Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/qcabB6BNdX0OT8QGSzQMsPf_pQ0.roa
File:                     qcabB6BNdX0OT8QGSzQMsPf_pQ0.roa (raw, json)
Hash identifier:          N8vt9SDB/MwNr7TS+TIwJMU2xkiHtesho91mF5R1zFA=
Subject key identifier:   A9:C6:9B:07:A0:4D:75:7D:0E:4F:C4:06:4B:34:0C:B0:F7:FF:A5:0D
Certificate issuer:       /CN=7094a425595e923c4b53b9c000aa8f19ad923f20
Certificate serial:       018CC42523D7755030F99976DA0915DAC00A
Authority key identifier: 70:94:A4:25:59:5E:92:3C:4B:53:B9:C0:00:AA:8F:19:AD:92:3F:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cJSkJVlekjxLU7nAAKqPGa2SPyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/qcabB6BNdX0OT8QGSzQMsPf_pQ0.roa
Signing time:             Mon 01 Jan 2024 08:30:17 +0000
ROA not before:           Mon 01 Jan 2024 08:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60267
IP address blocks:        185.72.15.0/24 maxlen: 24
                          193.242.164.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/cJSkJVlekjxLU7nAAKqPGa2SPyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/cJSkJVlekjxLU7nAAKqPGa2SPyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cJSkJVlekjxLU7nAAKqPGa2SPyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:23:d7:75:50:30:f9:99:76:da:09:15:da:c0:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7094a425595e923c4b53b9c000aa8f19ad923f20
        Validity
            Not Before: Jan  1 08:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9c69b07a04d757d0e4fc4064b340cb0f7ffa50d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:03:8e:f5:5b:dc:e2:b4:af:a6:7a:d9:ee:02:
                    b3:95:91:be:80:72:b6:97:3e:15:8c:67:70:88:76:
                    ee:52:5d:0b:af:a3:bb:78:7a:fe:53:b6:c9:60:24:
                    72:0d:be:80:86:ed:31:4b:e1:03:ba:ca:98:10:63:
                    b3:87:5f:04:f9:6c:57:34:e8:69:65:a0:4a:18:b5:
                    24:a1:ca:fe:f6:19:25:ea:b9:5f:88:1a:d4:a0:ec:
                    f2:e5:52:bb:4f:84:37:a0:b5:b1:44:da:b8:04:6c:
                    b8:3a:27:e9:05:25:54:a0:9a:db:c8:d7:12:9f:cc:
                    e5:7e:35:db:d1:a4:9b:41:51:f3:2d:ab:58:fd:9d:
                    ae:ef:c7:52:5e:49:f1:85:a2:98:36:cc:61:e4:1a:
                    e4:d4:0e:fa:f2:69:bc:05:8a:81:f3:44:59:e3:dd:
                    db:e4:f3:ea:2f:1c:d7:8a:d4:2b:a8:d0:91:e3:3d:
                    2d:a6:4e:93:1a:bc:10:17:a1:69:b3:1a:99:fa:3f:
                    3a:c5:7e:ec:ce:ef:8f:83:82:d3:ce:3f:5a:13:94:
                    69:c3:a4:ce:e5:81:a7:89:3c:0c:ef:f9:3a:85:17:
                    0d:a6:ce:35:ee:3c:56:79:77:11:96:17:c1:bc:55:
                    8f:c1:58:5a:e1:28:31:60:7a:6a:cb:45:4b:8a:9b:
                    0b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:C6:9B:07:A0:4D:75:7D:0E:4F:C4:06:4B:34:0C:B0:F7:FF:A5:0D
            X509v3 Authority Key Identifier:
