Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/71338d-e603-4926-a0f4-e22c6ed78485/1/2QC-7R-TAnEHkaPbgnYjG2kzu68.roa
File:                     2QC-7R-TAnEHkaPbgnYjG2kzu68.roa (raw, json)
Hash identifier:          tJ/OlgoOOfyHLsV27wptOkItBLZhUc1xBWukbz+/gvE=
Subject key identifier:   D9:00:BE:ED:1F:93:02:71:07:91:A3:DB:82:76:23:1B:69:33:BB:AF
Certificate issuer:       /CN=36b100e1f6f3ffe6e35e987e0d0195b7993a8d33
Certificate serial:       018CC56DDF0A3CAE048B7FFF029D5C726A7B
Authority key identifier: 36:B1:00:E1:F6:F3:FF:E6:E3:5E:98:7E:0D:01:95:B7:99:3A:8D:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NrEA4fbz_-bjXph-DQGVt5k6jTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/71338d-e603-4926-a0f4-e22c6ed78485/1/2QC-7R-TAnEHkaPbgnYjG2kzu68.roa
Signing time:             Mon 01 Jan 2024 14:29:21 +0000
ROA not before:           Mon 01 Jan 2024 14:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47957
IP address blocks:        194.1.183.0/24 maxlen: 24
                          91.208.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/71338d-e603-4926-a0f4-e22c6ed78485/1/NrEA4fbz_-bjXph-DQGVt5k6jTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/71338d-e603-4926-a0f4-e22c6ed78485/1/NrEA4fbz_-bjXph-DQGVt5k6jTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NrEA4fbz_-bjXph-DQGVt5k6jTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:df:0a:3c:ae:04:8b:7f:ff:02:9d:5c:72:6a:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36b100e1f6f3ffe6e35e987e0d0195b7993a8d33
        Validity
            Not Before: Jan  1 14:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d900beed1f9302710791a3db8276231b6933bbaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:16:d4:96:b2:e3:59:2a:aa:9b:35:da:23:d9:
                    2c:61:1c:8d:c4:c5:6a:fa:df:a3:79:68:a6:bc:b6:
                    95:0f:74:75:16:ce:22:6f:8c:ea:c0:b6:7d:80:d3:
                    77:52:e5:dc:e8:b6:d8:5a:15:d8:5b:6b:00:71:55:
                    80:83:78:3c:1b:22:3c:54:23:28:cf:d1:55:0e:84:
                    b4:eb:9f:9e:33:82:a8:a2:d8:04:d9:2a:05:7b:14:
                    bf:f4:3f:14:57:0e:16:47:d9:a7:3a:0c:22:b6:5a:
                    85:f2:03:2f:69:6f:2f:de:39:a4:db:f5:4f:d8:54:
                    13:a5:47:9b:36:52:46:f3:78:c5:82:3a:44:cf:83:
                    7a:ff:5a:88:d9:e4:b6:07:c2:d0:d5:3a:2e:8b:c2:
                    cc:4f:34:2e:f4:70:07:9c:f0:d2:32:9f:02:49:9f:
                    63:45:26:68:88:55:25:f1:af:58:f9:cd:5b:f1:43:
                    c1:92:24:08:98:51:f3:8a:1d:3b:ec:e2:9f:a8:3a:
                    83:4c:b7:87:58:8d:46:87:5b:ba:82:84:9c:c4:d5:
                    3d:cb:8f:9e:29:f4:e5:f9:93:9d:b5:c4:b8:d9:75:
                    c1:fa:b5:d2:a4:13:d0:12:d9:75:19:b1:23:67:03:
                    15:86:d9:70:b8:7f:58:80:13:a8:1d:35:fd:b0:45:
                    16:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:00:BE:ED:1F:93:02:71:07:91:A3:DB:82:76:23:1B:69:33:BB:AF
            X509v3 Authority Key Identifier:
                keyid:36:B1:00:E1:F6:F3:FF:E6:E3:5E:98:7E:0D:01:95:B7:99:3A:8D:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NrEA4fbz_-bjXph-DQGVt5k6jTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/71338d-e603-4926-a0f4-e22c6ed78485/1/2QC-7R-TAnEHkaPbgnYjG2kzu68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/71338d-e603-4926-a0f4-e22c6ed78485/1/NrEA4fbz_-bjXph-DQGVt5k6jTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.51.0/24
                  194.1.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:cc:8f:c7:2b:e8:96:61:ca:c1:ce:8c:2f:4e:e2:d9:da:0c:
         5e:72:1f:30:b3:98:47:77:7b:25:d3:fe:d5:71:9a:78:94:de:
         9e:ad:96:03:bc:66:43:0d:0e:a1:42:cb:29:66:71:c3:86:8e:
         c5:fa:10:20:1c:ea:67:83:9d:43:0f:1c:2f:5d:23:c6:17:20:
         9e:7d:2a:8d:f6:50:a4:e2:b8:71:f8:8a:66:8e:0e:75:4d:9b:
         c8:54:37:a3:4f:ba:a2:ea:b5:ae:d5:34:54:b9:3f:2f:0e:db:
         e8:8c:fe:58:ac:03:3f:fc:1b:e3:a7:00:76:54:74:e2:99:d3:
         5e:84:45:9e:52:4f:e1:36:d0:d9:51:a3:cc:33:b2:4b:a7:cf:
         51:6f:ed:02:d9:bd:39:ef:36:49:81:37:8f:d5:8a:40:0b:0f:
         44:0e:d4:90:e0:15:ed:73:40:ff:0c:5f:ec:df:8b:e9:c0:80:
         70:b3:16:9f:72:58:f8:45:c9:7d:41:75:68:66:59:b7:4b:e8:
         15:2c:4a:bb:19:e4:3a:95:b3:17:9e:c0:b8:37:6b:05:a2:a7:
         bf:58:9c:5a:42:33:b9:28:51:8e:fc:02:16:40:98:2d:99:35:
         43:2c:a9:ba:82:b6:a7:51:84:f9:77:7e:44:87:ca:f0:b6:cf:
         a1:5b:0a:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbd8KPK4Ei3//Ap1ccmp7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YjEwMGUxZjZmM2ZmZTZlMzVlOTg3ZTBkMDE5NWI3OTkz
YThkMzMwHhcNMjQwMTAxMTQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTAwYmVlZDFmOTMwMjcxMDc5MWEzZGI4Mjc2MjMxYjY5MzNiYmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBbUlrLjWSqqmzXaI9ksYRyNxMVq
+t+jeWimvLaVD3R1Fs4ib4zqwLZ9gNN3UuXc6LbYWhXYW2sAcVWAg3g8GyI8VCMo
z9FVDoS065+eM4KootgE2SoFexS/9D8UVw4WR9mnOgwitlqF8gMvaW8v3jmk2/VP
2FQTpUebNlJG83jFgjpEz4N6/1qI2eS2B8LQ1Toui8LMTzQu9HAHnPDSMp8CSZ9j
RSZoiFUl8a9Y+c1b8UPBkiQImFHzih077OKfqDqDTLeHWI1Gh1u6goScxNU9y4+e
KfTl+ZOdtcS42XXB+rXSpBPQEtl1GbEjZwMVhtlwuH9YgBOoHTX9sEUWiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNkAvu0fkwJxB5Gj24J2IxtpM7uvMB8GA1UdIwQY
MBaAFDaxAOH28//m416Yfg0BlbeZOo0zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnJFQTRmYnpfLWJqWHBoLURRR1Z0NWs2alRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS83MTMzOGQtZTYwMy00OTI2LWEwZjQt
ZTIyYzZlZDc4NDg1LzEvMlFDLTdSLVRBbkVIa2FQYmduWWpHMmt6dTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS83MTMzOGQtZTYwMy00OTI2LWEwZjQtZTIyYzZlZDc4NDg1
LzEvTnJFQTRmYnpfLWJqWHBoLURRR1Z0NWs2alRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9AzAwQA
wgG3MA0GCSqGSIb3DQEBCwUAA4IBAQCFzI/HK+iWYcrBzowvTuLZ2gxech8ws5hH
d3sl0/7VcZp4lN6erZYDvGZDDQ6hQsspZnHDho7F+hAgHOpng51DDxwvXSPGFyCe
fSqN9lCk4rhx+Ipmjg51TZvIVDejT7qi6rWu1TRUuT8vDtvojP5YrAM//BvjpwB2
VHTimdNehEWeUk/hNtDZUaPMM7JLp89Rb+0C2b057zZJgTeP1YpACw9EDtSQ4BXt
c0D/DF/s34vpwIBwsxafclj4Rcl9QXVoZlm3S+gVLEq7GeQ6lbMXnsC4N2sFoqe/
WJxaQjO5KFGO/AIWQJgtmTVDLKm6granUYT5d35Eh8rwts+hWwr7
-----END CERTIFICATE-----