Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/36a9af-0d6a-45e3-9ca5-40858b95fcf5/1/q2QhCHxdEbhnorzun6Pd-lsuiIM.roa
File:                     q2QhCHxdEbhnorzun6Pd-lsuiIM.roa (raw, json)
Hash identifier:          jH8JuUIrhI3KRx0Cx0S0WCyyFiv8qToKMgVEh4WihoY=
Subject key identifier:   AB:64:21:08:7C:5D:11:B8:67:A2:BC:EE:9F:A3:DD:FA:5B:2E:88:83
Certificate issuer:       /CN=345b4f7b4a16db9e924f0908cee3da26f22ad481
Certificate serial:       018CC4923F206814C22B294C3A342524BF0E
Authority key identifier: 34:5B:4F:7B:4A:16:DB:9E:92:4F:09:08:CE:E3:DA:26:F2:2A:D4:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NFtPe0oW256STwkIzuPaJvIq1IE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/36a9af-0d6a-45e3-9ca5-40858b95fcf5/1/q2QhCHxdEbhnorzun6Pd-lsuiIM.roa
Signing time:             Mon 01 Jan 2024 10:29:27 +0000
ROA not before:           Mon 01 Jan 2024 10:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8298
IP address blocks:        92.119.38.0/24 maxlen: 24
                          2a0b:dd80::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/36a9af-0d6a-45e3-9ca5-40858b95fcf5/1/NFtPe0oW256STwkIzuPaJvIq1IE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/36a9af-0d6a-45e3-9ca5-40858b95fcf5/1/NFtPe0oW256STwkIzuPaJvIq1IE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NFtPe0oW256STwkIzuPaJvIq1IE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:3f:20:68:14:c2:2b:29:4c:3a:34:25:24:bf:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=345b4f7b4a16db9e924f0908cee3da26f22ad481
        Validity
            Not Before: Jan  1 10:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab6421087c5d11b867a2bcee9fa3ddfa5b2e8883
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e5:0a:4a:91:0e:1d:4d:14:93:59:0a:a0:53:
                    de:15:d0:57:99:e0:3b:e2:c0:64:11:d0:6f:5b:d5:
                    87:6c:10:fc:0a:5b:80:ad:ab:87:4f:e0:b7:7f:b5:
                    51:05:31:29:65:95:0b:54:a4:3e:73:61:0a:df:e1:
                    ed:56:de:61:77:3d:34:eb:6f:e9:0b:55:ee:86:f6:
                    b4:1a:d9:bd:c0:e7:59:d3:0b:b5:3d:7e:13:d9:32:
                    5e:68:27:b8:5a:87:51:79:b8:d9:d5:5b:06:f5:fd:
                    75:58:66:70:27:ba:0f:82:ca:b4:cd:00:94:9e:cb:
                    95:14:05:fc:20:d7:40:af:b4:0c:21:6c:3f:10:85:
                    33:b4:92:49:cc:0e:10:e7:d3:1c:bb:78:a4:e6:df:
                    9a:90:db:c2:b4:35:85:ae:27:8b:89:56:72:e4:b3:
                    84:86:9b:27:54:0a:e1:d6:06:c6:57:78:d4:ce:81:
                    b3:99:1a:ef:10:85:27:84:62:6d:ac:58:b6:5f:28:
                    37:e9:ff:7b:e8:00:75:17:6a:ea:5e:e8:98:05:50:
                    58:53:23:ad:41:e1:c2:85:86:de:96:22:c2:c3:33:
                    f0:bc:22:e5:22:c6:a4:78:64:49:2e:bc:ac:37:84:
                    e1:55:46:ca:c3:fa:93:e6:9e:2b:71:01:c1:3f:df:
                    ab:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:64:21:08:7C:5D:11:B8:67:A2:BC:EE:9F:A3:DD:FA:5B:2E:88:83
            X509v3 Authority Key Identifier:
                keyid:34:5B:4F:7B:4A:16:DB:9E:92:4F:09:08:CE:E3:DA:26:F2:2A:D4:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NFtPe0oW256STwkIzuPaJvIq1IE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/36a9af-0d6a-45e3-9ca5-40858b95fcf5/1/q2QhCHxdEbhnorzun6Pd-lsuiIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/36a9af-0d6a-45e3-9ca5-40858b95fcf5/1/NFtPe0oW256STwkIzuPaJvIq1IE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.38.0/24
                IPv6:
                  2a0b:dd80::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:cc:1f:c0:22:5a:a5:67:bc:4b:ea:38:1c:d4:0c:fd:0f:81:
         1f:9e:d9:1e:80:29:a1:24:60:2e:ba:b6:52:0f:ac:69:30:ca:
         db:43:54:4b:97:9a:f5:9e:70:b4:59:89:37:07:56:67:aa:59:
         ec:80:8b:2e:88:cc:11:28:3c:90:8e:ec:29:be:ec:db:a9:08:
         d7:73:e8:cc:1f:4e:5c:1f:5e:d2:fb:e6:7c:80:1c:74:40:6c:
         bc:3d:b8:5f:9d:00:09:b3:f1:0a:0c:3b:40:bd:8b:62:e5:46:
         28:6c:44:b8:a3:98:c1:fa:49:a2:aa:4b:6b:1d:b0:35:0e:63:
         f9:01:f4:e5:17:03:70:ad:40:00:ba:c2:18:dd:2f:aa:d5:01:
         96:44:67:ba:fa:4c:63:19:cb:26:cd:45:23:86:e6:47:d2:e0:
         92:9b:04:2c:1e:ac:b0:26:e2:4d:3c:59:6e:93:7a:46:2a:69:
         ed:58:5b:63:c4:52:ef:60:2a:8b:2d:7f:e7:cf:08:11:f7:dd:
         3e:24:42:d6:2f:7c:d8:60:ed:b5:b8:e7:b6:91:8f:48:03:af:
         a7:7b:23:6f:a3:14:c4:94:ad:3c:58:68:01:1e:f7:a9:0e:bc:
         c0:2f:fa:e7:56:d0:d4:af:a0:ff:73:25:bf:75:9e:d9:d5:4f:
         ea:59:4f:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkj8gaBTCKylMOjQlJL8OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NWI0ZjdiNGExNmRiOWU5MjRmMDkwOGNlZTNkYTI2ZjIy
YWQ0ODEwHhcNMjQwMTAxMTAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjY0MjEwODdjNWQxMWI4NjdhMmJjZWU5ZmEzZGRmYTViMmU4ODgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OUKSpEOHU0Uk1kKoFPeFdBXmeA7
4sBkEdBvW9WHbBD8CluArauHT+C3f7VRBTEpZZULVKQ+c2EK3+HtVt5hdz0062/p
C1Xuhva0Gtm9wOdZ0wu1PX4T2TJeaCe4WodRebjZ1VsG9f11WGZwJ7oPgsq0zQCU
nsuVFAX8INdAr7QMIWw/EIUztJJJzA4Q59Mcu3ik5t+akNvCtDWFrieLiVZy5LOE
hpsnVArh1gbGV3jUzoGzmRrvEIUnhGJtrFi2Xyg36f976AB1F2rqXuiYBVBYUyOt
QeHChYbeliLCwzPwvCLlIsakeGRJLrysN4ThVUbKw/qT5p4rcQHBP9+r/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKtkIQh8XRG4Z6K87p+j3fpbLoiDMB8GA1UdIwQY
MBaAFDRbT3tKFtuekk8JCM7j2ibyKtSBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkZ0UGUwb1cyNTZTVHdrSXp1UGFKdklxMUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8zNmE5YWYtMGQ2YS00NWUzLTljYTUt
NDA4NThiOTVmY2Y1LzEvcTJRaENIeGRFYmhub3J6dW42UGQtbHN1aUlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8zNmE5YWYtMGQ2YS00NWUzLTljYTUtNDA4NThiOTVmY2Y1
LzEvTkZ0UGUwb1cyNTZTVHdrSXp1UGFKdklxMUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXHcmMA0E
AgACMAcDBQMqC92AMA0GCSqGSIb3DQEBCwUAA4IBAQBXzB/AIlqlZ7xL6jgc1Az9
D4EfntkegCmhJGAuurZSD6xpMMrbQ1RLl5r1nnC0WYk3B1ZnqlnsgIsuiMwRKDyQ
juwpvuzbqQjXc+jMH05cH17S++Z8gBx0QGy8PbhfnQAJs/EKDDtAvYti5UYobES4
o5jB+kmiqktrHbA1DmP5AfTlFwNwrUAAusIY3S+q1QGWRGe6+kxjGcsmzUUjhuZH
0uCSmwQsHqywJuJNPFluk3pGKmntWFtjxFLvYCqLLX/nzwgR990+JELWL3zYYO21
uOe2kY9IA6+neyNvoxTElK08WGgBHvepDrzAL/rnVtDUr6D/cyW/dZ7Z1U/qWU82
-----END CERTIFICATE-----