Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/QdFlmMqJY4RRN3c5jblhuLTB0BE.roa
File:                     QdFlmMqJY4RRN3c5jblhuLTB0BE.roa (raw, json)
Hash identifier:          CkVzaM6ojHheygUNTLB34L7JhatkP5vqs52w0BjLQ4w=
Subject key identifier:   41:D1:65:98:CA:89:63:84:51:37:77:39:8D:B9:61:B8:B4:C1:D0:11
Certificate issuer:       /CN=bc87b9cfc3ee0c44965ea209c04fd8e8f48fa42f
Certificate serial:       018CC8DF2EEDA8552D0AA655E0649008E733
Authority key identifier: BC:87:B9:CF:C3:EE:0C:44:96:5E:A2:09:C0:4F:D8:E8:F4:8F:A4:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vIe5z8PuDESWXqIJwE_Y6PSPpC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/QdFlmMqJY4RRN3c5jblhuLTB0BE.roa
Signing time:             Tue 02 Jan 2024 06:31:58 +0000
ROA not before:           Tue 02 Jan 2024 06:31:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49040
IP address blocks:        193.93.26.0/24 maxlen: 24
                          91.192.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/vIe5z8PuDESWXqIJwE_Y6PSPpC8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/vIe5z8PuDESWXqIJwE_Y6PSPpC8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vIe5z8PuDESWXqIJwE_Y6PSPpC8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:2e:ed:a8:55:2d:0a:a6:55:e0:64:90:08:e7:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc87b9cfc3ee0c44965ea209c04fd8e8f48fa42f
        Validity
            Not Before: Jan  2 06:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41d16598ca896384513777398db961b8b4c1d011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:42:ac:80:85:73:97:9a:d8:4e:cb:4a:a7:51:
                    62:2d:6d:d7:96:48:c4:27:52:78:50:4d:39:63:24:
                    5c:dc:85:12:a4:1c:e3:ab:12:5d:ca:ce:1f:a9:e7:
                    fb:d3:86:91:e7:d7:a2:a5:3d:d4:c1:7f:5e:a0:49:
                    50:c4:74:73:a2:e3:01:96:98:51:89:bb:23:a4:da:
                    6b:d2:ce:23:79:e0:04:5e:bf:48:25:35:0b:94:81:
                    74:de:10:c2:96:04:b2:55:e7:c2:86:85:03:0d:23:
                    1d:ac:75:7a:fe:86:9d:b4:e9:b1:28:98:4b:e8:94:
                    59:fa:2d:10:73:71:0a:fb:72:f7:ba:d5:ef:3c:1d:
                    32:59:13:9e:38:37:76:e5:e6:3d:de:25:85:cc:5a:
                    f2:38:5d:75:e4:10:08:3a:51:85:66:76:0a:dd:be:
                    de:10:72:06:a7:7b:80:1a:8f:1d:de:38:6b:b4:74:
                    21:cb:b2:e4:54:94:a6:77:96:28:79:c1:9b:2d:01:
                    eb:77:0d:a4:db:c3:82:7e:7f:6f:f4:1a:a9:d5:9f:
                    29:12:67:46:99:a6:60:e1:b7:a0:d1:78:ed:c0:3d:
                    07:97:d8:ff:00:c8:ff:ce:75:65:e3:11:56:67:05:
                    65:a1:e1:48:09:61:2d:34:17:49:05:ef:bf:f6:8d:
                    a8:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:D1:65:98:CA:89:63:84:51:37:77:39:8D:B9:61:B8:B4:C1:D0:11
            X509v3 Authority Key Identifier:
