Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/qjxLffabLxohlkkPhQCx3jJP5uE.roa
File:                     qjxLffabLxohlkkPhQCx3jJP5uE.roa (raw, json)
Hash identifier:          mrA192L+5D7DQiAoyZwJ0PXKKYJ/OuxHy+q2s5DVww8=
Subject key identifier:   AA:3C:4B:7D:F6:9B:2F:1A:21:96:49:0F:85:00:B1:DE:32:4F:E6:E1
Certificate issuer:       /CN=b2ed1d6066f4e4654ef5f3cc70a5d905a9af8290
Certificate serial:       018CC793E47F3549F1BB289CB2D970229753
Authority key identifier: B2:ED:1D:60:66:F4:E4:65:4E:F5:F3:CC:70:A5:D9:05:A9:AF:82:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/su0dYGb05GVO9fPMcKXZBamvgpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/qjxLffabLxohlkkPhQCx3jJP5uE.roa
Signing time:             Tue 02 Jan 2024 00:30:07 +0000
ROA not before:           Tue 02 Jan 2024 00:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        217.145.162.0/24 maxlen: 24
                          217.145.160.0/20 maxlen: 24
                          217.145.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/su0dYGb05GVO9fPMcKXZBamvgpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/su0dYGb05GVO9fPMcKXZBamvgpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/su0dYGb05GVO9fPMcKXZBamvgpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:e4:7f:35:49:f1:bb:28:9c:b2:d9:70:22:97:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2ed1d6066f4e4654ef5f3cc70a5d905a9af8290
        Validity
            Not Before: Jan  2 00:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa3c4b7df69b2f1a2196490f8500b1de324fe6e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:c2:93:d5:c8:d9:ee:40:0b:8c:de:34:94:83:
                    62:00:da:1e:7b:dc:95:91:44:b8:99:ff:31:e3:a4:
                    e6:98:e3:2e:36:81:de:a8:22:cd:c6:26:19:b0:1c:
                    b7:c0:fa:51:53:96:99:51:45:3e:1a:8d:c3:82:06:
                    10:99:69:79:f1:1c:4c:9f:ca:3a:1d:d1:1e:37:48:
                    9e:cc:2d:fd:ee:be:58:d4:55:96:38:dc:97:fa:47:
                    5e:79:70:9e:a7:3e:5e:ed:41:a8:50:4a:49:da:f1:
                    a1:d5:8c:f7:91:aa:34:73:f8:67:7c:af:10:3f:6f:
                    83:cc:e7:ae:e1:53:3c:8f:a3:0c:66:f5:ee:0f:9a:
                    e8:c0:4b:cb:ac:cb:1f:f5:ed:d7:39:12:99:7a:54:
                    96:70:41:bb:b7:aa:91:08:c8:04:1f:6f:c1:a7:82:
                    22:a1:fd:a3:e0:95:64:04:5e:ec:97:a5:b9:79:74:
                    be:84:1b:3c:6e:4e:fa:85:9f:74:c0:c6:6c:f5:a6:
                    65:e1:5e:5f:97:60:6f:be:a4:0c:3b:53:cb:14:b6:
                    90:6e:19:7d:bd:55:5a:c8:ad:e5:01:8a:03:b1:0b:
                    c1:31:66:c1:70:38:ea:66:bb:f1:4a:d0:2a:82:0b:
                    86:99:60:05:05:76:f4:d4:cd:c3:3f:c7:1b:06:ac:
                    db:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:3C:4B:7D:F6:9B:2F:1A:21:96:49:0F:85:00:B1:DE:32:4F:E6:E1
            X509v3 Authority Key Identifier:
