Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/qGrQAccuQhzBsMvH4rqiLv03ldQ.roa
File:                     qGrQAccuQhzBsMvH4rqiLv03ldQ.roa (raw, json)
Hash identifier:          EpMU/v+u+8wfjnOchgwBhsnCfmM7qpUQlbsHXubI1rM=
Subject key identifier:   A8:6A:D0:01:C7:2E:42:1C:C1:B0:CB:C7:E2:BA:A2:2E:FD:37:95:D4
Certificate issuer:       /CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
Certificate serial:       018CC4938EB4A9193753B4BFA95D1F38F00D
Authority key identifier: 20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/qGrQAccuQhzBsMvH4rqiLv03ldQ.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34210
IP address blocks:        217.170.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8e:b4:a9:19:37:53:b4:bf:a9:5d:1f:38:f0:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a86ad001c72e421cc1b0cbc7e2baa22efd3795d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:63:5c:34:8e:e4:f2:ed:f6:2a:80:90:77:b4:
                    f8:ae:a3:cd:05:8b:00:7a:6a:2c:35:aa:2e:7b:99:
                    86:32:a9:14:a4:58:e1:83:d4:48:40:88:e3:cd:c4:
                    c5:6c:de:79:70:bc:42:24:c2:23:85:d9:31:a7:05:
                    1d:90:5d:3d:aa:4d:19:c9:75:05:0c:e0:2a:7d:50:
                    45:e9:e9:a0:32:4b:e1:c2:15:23:c2:31:38:4a:c4:
                    a2:a5:83:01:6b:a0:60:03:29:2d:d4:ce:6a:fe:11:
                    10:74:91:e9:d8:86:df:be:33:4e:a9:57:72:87:d3:
                    7b:f0:fc:d3:5a:06:26:8c:75:f6:3b:03:bf:55:48:
                    bc:d5:c1:7a:8c:c4:40:8b:23:80:c9:94:68:22:e8:
                    25:ef:1c:9d:ba:0e:7f:47:68:8f:20:d6:0d:cc:a9:
                    91:75:9d:6b:9c:82:83:0b:ca:04:82:6d:35:fa:1a:
                    71:e9:a2:82:23:58:5d:b5:9a:58:50:1e:c2:55:63:
                    75:87:de:7a:2a:bb:40:25:32:6b:51:a5:c5:0f:26:
                    0a:1a:d4:ff:3d:b3:01:83:79:db:da:cc:b7:60:da:
                    e6:c0:77:83:3b:16:6b:37:39:6e:42:36:71:46:59:
                    87:21:34:ca:31:9e:52:d0:6b:eb:01:a6:4d:5d:97:
                    fd:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:6A:D0:01:C7:2E:42:1C:C1:B0:CB:C7:E2:BA:A2:2E:FD:37:95:D4
            X509v3 Authority Key Identifier:
                keyid:20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/qGrQAccuQhzBsMvH4rqiLv03ldQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.170.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:88:3d:43:c5:92:70:f6:56:e7:39:4a:c1:83:de:c5:43:b7:
         85:2d:6c:08:43:cc:75:ca:97:87:bc:b6:44:2d:f1:00:0b:e6:
         6c:72:0c:cc:f6:fe:31:d0:c0:c4:a7:48:83:1a:1f:e5:f0:e3:
         cc:89:44:40:a5:df:14:5c:55:7f:82:e7:61:9b:e2:34:ea:ca:
         6a:36:61:21:52:9b:65:a3:fe:2e:e3:34:de:9c:5d:3b:e3:75:
         f0:35:15:02:68:5c:b4:c3:9b:6b:89:94:2f:7c:80:eb:91:31:
         ec:a8:bf:79:1e:51:20:3f:2c:df:f9:31:0b:29:97:53:f3:d4:
         86:18:1a:5b:b4:1a:09:0b:4e:86:40:54:08:76:01:99:35:d1:
         c7:46:a8:12:a9:ef:67:f0:b4:60:4f:56:f7:04:b9:66:73:90:
         9e:73:8d:22:84:13:62:f6:4e:b6:66:c4:6f:ae:1d:ab:29:15:
         86:6b:db:73:ac:c2:d5:f7:51:e2:fa:79:84:00:3e:57:f1:59:
         5e:07:d5:2f:a2:0c:6e:97:87:58:0c:86:96:91:77:2c:ac:75:
         bc:a3:2f:ce:46:e3:8b:65:b3:61:4d:9b:25:bb:bf:f1:e2:d6:
         16:8a:3c:1f:3e:59:2b:23:f6:dc:3a:58:09:9f:41:13:f2:d6:
         72:ad:b6:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk460qRk3U7S/qV0fOPANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMWZlMzBmYzZiNGIwZDBmNmRiNGUxYmZiYmQ1MDE5NWRj
YTU3NWMwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODZhZDAwMWM3MmU0MjFjYzFiMGNiYzdlMmJhYTIyZWZkMzc5NWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2NcNI7k8u32KoCQd7T4rqPNBYsA
emosNaoue5mGMqkUpFjhg9RIQIjjzcTFbN55cLxCJMIjhdkxpwUdkF09qk0ZyXUF
DOAqfVBF6emgMkvhwhUjwjE4SsSipYMBa6BgAykt1M5q/hEQdJHp2IbfvjNOqVdy
h9N78PzTWgYmjHX2OwO/VUi81cF6jMRAiyOAyZRoIugl7xydug5/R2iPINYNzKmR
dZ1rnIKDC8oEgm01+hpx6aKCI1hdtZpYUB7CVWN1h956KrtAJTJrUaXFDyYKGtT/
PbMBg3nb2sy3YNrmwHeDOxZrNzluQjZxRlmHITTKMZ5S0GvrAaZNXZf9owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhq0AHHLkIcwbDLx+K6oi79N5XUMB8GA1UdIwQY
MBaAFCAf4w/GtLDQ9ttOG/u9UBldyldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYt
ZmMxMjFjODAwYjMwLzEvcUdyUUFjY3VRaHpCc012SDRycWlMdjAzbGRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYtZmMxMjFjODAwYjMw
LzEvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2aoIMA0G
CSqGSIb3DQEBCwUAA4IBAQBYiD1DxZJw9lbnOUrBg97FQ7eFLWwIQ8x1ypeHvLZE
LfEAC+ZscgzM9v4x0MDEp0iDGh/l8OPMiURApd8UXFV/gudhm+I06spqNmEhUptl
o/4u4zTenF0743XwNRUCaFy0w5triZQvfIDrkTHsqL95HlEgPyzf+TELKZdT89SG
GBpbtBoJC06GQFQIdgGZNdHHRqgSqe9n8LRgT1b3BLlmc5Cec40ihBNi9k62ZsRv
rh2rKRWGa9tzrMLV91Hi+nmEAD5X8VleB9Uvogxul4dYDIaWkXcsrHW8oy/ORuOL
ZbNhTZslu7/x4tYWijwfPlkrI/bcOlgJn0ET8tZyrbYI
-----END CERTIFICATE-----