Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/qhqN-5dqvu0btC5FL_M1YIzZjp0.roa
File:                     qhqN-5dqvu0btC5FL_M1YIzZjp0.roa (raw, json)
Hash identifier:          4EBmQctF9zVLx6orsD/iiP2LlVM7Ok6GQ+lWHR/tNFY=
Subject key identifier:   AA:1A:8D:FB:97:6A:BE:ED:1B:B4:2E:45:2F:F3:35:60:8C:D9:8E:9D
Certificate issuer:       /CN=810cd50db437c789464cb64dfabfe405ca981b1a
Certificate serial:       018CC49229CCD605D7BA24FEFEA000F3CDEB
Authority key identifier: 81:0C:D5:0D:B4:37:C7:89:46:4C:B6:4D:FA:BF:E4:05:CA:98:1B:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/qhqN-5dqvu0btC5FL_M1YIzZjp0.roa
Signing time:             Mon 01 Jan 2024 10:29:22 +0000
ROA not before:           Mon 01 Jan 2024 10:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196798
IP address blocks:        185.110.208.0/22 maxlen: 22
                          188.94.224.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:29:cc:d6:05:d7:ba:24:fe:fe:a0:00:f3:cd:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=810cd50db437c789464cb64dfabfe405ca981b1a
        Validity
            Not Before: Jan  1 10:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa1a8dfb976abeed1bb42e452ff335608cd98e9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:0b:67:79:9a:44:23:37:79:c6:95:4b:86:b6:
                    f1:c7:60:3e:47:5b:7f:93:e7:b4:ae:8a:7a:a2:f6:
                    3f:ef:81:74:d6:9c:32:13:0a:63:fe:e3:43:95:96:
                    54:f0:9a:88:e3:b1:e9:be:2a:7f:99:41:f2:3b:14:
                    9b:71:de:dd:62:60:60:0a:97:74:b2:3a:c3:6b:4e:
                    85:e7:9a:9b:e8:df:07:f8:89:6f:ee:7c:92:f6:14:
                    fb:4f:7d:aa:4b:45:9a:e1:ef:7b:12:ff:04:fb:84:
                    79:9a:01:72:6b:96:f8:12:c3:4c:83:59:8b:b5:2d:
                    7b:a6:07:bd:26:fb:75:0b:f8:4f:a1:ec:8d:88:6d:
                    99:70:a7:6b:ea:fc:09:65:d8:8a:f5:91:60:b0:9d:
                    d2:ae:85:dd:d9:d2:cb:6f:a1:bd:a8:93:ef:cc:48:
                    13:34:25:54:6a:7b:85:52:4a:0f:aa:52:14:b0:bf:
                    01:c7:11:51:dd:3e:b6:74:45:7a:3a:30:62:f7:b5:
                    f3:2b:1d:4a:d2:1d:f2:21:f7:c1:53:f7:84:48:bf:
                    aa:6c:03:d2:82:68:39:06:fd:1e:1f:c0:5e:24:82:
                    16:a8:c2:ec:e1:e0:a5:57:b4:de:00:6e:7e:4d:29:
                    46:84:ac:61:47:fd:85:83:1d:8a:12:ee:82:59:67:
                    f8:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:1A:8D:FB:97:6A:BE:ED:1B:B4:2E:45:2F:F3:35:60:8C:D9:8E:9D
            X509v3 Authority Key Identifier:
                keyid:81:0C:D5:0D:B4:37:C7:89:46:4C:B6:4D:FA:BF:E4:05:CA:98:1B:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/qhqN-5dqvu0btC5FL_M1YIzZjp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ecaa96-9af6-4b99-957f-6b7599fcdc33/1/gQzVDbQ3x4lGTLZN-r_kBcqYGxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.208.0/22
