Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/d7609e-6396-4155-ad35-b74089d8e59e/1/qDUl3BA8t0sfMuVVcys04K0EwcA.roa
File:                     qDUl3BA8t0sfMuVVcys04K0EwcA.roa (raw, json)
Hash identifier:          o4D79kAPASX5XPdpvVDV5tALiGIJeCuvj5HADRz0rYg=
Subject key identifier:   A8:35:25:DC:10:3C:B7:4B:1F:32:E5:55:73:2B:34:E0:AD:04:C1:C0
Certificate issuer:       /CN=946733318c62c47920fe375ad99cb729ee90a1ad
Certificate serial:       018CC26D2250B4BF20F5C9E8332A9024DDCB
Authority key identifier: 94:67:33:31:8C:62:C4:79:20:FE:37:5A:D9:9C:B7:29:EE:90:A1:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lGczMYxixHkg_jda2Zy3Ke6Qoa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/d7609e-6396-4155-ad35-b74089d8e59e/1/qDUl3BA8t0sfMuVVcys04K0EwcA.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203474
IP address blocks:        185.114.196.0/22 maxlen: 22
                          185.114.196.0/24 maxlen: 24
                          2a03:3780::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/d7609e-6396-4155-ad35-b74089d8e59e/1/lGczMYxixHkg_jda2Zy3Ke6Qoa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/d7609e-6396-4155-ad35-b74089d8e59e/1/lGczMYxixHkg_jda2Zy3Ke6Qoa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lGczMYxixHkg_jda2Zy3Ke6Qoa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 07:02:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:22:50:b4:bf:20:f5:c9:e8:33:2a:90:24:dd:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=946733318c62c47920fe375ad99cb729ee90a1ad
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a83525dc103cb74b1f32e555732b34e0ad04c1c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:be:f7:af:00:6e:78:e4:fd:70:00:e1:e3:63:
                    15:54:2c:34:2c:ce:ba:3a:f0:fb:14:c1:11:58:a4:
                    72:f7:11:8f:42:f9:89:22:2c:5d:47:a7:7a:39:ac:
                    7a:55:38:65:e5:ec:c4:c8:b0:8d:8e:6c:c6:58:af:
                    15:a5:47:a2:52:5f:ff:08:a6:b1:b0:9c:06:53:45:
                    13:e8:86:90:b9:fb:3f:d2:b6:ab:44:97:64:1f:86:
                    ff:4a:ef:c5:ca:6f:34:98:e0:fc:73:50:e8:0e:73:
                    21:d0:07:ed:40:a8:66:f9:a0:02:50:d4:83:68:44:
                    18:4b:d8:d2:0c:73:4f:4b:fd:59:09:4a:93:22:e8:
                    30:1a:68:df:bf:59:1f:2d:05:1a:d5:cd:6d:a0:d4:
                    99:b2:be:8a:5f:28:8d:b6:58:33:8c:ed:ae:ef:f7:
                    61:90:57:5d:6b:18:10:be:97:71:6d:52:b2:d9:8a:
                    a9:f7:05:e9:61:f9:4b:be:6d:45:c6:ed:2d:e4:1c:
                    e4:3a:da:1f:d6:db:44:48:64:55:0d:cd:3d:03:2c:
                    28:4a:0d:25:e6:33:b5:c9:3e:a4:6a:fd:1a:af:21:
                    3f:aa:7a:cd:ed:6b:b7:10:0b:35:3c:8a:42:79:76:
                    c9:9e:41:44:96:a3:0c:36:2c:ed:81:d3:b0:4a:f5:
                    ec:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:35:25:DC:10:3C:B7:4B:1F:32:E5:55:73:2B:34:E0:AD:04:C1:C0
            X509v3 Authority Key Identifier:
