Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/QJuRL2DdbbvBIuhRvVAuWUSyUc4.roa
File:                     QJuRL2DdbbvBIuhRvVAuWUSyUc4.roa (raw, json)
Hash identifier:          77ZIf4ybi0e3RkRIpzjFcvaqBVvJyfyl4DzKhIt+PTY=
Subject key identifier:   40:9B:91:2F:60:DD:6D:BB:C1:22:E8:51:BD:50:2E:59:44:B2:51:CE
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC79451805FA5611C84F991BFFAB15D02
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/QJuRL2DdbbvBIuhRvVAuWUSyUc4.roa
Signing time:             Tue 02 Jan 2024 00:30:35 +0000
ROA not before:           Tue 02 Jan 2024 00:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44244
IP address blocks:        85.185.38.0/24 maxlen: 24
                          85.185.36.0/22 maxlen: 22
                          85.185.36.0/24 maxlen: 24
                          85.185.37.0/24 maxlen: 24
                          85.185.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:51:80:5f:a5:61:1c:84:f9:91:bf:fa:b1:5d:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=409b912f60dd6dbbc122e851bd502e5944b251ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:20:19:ed:63:04:5e:72:c3:40:74:3b:24:51:
                    c0:3e:c9:3a:96:fe:f7:4a:57:10:b6:ef:c7:6b:bb:
                    94:8e:e9:25:7d:3d:00:4f:be:a7:64:fa:26:bc:60:
                    2f:db:77:b2:6d:a4:49:62:4c:84:d9:5c:c5:92:e9:
                    98:49:af:45:e6:c4:83:15:22:f2:c0:13:ef:b3:a0:
                    b2:0e:69:bd:4d:01:c2:f1:8b:ab:85:7e:d3:04:c4:
                    11:4c:09:40:d3:9e:86:bb:5c:c2:a8:5e:85:7b:fa:
                    29:e3:6a:29:a5:0e:5b:fe:71:1f:47:37:cd:98:33:
                    aa:3f:b9:7c:52:54:07:bd:fd:63:66:ec:47:b5:3c:
                    7d:04:d4:ce:ff:5a:da:54:32:ca:fa:00:a0:4e:6b:
                    00:02:14:19:0c:57:83:e4:c6:11:4d:17:f8:c3:85:
                    b6:2b:31:a1:84:5a:6c:7f:35:bc:95:0c:39:85:c0:
                    92:10:6f:1f:74:86:e7:75:eb:e6:21:3c:13:ec:82:
                    02:0e:53:08:d9:4a:70:ec:51:30:29:a2:08:8b:ba:
                    d0:2b:38:70:ff:9a:20:5b:e2:ce:12:40:97:20:cd:
                    95:3e:0a:a0:56:54:3d:9b:26:71:45:43:09:2c:ec:
                    9d:08:21:17:ff:a0:44:58:6c:3b:39:58:6d:12:0b:
                    fd:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:9B:91:2F:60:DD:6D:BB:C1:22:E8:51:BD:50:2E:59:44:B2:51:CE
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/QJuRL2DdbbvBIuhRvVAuWUSyUc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.185.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:b4:c2:2a:38:f2:9b:12:1d:42:00:9e:7c:f3:33:9a:37:d6:
         6c:81:dc:a3:a1:d2:a9:e8:d4:29:ad:0a:6e:4f:5a:87:a4:94:
         b6:f3:c5:9b:eb:60:ee:7a:c2:a1:f0:43:f2:01:a2:b8:73:b0:
         82:ff:d9:e2:35:aa:85:93:f7:10:39:87:d5:66:5e:08:bc:f2:
         1e:93:cb:b3:53:27:0a:bc:6d:63:9e:b7:7e:c8:fb:b5:87:05:
         2b:4c:24:00:06:0a:c1:a2:cc:3f:74:9e:35:bb:35:4a:02:e1:
         32:3f:e2:08:07:fe:f2:ad:1b:d4:bf:a2:77:3e:ae:b9:92:0a:
         83:58:d6:50:a2:27:4e:00:36:35:81:b0:f8:90:b3:e0:d5:cc:
         4f:30:1a:f3:93:b4:d3:f7:4c:44:e9:48:ed:5c:13:e3:bd:1f:
         64:2a:0b:8f:31:1f:bf:ff:03:54:98:ee:8f:91:00:c9:d2:e9:
         33:1c:2d:d9:a5:24:46:07:cd:d7:af:f9:bc:02:eb:3d:70:ce:
         c7:f9:bf:d6:7f:38:f5:27:0b:a5:80:d7:23:86:08:c9:cd:78:
         66:60:73:a5:a4:e0:56:b5:5b:c1:96:d9:fb:6c:9e:b9:eb:f7:
         d3:01:8e:70:d4:d1:92:5f:25:6b:3f:28:66:88:1f:48:ff:61:
         90:e9:1e:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFGAX6VhHIT5kb/6sV0CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDliOTEyZjYwZGQ2ZGJiYzEyMmU4NTFiZDUwMmU1OTQ0YjI1MWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCAZ7WMEXnLDQHQ7JFHAPsk6lv73
SlcQtu/Ha7uUjuklfT0AT76nZPomvGAv23eybaRJYkyE2VzFkumYSa9F5sSDFSLy
wBPvs6CyDmm9TQHC8YurhX7TBMQRTAlA056Gu1zCqF6Fe/op42oppQ5b/nEfRzfN
mDOqP7l8UlQHvf1jZuxHtTx9BNTO/1raVDLK+gCgTmsAAhQZDFeD5MYRTRf4w4W2
KzGhhFpsfzW8lQw5hcCSEG8fdIbndevmITwT7IICDlMI2Upw7FEwKaIIi7rQKzhw
/5ogW+LOEkCXIM2VPgqgVlQ9myZxRUMJLOydCCEX/6BEWGw7OVhtEgv9WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECbkS9g3W27wSLoUb1QLllEslHOMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvUUp1UkwyRGRiYnZCSXVoUnZWQXVXVVN5VWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVbkkMA0G
CSqGSIb3DQEBCwUAA4IBAQACtMIqOPKbEh1CAJ588zOaN9ZsgdyjodKp6NQprQpu
T1qHpJS288Wb62DuesKh8EPyAaK4c7CC/9niNaqFk/cQOYfVZl4IvPIek8uzUycK
vG1jnrd+yPu1hwUrTCQABgrBosw/dJ41uzVKAuEyP+IIB/7yrRvUv6J3Pq65kgqD
WNZQoidOADY1gbD4kLPg1cxPMBrzk7TT90xE6UjtXBPjvR9kKguPMR+//wNUmO6P
kQDJ0ukzHC3ZpSRGB83Xr/m8Aus9cM7H+b/Wfzj1JwulgNcjhgjJzXhmYHOlpOBW
tVvBltn7bJ656/fTAY5w1NGSXyVrPyhmiB9I/2GQ6R4v
-----END CERTIFICATE-----