                  188.94.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b4:d2:55:f4:8f:da:85:d5:e3:19:f2:ba:90:09:45:c2:ce:92:
         be:83:cb:17:82:43:ce:d4:25:b4:1c:ca:cb:88:4e:af:a7:0b:
         ff:b7:f0:69:7c:7e:81:4a:f2:51:b6:f2:5f:73:a0:52:b8:5c:
         2a:20:9b:99:c9:be:54:71:03:1c:67:cd:11:e6:40:30:98:2b:
         fd:7f:c5:71:16:e4:f0:05:55:fe:e8:87:a9:bd:10:75:69:64:
         8d:3e:00:bc:26:61:b1:6e:3e:ee:92:c2:85:82:d0:74:a5:eb:
         06:6c:f1:2b:94:ad:4d:aa:07:c7:d4:f3:82:8b:08:84:74:21:
         a9:ac:f1:ef:92:13:60:71:5e:ca:ad:61:2c:6f:61:8f:0f:d2:
         f3:80:2b:16:c6:af:0e:ce:c8:d0:8d:89:69:be:95:aa:d1:ac:
         f3:dc:85:45:0c:95:39:5f:52:7d:0c:10:dd:a9:50:5d:2b:d8:
         69:f6:e5:8c:c9:2b:62:71:23:51:5b:ef:de:7a:c6:71:f7:9a:
         74:e0:df:8e:3d:70:61:a4:1d:fd:1b:35:d1:da:de:47:0d:35:
         2e:5a:51:44:49:dc:84:bf:64:3c:b0:22:93:2f:fb:c2:21:dd:
         ca:76:9c:51:c0:f1:ea:e5:70:80:a3:99:32:62:7e:01:f3:71:
         f2:a3:c4:5a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkinM1gXXuiT+/qAA883rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMGNkNTBkYjQzN2M3ODk0NjRjYjY0ZGZhYmZlNDA1Y2E5
ODFiMWEwHhcNMjQwMTAxMTAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTFhOGRmYjk3NmFiZWVkMWJiNDJlNDUyZmYzMzU2MDhjZDk4ZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5AtneZpEIzd5xpVLhrbxx2A+R1t/
k+e0rop6ovY/74F01pwyEwpj/uNDlZZU8JqI47Hpvip/mUHyOxSbcd7dYmBgCpd0
sjrDa06F55qb6N8H+Ilv7nyS9hT7T32qS0Wa4e97Ev8E+4R5mgFya5b4EsNMg1mL
tS17pge9Jvt1C/hPoeyNiG2ZcKdr6vwJZdiK9ZFgsJ3SroXd2dLLb6G9qJPvzEgT
NCVUanuFUkoPqlIUsL8BxxFR3T62dEV6OjBi97XzKx1K0h3yIffBU/eESL+qbAPS
gmg5Bv0eH8BeJIIWqMLs4eClV7TeAG5+TSlGhKxhR/2Fgx2KEu6CWWf4vwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKoajfuXar7tG7QuRS/zNWCM2Y6dMB8GA1UdIwQY
MBaAFIEM1Q20N8eJRky2Tfq/5AXKmBsaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1F6VkRiUTN4NGxHVExaTi1yX2tCY3FZR3hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9lY2FhOTYtOWFmNi00Yjk5LTk1N2Yt
NmI3NTk5ZmNkYzMzLzEvcWhxTi01ZHF2dTBidEM1RkxfTTFZSXpaanAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9lY2FhOTYtOWFmNi00Yjk5LTk1N2YtNmI3NTk5ZmNkYzMz
LzEvZ1F6VkRiUTN4NGxHVExaTi1yX2tCY3FZR3hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuW7QAwQD
vF7gMA0GCSqGSIb3DQEBCwUAA4IBAQC00lX0j9qF1eMZ8rqQCUXCzpK+g8sXgkPO
1CW0HMrLiE6vpwv/t/BpfH6BSvJRtvJfc6BSuFwqIJuZyb5UcQMcZ80R5kAwmCv9
f8VxFuTwBVX+6IepvRB1aWSNPgC8JmGxbj7uksKFgtB0pesGbPErlK1NqgfH1POC
iwiEdCGprPHvkhNgcV7KrWEsb2GPD9LzgCsWxq8OzsjQjYlpvpWq0azz3IVFDJU5
X1J9DBDdqVBdK9hp9uWMySticSNRW+/eesZx95p04N+OPXBhpB39GzXR2t5HDTUu
WlFESdyEv2Q8sCKTL/vCId3KdpxRwPHq5XCAo5kyYn4B83Hyo8Ra
-----END CERTIFICATE-----