Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/qYNkQBmbRIJw8uNGB4O6C4nB12s.roa
File:                     qYNkQBmbRIJw8uNGB4O6C4nB12s.roa (raw, json)
Hash identifier:          IzAdBLZj8/g53CohC44u4a+928qMfU4j2+XHCn2XMlM=
Subject key identifier:   A9:83:64:40:19:9B:44:82:70:F2:E3:46:07:83:BA:0B:89:C1:D7:6B
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E1BE6BEDD90B55386C7AD3C31C0FC
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/qYNkQBmbRIJw8uNGB4O6C4nB12s.roa
Signing time:             Mon 01 Jan 2024 14:29:36 +0000
ROA not before:           Mon 01 Jan 2024 14:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211441
IP address blocks:        185.226.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1b:e6:be:dd:90:b5:53:86:c7:ad:3c:31:c0:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9836440199b448270f2e3460783ba0b89c1d76b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:61:92:f5:75:7b:a0:5e:21:52:9b:dc:df:4d:
                    6b:7f:7e:79:5b:45:22:24:94:e9:22:2f:3e:e0:31:
                    40:d4:76:db:6a:4b:42:e8:d6:d8:1c:bf:9b:2e:a8:
                    2a:66:47:cf:d1:16:87:7f:ff:42:f0:58:1e:49:e6:
                    85:92:c4:d3:25:62:a4:00:4b:8d:bd:95:a5:db:3c:
                    87:5f:91:63:18:d9:3e:a0:59:ce:9d:46:4c:9f:90:
                    ab:13:6e:27:9d:7a:ad:eb:71:36:9e:c3:40:57:35:
                    00:8a:ca:5c:17:95:f5:d5:e2:d4:75:f9:4e:c7:f6:
                    b6:b7:31:6f:84:54:1c:49:cd:c4:68:7b:9b:2d:b5:
                    3e:fa:14:cc:04:0c:c5:34:07:2e:52:4c:d9:e9:12:
                    14:e4:c2:55:99:c1:ea:36:23:b6:91:dd:1d:1d:8a:
                    9f:9b:59:4a:8e:6b:f0:0e:18:87:e0:bd:4d:b0:8f:
                    4f:11:53:f8:97:81:18:10:cb:8d:da:1c:a8:00:44:
                    f6:6e:dc:9d:5a:e3:8d:7a:30:ae:13:82:52:61:88:
                    cd:71:a0:cf:04:e6:59:fe:84:1c:80:f8:08:d5:32:
                    23:ed:60:5a:5d:2b:73:4f:48:db:2f:a5:9f:d2:db:
                    36:8b:99:8a:41:59:34:b1:06:ca:aa:c1:2c:fe:8b:
                    36:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:83:64:40:19:9B:44:82:70:F2:E3:46:07:83:BA:0B:89:C1:D7:6B
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/qYNkQBmbRIJw8uNGB4O6C4nB12s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:43:ea:0b:93:16:46:25:f8:f3:83:c0:ab:c4:f1:a7:b9:05:
         63:02:ab:3d:78:6b:6e:f1:f5:c6:60:e6:36:17:6f:bc:87:40:
         f7:09:e7:67:34:62:54:2c:3d:95:a9:af:d4:06:7d:f2:bb:d3:
         27:42:e6:ec:95:5e:2b:f1:30:16:12:27:ee:d3:77:f6:0d:3d:
         50:2f:0d:94:23:20:08:c0:a0:da:d5:43:9c:e2:34:ca:19:be:
         6e:f7:15:16:81:ca:55:d1:51:85:9e:6b:66:5f:09:84:cd:6b:
         7d:be:16:12:aa:78:c4:45:74:ef:c6:88:d4:52:c2:75:85:fb:
         94:f7:8b:2b:7e:e7:60:62:df:75:0a:7b:68:d1:a8:b7:fe:5e:
         e3:47:de:5f:d5:bb:77:f1:44:5e:be:3d:98:de:99:28:f9:a9:
         c1:25:de:87:80:1c:bd:57:2e:0d:b7:35:33:d2:a8:7b:d9:47:
         69:8e:b4:fe:cf:07:b8:74:05:37:a5:ed:a3:f6:38:28:91:4f:
         e2:9d:bf:be:70:50:1b:6f:74:34:03:23:52:07:76:d7:fc:04:
         cb:e0:93:60:61:24:d9:58:44:af:a3:b2:5c:01:b4:87:b5:57:
         14:22:2b:01:9f:56:a1:17:b8:99:9d:a2:30:a5:52:04:f5:26:
         0a:21:0d:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhvmvt2QtVOGx608McD8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTgzNjQ0MDE5OWI0NDgyNzBmMmUzNDYwNzgzYmEwYjg5YzFkNzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2GS9XV7oF4hUpvc301rf355W0Ui
JJTpIi8+4DFA1HbbaktC6NbYHL+bLqgqZkfP0RaHf/9C8FgeSeaFksTTJWKkAEuN
vZWl2zyHX5FjGNk+oFnOnUZMn5CrE24nnXqt63E2nsNAVzUAispcF5X11eLUdflO
x/a2tzFvhFQcSc3EaHubLbU++hTMBAzFNAcuUkzZ6RIU5MJVmcHqNiO2kd0dHYqf
m1lKjmvwDhiH4L1NsI9PEVP4l4EYEMuN2hyoAET2btydWuONejCuE4JSYYjNcaDP
BOZZ/oQcgPgI1TIj7WBaXStzT0jbL6Wf0ts2i5mKQVk0sQbKqsEs/os2KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKmDZEAZm0SCcPLjRgeDuguJwddrMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvcVlOa1FCbWJSSUp3OHVOR0I0TzZDNG5CMTJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueLDMA0G
CSqGSIb3DQEBCwUAA4IBAQBtQ+oLkxZGJfjzg8CrxPGnuQVjAqs9eGtu8fXGYOY2
F2+8h0D3CednNGJULD2Vqa/UBn3yu9MnQubslV4r8TAWEifu03f2DT1QLw2UIyAI
wKDa1UOc4jTKGb5u9xUWgcpV0VGFnmtmXwmEzWt9vhYSqnjERXTvxojUUsJ1hfuU
94srfudgYt91Cnto0ai3/l7jR95f1bt38URevj2Y3pko+anBJd6HgBy9Vy4NtzUz
0qh72UdpjrT+zwe4dAU3pe2j9jgokU/inb++cFAbb3Q0AyNSB3bX/ATL4JNgYSTZ
WESvo7JcAbSHtVcUIisBn1ahF7iZnaIwpVIE9SYKIQ1Z
-----END CERTIFICATE-----