Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/851d45-1422-4b31-bd8f-7993b9e03b0f/1/tqR85yvb0m5D72Xt4vbLiVW4Vi4.roa
File:                     tqR85yvb0m5D72Xt4vbLiVW4Vi4.roa (raw, json)
Hash identifier:          IMZcUnMtjuzdcFHFTANC94RWzMHTMx78WzTPgGlofbQ=
Subject key identifier:   B6:A4:7C:E7:2B:DB:D2:6E:43:EF:65:ED:E2:F6:CB:89:55:B8:56:2E
Certificate issuer:       /CN=0a279b4038e002e7bd64e5076d1a39ebe96f23c4
Certificate serial:       018CC425168BA0CEC30CB8517DD5A25940CA
Authority key identifier: 0A:27:9B:40:38:E0:02:E7:BD:64:E5:07:6D:1A:39:EB:E9:6F:23:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CiebQDjgAue9ZOUHbRo56-lvI8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/851d45-1422-4b31-bd8f-7993b9e03b0f/1/tqR85yvb0m5D72Xt4vbLiVW4Vi4.roa
Signing time:             Mon 01 Jan 2024 08:30:14 +0000
ROA not before:           Mon 01 Jan 2024 08:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57630
IP address blocks:        185.88.112.0/22 maxlen: 22
                          2a03:7f20::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/851d45-1422-4b31-bd8f-7993b9e03b0f/1/CiebQDjgAue9ZOUHbRo56-lvI8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/851d45-1422-4b31-bd8f-7993b9e03b0f/1/CiebQDjgAue9ZOUHbRo56-lvI8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CiebQDjgAue9ZOUHbRo56-lvI8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:16:8b:a0:ce:c3:0c:b8:51:7d:d5:a2:59:40:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a279b4038e002e7bd64e5076d1a39ebe96f23c4
        Validity
            Not Before: Jan  1 08:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6a47ce72bdbd26e43ef65ede2f6cb8955b8562e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:89:b1:cb:67:e8:c7:4f:e7:02:96:d3:93:2d:
                    20:95:45:cc:c6:8f:fc:df:5f:b4:2e:c1:e7:ef:c4:
                    f8:0b:f9:fc:11:2d:f8:d7:d3:6b:78:5b:bd:fd:1b:
                    ff:bb:d6:a1:89:6a:05:4a:74:8b:08:72:27:5e:2b:
                    f9:af:41:6e:c7:2b:90:ad:59:01:2e:d0:5d:fc:d7:
                    49:9e:1c:c2:17:af:f8:6b:61:e9:d2:94:6e:81:72:
                    4b:99:39:68:19:f2:cd:0a:2c:7d:47:78:70:97:92:
                    65:e0:31:51:0b:d6:b6:5e:3c:a1:aa:db:23:3c:a3:
                    34:f8:ab:c0:e6:5e:35:bb:e8:09:68:fd:4f:9e:9a:
                    7e:45:53:2b:d3:49:f6:1d:5a:28:59:7b:6b:dc:68:
                    0d:bc:0e:d0:3f:3d:34:c2:69:f9:6f:df:9e:f0:36:
                    e9:2c:ad:3e:de:ae:bf:63:2b:f5:8e:35:06:a2:df:
                    e7:09:67:b1:ed:28:2d:13:a9:0c:da:cb:34:f9:d3:
                    2e:23:52:09:c3:4c:7b:d4:0e:e1:6b:39:a9:34:6f:
                    92:86:ce:91:1e:b3:85:d4:33:ca:47:f9:20:58:54:
                    0f:d6:13:d4:35:fc:68:15:b7:9e:a6:72:ca:90:0f:
                    62:a2:2d:e8:d3:f1:13:01:7f:a9:ce:97:65:c7:d0:
                    92:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:A4:7C:E7:2B:DB:D2:6E:43:EF:65:ED:E2:F6:CB:89:55:B8:56:2E
            X509v3 Authority Key Identifier:
                keyid:0A:27:9B:40:38:E0:02:E7:BD:64:E5:07:6D:1A:39:EB:E9:6F:23:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CiebQDjgAue9ZOUHbRo56-lvI8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/851d45-1422-4b31-bd8f-7993b9e03b0f/1/tqR85yvb0m5D72Xt4vbLiVW4Vi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/851d45-1422-4b31-bd8f-7993b9e03b0f/1/CiebQDjgAue9ZOUHbRo56-lvI8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.112.0/22
                IPv6:
                  2a03:7f20::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:79:29:07:fd:30:05:8e:c4:cf:f4:a6:54:4f:1b:78:a7:24:
         f0:a2:8f:2c:6e:ef:9d:f3:ee:03:c5:b2:19:c1:78:d3:c8:84:
         9f:88:c7:1d:f4:bf:84:a3:c8:5b:d2:d4:ba:35:f9:89:b7:89:
         5e:b5:31:a5:87:b7:2f:58:8c:66:ad:d9:65:54:d9:4f:f9:1a:
         ee:2e:6b:62:aa:37:ba:77:47:2d:b7:8c:f0:62:e0:ba:f7:5f:
         d8:6a:9e:c3:23:43:78:71:2f:e8:7c:cb:db:be:d2:48:a9:73:
         da:07:4b:7f:ed:23:ad:75:ca:cc:26:23:3f:5b:ad:1f:c1:eb:
         a2:f2:ad:45:e2:7d:9f:d6:33:06:2b:1b:9b:8d:d0:4d:27:3a:
         cb:84:5a:ac:b2:08:69:d0:6a:c4:fb:73:41:e5:37:cd:57:f6:
         21:65:bd:d3:91:1c:8c:85:55:b9:f8:1a:5b:c0:d5:2b:da:36:
         b0:2d:8d:03:8d:29:d7:60:21:47:a9:e0:bd:de:84:2c:28:67:
         7a:09:cf:6c:8b:78:e0:41:b8:cb:d6:99:9a:fd:19:fb:3b:2f:
         69:b9:0a:0a:76:4a:f4:77:21:dd:97:e0:4c:4f:9f:ea:0c:3e:
         27:05:ca:9f:3e:03:73:cf:fc:8c:7a:db:de:a1:e7:79:36:34:
         b1:1e:2b:a2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJRaLoM7DDLhRfdWiWUDKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMjc5YjQwMzhlMDAyZTdiZDY0ZTUwNzZkMWEzOWViZTk2
ZjIzYzQwHhcNMjQwMTAxMDgzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmE0N2NlNzJiZGJkMjZlNDNlZjY1ZWRlMmY2Y2I4OTU1Yjg1NjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAromxy2fox0/nApbTky0glUXMxo/8
31+0LsHn78T4C/n8ES3419NreFu9/Rv/u9ahiWoFSnSLCHInXiv5r0FuxyuQrVkB
LtBd/NdJnhzCF6/4a2Hp0pRugXJLmTloGfLNCix9R3hwl5Jl4DFRC9a2Xjyhqtsj
PKM0+KvA5l41u+gJaP1Pnpp+RVMr00n2HVooWXtr3GgNvA7QPz00wmn5b9+e8Dbp
LK0+3q6/Yyv1jjUGot/nCWex7SgtE6kM2ss0+dMuI1IJw0x71A7hazmpNG+Shs6R
HrOF1DPKR/kgWFQP1hPUNfxoFbeepnLKkA9ioi3o0/ETAX+pzpdlx9CSBwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLakfOcr29JuQ+9l7eL2y4lVuFYuMB8GA1UdIwQY
MBaAFAonm0A44ALnvWTlB20aOevpbyPEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2llYlFEamdBdWU5Wk9VSGJSbzU2LWx2SThRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC84NTFkNDUtMTQyMi00YjMxLWJkOGYt
Nzk5M2I5ZTAzYjBmLzEvdHFSODV5dmIwbTVENzJYdDR2YkxpVlc0Vmk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC84NTFkNDUtMTQyMi00YjMxLWJkOGYtNzk5M2I5ZTAzYjBm
LzEvQ2llYlFEamdBdWU5Wk9VSGJSbzU2LWx2SThRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVhwMA0E
AgACMAcDBQMqA38gMA0GCSqGSIb3DQEBCwUAA4IBAQB3eSkH/TAFjsTP9KZUTxt4
pyTwoo8sbu+d8+4DxbIZwXjTyISfiMcd9L+Eo8hb0tS6NfmJt4letTGlh7cvWIxm
rdllVNlP+RruLmtiqje6d0ctt4zwYuC691/Yap7DI0N4cS/ofMvbvtJIqXPaB0t/
7SOtdcrMJiM/W60fweui8q1F4n2f1jMGKxubjdBNJzrLhFqssghp0GrE+3NB5TfN
V/YhZb3TkRyMhVW5+BpbwNUr2jawLY0DjSnXYCFHqeC93oQsKGd6Cc9si3jgQbjL
1pma/Rn7Oy9puQoKdkr0dyHdl+BMT5/qDD4nBcqfPgNzz/yMetveoed5NjSxHiui
-----END CERTIFICATE-----