Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/QSDPU_GONSgIV2Jz_b5oabs8nd0.roa
File:                     QSDPU_GONSgIV2Jz_b5oabs8nd0.roa (raw, json)
Hash identifier:          bOfnqLYl/KPA6SqW0vMI8j2W6RAaIgWi1X6U/SJ8osQ=
Subject key identifier:   41:20:CF:53:F1:8E:35:28:08:57:62:73:FD:BE:68:69:BB:3C:9D:DD
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018DB2FCB3AC08B02381212A51A49D22B9F3
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/QSDPU_GONSgIV2Jz_b5oabs8nd0.roa
Signing time:             Fri 16 Feb 2024 17:35:21 +0000
ROA not before:           Fri 16 Feb 2024 17:35:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215645
IP address blocks:        160.20.109.0/24 maxlen: 24
                          185.243.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 13:40:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b2:fc:b3:ac:08:b0:23:81:21:2a:51:a4:9d:22:b9:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Feb 16 17:35:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4120cf53f18e352808576273fdbe6869bb3c9ddd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:35:17:fd:f1:17:4d:57:f1:29:22:05:41:66:
                    44:6a:ac:63:95:a2:e9:d8:cd:48:bb:43:28:00:90:
                    db:90:d2:3a:3c:cb:55:69:24:cf:a2:b6:1d:4e:44:
                    e0:44:ea:47:b0:52:77:e1:de:ff:ea:05:93:f3:f6:
                    38:7d:7e:be:8a:54:07:4d:34:08:d1:7a:28:32:9b:
                    89:23:0e:d5:83:48:a3:56:1a:d5:e7:f6:00:eb:d9:
                    56:d3:1a:49:70:75:93:cc:58:d4:0a:b8:0b:65:84:
                    d1:0f:92:e4:45:59:a0:33:d3:d7:57:61:d0:00:c0:
                    54:40:ea:bd:0e:d7:1c:a7:92:a1:91:b0:62:35:63:
                    64:d7:80:7b:fd:80:ba:9e:2f:e2:42:ef:c3:a2:ec:
                    ac:43:e9:a7:98:96:76:f4:04:01:29:36:da:02:8b:
                    6e:36:44:dd:bb:4c:24:8a:3c:3e:d5:fc:2b:87:e0:
                    e0:c7:5a:02:17:9e:8b:b4:56:54:05:b3:4f:18:7c:
                    7f:7e:2a:2e:47:a5:2d:41:29:0b:57:3c:f8:04:39:
                    a3:d6:b1:5c:c7:04:9b:0b:c3:cd:4d:62:21:15:3a:
                    91:e6:f1:74:5a:da:a8:40:38:2e:f3:e7:86:08:ce:
                    d1:7f:cd:13:75:a3:fb:87:5c:61:a6:13:6e:cf:97:
                    55:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:20:CF:53:F1:8E:35:28:08:57:62:73:FD:BE:68:69:BB:3C:9D:DD
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/QSDPU_GONSgIV2Jz_b5oabs8nd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.109.0/24
                  185.243.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:be:0e:2a:93:cd:35:96:b5:e0:a6:1d:33:f2:ce:cb:bb:a5:
         8b:59:3e:10:03:e7:71:c0:71:7d:d5:f5:8b:00:15:50:05:40:
         c8:db:d7:e8:98:d5:54:1e:7f:ef:96:84:28:e2:d7:79:63:6d:
         b6:3d:e2:bb:06:41:2a:d0:fe:00:14:a9:c5:47:fd:6d:7d:4b:
         47:d1:9d:51:a7:ec:a6:55:d6:b4:62:33:05:82:7c:24:6c:96:
         95:51:9f:c2:f2:86:b8:ea:d9:39:34:77:3d:b0:b3:52:90:cb:
         8e:56:f8:bd:04:f9:ad:42:71:15:21:90:46:e7:54:cc:48:65:
         d9:6e:b7:ee:75:aa:ef:62:f5:f0:1e:d1:7c:66:5b:1b:1e:58:
         79:f7:40:73:86:1f:40:4c:26:b5:d4:fe:0c:9d:a7:15:6d:dd:
         1b:87:c5:78:32:22:93:e4:2d:78:75:f3:5a:20:87:d4:63:95:
         56:72:3c:6a:13:5b:2f:40:e8:21:f7:70:bc:a6:24:dc:96:2b:
         c8:6e:90:55:db:78:b5:60:2a:93:ae:63:18:88:6f:46:47:15:
         22:d6:4d:dc:67:5a:67:91:f2:f9:1c:96:8c:c0:8b:34:cb:c0:
         8d:7e:44:e8:6d:c6:6f:eb:49:42:44:cb:28:b8:37:b4:7f:26:
         e3:41:de:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2y/LOsCLAjgSEqUaSdIrnzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMjE2MTczNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTIwY2Y1M2YxOGUzNTI4MDg1NzYyNzNmZGJlNjg2OWJiM2M5ZGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8DUX/fEXTVfxKSIFQWZEaqxjlaLp
2M1Iu0MoAJDbkNI6PMtVaSTPorYdTkTgROpHsFJ34d7/6gWT8/Y4fX6+ilQHTTQI
0XooMpuJIw7Vg0ijVhrV5/YA69lW0xpJcHWTzFjUCrgLZYTRD5LkRVmgM9PXV2HQ
AMBUQOq9Dtccp5KhkbBiNWNk14B7/YC6ni/iQu/DouysQ+mnmJZ29AQBKTbaAotu
NkTdu0wkijw+1fwrh+Dgx1oCF56LtFZUBbNPGHx/fiouR6UtQSkLVzz4BDmj1rFc
xwSbC8PNTWIhFTqR5vF0WtqoQDgu8+eGCM7Rf80TdaP7h1xhphNuz5dVDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEEgz1PxjjUoCFdic/2+aGm7PJ3dMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvUVNEUFVfR09OU2dJVjJKel9iNW9hYnM4bmQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAoBRtAwQA
ufO1MA0GCSqGSIb3DQEBCwUAA4IBAQBXvg4qk801lrXgph0z8s7Lu6WLWT4QA+dx
wHF91fWLABVQBUDI29fomNVUHn/vloQo4td5Y222PeK7BkEq0P4AFKnFR/1tfUtH
0Z1Rp+ymVda0YjMFgnwkbJaVUZ/C8oa46tk5NHc9sLNSkMuOVvi9BPmtQnEVIZBG
51TMSGXZbrfudarvYvXwHtF8ZlsbHlh590Bzhh9ATCa11P4MnacVbd0bh8V4MiKT
5C14dfNaIIfUY5VWcjxqE1svQOgh93C8piTclivIbpBV23i1YCqTrmMYiG9GRxUi
1k3cZ1pnkfL5HJaMwIs0y8CNfkTobcZv60lCRMsouDe0fybjQd6B
-----END CERTIFICATE-----