Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/9_-qqlbCLg4d4WoEum6mxqdubdM.roa
File:                     9_-qqlbCLg4d4WoEum6mxqdubdM.roa (raw, json)
Hash identifier:          QXRpWeCgnvAMDiSoJKKhDdJSC24dUQC0XmI9yAtT6l4=
Subject key identifier:   F7:FF:AA:AA:56:C2:2E:0E:1D:E1:6A:04:BA:6E:A6:C6:A7:6E:6D:D3
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018CC8DFA4E30AE78B2FBABB3F6F54445A1F
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/9_-qqlbCLg4d4WoEum6mxqdubdM.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60064
IP address blocks:        185.243.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a4:e3:0a:e7:8b:2f:ba:bb:3f:6f:54:44:5a:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7ffaaaa56c22e0e1de16a04ba6ea6c6a76e6dd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4a:02:2e:b6:63:e4:e5:b7:e7:e3:a7:bd:7c:
                    f0:39:e0:62:c1:ef:e7:30:2b:e8:51:c3:75:70:78:
                    86:d1:26:ad:42:52:bf:e7:0d:e7:74:1c:eb:1a:87:
                    ba:27:2d:6c:98:29:85:07:b0:b4:75:b6:0b:f1:ee:
                    cc:be:bf:74:ce:ed:78:83:33:e9:05:ac:3e:b0:7d:
                    5b:72:45:80:ee:f1:9d:3c:f5:23:5b:17:23:aa:d5:
                    ef:3a:c5:18:d5:69:0c:20:ef:11:c0:b3:cd:a5:9c:
                    5a:bb:b9:01:86:53:aa:5f:27:7c:fa:e2:3c:f2:dd:
                    0b:50:bc:f9:a7:f6:1c:67:fe:ce:2c:59:3d:7a:cc:
                    1b:1b:21:1d:93:6f:54:d7:cd:36:4b:98:cd:a1:74:
                    58:bc:7a:41:82:fa:39:e7:05:c5:fa:df:80:42:f9:
                    ec:8f:f0:4f:0a:63:44:e9:6c:56:ff:38:86:cd:19:
                    e0:79:ec:e4:db:18:50:bd:0b:04:0f:a9:61:81:fb:
                    61:86:66:3a:8e:7c:89:3d:d1:e1:22:dd:c0:8c:c5:
                    14:39:c5:72:8d:ee:40:62:89:2d:d2:0e:d9:5e:a9:
                    6c:fa:9b:3f:c6:e0:f7:30:33:07:72:c8:2d:49:96:
                    fa:7f:9f:52:c8:a3:6e:63:b0:5c:3c:2f:57:d4:40:
                    e9:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:FF:AA:AA:56:C2:2E:0E:1D:E1:6A:04:BA:6E:A6:C6:A7:6E:6D:D3
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/9_-qqlbCLg4d4WoEum6mxqdubdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:a4:45:63:54:11:05:91:73:bf:d6:e9:99:cf:49:52:16:78:
         94:97:ef:d1:f9:45:f0:6a:eb:eb:9e:2c:bd:ff:76:b2:cc:cb:
         2f:29:1c:c0:66:25:13:13:74:df:3b:d8:54:83:8c:e2:47:0e:
         96:27:6a:66:ec:8e:22:9b:8c:02:27:78:5e:9e:44:3f:bf:0c:
         93:4f:85:f5:26:69:50:09:e8:b9:67:67:c5:91:06:13:cd:1d:
         79:40:8d:5d:c1:c3:49:7d:ba:81:02:3b:31:30:95:72:97:76:
         11:da:2d:4e:17:27:80:3f:1e:2d:b3:f4:4a:eb:d7:e2:f7:dc:
         1e:f2:61:d6:b4:44:e6:33:2f:1f:82:0c:a2:fe:07:73:61:40:
         87:7f:4f:76:3f:81:59:37:21:87:13:a6:56:c9:95:bc:93:68:
         34:bf:c0:59:79:8e:47:7f:cb:9a:67:25:61:8f:08:cd:90:4e:
         9f:f8:c9:20:35:34:f1:86:18:31:26:4c:3b:7f:75:ff:28:39:
         f8:2d:a9:30:cb:83:77:25:83:99:51:d2:36:ef:f6:ec:1f:d3:
         dd:85:bc:fa:1e:4e:3f:64:20:27:31:12:67:55:a7:cf:bf:f7:
         f1:6d:85:58:59:22:ce:68:be:32:b4:78:06:cb:56:cc:8d:c5:
         ca:f3:85:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36TjCueLL7q7P29URFofMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2ZmYWFhYTU2YzIyZTBlMWRlMTZhMDRiYTZlYTZjNmE3NmU2ZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskoCLrZj5OW35+OnvXzwOeBiwe/n
MCvoUcN1cHiG0SatQlK/5w3ndBzrGoe6Jy1smCmFB7C0dbYL8e7Mvr90zu14gzPp
Baw+sH1bckWA7vGdPPUjWxcjqtXvOsUY1WkMIO8RwLPNpZxau7kBhlOqXyd8+uI8
8t0LULz5p/YcZ/7OLFk9eswbGyEdk29U1802S5jNoXRYvHpBgvo55wXF+t+AQvns
j/BPCmNE6WxW/ziGzRngeezk2xhQvQsED6lhgfthhmY6jnyJPdHhIt3AjMUUOcVy
je5AYokt0g7ZXqls+ps/xuD3MDMHcsgtSZb6f59SyKNuY7BcPC9X1EDpDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPf/qqpWwi4OHeFqBLpupsanbm3TMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvOV8tcXFsYkNMZzRkNFdvRXVtNm14cWR1YmRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufMEMA0G
CSqGSIb3DQEBCwUAA4IBAQC8pEVjVBEFkXO/1umZz0lSFniUl+/R+UXwauvrniy9
/3ayzMsvKRzAZiUTE3TfO9hUg4ziRw6WJ2pm7I4im4wCJ3henkQ/vwyTT4X1JmlQ
Cei5Z2fFkQYTzR15QI1dwcNJfbqBAjsxMJVyl3YR2i1OFyeAPx4ts/RK69fi99we
8mHWtETmMy8fggyi/gdzYUCHf092P4FZNyGHE6ZWyZW8k2g0v8BZeY5Hf8uaZyVh
jwjNkE6f+MkgNTTxhhgxJkw7f3X/KDn4Lakwy4N3JYOZUdI27/bsH9Pdhbz6Hk4/
ZCAnMRJnVafPv/fxbYVYWSLOaL4ytHgGy1bMjcXK84Vt
-----END CERTIFICATE-----