                keyid:94:67:33:31:8C:62:C4:79:20:FE:37:5A:D9:9C:B7:29:EE:90:A1:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lGczMYxixHkg_jda2Zy3Ke6Qoa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/d7609e-6396-4155-ad35-b74089d8e59e/1/qDUl3BA8t0sfMuVVcys04K0EwcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/d7609e-6396-4155-ad35-b74089d8e59e/1/lGczMYxixHkg_jda2Zy3Ke6Qoa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.196.0/22
                IPv6:
                  2a03:3780::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:bd:1e:b1:49:28:94:74:7e:fb:59:ee:5f:14:61:03:66:54:
         fe:24:85:6d:22:db:b7:03:e1:32:b3:38:41:66:9f:47:7b:10:
         96:23:50:fe:eb:a8:68:ac:4f:7c:b9:bc:09:30:e3:93:86:c8:
         31:b6:8f:26:7e:35:0c:30:9c:ce:b0:47:03:a6:60:b5:e5:7f:
         6b:13:e9:e9:8b:a4:89:6e:f5:19:eb:5c:83:30:5c:26:72:4a:
         13:57:4d:78:77:51:f0:00:80:52:d0:20:e1:91:e4:bc:f4:9e:
         32:7f:57:ec:08:fb:fb:7c:34:63:61:c2:8d:04:b3:04:9d:74:
         01:46:06:f9:32:3c:62:88:b8:68:ec:cd:e0:84:f0:e4:89:f4:
         4d:5a:05:1e:7a:fd:4e:6d:a7:34:eb:a7:26:52:b8:23:3a:13:
         9f:a0:52:8c:fb:5e:0f:c7:30:1e:65:a7:ef:ba:ff:5d:93:51:
         94:74:88:cb:3e:49:7e:58:28:38:8b:15:a2:6b:11:d8:68:01:
         3c:db:f2:25:b1:9a:bc:31:fb:ce:43:50:4e:3d:fd:88:76:35:
         a9:bb:fd:f2:1b:cc:4a:d5:5e:4d:be:d1:33:1a:43:ec:61:b1:
         4c:23:1e:06:4e:60:bf:cf:45:bf:2f:aa:dc:e9:7c:a7:20:3e:
         47:cc:9f:77
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbSJQtL8g9cnoMyqQJN3LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NjczMzMxOGM2MmM0NzkyMGZlMzc1YWQ5OWNiNzI5ZWU5
MGExYWQwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODM1MjVkYzEwM2NiNzRiMWYzMmU1NTU3MzJiMzRlMGFkMDRjMWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkr73rwBueOT9cADh42MVVCw0LM66
OvD7FMERWKRy9xGPQvmJIixdR6d6Oax6VThl5ezEyLCNjmzGWK8VpUeiUl//CKax
sJwGU0UT6IaQufs/0rarRJdkH4b/Su/Fym80mOD8c1DoDnMh0AftQKhm+aACUNSD
aEQYS9jSDHNPS/1ZCUqTIugwGmjfv1kfLQUa1c1toNSZsr6KXyiNtlgzjO2u7/dh
kFddaxgQvpdxbVKy2Yqp9wXpYflLvm1Fxu0t5BzkOtof1ttESGRVDc09AywoSg0l
5jO1yT6kav0aryE/qnrN7Wu3EAs1PIpCeXbJnkFElqMMNiztgdOwSvXscQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKg1JdwQPLdLHzLlVXMrNOCtBMHAMB8GA1UdIwQY
MBaAFJRnMzGMYsR5IP43WtmctynukKGtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEdjek1ZeGl4SGtnX2pkYTJaeTNLZTZRb2EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9kNzYwOWUtNjM5Ni00MTU1LWFkMzUt
Yjc0MDg5ZDhlNTllLzEvcURVbDNCQTh0MHNmTXVWVmN5czA0SzBFd2NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9kNzYwOWUtNjM5Ni00MTU1LWFkMzUtYjc0MDg5ZDhlNTll
LzEvbEdjek1ZeGl4SGtnX2pkYTJaeTNLZTZRb2EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuXLEMA8E
AgACMAkDBwAqAzeAAAAwDQYJKoZIhvcNAQELBQADggEBAIW9HrFJKJR0fvtZ7l8U
YQNmVP4khW0i27cD4TKzOEFmn0d7EJYjUP7rqGisT3y5vAkw45OGyDG2jyZ+NQww
nM6wRwOmYLXlf2sT6emLpIlu9RnrXIMwXCZyShNXTXh3UfAAgFLQIOGR5Lz0njJ/
V+wI+/t8NGNhwo0EswSddAFGBvkyPGKIuGjszeCE8OSJ9E1aBR56/U5tpzTrpyZS
uCM6E5+gUoz7Xg/HMB5lp++6/12TUZR0iMs+SX5YKDiLFaJrEdhoATzb8iWxmrwx
+85DUE49/Yh2Nam7/fIbzErVXk2+0TMaQ+xhsUwjHgZOYL/PRb8vqtzpfKcgPkfM
n3c=
-----END CERTIFICATE-----