Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/qz3f9OU61A85pA3Pjlb1bjW4pr0.roa
File:                     qz3f9OU61A85pA3Pjlb1bjW4pr0.roa (raw, json)
Hash identifier:          BFa6scRVcAQiOrm+0Ix0byVe9oF9miUzyUvxFRsDo5c=
Subject key identifier:   AB:3D:DF:F4:E5:3A:D4:0F:39:A4:0D:CF:8E:56:F5:6E:35:B8:A6:BD
Certificate issuer:       /CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
Certificate serial:       018CC94DEB7BBEC3753A820FFAAE72C769A8
Authority key identifier: D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/qz3f9OU61A85pA3Pjlb1bjW4pr0.roa
Signing time:             Tue 02 Jan 2024 08:32:56 +0000
ROA not before:           Tue 02 Jan 2024 08:32:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200361
IP address blocks:        94.155.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:eb:7b:be:c3:75:3a:82:0f:fa:ae:72:c7:69:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
        Validity
            Not Before: Jan  2 08:32:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab3ddff4e53ad40f39a40dcf8e56f56e35b8a6bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:9d:07:0d:19:ae:8e:02:21:c9:7b:52:bd:bc:
                    4e:32:3b:89:24:6e:37:08:80:c6:b9:b9:26:de:67:
                    20:1f:be:2d:8c:af:8a:95:de:07:4f:97:fb:38:3a:
                    26:68:9b:ba:92:a2:24:4c:9c:3b:ff:2e:ea:35:38:
                    fc:8a:67:2b:6a:6d:6b:6f:42:05:0d:10:c7:1e:b4:
                    be:a1:5c:c8:40:f0:6c:f3:d0:df:de:9d:8d:31:5d:
                    31:f2:7d:00:70:77:99:c0:66:da:e2:bf:f5:10:b7:
                    ec:90:94:9e:1f:1c:1a:9c:20:03:26:31:64:e0:e8:
                    ee:62:80:61:3d:c3:67:96:19:e4:62:ea:42:64:56:
                    d4:41:24:94:dc:e6:b8:17:6b:d5:6a:d6:59:27:2d:
                    4f:63:0e:c7:57:c9:42:87:6b:40:c9:a9:44:68:fd:
                    e7:a0:61:eb:6d:e6:ca:42:f3:4e:fd:e0:f0:90:83:
                    d0:5c:27:4f:17:e3:34:35:2d:a9:c9:9a:56:bb:30:
                    e1:cc:81:0c:b0:94:26:19:28:31:a1:ab:a6:a7:0c:
                    35:a1:c7:81:d2:15:d5:bc:fd:46:ab:8b:f6:4a:7c:
                    c7:76:b4:a6:6e:79:f0:a9:e5:a3:7e:3e:de:f2:ab:
                    cf:79:4e:22:53:d1:d2:02:19:f3:4a:d3:7c:89:9b:
                    9b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:3D:DF:F4:E5:3A:D4:0F:39:A4:0D:CF:8E:56:F5:6E:35:B8:A6:BD
            X509v3 Authority Key Identifier:
                keyid:D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/qz3f9OU61A85pA3Pjlb1bjW4pr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.155.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:f6:0c:c4:00:44:be:42:9d:4f:7d:f8:a9:ee:f1:19:b8:f1:
         26:37:ee:5c:dd:cf:2d:bc:e2:fa:6d:93:76:a9:08:ae:9a:40:
         92:dc:ab:f9:54:35:38:ce:64:ab:a3:eb:10:25:cc:f2:c0:d2:
         b0:07:f5:c4:fb:13:75:c1:77:2a:9a:6e:0b:ab:43:0a:75:02:
         5e:ca:9d:fc:b5:d6:af:c1:b3:16:a2:52:81:86:d7:d4:16:83:
         d7:ac:82:83:e8:79:f5:fb:fd:7c:2f:2a:aa:d1:5f:ad:0a:d0:
         b3:26:03:f4:55:7f:fb:2e:2d:00:04:cc:55:17:63:51:14:6a:
         9d:23:00:a7:88:2f:ee:a2:3b:4c:21:8f:5e:55:af:52:be:c6:
         4b:d8:d9:35:33:32:b4:25:1b:f9:a8:b1:a3:7b:0e:5b:08:f0:
         da:49:76:39:1e:fd:97:60:e9:ee:c1:4c:f6:3e:f5:84:4d:50:
         4b:5c:7e:09:ee:48:9e:bb:0b:1b:fb:6a:ea:d0:19:1d:cb:4d:
         c6:81:16:15:65:cb:04:9e:c5:8c:b3:83:ba:12:5c:f3:a6:40:
         38:52:a7:d5:2f:f9:03:96:51:11:03:2c:b6:1f:a0:25:7b:bf:
         dd:88:43:ca:8b:47:a4:78:4c:1d:25:b3:c1:6f:59:79:94:89:
         99:f5:f6:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTet7vsN1OoIP+q5yx2moMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwN2Q3NTczYWFjYWU4MjFjODdkNmQzNjQzMWNmZTRiMjgw
MWFiNDEwHhcNMjQwMTAyMDgzMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjNkZGZmNGU1M2FkNDBmMzlhNDBkY2Y4ZTU2ZjU2ZTM1YjhhNmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z0HDRmujgIhyXtSvbxOMjuJJG43
CIDGubkm3mcgH74tjK+Kld4HT5f7ODomaJu6kqIkTJw7/y7qNTj8imcram1rb0IF
DRDHHrS+oVzIQPBs89Df3p2NMV0x8n0AcHeZwGba4r/1ELfskJSeHxwanCADJjFk
4OjuYoBhPcNnlhnkYupCZFbUQSSU3Oa4F2vVatZZJy1PYw7HV8lCh2tAyalEaP3n
oGHrbebKQvNO/eDwkIPQXCdPF+M0NS2pyZpWuzDhzIEMsJQmGSgxoaumpww1oceB
0hXVvP1Gq4v2SnzHdrSmbnnwqeWjfj7e8qvPeU4iU9HSAhnzStN8iZubXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKs93/TlOtQPOaQNz45W9W41uKa9MB8GA1UdIwQY
MBaAFNB9dXOqyughyH1tNkMc/ksoAatBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjIt
Y2Y5ZGM1YmFhYTc5LzEvcXozZjlPVTYxQTg1cEEzUGpsYjFialc0cHIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjItY2Y5ZGM1YmFhYTc5
LzEvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpuUMA0G
CSqGSIb3DQEBCwUAA4IBAQBl9gzEAES+Qp1Pffip7vEZuPEmN+5c3c8tvOL6bZN2
qQiumkCS3Kv5VDU4zmSro+sQJczywNKwB/XE+xN1wXcqmm4Lq0MKdQJeyp38tdav
wbMWolKBhtfUFoPXrIKD6Hn1+/18Lyqq0V+tCtCzJgP0VX/7Li0ABMxVF2NRFGqd
IwCniC/uojtMIY9eVa9SvsZL2Nk1MzK0JRv5qLGjew5bCPDaSXY5Hv2XYOnuwUz2
PvWETVBLXH4J7kieuwsb+2rq0Bkdy03GgRYVZcsEnsWMs4O6ElzzpkA4UqfVL/kD
llERAyy2H6Ale7/diEPKi0ekeEwdJbPBb1l5lImZ9fbA
-----END CERTIFICATE-----