195.42.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:03:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:74:fc:57:fa:20:ee:1a:72:e7:13:35:b4:7c:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad80679b96ca322bfa85500cab206c6d47412edf
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=402445b4eed827d1c67590307ed1ab29369ad92b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a3:1e:4c:4d:ea:28:6d:d9:4e:c7:09:8c:6e:
                    09:e9:a3:59:71:e4:92:15:83:36:d1:7d:28:95:54:
                    82:39:ae:3d:75:df:74:d1:cb:0c:f1:40:48:69:e8:
                    54:ca:f2:3a:9f:2a:3a:76:43:97:8f:93:cd:70:db:
                    df:3c:58:9a:58:bb:41:31:8f:63:ef:29:4e:8c:3e:
                    c5:6a:79:41:4c:91:b7:b4:5b:eb:b3:07:ac:f1:91:
                    76:76:60:7e:b5:9c:31:45:fd:ee:43:65:96:83:c2:
                    fe:75:40:2f:62:16:b2:f5:e3:de:51:d5:e4:b6:d1:
                    96:7f:81:03:6b:cf:c4:43:87:67:16:c4:17:ed:72:
                    88:ff:bf:d2:bc:b1:5c:df:67:44:1a:a8:fa:f1:e3:
                    94:78:54:a4:99:fc:5c:3d:39:84:e5:3c:6d:c4:c7:
                    25:7a:25:d7:88:67:a2:47:82:ff:b2:e2:1a:18:06:
                    66:08:59:93:84:3b:da:c3:f2:30:ef:93:a5:41:20:
                    92:c0:18:16:63:2b:10:a5:29:94:ec:bd:1b:fe:5f:
                    dd:6a:3f:fb:36:c6:0b:20:1a:06:46:e9:8e:fd:47:
                    2a:4d:c2:d1:76:71:76:ec:69:0c:9e:72:10:15:ef:
                    33:32:c2:46:05:66:00:43:a4:aa:04:f7:f3:c1:c9:
                    14:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:24:45:B4:EE:D8:27:D1:C6:75:90:30:7E:D1:AB:29:36:9A:D9:2B
            X509v3 Authority Key Identifier:
                keyid:AD:80:67:9B:96:CA:32:2B:FA:85:50:0C:AB:20:6C:6D:47:41:2E:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/QCRFtO7YJ9HGdZAwftGrKTaa2Ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.42.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:c1:33:4b:13:ce:ae:e0:a5:65:a0:99:4e:52:c4:3a:83:97:
         b6:78:79:ea:5d:b8:5d:96:3b:7a:f5:c7:b0:f8:b0:29:1e:07:
         d4:be:04:e1:6b:fc:fd:11:89:7f:d8:e0:78:d1:d5:cc:62:23:
         b4:80:b6:b8:98:c8:f6:81:47:d1:c2:8f:0d:dc:6e:41:3a:7a:
         27:1c:31:8a:79:55:a6:23:43:ac:8c:24:20:88:cc:61:74:ea:
         87:b0:15:bf:fa:32:db:23:1c:4a:53:b5:8e:c4:4a:38:a5:5f:
         08:b6:84:71:45:b5:cd:a7:93:88:af:9a:0b:1c:3c:c1:1e:c6:
         c3:1e:86:60:64:84:a7:38:93:27:b4:87:ea:6c:ce:d3:c8:27:
         8a:14:67:20:73:93:97:03:1d:b9:ee:d8:9d:c5:a7:ec:1a:4f:
         f7:81:cf:14:f3:ec:30:f0:1c:a6:3f:8d:a5:16:6c:1d:82:c2:
         7a:25:a7:8d:87:0f:05:cb:ba:7d:1d:87:02:03:c7:d0:fe:04:
         ad:5c:5d:e5:d4:12:8a:ae:04:f5:9e:d7:83:04:a1:f1:82:2f:
         fa:43:de:37:83:3a:c5:8f:6d:37:a5:f9:9a:b3:b9:3b:42:5a:
         9b:f2:7b:e8:ed:c6:dc:4a:3c:5a:31:57:78:c9:33:9f:4a:92:
         a1:a5:38:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXT8V/og7hpy5xM1tHz6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkODA2NzliOTZjYTMyMmJmYTg1NTAwY2FiMjA2YzZkNDc0
MTJlZGYwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDI0NDViNGVlZDgyN2QxYzY3NTkwMzA3ZWQxYWIyOTM2OWFkOTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6MeTE3qKG3ZTscJjG4J6aNZceSS
FYM20X0olVSCOa49dd900csM8UBIaehUyvI6nyo6dkOXj5PNcNvfPFiaWLtBMY9j
7ylOjD7FanlBTJG3tFvrswes8ZF2dmB+tZwxRf3uQ2WWg8L+dUAvYhay9ePeUdXk
ttGWf4EDa8/EQ4dnFsQX7XKI/7/SvLFc32dEGqj68eOUeFSkmfxcPTmE5TxtxMcl
eiXXiGeiR4L/suIaGAZmCFmThDvaw/Iw75OlQSCSwBgWYysQpSmU7L0b/l/daj/7
NsYLIBoGRumO/UcqTcLRdnF27GkMnnIQFe8zMsJGBWYAQ6SqBPfzwckUnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAkRbTu2CfRxnWQMH7Rqyk2mtkrMB8GA1UdIwQY
MBaAFK2AZ5uWyjIr+oVQDKsgbG1HQS7fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcllCbm01YktNaXY2aFZBTXF5QnNiVWRCTHQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9hMTM5OWEtZWE2Yi00YTA5LThiNDAt
OTBjMGJkZTA5ODY5LzEvUUNSRnRPN1lKOUhHZFpBd2Z0R3JLVGFhMlNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9hMTM5OWEtZWE2Yi00YTA5LThiNDAtOTBjMGJkZTA5ODY5
LzEvcllCbm01YktNaXY2aFZBTXF5QnNiVWRCTHQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyrwMA0G
CSqGSIb3DQEBCwUAA4IBAQCPwTNLE86u4KVloJlOUsQ6g5e2eHnqXbhdljt69cew
+LApHgfUvgTha/z9EYl/2OB40dXMYiO0gLa4mMj2gUfRwo8N3G5BOnonHDGKeVWm
I0OsjCQgiMxhdOqHsBW/+jLbIxxKU7WOxEo4pV8ItoRxRbXNp5OIr5oLHDzBHsbD
HoZgZISnOJMntIfqbM7TyCeKFGcgc5OXAx257tidxafsGk/3gc8U8+ww8BymP42l
FmwdgsJ6JaeNhw8Fy7p9HYcCA8fQ/gStXF3l1BKKrgT1nteDBKHxgi/6Q943gzrF
j203pfmas7k7Qlqb8nvo7cbcSjxaMVd4yTOfSpKhpTir
-----END CERTIFICATE-----