Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/qiU5dCfEDFhI0F0Irely1BzdGVY.roa
File:                     qiU5dCfEDFhI0F0Irely1BzdGVY.roa (raw, json)
Hash identifier:          l2PgX5ugCo7fdCHckPat4cbaYjv6Kt78W9HHtB4jXa8=
Subject key identifier:   AA:25:39:74:27:C4:0C:58:48:D0:5D:08:AD:E9:72:D4:1C:DD:19:56
Certificate issuer:       /CN=7e65dab23940cb394f9aaa664fea4d6f8f42e318
Certificate serial:       018CC9BC98BB660D39282EF7C59C271693CB
Authority key identifier: 7E:65:DA:B2:39:40:CB:39:4F:9A:AA:66:4F:EA:4D:6F:8F:42:E3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fmXasjlAyzlPmqpmT-pNb49C4xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/qiU5dCfEDFhI0F0Irely1BzdGVY.roa
Signing time:             Tue 02 Jan 2024 10:33:49 +0000
ROA not before:           Tue 02 Jan 2024 10:33:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9053
IP address blocks:        185.115.0.0/24 maxlen: 24
                          2a02:5420:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/fmXasjlAyzlPmqpmT-pNb49C4xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/fmXasjlAyzlPmqpmT-pNb49C4xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fmXasjlAyzlPmqpmT-pNb49C4xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:98:bb:66:0d:39:28:2e:f7:c5:9c:27:16:93:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e65dab23940cb394f9aaa664fea4d6f8f42e318
        Validity
            Not Before: Jan  2 10:33:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa25397427c40c5848d05d08ade972d41cdd1956
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:07:b8:79:a0:c3:82:20:21:c5:e8:15:4c:cc:
                    50:0b:a6:51:7e:d9:89:d7:64:88:d9:18:85:9d:98:
                    22:a6:3a:1b:1c:13:b1:8b:57:0a:5f:00:ca:7b:ed:
                    78:6b:2a:5b:a8:b2:54:10:3f:7a:a7:ff:38:76:c0:
                    3f:86:db:58:4c:0e:6b:8e:55:93:b2:9b:0e:80:d5:
                    29:71:c3:2b:3d:08:07:76:06:65:80:77:76:dc:c0:
                    4c:4a:4b:0f:82:77:b8:96:cb:e6:19:13:b0:5c:b3:
                    c2:cc:d3:88:2b:66:6d:7d:9d:00:0a:d9:2b:03:c0:
                    6b:10:b8:6b:23:b8:1e:2c:d2:7b:82:72:8c:f7:b0:
                    7a:73:4b:e6:5d:63:90:df:9e:5c:e4:79:83:2e:8f:
                    c1:f7:a7:53:cd:07:2b:4e:cb:81:2b:5f:80:0a:2d:
                    ad:68:af:5d:8b:58:62:27:48:f8:dd:3f:4d:3d:37:
                    e1:cc:97:a3:43:ee:77:c3:c4:14:e1:6e:4b:e8:f9:
                    f3:39:b3:34:3c:4d:9b:26:73:e1:0d:ee:2d:b5:ee:
                    d0:0b:a6:8d:c1:fd:ee:54:5b:32:e5:80:08:f7:f4:
                    f6:96:01:03:2a:1d:75:88:69:f3:67:79:a0:ed:27:
                    14:9c:19:03:1f:0d:e5:bb:28:6a:9b:ac:ef:9d:61:
                    d8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:25:39:74:27:C4:0C:58:48:D0:5D:08:AD:E9:72:D4:1C:DD:19:56
            X509v3 Authority Key Identifier:
