Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/53c051-5572-4f83-a7d6-e6fe691d9489/1/qoa--Rs_BuwntPusWXt_tZsKwqM.roa
File:                     qoa--Rs_BuwntPusWXt_tZsKwqM.roa (raw, json)
Hash identifier:          MZ4aCTFaERi1rqMqC+My9rVsAz5VJ/NkPhjSkwy/yvU=
Subject key identifier:   AA:86:BE:F9:1B:3F:06:EC:27:B4:FB:AC:59:7B:7F:B5:9B:0A:C2:A3
Certificate issuer:       /CN=109192c073862e6220c5f9106d7c55e3fc6c5d4b
Certificate serial:       018CC42478D66C2CAF17245CB6A11BB10A93
Authority key identifier: 10:91:92:C0:73:86:2E:62:20:C5:F9:10:6D:7C:55:E3:FC:6C:5D:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EJGSwHOGLmIgxfkQbXxV4_xsXUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/53c051-5572-4f83-a7d6-e6fe691d9489/1/qoa--Rs_BuwntPusWXt_tZsKwqM.roa
Signing time:             Mon 01 Jan 2024 08:29:33 +0000
ROA not before:           Mon 01 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24971
IP address blocks:        185.239.216.0/22 maxlen: 22
                          2a0c:6380::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/53c051-5572-4f83-a7d6-e6fe691d9489/1/EJGSwHOGLmIgxfkQbXxV4_xsXUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/53c051-5572-4f83-a7d6-e6fe691d9489/1/EJGSwHOGLmIgxfkQbXxV4_xsXUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EJGSwHOGLmIgxfkQbXxV4_xsXUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 22:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:78:d6:6c:2c:af:17:24:5c:b6:a1:1b:b1:0a:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=109192c073862e6220c5f9106d7c55e3fc6c5d4b
        Validity
            Not Before: Jan  1 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa86bef91b3f06ec27b4fbac597b7fb59b0ac2a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:20:bc:4e:b2:a1:e9:33:50:e7:12:c3:b1:4b:
                    42:c4:57:9d:56:20:64:a4:07:d4:de:49:ea:3f:ba:
                    a9:b1:19:33:38:6d:a4:6c:10:1b:22:d7:aa:c2:73:
                    97:c8:bf:c3:98:2a:2f:59:d7:ad:8a:d8:80:7e:ab:
                    c4:3a:31:07:75:68:8e:52:c7:fa:32:3e:e2:0f:f5:
                    10:28:f4:3b:e7:a4:6e:08:e9:61:0b:b9:ed:5e:3b:
                    8f:14:f1:fb:6d:2a:fa:cb:1b:91:94:dd:f7:89:9c:
                    40:ff:cc:86:b5:4a:49:84:f7:88:2e:f5:57:75:c7:
                    e0:39:90:81:b0:dd:f4:f4:26:5c:b1:56:28:39:ca:
                    95:e3:66:89:ad:15:e8:da:d0:32:1a:c2:e7:7b:07:
                    8e:76:d0:ae:c9:02:85:a4:f5:97:db:63:de:60:0e:
                    c2:27:e5:4e:e6:6f:bd:bc:ca:82:42:52:c7:7a:d1:
                    5c:36:e6:dd:c1:f3:a6:1b:73:71:1b:bb:ce:e0:0c:
                    45:62:b7:a1:a4:d2:68:96:63:28:af:ad:fb:e7:3a:
                    3d:ed:d6:6a:e8:9b:e7:a1:7d:c2:08:76:58:12:c1:
                    01:74:5f:7e:1a:ce:06:8f:a8:ef:b5:c6:72:d4:6d:
                    ad:99:ec:90:95:71:fa:6e:5b:db:22:92:40:6d:e2:
                    be:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:86:BE:F9:1B:3F:06:EC:27:B4:FB:AC:59:7B:7F:B5:9B:0A:C2:A3
            X509v3 Authority Key Identifier:
