Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/q_SBFqXGcme2-fgg4m0F-JtScqE.roa
File:                     q_SBFqXGcme2-fgg4m0F-JtScqE.roa (raw, json)
Hash identifier:          Yf5akhJGqwPtNr/UBfBCcPd0IUtfAq5RuY+BWLGvHJM=
Subject key identifier:   AB:F4:81:16:A5:C6:72:67:B6:F9:F8:20:E2:6D:05:F8:9B:52:72:A1
Certificate issuer:       /CN=374e2729b17369890a1512f643cd08e4ba2ff414
Certificate serial:       018CC5DD19CC3086607AC6E96573BD1C9E8E
Authority key identifier: 37:4E:27:29:B1:73:69:89:0A:15:12:F6:43:CD:08:E4:BA:2F:F4:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/q_SBFqXGcme2-fgg4m0F-JtScqE.roa
Signing time:             Mon 01 Jan 2024 16:30:50 +0000
ROA not before:           Mon 01 Jan 2024 16:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17098
IP address blocks:        185.101.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:19:cc:30:86:60:7a:c6:e9:65:73:bd:1c:9e:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=374e2729b17369890a1512f643cd08e4ba2ff414
        Validity
            Not Before: Jan  1 16:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abf48116a5c67267b6f9f820e26d05f89b5272a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f1:01:12:a5:a0:92:51:04:cc:3f:3f:02:6c:
                    78:10:ba:8f:f6:5a:d4:ef:eb:80:88:3c:46:53:58:
                    82:85:5d:fa:8c:6a:29:b1:ae:f4:1e:86:bc:72:3e:
                    d3:60:11:b9:73:04:30:8b:ad:dd:b7:ad:de:50:6f:
                    b3:88:00:a9:3d:1e:13:30:3a:f1:0b:28:06:ec:5f:
                    b6:65:f1:0b:7a:9c:8a:f7:5a:d3:c1:4f:85:77:11:
                    be:94:25:4f:af:6a:ee:06:dc:7e:a1:de:ad:e5:d9:
                    a0:07:30:26:14:ea:fa:b7:50:25:e6:44:d6:d0:e3:
                    bf:37:67:90:13:e4:12:3a:46:fc:4e:a7:38:79:cd:
                    c3:68:a7:7c:ac:11:fa:77:09:c0:a5:ae:5d:8f:e8:
                    a7:95:d9:50:7b:5d:ce:b5:34:62:ff:6a:04:ab:a0:
                    56:4f:85:0a:9b:49:ae:3f:2a:72:5f:0b:8b:ce:69:
                    72:51:1a:ac:f3:f5:1b:0e:6c:7e:24:3e:40:db:f3:
                    67:72:54:bc:a2:f2:1f:e5:d8:cd:71:53:fe:4f:3e:
                    c3:ca:4e:2c:9b:b6:a5:b6:5d:68:4e:c9:22:f7:d7:
                    f1:c6:32:62:5a:1b:32:a0:ae:75:05:23:49:98:88:
                    9c:11:34:0c:ef:6e:91:61:c8:5d:cf:b5:2e:60:7c:
                    3e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:F4:81:16:A5:C6:72:67:B6:F9:F8:20:E2:6D:05:F8:9B:52:72:A1
            X509v3 Authority Key Identifier:
                keyid:37:4E:27:29:B1:73:69:89:0A:15:12:F6:43:CD:08:E4:BA:2F:F4:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/q_SBFqXGcme2-fgg4m0F-JtScqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:3f:6d:f8:ab:6b:2e:82:a1:60:4b:b4:e9:0a:56:95:59:7e:
