Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/5dc87a-f329-4c44-8235-77e3beab61eb/1/QPFoFcVv5FKGyN61kU0mfbr75_I.roa
File:                     QPFoFcVv5FKGyN61kU0mfbr75_I.roa (raw, json)
Hash identifier:          mNsQlbL3ldb59yddY/pQnfTGyIOzu/cYT9FCDgFkV28=
Subject key identifier:   40:F1:68:15:C5:6F:E4:52:86:C8:DE:B5:91:4D:26:7D:BA:FB:E7:F2
Certificate issuer:       /CN=40fc07299711adfa222e27b128b76d1d97450582
Certificate serial:       018CC3488F80FBA147531B42C0385E82A24D
Authority key identifier: 40:FC:07:29:97:11:AD:FA:22:2E:27:B1:28:B7:6D:1D:97:45:05:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QPwHKZcRrfoiLiexKLdtHZdFBYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/5dc87a-f329-4c44-8235-77e3beab61eb/1/QPFoFcVv5FKGyN61kU0mfbr75_I.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204158
IP address blocks:        185.112.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/5dc87a-f329-4c44-8235-77e3beab61eb/1/QPwHKZcRrfoiLiexKLdtHZdFBYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/5dc87a-f329-4c44-8235-77e3beab61eb/1/QPwHKZcRrfoiLiexKLdtHZdFBYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QPwHKZcRrfoiLiexKLdtHZdFBYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:8f:80:fb:a1:47:53:1b:42:c0:38:5e:82:a2:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40fc07299711adfa222e27b128b76d1d97450582
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40f16815c56fe45286c8deb5914d267dbafbe7f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2a:cd:0e:78:2d:67:a4:a4:ef:51:95:46:0d:
                    9a:67:85:2c:9c:70:59:fd:57:8a:68:5e:0b:40:b0:
                    da:36:70:2b:b2:d6:6a:0f:7a:da:86:3f:36:33:77:
                    3a:d3:57:9c:af:ed:1b:62:23:bc:d1:1f:fc:43:f3:
                    23:49:9f:25:d3:cb:54:46:b4:00:c8:03:0d:4e:35:
                    84:c5:63:d1:8f:91:c2:83:e7:46:50:82:00:dd:91:
                    a9:ee:31:85:a3:48:9d:7d:be:3d:fe:0b:fa:89:c2:
                    26:03:f0:4d:93:25:63:ec:4d:98:d8:c1:cd:51:1c:
                    7d:61:b0:4f:22:78:df:4a:4c:f8:30:83:f2:b9:80:
                    e2:50:e1:f7:36:2b:d9:38:5a:ba:75:37:ee:5e:2c:
                    fe:c8:4d:a8:ad:c3:df:de:45:60:7b:ed:c3:11:70:
                    8e:7c:75:e1:39:cc:df:bd:a9:23:04:a1:1a:63:8a:
                    93:4f:08:42:fc:ff:d1:9d:bd:97:47:47:5c:82:65:
                    04:28:f5:85:c3:70:ff:eb:d3:ee:02:c7:62:22:cb:
                    b4:e2:90:2a:5d:55:a3:67:19:28:fd:3e:84:13:09:
                    75:cd:f1:31:a7:9b:5c:4a:37:21:6d:46:05:82:76:
                    85:d6:87:c8:c5:fd:77:54:4b:ee:61:46:5f:f7:0b:
                    66:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:F1:68:15:C5:6F:E4:52:86:C8:DE:B5:91:4D:26:7D:BA:FB:E7:F2
            X509v3 Authority Key Identifier:
                keyid:40:FC:07:29:97:11:AD:FA:22:2E:27:B1:28:B7:6D:1D:97:45:05:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QPwHKZcRrfoiLiexKLdtHZdFBYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/5dc87a-f329-4c44-8235-77e3beab61eb/1/QPFoFcVv5FKGyN61kU0mfbr75_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/5dc87a-f329-4c44-8235-77e3beab61eb/1/QPwHKZcRrfoiLiexKLdtHZdFBYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:95:a9:27:b2:ba:20:32:af:2f:2e:bb:89:68:8b:f5:ee:9a:
         46:0a:df:75:77:40:14:d3:77:91:93:67:f0:f6:84:bc:62:5e:
         ee:78:43:1f:c2:75:64:75:e5:76:48:5a:95:82:4a:45:c2:a5:
         e9:56:e1:6d:f4:de:58:0f:d7:b5:1f:66:a3:5c:7b:4e:6b:07:
         f0:b5:78:57:05:e7:b9:7f:89:fa:a6:05:22:d5:77:73:42:b5:
         17:58:bf:18:61:f9:6c:36:b7:a3:cc:ae:09:d9:a5:49:f0:c9:
         f0:e4:a7:cc:bb:e4:af:09:7f:3d:53:1d:97:12:1d:d5:4a:d9:
         de:03:66:29:bc:81:c7:a1:26:dc:ae:6c:5e:df:da:6c:77:07:
         8d:37:9b:6b:c6:42:c6:7e:c3:a5:14:3f:7f:03:af:50:80:b7:
         ac:b8:27:80:e4:42:ec:b8:68:50:89:58:87:70:41:eb:b9:e0:
         d8:61:ef:f2:30:1f:73:37:fc:23:2b:2b:0b:3c:1c:b0:54:d3:
         73:d5:e2:54:e9:23:27:10:8f:b4:be:45:80:11:cc:86:fa:80:
         72:00:2d:51:65:11:cb:31:cb:45:81:7e:7a:c1:f9:4e:0d:b4:
         8e:61:84:a4:44:0a:5d:e3:b6:26:81:47:95:41:50:7c:1b:a6:
         e0:1c:9e:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSI+A+6FHUxtCwDhegqJNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZmMwNzI5OTcxMWFkZmEyMjJlMjdiMTI4Yjc2ZDFkOTc0
NTA1ODIwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGYxNjgxNWM1NmZlNDUyODZjOGRlYjU5MTRkMjY3ZGJhZmJlN2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqirNDngtZ6Sk71GVRg2aZ4UsnHBZ
/VeKaF4LQLDaNnArstZqD3rahj82M3c601ecr+0bYiO80R/8Q/MjSZ8l08tURrQA
yAMNTjWExWPRj5HCg+dGUIIA3ZGp7jGFo0idfb49/gv6icImA/BNkyVj7E2Y2MHN
URx9YbBPInjfSkz4MIPyuYDiUOH3NivZOFq6dTfuXiz+yE2orcPf3kVge+3DEXCO
fHXhOczfvakjBKEaY4qTTwhC/P/Rnb2XR0dcgmUEKPWFw3D/69PuAsdiIsu04pAq
XVWjZxko/T6EEwl1zfExp5tcSjchbUYFgnaF1ofIxf13VEvuYUZf9wtmswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDxaBXFb+RShsjetZFNJn26++fyMB8GA1UdIwQY
MBaAFED8BymXEa36Ii4nsSi3bR2XRQWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVB3SEtaY1JyZm9pTGlleEtMZHRIWmRGQllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi81ZGM4N2EtZjMyOS00YzQ0LTgyMzUt
NzdlM2JlYWI2MWViLzEvUVBGb0ZjVnY1RktHeU42MWtVMG1mYnI3NV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi81ZGM4N2EtZjMyOS00YzQ0LTgyMzUtNzdlM2JlYWI2MWVi
LzEvUVB3SEtaY1JyZm9pTGlleEtMZHRIWmRGQllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXAEMA0G
CSqGSIb3DQEBCwUAA4IBAQCJlaknsrogMq8vLruJaIv17ppGCt91d0AU03eRk2fw
9oS8Yl7ueEMfwnVkdeV2SFqVgkpFwqXpVuFt9N5YD9e1H2ajXHtOawfwtXhXBee5
f4n6pgUi1XdzQrUXWL8YYflsNrejzK4J2aVJ8Mnw5KfMu+SvCX89Ux2XEh3VStne
A2YpvIHHoSbcrmxe39psdweNN5trxkLGfsOlFD9/A69QgLesuCeA5ELsuGhQiViH
cEHrueDYYe/yMB9zN/wjKysLPBywVNNz1eJU6SMnEI+0vkWAEcyG+oByAC1RZRHL
MctFgX56wflODbSOYYSkRApd47YmgUeVQVB8G6bgHJ5A
-----END CERTIFICATE-----