Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/QMyNStVjkgaXA7ce_rkP1h3ww1k.roa
File:                     QMyNStVjkgaXA7ce_rkP1h3ww1k.roa (raw, json)
Hash identifier:          edgb8NXX//stm8W3wTSemtpOK8a2d5S06d3hkiKwuew=
Subject key identifier:   40:CC:8D:4A:D5:63:92:06:97:03:B7:1E:FE:B9:0F:D6:1D:F0:C3:59
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018CD37B640B00D38E86C01BEA50F93CB3EC
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/QMyNStVjkgaXA7ce_rkP1h3ww1k.roa
Signing time:             Thu 04 Jan 2024 07:58:48 +0000
ROA not before:           Thu 04 Jan 2024 07:58:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400909
IP address blocks:        185.199.212.0/23 maxlen: 23
                          185.225.170.0/23 maxlen: 23
                          185.199.148.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d3:7b:64:0b:00:d3:8e:86:c0:1b:ea:50:f9:3c:b3:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  4 07:58:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40cc8d4ad56392069703b71efeb90fd61df0c359
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:df:ad:d0:f3:0f:2a:87:27:2f:3a:0d:da:2e:
                    13:dc:f1:b4:cd:c3:14:f5:4d:7d:f1:86:2b:c6:f1:
                    b5:39:0d:a6:64:ea:60:a2:17:fc:63:28:56:b8:8f:
                    35:63:66:f3:c9:33:e3:ab:07:67:de:de:59:34:83:
                    85:35:77:2a:e2:ae:f1:e5:8e:35:38:4f:aa:bf:bf:
                    89:34:68:76:d2:55:40:67:ed:a9:61:47:dc:d3:67:
                    94:ff:d6:7c:54:d0:73:8e:a3:a2:25:8c:39:13:2a:
                    6b:ad:52:d3:ed:55:12:9a:49:c1:13:1a:cf:b1:e6:
                    44:4e:ce:8a:e1:51:6d:df:71:da:52:ae:00:0a:c6:
                    f6:45:1d:bf:83:fb:b1:90:15:d5:76:39:ac:8f:26:
                    da:76:5a:32:9a:c4:09:f3:b5:e8:56:24:4a:d0:d7:
                    b8:6d:52:bc:02:2e:18:2d:53:98:29:20:51:b5:b7:
                    c2:36:8e:2b:c9:d7:02:05:c1:ec:d4:dc:11:74:9f:
                    7f:ba:0c:51:1a:f6:c0:b1:2d:fd:03:69:61:b4:6f:
                    f4:af:d6:e1:da:19:73:b7:fe:c3:c2:46:08:51:8c:
                    0f:c5:89:3c:b5:49:f0:06:77:f4:b2:3b:66:0c:f1:
                    78:a4:f2:6c:e1:96:99:2f:ac:15:65:e5:e3:7b:52:
                    7c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:CC:8D:4A:D5:63:92:06:97:03:B7:1E:FE:B9:0F:D6:1D:F0:C3:59
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/QMyNStVjkgaXA7ce_rkP1h3ww1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.148.0/23
                  185.199.212.0/23
                  185.225.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:6c:dd:52:d8:fb:fd:db:ca:d4:cf:52:e4:10:69:c3:86:af:
         ab:0a:4c:bc:85:38:c5:21:85:5d:cd:33:70:7b:15:84:b1:8e:
         00:f4:69:c0:18:ff:5f:00:ba:99:73:82:ca:4b:49:9c:11:bd:
         f5:08:f8:68:8b:58:66:1f:4a:ee:54:9a:85:01:9e:0b:5c:49:
         ef:ad:e4:25:9f:ab:9b:1e:5c:55:51:41:17:62:5f:6e:4b:f8:
         3a:c7:12:b4:b5:26:09:44:3d:3b:af:23:3f:52:9b:2d:ef:07:
         ee:84:a9:bd:92:3d:2d:96:05:20:ca:b8:9d:33:37:62:9f:4a:
         c9:19:1c:1f:45:bb:28:64:4a:7b:35:c2:a5:d9:75:ec:b5:6c:
         9a:ba:d1:ce:46:84:d7:f3:70:ba:1d:72:7f:3a:6d:89:6c:f1:
         78:e5:f1:5f:66:ee:60:c0:0d:c0:54:c0:fd:f9:2a:70:c4:cf:
         b9:a6:37:ec:0e:c8:02:88:d8:d8:be:fe:62:3b:7e:34:34:19:
         b7:57:dc:a9:14:c9:51:2b:a8:73:bf:de:a1:45:a6:1c:64:48:
         45:87:8d:58:51:40:ba:57:75:2e:b1:6d:a9:a6:60:d8:6b:ca:
         84:e0:9d:91:e8:b1:8b:f1:4f:b3:c0:ae:f5:e2:f0:b4:af:e0:
         2f:da:ac:de
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzTe2QLANOOhsAb6lD5PLPsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwMTA0MDc1ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGNjOGQ0YWQ1NjM5MjA2OTcwM2I3MWVmZWI5MGZkNjFkZjBjMzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgd+t0PMPKocnLzoN2i4T3PG0zcMU
9U198YYrxvG1OQ2mZOpgohf8YyhWuI81Y2bzyTPjqwdn3t5ZNIOFNXcq4q7x5Y41
OE+qv7+JNGh20lVAZ+2pYUfc02eU/9Z8VNBzjqOiJYw5EyprrVLT7VUSmknBExrP
seZETs6K4VFt33HaUq4ACsb2RR2/g/uxkBXVdjmsjybadloymsQJ87XoViRK0Ne4
bVK8Ai4YLVOYKSBRtbfCNo4rydcCBcHs1NwRdJ9/ugxRGvbAsS39A2lhtG/0r9bh
2hlzt/7DwkYIUYwPxYk8tUnwBnf0sjtmDPF4pPJs4ZaZL6wVZeXje1J8wQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEDMjUrVY5IGlwO3Hv65D9Yd8MNZMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvUU15TlN0VmprZ2FYQTdjZV9ya1AxaDN3dzFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBuceUAwQB
ucfUAwQBueGqMA0GCSqGSIb3DQEBCwUAA4IBAQBBbN1S2Pv928rUz1LkEGnDhq+r
Cky8hTjFIYVdzTNwexWEsY4A9GnAGP9fALqZc4LKS0mcEb31CPhoi1hmH0ruVJqF
AZ4LXEnvreQln6ubHlxVUUEXYl9uS/g6xxK0tSYJRD07ryM/Upst7wfuhKm9kj0t
lgUgyridMzdin0rJGRwfRbsoZEp7NcKl2XXstWyautHORoTX83C6HXJ/Om2JbPF4
5fFfZu5gwA3AVMD9+SpwxM+5pjfsDsgCiNjYvv5iO340NBm3V9ypFMlRK6hzv96h
RaYcZEhFh41YUUC6V3UusW2ppmDYa8qE4J2R6LGL8U+zwK714vC0r+Av2qze
-----END CERTIFICATE-----