         53:6f:83:2b:50:65:35:00:8d:6d:18:74:ab:4c:17:aa:6e:7f:
         58:8e:bd:88:de:e6:37:6f:ca:c9:92:c0:33:bc:f5:8e:7a:6d:
         22:77:e3:1c:13:80:ed:5e:6b:c2:36:26:6d:7e:51:ed:66:90:
         0a:50:52:a9:38:fe:72:92:89:43:74:8a:85:a8:d6:06:35:95:
         5d:d7:a6:2e:b8:94:2b:33:ee:95:b5:08:bf:ba:ae:12:c1:2a:
         fe:b4:57:33:cb:76:b8:77:8d:bf:33:9c:b9:c6:9d:c1:d7:24:
         b6:d7:f7:b5:0b:c4:48:dd:df:ba:d6:71:90:b6:ab:61:0e:29:
         64:73:02:b1:d6:cd:cc:fc:55:3c:36:a7:ad:e4:3d:a2:82:2f:
         ba:be:4d:e0:d6:30:0c:b6:24:f7:4b:b8:c9:04:93:53:d3:00:
         ad:01:37:66:cd:cf:26:a5:4c:bf:32:e9:fe:d8:36:c6:72:d1:
         68:4c:76:7a:a8:72:3a:8f:b2:85:d7:88:03:8a:24:ec:d4:e5:
         2b:6d:ae:30:31:c8:1d:4c:0a:32:77:44:72:f0:60:78:3d:1f:
         b4:0d:13:9d:88:e6:9d:07:f8:08:4c:42:ee:30:7c:c2:a4:d0:
         2d:9e:57:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3RnMMIZgesbpZXO9HJ6OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NGUyNzI5YjE3MzY5ODkwYTE1MTJmNjQzY2QwOGU0YmEy
ZmY0MTQwHhcNMjQwMTAxMTYzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmY0ODExNmE1YzY3MjY3YjZmOWY4MjBlMjZkMDVmODliNTI3MmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPEBEqWgklEEzD8/Amx4ELqP9lrU
7+uAiDxGU1iChV36jGopsa70Hoa8cj7TYBG5cwQwi63dt63eUG+ziACpPR4TMDrx
CygG7F+2ZfELepyK91rTwU+FdxG+lCVPr2ruBtx+od6t5dmgBzAmFOr6t1Al5kTW
0OO/N2eQE+QSOkb8Tqc4ec3DaKd8rBH6dwnApa5dj+inldlQe13OtTRi/2oEq6BW
T4UKm0muPypyXwuLzmlyURqs8/UbDmx+JD5A2/NnclS8ovIf5djNcVP+Tz7Dyk4s
m7altl1oTski99fxxjJiWhsyoK51BSNJmIicETQM726RYchdz7UuYHw+3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKv0gRalxnJntvn4IOJtBfibUnKhMB8GA1UdIwQY
MBaAFDdOJymxc2mJChUS9kPNCOS6L/QUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjA0bktiRnphWWtLRlJMMlE4MEk1TG92OUJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC85NTIyMzAtYzI2Mi00MWNjLWI5NTYt
Y2ZjNDZhNzZlYzc4LzEvcV9TQkZxWEdjbWUyLWZnZzRtMEYtSnRTY3FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC85NTIyMzAtYzI2Mi00MWNjLWI5NTYtY2ZjNDZhNzZlYzc4
LzEvTjA0bktiRnphWWtLRlJMMlE4MEk1TG92OUJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWUXMA0G
CSqGSIb3DQEBCwUAA4IBAQAGP234q2sugqFgS7TpClaVWX5Tb4MrUGU1AI1tGHSr
TBeqbn9Yjr2I3uY3b8rJksAzvPWOem0id+McE4DtXmvCNiZtflHtZpAKUFKpOP5y
kolDdIqFqNYGNZVd16YuuJQrM+6VtQi/uq4SwSr+tFczy3a4d42/M5y5xp3B1yS2
1/e1C8RI3d+61nGQtqthDilkcwKx1s3M/FU8Nqet5D2igi+6vk3g1jAMtiT3S7jJ
BJNT0wCtATdmzc8mpUy/Mun+2DbGctFoTHZ6qHI6j7KF14gDiiTs1OUrba4wMcgd
TAoyd0Ry8GB4PR+0DROdiOadB/gITELuMHzCpNAtnlfh
-----END CERTIFICATE-----