                keyid:10:91:92:C0:73:86:2E:62:20:C5:F9:10:6D:7C:55:E3:FC:6C:5D:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EJGSwHOGLmIgxfkQbXxV4_xsXUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/53c051-5572-4f83-a7d6-e6fe691d9489/1/qoa--Rs_BuwntPusWXt_tZsKwqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/53c051-5572-4f83-a7d6-e6fe691d9489/1/EJGSwHOGLmIgxfkQbXxV4_xsXUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.216.0/22
                IPv6:
                  2a0c:6380::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:e2:b9:c6:0f:c1:0a:37:84:aa:f3:47:1e:c4:30:94:0b:b2:
         51:b4:30:4a:f7:02:55:08:c6:ba:aa:e8:02:24:a5:7f:d7:5d:
         dc:95:fc:fd:cf:92:f2:2f:0b:c2:bf:2a:9a:55:d7:91:dc:4a:
         0c:c2:50:2c:de:52:5a:8f:b0:40:e4:76:44:ac:9a:f8:d1:70:
         7f:1a:7d:7b:96:e6:7e:c4:0f:42:eb:fc:26:77:f6:da:0d:4f:
         2f:ce:7b:91:b0:9e:c2:65:b7:1a:cd:3a:5a:0b:ec:58:c1:23:
         af:3e:21:0f:86:c1:5c:b3:9b:07:47:89:f1:91:30:d2:2a:af:
         1d:1e:c2:37:5d:92:64:d6:68:f4:8b:d4:92:7c:fd:72:55:de:
         3f:11:d0:08:9e:86:ef:b4:2e:66:84:fb:5f:02:8a:34:e0:35:
         49:6a:0f:a0:8b:cf:fd:59:0e:bd:6b:9d:87:3b:e0:54:d4:bf:
         c2:ee:db:e7:3b:e9:e1:c1:59:c5:5b:1b:24:3e:9e:c1:39:01:
         72:51:38:ce:6c:c0:ba:8a:59:3c:04:eb:4a:f1:38:83:09:34:
         03:7a:17:a7:5d:f7:c9:1f:72:15:f6:70:38:e9:a5:3b:40:e6:
         ab:8b:f2:6b:87:12:9d:d3:47:ec:22:46:1c:1e:bc:24:e5:8a:
         c2:94:3a:35
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJHjWbCyvFyRctqEbsQqTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwOTE5MmMwNzM4NjJlNjIyMGM1ZjkxMDZkN2M1NWUzZmM2
YzVkNGIwHhcNMjQwMTAxMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTg2YmVmOTFiM2YwNmVjMjdiNGZiYWM1OTdiN2ZiNTliMGFjMmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgiC8TrKh6TNQ5xLDsUtCxFedViBk
pAfU3knqP7qpsRkzOG2kbBAbIteqwnOXyL/DmCovWdetitiAfqvEOjEHdWiOUsf6
Mj7iD/UQKPQ756RuCOlhC7ntXjuPFPH7bSr6yxuRlN33iZxA/8yGtUpJhPeILvVX
dcfgOZCBsN309CZcsVYoOcqV42aJrRXo2tAyGsLneweOdtCuyQKFpPWX22PeYA7C
J+VO5m+9vMqCQlLHetFcNubdwfOmG3NxG7vO4AxFYrehpNJolmMor6375zo97dZq
6JvnoX3CCHZYEsEBdF9+Gs4Gj6jvtcZy1G2tmeyQlXH6blvbIpJAbeK+GwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKqGvvkbPwbsJ7T7rFl7f7WbCsKjMB8GA1UdIwQY
MBaAFBCRksBzhi5iIMX5EG18VeP8bF1LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUpHU3dIT0dMbUlneGZrUWJYeFY0X3hzWFVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi81M2MwNTEtNTU3Mi00ZjgzLWE3ZDYt
ZTZmZTY5MWQ5NDg5LzEvcW9hLS1Sc19CdXdudFB1c1dYdF90WnNLd3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi81M2MwNTEtNTU3Mi00ZjgzLWE3ZDYtZTZmZTY5MWQ5NDg5
LzEvRUpHU3dIT0dMbUlneGZrUWJYeFY0X3hzWFVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCue/YMA0E
AgACMAcDBQMqDGOAMA0GCSqGSIb3DQEBCwUAA4IBAQAq4rnGD8EKN4Sq80cexDCU
C7JRtDBK9wJVCMa6qugCJKV/113clfz9z5LyLwvCvyqaVdeR3EoMwlAs3lJaj7BA
5HZErJr40XB/Gn17luZ+xA9C6/wmd/baDU8vznuRsJ7CZbcazTpaC+xYwSOvPiEP
hsFcs5sHR4nxkTDSKq8dHsI3XZJk1mj0i9SSfP1yVd4/EdAInobvtC5mhPtfAoo0
4DVJag+gi8/9WQ69a52HO+BU1L/C7tvnO+nhwVnFWxskPp7BOQFyUTjObMC6ilk8
BOtK8TiDCTQDehenXffJH3IV9nA46aU7QOari/JrhxKd00fsIkYcHrwk5YrClDo1
-----END CERTIFICATE-----