Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/KqUx24iMNgIY7LOOlAmTHib7qHM.roa
File:                     KqUx24iMNgIY7LOOlAmTHib7qHM.roa (raw, json)
Hash identifier:          NoKU8BydiyqAHRz8W56r3GZIuTybAt6/eVSPRunTiH4=
Subject key identifier:   2A:A5:31:DB:88:8C:36:02:18:EC:B3:8E:94:09:93:1E:26:FB:A8:73
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64ADACD92159EA26DACD923BC13308A
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/KqUx24iMNgIY7LOOlAmTHib7qHM.roa
Signing time:             Mon 01 Jan 2024 18:30:43 +0000
ROA not before:           Mon 01 Jan 2024 18:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197726
IP address blocks:        212.86.111.0/24 maxlen: 24
                          212.86.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:da:cd:92:15:9e:a2:6d:ac:d9:23:bc:13:30:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2aa531db888c360218ecb38e9409931e26fba873
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:03:bc:55:0a:b6:80:bf:eb:5c:d8:46:2f:d0:
                    62:8b:63:20:ab:b0:74:fc:07:65:70:20:4e:19:de:
                    53:7b:4f:a5:c5:a2:2b:53:be:2a:c1:ea:d3:04:12:
                    09:d0:23:4a:01:58:08:88:eb:79:2c:6a:f1:00:59:
                    23:00:56:20:30:f5:ac:5a:16:d3:b9:2f:76:10:81:
                    42:19:70:9b:87:4e:dd:e8:e4:7a:98:41:dd:01:1c:
                    a2:a2:c1:2f:4d:7b:7b:88:98:d7:af:b1:b5:a7:70:
                    af:96:46:14:d1:f1:a0:32:6d:6c:d3:65:17:2b:bd:
                    66:d7:3e:d2:ab:92:b9:1b:0e:4a:3a:ac:ca:0a:6a:
                    3f:b6:28:9b:27:b1:19:99:d1:4a:9c:e7:1c:6f:15:
                    79:9b:ff:46:67:aa:61:86:cc:56:b7:ac:40:d3:6a:
                    0f:bd:1c:f8:0e:e6:76:fa:50:37:43:4d:0b:d2:d8:
                    ef:e7:94:39:85:ed:93:48:2c:c3:4d:20:9e:89:5f:
                    67:05:ff:9a:79:1a:72:4e:a1:74:94:fd:f9:22:aa:
                    13:ec:7f:bd:d7:04:d9:e0:90:6e:89:59:4f:24:6d:
                    0a:79:3d:03:bb:6b:0d:1e:2d:c5:ad:7f:de:42:bb:
                    eb:86:67:73:11:84:5f:a9:4b:a8:ef:ce:0c:31:04:
                    1b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:A5:31:DB:88:8C:36:02:18:EC:B3:8E:94:09:93:1E:26:FB:A8:73
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/KqUx24iMNgIY7LOOlAmTHib7qHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.86.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:49:a2:8b:2e:71:e9:75:91:cd:c9:1c:30:b4:10:69:90:d6:
         f2:22:9a:01:6c:b0:e5:f9:54:34:b1:04:c8:df:2b:3d:cf:96:
         2f:c3:1f:bf:d0:a5:7a:20:db:56:0a:63:ac:04:82:d3:11:8c:
         21:9c:e0:06:f1:ca:8b:4f:e0:3d:b2:44:48:b9:81:0f:44:5d:
         a0:0d:2c:85:87:01:55:9b:4e:a3:fc:da:4b:8f:1c:a7:db:a0:
         71:c3:3e:d4:6c:a4:3d:e9:b1:4e:15:43:c2:2f:aa:90:be:4a:
         b3:01:82:63:9e:bd:71:06:ca:dd:b8:da:44:0a:ef:c0:0b:ac:
         e8:e2:8a:1f:1a:21:02:e5:f3:86:0a:81:e7:07:87:c8:f6:02:
         2f:d5:fa:a0:64:a1:fe:6b:e6:85:e2:17:d7:01:1b:ae:31:99:
         e9:b2:ce:67:43:22:ef:70:42:2f:75:34:d3:0b:2b:33:da:da:
         d5:98:9b:cd:5c:a6:53:d9:1f:9d:72:2d:58:ec:c5:26:0a:f5:
         9e:55:8f:4f:2b:0d:d5:04:d2:1f:1a:72:09:d6:0f:ca:dd:d7:
         12:53:17:ab:78:88:39:cc:32:4e:64:fb:30:2f:b9:ba:71:5b:
         7c:c5:7b:ec:96:62:9d:c2:2a:27:4b:88:53:fd:03:d0:84:01:
         69:1f:cd:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStrNkhWeom2s2SO8EzCKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWE1MzFkYjg4OGMzNjAyMThlY2IzOGU5NDA5OTMxZTI2ZmJhODczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhAO8VQq2gL/rXNhGL9Bii2Mgq7B0
/AdlcCBOGd5Te0+lxaIrU74qwerTBBIJ0CNKAVgIiOt5LGrxAFkjAFYgMPWsWhbT
uS92EIFCGXCbh07d6OR6mEHdARyiosEvTXt7iJjXr7G1p3CvlkYU0fGgMm1s02UX
K71m1z7Sq5K5Gw5KOqzKCmo/tiibJ7EZmdFKnOccbxV5m/9GZ6phhsxWt6xA02oP
vRz4DuZ2+lA3Q00L0tjv55Q5he2TSCzDTSCeiV9nBf+aeRpyTqF0lP35IqoT7H+9
1wTZ4JBuiVlPJG0KeT0Du2sNHi3FrX/eQrvrhmdzEYRfqUuo784MMQQbgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqlMduIjDYCGOyzjpQJkx4m+6hzMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvS3FVeDI0aU1OZ0lZN0xPT2xBbVRIaWI3cUhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1FZuMA0G
CSqGSIb3DQEBCwUAA4IBAQAJSaKLLnHpdZHNyRwwtBBpkNbyIpoBbLDl+VQ0sQTI
3ys9z5Yvwx+/0KV6INtWCmOsBILTEYwhnOAG8cqLT+A9skRIuYEPRF2gDSyFhwFV
m06j/NpLjxyn26Bxwz7UbKQ96bFOFUPCL6qQvkqzAYJjnr1xBsrduNpECu/AC6zo
4oofGiEC5fOGCoHnB4fI9gIv1fqgZKH+a+aF4hfXARuuMZnpss5nQyLvcEIvdTTT
Cysz2trVmJvNXKZT2R+dci1Y7MUmCvWeVY9PKw3VBNIfGnIJ1g/K3dcSUxereIg5
zDJOZPswL7m6cVt8xXvslmKdwionS4hT/QPQhAFpH80J
-----END CERTIFICATE-----