                keyid:BC:87:B9:CF:C3:EE:0C:44:96:5E:A2:09:C0:4F:D8:E8:F4:8F:A4:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vIe5z8PuDESWXqIJwE_Y6PSPpC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/QdFlmMqJY4RRN3c5jblhuLTB0BE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/vIe5z8PuDESWXqIJwE_Y6PSPpC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.236.0/24
                  193.93.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:5e:f1:c9:ab:63:ab:78:5d:89:a3:fd:b7:a8:38:10:72:97:
         c4:15:df:58:17:ae:9a:12:50:61:91:03:31:2c:51:85:47:2b:
         9d:f0:bb:d2:2e:62:66:13:78:ed:ee:67:56:6e:6b:12:f3:ea:
         01:bf:60:40:6a:e6:0e:4b:0f:b8:4f:ab:a4:32:f4:98:4a:e1:
         b8:33:46:dc:fe:ca:5c:8e:93:d1:fa:8c:92:32:1e:70:68:2a:
         b1:2c:a2:d8:b1:ef:2e:fd:1c:9e:0e:ca:ce:fc:af:ec:d2:f1:
         c3:09:c2:f3:ee:9d:80:91:2c:f1:ac:01:04:fb:08:fe:24:ad:
         f8:bc:10:0b:0d:e0:0f:71:82:aa:51:95:90:53:a0:06:4f:a9:
         75:47:7c:59:7c:8c:cd:7c:39:1c:13:09:3c:6c:7d:dd:db:77:
         6e:3a:fb:c2:3d:ec:b5:14:3e:9d:0f:b5:ee:c0:81:8e:f7:29:
         57:ed:ca:06:90:12:0d:7e:76:b7:06:bf:2f:be:85:7c:67:2b:
         97:c7:08:95:97:36:d2:14:28:0c:a3:09:e7:b7:97:8a:eb:2f:
         49:d4:61:2e:6c:59:93:85:a4:b2:73:45:0a:dc:df:53:d1:8c:
         71:c0:26:c7:0d:73:6f:87:44:59:f5:dc:e0:20:0c:3e:75:c4:
         a7:0f:0a:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3y7tqFUtCqZV4GSQCOczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjODdiOWNmYzNlZTBjNDQ5NjVlYTIwOWMwNGZkOGU4ZjQ4
ZmE0MmYwHhcNMjQwMTAyMDYzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWQxNjU5OGNhODk2Mzg0NTEzNzc3Mzk4ZGI5NjFiOGI0YzFkMDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEKsgIVzl5rYTstKp1FiLW3XlkjE
J1J4UE05YyRc3IUSpBzjqxJdys4fqef704aR59eipT3UwX9eoElQxHRzouMBlphR
ibsjpNpr0s4jeeAEXr9IJTULlIF03hDClgSyVefChoUDDSMdrHV6/oadtOmxKJhL
6JRZ+i0Qc3EK+3L3utXvPB0yWROeODd25eY93iWFzFryOF115BAIOlGFZnYK3b7e
EHIGp3uAGo8d3jhrtHQhy7LkVJSmd5YoecGbLQHrdw2k28OCfn9v9Bqp1Z8pEmdG
maZg4beg0XjtwD0Hl9j/AMj/znVl4xFWZwVloeFICWEtNBdJBe+/9o2oaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEHRZZjKiWOEUTd3OY25Ybi0wdARMB8GA1UdIwQY
MBaAFLyHuc/D7gxEll6iCcBP2Oj0j6QvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkllNXo4UHVERVNXWHFJSndFX1k2UFNQcEM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS81N2U4ZDctNDlhYi00ZDFlLWE4MDgt
NDVmYWJlM2Y5ZjMzLzEvUWRGbG1NcUpZNFJSTjNjNWpibGh1TFRCMEJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS81N2U4ZDctNDlhYi00ZDFlLWE4MDgtNDVmYWJlM2Y5ZjMz
LzEvdkllNXo4UHVERVNXWHFJSndFX1k2UFNQcEM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8DsAwQA
wV0aMA0GCSqGSIb3DQEBCwUAA4IBAQA4XvHJq2OreF2Jo/23qDgQcpfEFd9YF66a
ElBhkQMxLFGFRyud8LvSLmJmE3jt7mdWbmsS8+oBv2BAauYOSw+4T6ukMvSYSuG4
M0bc/spcjpPR+oySMh5waCqxLKLYse8u/RyeDsrO/K/s0vHDCcLz7p2AkSzxrAEE
+wj+JK34vBALDeAPcYKqUZWQU6AGT6l1R3xZfIzNfDkcEwk8bH3d23duOvvCPey1
FD6dD7XuwIGO9ylX7coGkBINfna3Br8vvoV8ZyuXxwiVlzbSFCgMownnt5eK6y9J
1GEubFmThaSyc0UK3N9T0YxxwCbHDXNvh0RZ9dzgIAw+dcSnDwoH
-----END CERTIFICATE-----