                keyid:70:94:A4:25:59:5E:92:3C:4B:53:B9:C0:00:AA:8F:19:AD:92:3F:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cJSkJVlekjxLU7nAAKqPGa2SPyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/qcabB6BNdX0OT8QGSzQMsPf_pQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/cJSkJVlekjxLU7nAAKqPGa2SPyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.15.0/24
                  193.242.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:a6:34:9c:72:f9:04:05:a6:df:2e:6e:ce:11:2c:71:12:ce:
         3b:73:3b:99:96:e3:d4:9a:d9:f7:30:98:8f:e5:ed:c5:61:3e:
         f1:b9:90:aa:87:3d:60:9f:a0:99:c2:8d:26:5b:d8:7b:ef:b4:
         89:b8:ff:97:58:27:18:90:e6:be:20:27:69:52:52:80:98:af:
         43:20:26:a0:58:20:f9:70:4e:89:a4:c4:6f:85:10:28:f4:0b:
         19:53:b0:cf:71:4d:e4:b5:5a:b9:46:95:b8:4b:67:d2:d2:23:
         27:b8:6e:3b:e2:fb:aa:41:10:5b:e8:2b:ba:5b:c8:a0:7e:61:
         05:0d:07:df:b7:07:97:73:7f:e7:44:fc:e7:9d:97:99:3a:d8:
         09:21:03:b1:42:18:ab:e3:9b:76:14:23:2d:be:5a:26:13:27:
         47:5a:b2:84:70:b9:ff:cd:31:4a:3e:b3:5f:d6:e3:59:79:9f:
         a3:35:9c:dc:9e:ea:f0:90:d5:d3:01:63:1d:df:3a:23:de:48:
         9e:93:c6:e8:38:f8:99:8a:f1:3e:14:06:50:19:3e:5b:21:93:
         6b:4a:b7:62:d0:89:74:0d:09:a8:46:b7:69:cd:81:f2:47:0f:
         7c:3c:c7:4f:51:c1:21:37:47:60:c7:16:f3:a7:fe:9c:df:1f:
         52:67:16:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJSPXdVAw+Zl22gkV2sAKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwOTRhNDI1NTk1ZTkyM2M0YjUzYjljMDAwYWE4ZjE5YWQ5
MjNmMjAwHhcNMjQwMTAxMDgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWM2OWIwN2EwNGQ3NTdkMGU0ZmM0MDY0YjM0MGNiMGY3ZmZhNTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8AOO9Vvc4rSvpnrZ7gKzlZG+gHK2
lz4VjGdwiHbuUl0Lr6O7eHr+U7bJYCRyDb6Ahu0xS+EDusqYEGOzh18E+WxXNOhp
ZaBKGLUkocr+9hkl6rlfiBrUoOzy5VK7T4Q3oLWxRNq4BGy4OifpBSVUoJrbyNcS
n8zlfjXb0aSbQVHzLatY/Z2u78dSXknxhaKYNsxh5Brk1A768mm8BYqB80RZ493b
5PPqLxzXitQrqNCR4z0tpk6TGrwQF6FpsxqZ+j86xX7szu+Pg4LTzj9aE5Rpw6TO
5YGniTwM7/k6hRcNps417jxWeXcRlhfBvFWPwVha4SgxYHpqy0VLipsLIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKnGmwegTXV9Dk/EBks0DLD3/6UNMB8GA1UdIwQY
MBaAFHCUpCVZXpI8S1O5wACqjxmtkj8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0pTa0pWbGVranhMVTduQUFLcVBHYTJTUHlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS85NjMxNzAtNThiZS00NmJiLWE1ZGUt
Nzc3MzczZTYwNTVlLzEvcWNhYkI2Qk5kWDBPVDhRR1N6UU1zUGZfcFEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS85NjMxNzAtNThiZS00NmJiLWE1ZGUtNzc3MzczZTYwNTVl
LzEvY0pTa0pWbGVranhMVTduQUFLcVBHYTJTUHlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuUgPAwQB
wfKkMA0GCSqGSIb3DQEBCwUAA4IBAQALpjSccvkEBabfLm7OESxxEs47czuZluPU
mtn3MJiP5e3FYT7xuZCqhz1gn6CZwo0mW9h777SJuP+XWCcYkOa+ICdpUlKAmK9D
ICagWCD5cE6JpMRvhRAo9AsZU7DPcU3ktVq5RpW4S2fS0iMnuG474vuqQRBb6Cu6
W8igfmEFDQfftweXc3/nRPznnZeZOtgJIQOxQhir45t2FCMtvlomEydHWrKEcLn/
zTFKPrNf1uNZeZ+jNZzcnurwkNXTAWMd3zoj3kiek8boOPiZivE+FAZQGT5bIZNr
Srdi0Il0DQmoRrdpzYHyRw98PMdPUcEhN0dgxxbzp/6c3x9SZxbn
-----END CERTIFICATE-----