Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/USQsyqkDlmVJ02xczqEZj2PYoXg.roa
File:                     USQsyqkDlmVJ02xczqEZj2PYoXg.roa (raw, json)
Hash identifier:          9WL2HAejYSgs0KWTR56wuNniJTqupQ9cEq9kOK15fJo=
Subject key identifier:   51:24:2C:CA:A9:03:96:65:49:D3:6C:5C:CE:A1:19:8F:63:D8:A1:78
Certificate issuer:       /CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
Certificate serial:       01934E152AB7D3E634AC9369ACFB68B31215
Authority key identifier: 8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/USQsyqkDlmVJ02xczqEZj2PYoXg.roa
Signing time:             Thu 21 Nov 2024 09:37:10 +0000
ROA not before:           Thu 21 Nov 2024 09:37:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47376
IP address blocks:        185.86.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4e:15:2a:b7:d3:e6:34:ac:93:69:ac:fb:68:b3:12:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
        Validity
            Not Before: Nov 21 09:37:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51242ccaa903966549d36c5ccea1198f63d8a178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6f:53:18:98:29:89:95:89:a9:6d:c2:f9:4e:
                    b0:ab:85:e2:47:74:77:ce:72:8d:fb:a4:62:21:d3:
                    48:76:36:1c:9b:d5:0a:c1:98:f4:b8:59:28:8c:f3:
                    54:79:53:48:62:2c:a0:e7:a2:ef:10:33:51:26:8b:
                    d2:15:40:1d:0c:0f:1d:ca:3e:32:bb:0c:a6:3a:ba:
                    62:5d:3d:53:ce:16:f4:c4:e4:84:0f:ab:fc:1a:5e:
                    b0:53:d0:93:89:d8:fd:60:fa:46:02:6a:e6:6c:40:
                    bf:e2:1b:fa:24:ad:95:91:d7:75:dc:2a:28:23:6c:
                    c8:83:e7:29:47:55:8d:f5:a9:c8:2c:69:42:fd:fb:
                    00:77:21:94:b0:26:fc:db:6e:04:b2:5d:de:f0:db:
                    c3:9f:a6:40:f9:56:eb:70:7c:41:2c:24:71:47:a9:
                    b4:4d:4a:fe:c2:dd:3c:a4:a0:cf:21:89:2c:98:a7:
                    d3:b8:d4:e1:df:c4:26:f6:88:88:46:fc:fa:f7:d4:
                    87:fd:63:91:ae:24:b0:57:54:12:03:87:de:7c:20:
                    dd:23:7b:ac:ea:a2:1d:27:62:55:5d:89:11:90:03:
                    f6:4f:05:48:c2:cf:64:1c:fc:3b:eb:05:a4:7c:1b:
                    e5:91:d1:7e:10:4d:25:f8:70:cf:50:da:21:b2:d0:
                    6a:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:24:2C:CA:A9:03:96:65:49:D3:6C:5C:CE:A1:19:8F:63:D8:A1:78
            X509v3 Authority Key Identifier:
                keyid:8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/USQsyqkDlmVJ02xczqEZj2PYoXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:50:de:ab:0d:4e:62:73:f7:0a:03:97:a7:dd:52:84:ca:46:
         01:90:f2:c5:44:71:ac:f4:ef:a2:24:83:ea:fe:c8:04:63:f7:
         76:cb:2a:f0:b7:1d:fb:0f:a3:dd:99:10:dd:83:48:e6:1f:cd:
         22:97:a5:e6:47:7a:8a:35:f4:c6:d4:2d:88:79:e7:d7:3e:eb:
         42:ef:c3:f4:d4:c8:86:2a:70:ab:8b:da:ba:32:3b:60:80:d8:
         38:89:cf:0f:e0:bb:d8:d5:f7:cf:03:1d:a6:9d:bd:6c:a7:14:
         df:08:22:04:e1:be:cd:55:a3:ec:96:41:b5:7e:02:38:79:47:
         ea:ef:96:f9:f0:d8:a5:24:c5:31:86:1c:44:23:1b:cd:a3:ef:
         11:f8:30:fa:2f:61:a2:35:08:c4:12:8d:fc:6e:f9:81:e4:ff:
         da:18:28:3e:f2:3a:26:df:17:c0:04:6b:40:de:a9:10:56:62:
         35:4b:53:86:64:07:38:a4:c4:47:58:48:7a:24:3d:f2:14:13:
         0f:f9:ae:7a:b4:c2:a9:85:d1:00:bf:66:a8:c5:d9:32:44:f0:
         ab:6a:78:c8:a8:97:6b:27:16:f0:76:17:6c:8b:72:7e:24:38:
         cf:53:a5:60:20:94:2c:9c:23:08:d4:67:9c:96:84:c5:c3:29:
         22:8d:a2:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNOFSq30+Y0rJNprPtosxIVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNDdhYTA5ZjJjNjEwZjZmNDRiNGU3NWMxY2Q5ZGNkMzg4
NGU1NWQwHhcNMjQxMTIxMDkzNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTI0MmNjYWE5MDM5NjY1NDlkMzZjNWNjZWExMTk4ZjYzZDhhMTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvG9TGJgpiZWJqW3C+U6wq4XiR3R3
znKN+6RiIdNIdjYcm9UKwZj0uFkojPNUeVNIYiyg56LvEDNRJovSFUAdDA8dyj4y
uwymOrpiXT1Tzhb0xOSED6v8Gl6wU9CTidj9YPpGAmrmbEC/4hv6JK2Vkdd13Coo
I2zIg+cpR1WN9anILGlC/fsAdyGUsCb8224Esl3e8NvDn6ZA+VbrcHxBLCRxR6m0
TUr+wt08pKDPIYksmKfTuNTh38Qm9oiIRvz699SH/WORriSwV1QSA4fefCDdI3us
6qIdJ2JVXYkRkAP2TwVIws9kHPw76wWkfBvlkdF+EE0l+HDPUNohstBqnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEkLMqpA5ZlSdNsXM6hGY9j2KF4MB8GA1UdIwQY
MBaAFItHqgnyxhD29EtOdcHNnc04hOVdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgt
NTAwMTUzOWQ3MTg1LzEvVVNRc3lxa0RsbVZKMDJ4Y3pxRVpqMlBZb1hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgtNTAwMTUzOWQ3MTg1
LzEvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVa3MA0G
CSqGSIb3DQEBCwUAA4IBAQBFUN6rDU5ic/cKA5en3VKEykYBkPLFRHGs9O+iJIPq
/sgEY/d2yyrwtx37D6PdmRDdg0jmH80il6XmR3qKNfTG1C2IeefXPutC78P01MiG
KnCri9q6MjtggNg4ic8P4LvY1ffPAx2mnb1spxTfCCIE4b7NVaPslkG1fgI4eUfq
75b58NilJMUxhhxEIxvNo+8R+DD6L2GiNQjEEo38bvmB5P/aGCg+8jom3xfABGtA
3qkQVmI1S1OGZAc4pMRHWEh6JD3yFBMP+a56tMKphdEAv2aoxdkyRPCranjIqJdr
Jxbwdhdsi3J+JDjPU6VgIJQsnCMI1GecloTFwykijaJo
-----END CERTIFICATE-----