                keyid:B2:ED:1D:60:66:F4:E4:65:4E:F5:F3:CC:70:A5:D9:05:A9:AF:82:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/su0dYGb05GVO9fPMcKXZBamvgpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/qjxLffabLxohlkkPhQCx3jJP5uE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/su0dYGb05GVO9fPMcKXZBamvgpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         59:ac:04:5f:e9:29:e8:a0:c7:0d:cc:ff:fc:35:4e:e5:d4:bc:
         e5:27:d0:64:ad:b3:9a:47:b6:2e:4b:fe:70:d8:ac:59:93:05:
         84:40:cb:98:73:f0:f1:f0:12:ee:69:30:d3:21:10:3e:73:e7:
         4b:95:0e:aa:70:bf:97:72:28:6b:02:72:e0:38:a6:66:61:74:
         1e:20:27:db:91:a5:3f:68:06:46:82:ad:5e:a8:9e:16:53:5d:
         49:6c:e6:bc:6a:77:b1:25:d5:96:f7:82:a7:7b:63:27:b1:d1:
         b6:32:34:2f:c8:b8:5a:8b:a2:d6:89:57:62:1a:d2:b7:41:f8:
         cb:22:f3:31:8b:2f:ef:55:e7:61:15:b2:32:4d:60:f7:2f:e3:
         c7:e1:75:6c:fe:5e:50:e7:52:11:93:aa:f7:98:12:0d:be:f4:
         f4:76:ad:eb:50:6e:f0:da:fa:01:b5:6a:78:63:87:5b:ed:47:
         11:3d:7d:a3:2d:df:16:16:9c:87:0f:20:5f:81:34:45:8b:b4:
         55:97:70:24:ae:b3:ce:67:9d:e4:87:d9:58:70:04:73:1f:a8:
         c4:a1:a1:49:d7:7d:cd:72:fa:e2:59:e1:79:48:94:d3:8a:3e:
         d3:6a:8b:59:97:72:4b:a8:da:53:ac:b5:bf:7d:19:dc:1a:69:
         2c:b7:60:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk+R/NUnxuyicstlwIpdTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZWQxZDYwNjZmNGU0NjU0ZWY1ZjNjYzcwYTVkOTA1YTlh
ZjgyOTAwHhcNMjQwMTAyMDAzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTNjNGI3ZGY2OWIyZjFhMjE5NjQ5MGY4NTAwYjFkZTMyNGZlNmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2sKT1cjZ7kALjN40lINiANoee9yV
kUS4mf8x46TmmOMuNoHeqCLNxiYZsBy3wPpRU5aZUUU+Go3DggYQmWl58RxMn8o6
HdEeN0iezC397r5Y1FWWONyX+kdeeXCepz5e7UGoUEpJ2vGh1Yz3kao0c/hnfK8Q
P2+DzOeu4VM8j6MMZvXuD5rowEvLrMsf9e3XORKZelSWcEG7t6qRCMgEH2/Bp4Ii
of2j4JVkBF7sl6W5eXS+hBs8bk76hZ90wMZs9aZl4V5fl2BvvqQMO1PLFLaQbhl9
vVVayK3lAYoDsQvBMWbBcDjqZrvxStAqgguGmWAFBXb01M3DP8cbBqzb0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKo8S332my8aIZZJD4UAsd4yT+bhMB8GA1UdIwQY
MBaAFLLtHWBm9ORlTvXzzHCl2QWpr4KQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3UwZFlHYjA1R1ZPOWZQTWNLWFpCYW12Z3BBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8xMTgyY2ItNWY5NS00Y2Q0LWI3MmYt
NDZiNDZmYzBlNDk2LzEvcWp4TGZmYWJMeG9obGtrUGhRQ3gzakpQNXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8xMTgyY2ItNWY5NS00Y2Q0LWI3MmYtNDZiNDZmYzBlNDk2
LzEvc3UwZFlHYjA1R1ZPOWZQTWNLWFpCYW12Z3BBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2ZGgMA0G
CSqGSIb3DQEBCwUAA4IBAQBZrARf6SnooMcNzP/8NU7l1LzlJ9BkrbOaR7YuS/5w
2KxZkwWEQMuYc/Dx8BLuaTDTIRA+c+dLlQ6qcL+XcihrAnLgOKZmYXQeICfbkaU/
aAZGgq1eqJ4WU11JbOa8anexJdWW94Kne2MnsdG2MjQvyLhai6LWiVdiGtK3QfjL
IvMxiy/vVedhFbIyTWD3L+PH4XVs/l5Q51IRk6r3mBINvvT0dq3rUG7w2voBtWp4
Y4db7UcRPX2jLd8WFpyHDyBfgTRFi7RVl3AkrrPOZ53kh9lYcARzH6jEoaFJ133N
cvriWeF5SJTTij7TaotZl3JLqNpTrLW/fRncGmkst2Bk
-----END CERTIFICATE-----