Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/QBFKyX8R3aN6Dg6i4WWyfqtkGdA.roa
File:                     QBFKyX8R3aN6Dg6i4WWyfqtkGdA.roa (raw, json)
Hash identifier:          K6qziipDdlvi5zGIxbDez6LeQD5Op2b1QSM6c8V5fDQ=
Subject key identifier:   40:11:4A:C9:7F:11:DD:A3:7A:0E:0E:A2:E1:65:B2:7E:AB:64:19:D0
Certificate issuer:       /CN=95b30111b0b720a209f788c8b90f60380b465c2e
Certificate serial:       01924798F28A22094494CA8E714D196038FF
Authority key identifier: 95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/QBFKyX8R3aN6Dg6i4WWyfqtkGdA.roa
Signing time:             Tue 01 Oct 2024 10:20:58 +0000
ROA not before:           Tue 01 Oct 2024 10:20:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41343
IP address blocks:        185.110.212.0/22 maxlen: 24
                          185.111.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:47:98:f2:8a:22:09:44:94:ca:8e:71:4d:19:60:38:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95b30111b0b720a209f788c8b90f60380b465c2e
        Validity
            Not Before: Oct  1 10:20:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40114ac97f11dda37a0e0ea2e165b27eab6419d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:5b:54:6b:dd:01:09:96:d0:c9:ee:4c:43:3b:
                    76:83:af:58:76:4f:01:04:ea:7d:ad:ce:69:77:d2:
                    d1:82:25:a1:36:41:98:8c:22:c1:fb:1c:06:aa:f8:
                    85:52:90:53:97:c3:33:70:44:93:3d:a9:20:71:fd:
                    e2:3e:4d:7c:1b:6b:91:e6:9d:61:f2:93:a4:b0:4e:
                    c9:2a:c5:27:98:07:56:c5:01:00:75:c1:69:64:3e:
                    7a:6b:8c:ef:99:a0:1a:7b:60:0f:05:c4:58:40:6d:
                    87:cf:2b:24:f4:bc:c1:b7:09:95:6f:c2:86:7d:f0:
                    88:f8:c1:a7:7a:8a:67:1b:7c:dc:eb:e6:0a:9f:6a:
                    d3:4b:26:2e:62:76:09:ad:7e:bc:b7:b0:6b:fd:e8:
                    1f:d9:cb:41:66:c3:df:53:c5:d2:9d:86:a8:2b:d5:
                    65:3d:64:91:30:a2:2a:c7:f2:9e:9c:1b:44:f6:e9:
                    99:77:39:98:36:38:4e:e7:72:af:5c:e1:0f:e7:a9:
                    6f:87:08:cf:cb:86:40:e4:27:78:53:fe:e1:c5:04:
                    ad:7c:08:fc:1a:4f:41:2a:1b:43:65:c4:1f:e6:f1:
                    e3:22:cf:51:e6:a4:e6:1d:8d:a9:f0:ac:47:66:3d:
                    0d:98:a1:63:aa:4b:17:67:11:be:a2:57:78:df:63:
                    b0:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:11:4A:C9:7F:11:DD:A3:7A:0E:0E:A2:E1:65:B2:7E:AB:64:19:D0
            X509v3 Authority Key Identifier:
                keyid:95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/QBFKyX8R3aN6Dg6i4WWyfqtkGdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.212.0/22
                  185.111.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:02:aa:d1:af:3c:61:69:bb:12:55:07:7a:54:ca:57:e2:7b:
         eb:34:48:43:db:11:e2:0c:c1:26:1a:8f:cb:13:e8:4f:b8:35:
         23:d7:58:0b:97:8c:2d:d0:88:26:59:1b:08:a4:ec:fa:55:71:
         3f:0c:e3:e4:3d:ae:77:b4:03:27:86:af:32:0a:88:dc:da:1a:
         8c:67:c9:61:1f:1d:c0:6d:ff:b3:a1:e4:05:3f:8e:ed:e7:82:
         22:7a:24:13:f0:f3:d1:b9:16:fb:e8:ad:90:d7:1c:66:8c:c7:
         85:5b:b2:15:6d:2a:b4:fb:3f:0c:b4:c3:29:a3:c8:f1:80:84:
         43:6f:07:5e:2c:3f:ed:67:95:55:9b:44:1a:68:21:7f:03:51:
         c5:c4:fa:d3:ce:f2:85:8c:a1:1d:39:6c:52:a4:03:b6:0f:e6:
         07:09:76:2b:95:7c:a8:ae:ba:d7:f4:a1:c2:0e:24:fe:cd:8a:
         9d:a5:8e:38:cf:20:ee:a5:cc:37:68:04:0f:14:d8:cd:66:6c:
         45:38:d8:55:a6:56:2c:a4:fb:8f:0e:72:e2:65:c4:81:f7:a4:
         14:fa:ad:47:9f:86:d0:10:78:bc:9e:59:74:b8:ad:db:3b:4d:
         fe:a8:87:b8:9f:3f:3f:10:84:f9:2c:b6:41:4c:dc:91:ca:2a:
         36:d3:2b:61
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJHmPKKIglElMqOcU0ZYDj/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjMwMTExYjBiNzIwYTIwOWY3ODhjOGI5MGY2MDM4MGI0
NjVjMmUwHhcNMjQxMDAxMTAyMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDExNGFjOTdmMTFkZGEzN2EwZTBlYTJlMTY1YjI3ZWFiNjQxOWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1tUa90BCZbQye5MQzt2g69Ydk8B
BOp9rc5pd9LRgiWhNkGYjCLB+xwGqviFUpBTl8MzcESTPakgcf3iPk18G2uR5p1h
8pOksE7JKsUnmAdWxQEAdcFpZD56a4zvmaAae2APBcRYQG2Hzysk9LzBtwmVb8KG
ffCI+MGneopnG3zc6+YKn2rTSyYuYnYJrX68t7Br/egf2ctBZsPfU8XSnYaoK9Vl
PWSRMKIqx/KenBtE9umZdzmYNjhO53KvXOEP56lvhwjPy4ZA5Cd4U/7hxQStfAj8
Gk9BKhtDZcQf5vHjIs9R5qTmHY2p8KxHZj0NmKFjqksXZxG+old432OwZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEARSsl/Ed2jeg4OouFlsn6rZBnQMB8GA1UdIwQY
MBaAFJWzARGwtyCiCfeIyLkPYDgLRlwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmIt
OTE2NDZiZjAxNTNkLzEvUUJGS3lYOFIzYU42RGc2aTRXV3lmcXRrR2RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmItOTE2NDZiZjAxNTNk
LzEvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuW7UAwQC
uW8AMA0GCSqGSIb3DQEBCwUAA4IBAQBXAqrRrzxhabsSVQd6VMpX4nvrNEhD2xHi
DMEmGo/LE+hPuDUj11gLl4wt0IgmWRsIpOz6VXE/DOPkPa53tAMnhq8yCojc2hqM
Z8lhHx3Abf+zoeQFP47t54IieiQT8PPRuRb76K2Q1xxmjMeFW7IVbSq0+z8MtMMp
o8jxgIRDbwdeLD/tZ5VVm0QaaCF/A1HFxPrTzvKFjKEdOWxSpAO2D+YHCXYrlXyo
rrrX9KHCDiT+zYqdpY44zyDupcw3aAQPFNjNZmxFONhVplYspPuPDnLiZcSB96QU
+q1Hn4bQEHi8nll0uK3bO03+qIe4nz8/EIT5LLZBTNyRyio20yth
-----END CERTIFICATE-----