Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/af950f-c193-45df-90d7-b842b990689e/1/qSDeUXMPcEKbahootPrldkCmQjY.roa
File:                     qSDeUXMPcEKbahootPrldkCmQjY.roa (raw, json)
Hash identifier:          BP+WyNxKIvM51N6O7CoBPvqiw1frzc6tZRsdJWLxxtQ=
Subject key identifier:   A9:20:DE:51:73:0F:70:42:9B:6A:1A:28:B4:FA:E5:76:40:A6:42:36
Certificate issuer:       /CN=bc85d3791f5836c415ffd391f2d585c73dbeca39
Certificate serial:       018CC94DBB2319D8322B06F5997151114604
Authority key identifier: BC:85:D3:79:1F:58:36:C4:15:FF:D3:91:F2:D5:85:C7:3D:BE:CA:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vIXTeR9YNsQV_9OR8tWFxz2-yjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/af950f-c193-45df-90d7-b842b990689e/1/qSDeUXMPcEKbahootPrldkCmQjY.roa
Signing time:             Tue 02 Jan 2024 08:32:43 +0000
ROA not before:           Tue 02 Jan 2024 08:32:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201609
IP address blocks:        185.63.204.0/22 maxlen: 24
                          2a03:ee0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/af950f-c193-45df-90d7-b842b990689e/1/vIXTeR9YNsQV_9OR8tWFxz2-yjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/af950f-c193-45df-90d7-b842b990689e/1/vIXTeR9YNsQV_9OR8tWFxz2-yjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vIXTeR9YNsQV_9OR8tWFxz2-yjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:bb:23:19:d8:32:2b:06:f5:99:71:51:11:46:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc85d3791f5836c415ffd391f2d585c73dbeca39
        Validity
            Not Before: Jan  2 08:32:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a920de51730f70429b6a1a28b4fae57640a64236
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:92:db:85:1e:5a:2d:5a:31:03:5c:7f:f0:be:
                    ab:63:2b:cc:0c:b4:7e:45:0f:73:1b:e9:66:6d:56:
                    08:e9:06:b0:66:b7:36:45:2d:bd:07:db:72:7f:e4:
                    c5:2f:b1:21:81:ae:77:70:1f:4a:36:38:99:db:32:
                    a6:ac:fd:d2:1e:02:8a:a3:ad:6d:bd:80:38:23:17:
                    2b:da:7e:41:cb:27:45:f5:f2:0e:a9:d5:01:1b:c4:
                    bd:c8:39:d4:74:ba:eb:b2:ab:de:83:88:84:f0:76:
                    63:bb:03:ff:8b:1b:3b:d0:9f:de:1b:ef:7c:97:4d:
                    83:fe:9a:67:0d:1a:43:5a:7d:15:dd:13:67:75:ce:
                    01:46:42:f0:f3:25:a8:b9:64:06:32:40:3b:f6:48:
                    fd:66:3b:51:be:33:36:46:57:a1:f6:b0:0b:f3:6a:
                    87:24:9b:65:e8:81:fd:44:2b:2f:39:0c:20:e4:7b:
                    d1:8a:cc:ff:6e:c0:ff:11:20:3d:1f:56:3a:34:ae:
                    b7:ea:d3:11:f6:69:e1:cc:23:c3:25:21:c5:60:f5:
                    1a:04:30:53:38:91:08:01:e0:b2:06:64:9a:ab:77:
                    31:08:0e:50:dc:fe:70:d9:5b:a5:f0:c0:05:e0:f0:
                    57:32:12:1b:a4:21:98:1c:74:60:56:9d:c8:c5:04:
                    57:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:20:DE:51:73:0F:70:42:9B:6A:1A:28:B4:FA:E5:76:40:A6:42:36
            X509v3 Authority Key Identifier:
                keyid:BC:85:D3:79:1F:58:36:C4:15:FF:D3:91:F2:D5:85:C7:3D:BE:CA:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vIXTeR9YNsQV_9OR8tWFxz2-yjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/af950f-c193-45df-90d7-b842b990689e/1/qSDeUXMPcEKbahootPrldkCmQjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/af950f-c193-45df-90d7-b842b990689e/1/vIXTeR9YNsQV_9OR8tWFxz2-yjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.204.0/22
                IPv6:
                  2a03:ee0::/29

    Signature Algorithm: sha256WithRSAEncryption
         26:f8:5e:75:5f:c0:eb:25:c9:4b:1e:27:d6:3d:4c:3e:cd:47:
         0f:c2:c0:d7:69:1b:64:10:b9:2d:a3:0a:ba:5e:1f:e3:03:6d:
         44:83:62:7b:44:ec:e1:0b:3c:87:14:17:2a:b7:59:2d:92:29:
         55:c4:62:65:05:22:00:c1:54:6a:3f:19:05:d0:61:bf:99:bd:
         76:9f:09:95:07:2f:a1:e5:fd:f4:c6:d1:c3:eb:f1:e9:d7:63:
         23:5d:05:6d:bd:2b:ec:7c:48:35:00:78:0a:2f:d8:62:74:b8:
         c1:71:56:71:e3:52:03:7d:67:d3:68:94:48:fd:39:e4:e7:ef:
         ab:d8:66:b6:ab:48:77:62:0c:e7:30:13:a3:19:a7:9f:54:d6:
         c0:2d:1f:73:2a:b8:e1:d7:b9:a8:5d:f6:50:6f:57:c5:e2:dc:
         b1:6d:20:79:ef:06:80:d7:3e:0c:d0:b5:f9:70:c6:c1:5c:86:
         7c:1c:8f:b6:66:2d:8c:5e:77:ba:1a:f5:31:5a:4e:d6:d4:80:
         c8:44:0e:e5:b1:ad:0a:c5:df:b6:f8:d6:a3:e0:22:8c:d8:a0:
         10:f7:75:5f:44:7e:8d:d7:d1:87:de:fd:b2:2d:ac:d1:8c:d2:
         fe:a5:fb:1e:92:6c:f8:69:a2:36:99:4d:56:e9:a0:b7:ff:d3:
         ec:76:34:2b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTbsjGdgyKwb1mXFREUYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjODVkMzc5MWY1ODM2YzQxNWZmZDM5MWYyZDU4NWM3M2Ri
ZWNhMzkwHhcNMjQwMTAyMDgzMjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTIwZGU1MTczMGY3MDQyOWI2YTFhMjhiNGZhZTU3NjQwYTY0MjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JLbhR5aLVoxA1x/8L6rYyvMDLR+
RQ9zG+lmbVYI6QawZrc2RS29B9tyf+TFL7Ehga53cB9KNjiZ2zKmrP3SHgKKo61t
vYA4Ixcr2n5ByydF9fIOqdUBG8S9yDnUdLrrsqveg4iE8HZjuwP/ixs70J/eG+98
l02D/ppnDRpDWn0V3RNndc4BRkLw8yWouWQGMkA79kj9ZjtRvjM2Rleh9rAL82qH
JJtl6IH9RCsvOQwg5HvRisz/bsD/ESA9H1Y6NK636tMR9mnhzCPDJSHFYPUaBDBT
OJEIAeCyBmSaq3cxCA5Q3P5w2Vul8MAF4PBXMhIbpCGYHHRgVp3IxQRX4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKkg3lFzD3BCm2oaKLT65XZApkI2MB8GA1UdIwQY
MBaAFLyF03kfWDbEFf/TkfLVhcc9vso5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdklYVGVSOVlOc1FWXzlPUjh0V0Z4ejIteWprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9hZjk1MGYtYzE5My00NWRmLTkwZDct
Yjg0MmI5OTA2ODllLzEvcVNEZVVYTVBjRUtiYWhvb3RQcmxka0NtUWpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9hZjk1MGYtYzE5My00NWRmLTkwZDctYjg0MmI5OTA2ODll
LzEvdklYVGVSOVlOc1FWXzlPUjh0V0Z4ejIteWprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuT/MMA0E
AgACMAcDBQMqAw7gMA0GCSqGSIb3DQEBCwUAA4IBAQAm+F51X8DrJclLHifWPUw+
zUcPwsDXaRtkELktowq6Xh/jA21Eg2J7ROzhCzyHFBcqt1ktkilVxGJlBSIAwVRq
PxkF0GG/mb12nwmVBy+h5f30xtHD6/Hp12MjXQVtvSvsfEg1AHgKL9hidLjBcVZx
41IDfWfTaJRI/Tnk5++r2Ga2q0h3YgznMBOjGaefVNbALR9zKrjh17moXfZQb1fF
4tyxbSB57waA1z4M0LX5cMbBXIZ8HI+2Zi2MXne6GvUxWk7W1IDIRA7lsa0Kxd+2
+Naj4CKM2KAQ93VfRH6N19GH3v2yLazRjNL+pfsekmz4aaI2mU1W6aC3/9PsdjQr
-----END CERTIFICATE-----