                keyid:7E:65:DA:B2:39:40:CB:39:4F:9A:AA:66:4F:EA:4D:6F:8F:42:E3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fmXasjlAyzlPmqpmT-pNb49C4xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/qiU5dCfEDFhI0F0Irely1BzdGVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/fmXasjlAyzlPmqpmT-pNb49C4xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.0.0/24
                IPv6:
                  2a02:5420:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:d0:85:b0:96:df:c4:75:aa:18:e3:90:88:4d:e4:b9:51:45:
         cc:d6:79:af:f9:e1:5a:5b:0c:59:36:86:2b:97:c7:e4:9c:87:
         d7:9d:d2:e5:70:1d:99:e5:9d:90:4a:a0:83:fe:4d:3f:5c:c0:
         72:a9:44:be:c2:52:59:5a:e1:c6:2e:c1:6e:f6:18:16:4c:8a:
         3f:b2:af:2d:0a:b1:0a:f6:32:af:21:79:48:0e:c4:53:b8:93:
         3d:2a:9b:1d:f4:81:f2:ca:d6:f3:f7:83:75:7e:06:f8:1a:6f:
         3e:aa:a8:e4:fe:1d:1e:a7:33:eb:0e:12:b1:02:6e:31:9a:6a:
         c4:cb:12:73:9f:af:9b:27:9b:be:2d:b1:54:ec:ab:8d:9b:f4:
         ae:9b:58:f8:8c:25:76:37:18:83:2e:39:d8:ac:9c:b6:26:73:
         da:8e:e6:3b:c0:89:4c:fe:f8:c4:22:80:fb:d6:84:59:da:4e:
         0b:cd:41:7b:84:a2:be:c4:b0:72:0e:bf:54:12:b8:4a:fa:fc:
         73:ee:fc:61:db:1b:50:15:ff:52:42:6e:2f:8a:0e:a0:83:7e:
         47:21:19:0e:3b:ca:2a:70:04:82:01:4e:e3:8b:14:6c:44:d1:
         1f:27:d9:b7:97:c2:60:b9:90:3c:c3:5a:af:e0:91:51:dc:9a:
         f5:f6:c3:b1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvJi7Zg05KC73xZwnFpPLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNjVkYWIyMzk0MGNiMzk0ZjlhYWE2NjRmZWE0ZDZmOGY0
MmUzMTgwHhcNMjQwMTAyMTAzMzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTI1Mzk3NDI3YzQwYzU4NDhkMDVkMDhhZGU5NzJkNDFjZGQxOTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQe4eaDDgiAhxegVTMxQC6ZRftmJ
12SI2RiFnZgipjobHBOxi1cKXwDKe+14aypbqLJUED96p/84dsA/httYTA5rjlWT
spsOgNUpccMrPQgHdgZlgHd23MBMSksPgne4lsvmGROwXLPCzNOIK2ZtfZ0ACtkr
A8BrELhrI7geLNJ7gnKM97B6c0vmXWOQ355c5HmDLo/B96dTzQcrTsuBK1+ACi2t
aK9di1hiJ0j43T9NPTfhzJejQ+53w8QU4W5L6PnzObM0PE2bJnPhDe4tte7QC6aN
wf3uVFsy5YAI9/T2lgEDKh11iGnzZ3mg7ScUnBkDHw3luyhqm6zvnWHY6wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKolOXQnxAxYSNBdCK3pctQc3RlWMB8GA1UdIwQY
MBaAFH5l2rI5QMs5T5qqZk/qTW+PQuMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZm1YYXNqbEF5emxQbXFwbVQtcE5iNDlDNHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC81OGViYjEtZGJlYy00N2Y5LWJiOTYt
ODQ5Y2ZjYWJiNjU3LzEvcWlVNWRDZkVERmhJMEYwSXJlbHkxQnpkR1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC81OGViYjEtZGJlYy00N2Y5LWJiOTYtODQ5Y2ZjYWJiNjU3
LzEvZm1YYXNqbEF5emxQbXFwbVQtcE5iNDlDNHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuXMAMA8E
AgACMAkDBwAqAlQgAAEwDQYJKoZIhvcNAQELBQADggEBAJbQhbCW38R1qhjjkIhN
5LlRRczWea/54VpbDFk2hiuXx+Sch9ed0uVwHZnlnZBKoIP+TT9cwHKpRL7CUlla
4cYuwW72GBZMij+yry0KsQr2Mq8heUgOxFO4kz0qmx30gfLK1vP3g3V+Bvgabz6q
qOT+HR6nM+sOErECbjGaasTLEnOfr5snm74tsVTsq42b9K6bWPiMJXY3GIMuOdis
nLYmc9qO5jvAiUz++MQigPvWhFnaTgvNQXuEor7EsHIOv1QSuEr6/HPu/GHbG1AV
/1JCbi+KDqCDfkchGQ47yipwBIIBTuOLFGxE0R8n2beXwmC5kDzDWq/gkVHcmvX2
w7E=
-----END CERTIFICATE-----