Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/DQREGMYHzz2HsiuDfAUIkFGEXZo.roa
File:                     DQREGMYHzz2HsiuDfAUIkFGEXZo.roa (raw, json)
Hash identifier:          dqVzqoQJTPvKg+gCBH8NIabXtJcQbfGc752VqUY+XHQ=
Subject key identifier:   0D:04:44:18:C6:07:CF:3D:87:B2:2B:83:7C:05:08:90:51:84:5D:9A
Certificate issuer:       /CN=c76e03ff7d0bfde32839c28fec81c6275c04d33f
Certificate serial:       018CC8DF29B4834EFBC817DE679325F6B73D
Authority key identifier: C7:6E:03:FF:7D:0B:FD:E3:28:39:C2:8F:EC:81:C6:27:5C:04:D3:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x24D_30L_eMoOcKP7IHGJ1wE0z8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/DQREGMYHzz2HsiuDfAUIkFGEXZo.roa
Signing time:             Tue 02 Jan 2024 06:31:57 +0000
ROA not before:           Tue 02 Jan 2024 06:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200934
IP address blocks:        185.107.123.0/24 maxlen: 24
                          2a00:cb40:200::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/x24D_30L_eMoOcKP7IHGJ1wE0z8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/x24D_30L_eMoOcKP7IHGJ1wE0z8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x24D_30L_eMoOcKP7IHGJ1wE0z8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:29:b4:83:4e:fb:c8:17:de:67:93:25:f6:b7:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c76e03ff7d0bfde32839c28fec81c6275c04d33f
        Validity
            Not Before: Jan  2 06:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d044418c607cf3d87b22b837c05089051845d9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a8:30:44:5e:be:4d:65:1d:76:c5:ed:c2:e8:
                    05:f3:dc:89:b1:b3:5d:90:0b:90:5a:a1:04:dd:89:
                    c1:45:8d:9c:a4:7a:4f:f5:fd:8a:5a:6b:0a:89:a4:
                    e2:47:98:67:c9:2d:11:69:88:19:cd:b8:ab:4a:4e:
                    c8:d9:96:04:0f:bd:d5:58:40:4d:4a:cf:dd:41:b1:
                    7f:1b:b4:be:e6:69:e6:cd:39:78:11:b1:a8:6e:8e:
                    17:2a:85:b7:2b:74:da:4e:0a:4c:e6:ef:17:0d:7b:
                    51:8c:0c:7c:94:ea:9d:d9:e0:ac:49:61:74:d9:2e:
                    0c:4d:7f:d7:da:2d:bf:21:2f:dc:24:72:86:ac:f4:
                    a6:06:92:15:36:b7:d1:ac:16:61:b9:4a:fe:e1:a5:
                    06:fa:11:c4:42:0f:c0:a3:bb:22:c6:1e:b2:2b:af:
                    b4:47:b6:97:99:7f:e4:9d:2e:a3:44:85:0b:81:26:
                    49:ed:5e:d3:8d:03:00:51:df:6c:cb:fa:10:3c:2d:
                    5b:4e:6f:a4:8d:ba:8f:ab:09:e2:35:c4:30:52:b3:
                    68:0d:69:2a:4e:1c:d1:11:46:94:ec:f4:d2:52:01:
                    cb:ee:60:58:97:17:64:d6:f3:cf:03:26:8c:53:75:
                    5a:26:2d:0c:36:ef:cd:df:a5:7a:ad:32:ea:75:fa:
                    cd:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:04:44:18:C6:07:CF:3D:87:B2:2B:83:7C:05:08:90:51:84:5D:9A
            X509v3 Authority Key Identifier:
                keyid:C7:6E:03:FF:7D:0B:FD:E3:28:39:C2:8F:EC:81:C6:27:5C:04:D3:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x24D_30L_eMoOcKP7IHGJ1wE0z8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/DQREGMYHzz2HsiuDfAUIkFGEXZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/x24D_30L_eMoOcKP7IHGJ1wE0z8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.123.0/24
                IPv6:
                  2a00:cb40:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:73:25:f4:57:f5:9a:e1:50:b6:e0:58:87:ca:72:80:df:2a:
         11:aa:25:1e:48:11:2f:99:d3:9e:81:05:d2:d1:4d:4f:ed:69:
         43:e5:04:13:e0:a2:7e:5c:d7:d6:b2:99:33:f6:05:55:bb:2f:
         cc:33:00:f1:b3:ca:0c:9b:76:f5:21:16:71:7d:0f:9f:9e:75:
         1c:76:3f:df:93:b5:6d:cc:4c:b5:97:f3:f3:c7:1d:96:bd:7d:
         e5:fc:42:4f:36:9f:d9:be:03:c5:d0:55:7f:c3:66:ef:3f:e9:
         e6:ce:fc:27:26:b2:53:a4:1e:40:25:03:8f:64:bc:61:1f:49:
         2d:80:a5:36:35:0b:45:e2:e6:5e:9b:07:7b:5b:78:4f:0f:6f:
         f4:c7:b9:ee:5c:fc:2d:64:9a:fb:b3:49:28:69:2b:e3:0f:d7:
         b5:5e:9b:79:9d:98:d1:23:cf:0c:39:36:3a:1d:29:8c:03:67:
         aa:35:f4:ff:54:db:65:d5:d3:08:33:de:1c:c7:04:ef:fa:7f:
         f3:3b:2e:57:47:69:3b:3e:8f:7b:6e:72:31:f1:fa:d1:a4:26:
         cd:cc:fd:ac:3f:94:61:c7:97:16:82:7c:00:d0:0d:63:5e:28:
         2d:8e:7e:26:89:84:5b:c2:cb:c0:a5:c5:ab:fa:9b:a9:33:1d:
         58:1a:1c:1e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3ym0g077yBfeZ5Ml9rc9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NmUwM2ZmN2QwYmZkZTMyODM5YzI4ZmVjODFjNjI3NWMw
NGQzM2YwHhcNMjQwMTAyMDYzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDA0NDQxOGM2MDdjZjNkODdiMjJiODM3YzA1MDg5MDUxODQ1ZDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKgwRF6+TWUddsXtwugF89yJsbNd
kAuQWqEE3YnBRY2cpHpP9f2KWmsKiaTiR5hnyS0RaYgZzbirSk7I2ZYED73VWEBN
Ss/dQbF/G7S+5mnmzTl4EbGobo4XKoW3K3TaTgpM5u8XDXtRjAx8lOqd2eCsSWF0
2S4MTX/X2i2/IS/cJHKGrPSmBpIVNrfRrBZhuUr+4aUG+hHEQg/Ao7sixh6yK6+0
R7aXmX/knS6jRIULgSZJ7V7TjQMAUd9sy/oQPC1bTm+kjbqPqwniNcQwUrNoDWkq
ThzREUaU7PTSUgHL7mBYlxdk1vPPAyaMU3VaJi0MNu/N36V6rTLqdfrNowIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFA0ERBjGB889h7Irg3wFCJBRhF2aMB8GA1UdIwQY
MBaAFMduA/99C/3jKDnCj+yBxidcBNM/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDI0RF8zMExfZU1vT2NLUDdJSEdKMXdFMHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8zMzQ3ZjctNTI1OS00MjM4LWFkYjYt
ODM1ZGUwZjU4OTJlLzEvRFFSRUdNWUh6ejJIc2l1RGZBVUlrRkdFWFpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8zMzQ3ZjctNTI1OS00MjM4LWFkYjYtODM1ZGUwZjU4OTJl
LzEveDI0RF8zMExfZU1vT2NLUDdJSEdKMXdFMHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuWt7MA8E
AgACMAkDBwAqAMtAAgAwDQYJKoZIhvcNAQELBQADggEBAGBzJfRX9ZrhULbgWIfK
coDfKhGqJR5IES+Z056BBdLRTU/taUPlBBPgon5c19aymTP2BVW7L8wzAPGzygyb
dvUhFnF9D5+edRx2P9+TtW3MTLWX8/PHHZa9feX8Qk82n9m+A8XQVX/DZu8/6ebO
/CcmslOkHkAlA49kvGEfSS2ApTY1C0Xi5l6bB3tbeE8Pb/THue5c/C1kmvuzSShp
K+MP17Vem3mdmNEjzww5NjodKYwDZ6o19P9U22XV0wgz3hzHBO/6f/M7LldHaTs+
j3tucjHx+tGkJs3M/aw/lGHHlxaCfADQDWNeKC2OfiaJhFvCy8Clxav6m6kzHVga
HB4=
-----END CERTIFICATE-----