Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/af54e8-bd63-427d-8cc8-f4ecebbb1ec2/1/qMk1C2p9-YX8wh0CTkeq1QYo4JA.roa
File:                     qMk1C2p9-YX8wh0CTkeq1QYo4JA.roa (raw, json)
Hash identifier:          fz6hT/tqd9dW26kca9sZU7zvv63r2YdCkmDEnRp9Bm8=
Subject key identifier:   A8:C9:35:0B:6A:7D:F9:85:FC:C2:1D:02:4E:47:AA:D5:06:28:E0:90
Certificate issuer:       /CN=f973209625e2a03ddeecf91bb480548e5729d479
Certificate serial:       018CC6B7853D9274EEFEF9FAE7E78420831B
Authority key identifier: F9:73:20:96:25:E2:A0:3D:DE:EC:F9:1B:B4:80:54:8E:57:29:D4:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-XMgliXioD3e7PkbtIBUjlcp1Hk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/af54e8-bd63-427d-8cc8-f4ecebbb1ec2/1/qMk1C2p9-YX8wh0CTkeq1QYo4JA.roa
Signing time:             Mon 01 Jan 2024 20:29:25 +0000
ROA not before:           Mon 01 Jan 2024 20:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209323
IP address blocks:        147.78.144.0/22 maxlen: 22
                          2a09:24c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/af54e8-bd63-427d-8cc8-f4ecebbb1ec2/1/1-XMgliXioD3e7PkbtIBUjlcp1Hk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/af54e8-bd63-427d-8cc8-f4ecebbb1ec2/1/1-XMgliXioD3e7PkbtIBUjlcp1Hk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-XMgliXioD3e7PkbtIBUjlcp1Hk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:85:3d:92:74:ee:fe:f9:fa:e7:e7:84:20:83:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f973209625e2a03ddeecf91bb480548e5729d479
        Validity
            Not Before: Jan  1 20:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8c9350b6a7df985fcc21d024e47aad50628e090
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b8:29:3a:02:90:f3:e1:4a:e8:bc:eb:18:a6:
                    ac:a2:d9:b4:b1:48:de:d8:e1:b9:4e:fc:01:32:bd:
                    bd:a6:12:0c:7e:e2:1c:74:e1:dd:88:70:0a:9e:f3:
                    38:e9:35:11:65:0c:7a:c2:3c:9e:a7:e2:68:e9:8d:
                    9b:7a:2b:5d:59:1a:98:23:26:61:20:df:ec:2e:f4:
                    ff:ce:06:1e:be:42:b9:72:80:a1:01:ea:9d:14:ff:
                    8d:df:70:2a:4e:03:0e:cc:d2:70:71:bd:8e:12:85:
                    53:02:e1:99:24:fe:ff:51:b2:2a:f5:a1:5f:de:64:
                    eb:5e:7b:5a:f0:67:ab:30:ad:cb:58:df:7d:ff:00:
                    4f:5e:19:e1:33:49:e2:8a:8f:5c:ba:0a:7a:9c:c8:
                    44:2a:dd:7a:e0:40:58:83:55:5c:d2:7f:03:2a:a8:
                    1a:84:b4:13:28:0e:c4:b4:5d:93:b6:fe:5f:84:61:
                    28:87:11:f3:71:be:d6:0b:eb:cd:ad:a2:42:86:ed:
                    73:66:12:1c:e0:c7:93:c5:40:9f:45:5f:10:2f:41:
                    bf:91:d8:88:03:41:bf:59:82:6f:4d:bb:7e:91:4c:
                    64:29:cb:3f:1d:56:ad:a1:81:8a:08:ad:00:0e:bc:
                    f3:e4:9f:66:1c:3b:60:a2:c1:d6:ec:0e:bb:40:10:
                    d5:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:C9:35:0B:6A:7D:F9:85:FC:C2:1D:02:4E:47:AA:D5:06:28:E0:90
            X509v3 Authority Key Identifier:
                keyid:F9:73:20:96:25:E2:A0:3D:DE:EC:F9:1B:B4:80:54:8E:57:29:D4:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-XMgliXioD3e7PkbtIBUjlcp1Hk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/af54e8-bd63-427d-8cc8-f4ecebbb1ec2/1/qMk1C2p9-YX8wh0CTkeq1QYo4JA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/af54e8-bd63-427d-8cc8-f4ecebbb1ec2/1/1-XMgliXioD3e7PkbtIBUjlcp1Hk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.144.0/22
                IPv6:
                  2a09:24c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8b:81:bf:f3:85:8c:33:e5:f8:ab:54:93:df:f0:2f:c9:1f:3b:
         6e:a0:67:43:c2:82:ff:52:67:b6:f8:3b:18:85:d8:0e:23:4e:
         de:66:d6:8a:45:56:b3:ca:fb:2a:32:f4:2a:b4:a0:4b:3f:64:
         06:8c:38:7f:a0:3a:1b:7d:6a:60:b1:b9:99:4d:20:81:78:43:
         76:43:cd:e9:f0:f8:0c:14:49:19:52:3e:e8:81:40:db:f8:05:
         da:cc:3b:ae:f1:f9:ff:dd:a6:17:6f:07:a2:d2:d1:25:1a:31:
         2d:d7:7a:60:5e:9a:ab:01:cb:74:23:f8:23:00:cf:7d:b6:63:
         ed:6c:27:9a:0a:21:bf:ed:51:3b:df:42:b0:5a:58:9b:8a:eb:
         56:66:8b:d9:15:c2:97:32:29:a4:74:43:7e:2a:0a:eb:43:f6:
         41:38:dc:3b:7f:e6:c1:98:1b:0d:42:90:8d:74:c0:b9:c2:d4:
         e7:58:ac:57:56:f9:c7:1c:c3:5b:67:00:5e:af:12:5d:3d:7d:
         78:61:af:92:80:8c:97:91:7a:3c:02:9b:e0:57:09:97:3b:95:
         94:be:91:05:b8:80:bb:3f:db:87:b8:ba:61:75:19:0b:19:b8:
         7e:f8:96:0f:26:c6:12:e2:fb:9c:74:7a:00:f5:15:0e:23:82:
         82:2c:10:a1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGt4U9knTu/vn65+eEIIMbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NzMyMDk2MjVlMmEwM2RkZWVjZjkxYmI0ODA1NDhlNTcy
OWQ0NzkwHhcNMjQwMTAxMjAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGM5MzUwYjZhN2RmOTg1ZmNjMjFkMDI0ZTQ3YWFkNTA2MjhlMDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLgpOgKQ8+FK6LzrGKasotm0sUje
2OG5TvwBMr29phIMfuIcdOHdiHAKnvM46TURZQx6wjyep+Jo6Y2beitdWRqYIyZh
IN/sLvT/zgYevkK5coChAeqdFP+N33AqTgMOzNJwcb2OEoVTAuGZJP7/UbIq9aFf
3mTrXnta8GerMK3LWN99/wBPXhnhM0niio9cugp6nMhEKt164EBYg1Vc0n8DKqga
hLQTKA7EtF2Ttv5fhGEohxHzcb7WC+vNraJChu1zZhIc4MeTxUCfRV8QL0G/kdiI
A0G/WYJvTbt+kUxkKcs/HVatoYGKCK0ADrzz5J9mHDtgosHW7A67QBDVTwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKjJNQtqffmF/MIdAk5HqtUGKOCQMB8GA1UdIwQY
MBaAFPlzIJYl4qA93uz5G7SAVI5XKdR5MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1YTWdsaVhpb0QzZTdQa2J0SUJVamxjcDFIay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQvYWY1NGU4LWJkNjMtNDI3ZC04Y2M4
LWY0ZWNlYmJiMWVjMi8xL3FNazFDMnA5LVlYOHdoMENUa2VxMVFZbzRKQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWQvYWY1NGU4LWJkNjMtNDI3ZC04Y2M4LWY0ZWNlYmJiMWVj
Mi8xLzEtWE1nbGlYaW9EM2U3UGtidElCVWpsY3AxSGsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAKTTpAw
DQQCAAIwBwMFACoJJMAwDQYJKoZIhvcNAQELBQADggEBAIuBv/OFjDPl+KtUk9/w
L8kfO26gZ0PCgv9SZ7b4OxiF2A4jTt5m1opFVrPK+yoy9Cq0oEs/ZAaMOH+gOht9
amCxuZlNIIF4Q3ZDzenw+AwUSRlSPuiBQNv4BdrMO67x+f/dphdvB6LS0SUaMS3X
emBemqsBy3Qj+CMAz322Y+1sJ5oKIb/tUTvfQrBaWJuK61Zmi9kVwpcyKaR0Q34q
CutD9kE43Dt/5sGYGw1CkI10wLnC1OdYrFdW+cccw1tnAF6vEl09fXhhr5KAjJeR
ejwCm+BXCZc7lZS+kQW4gLs/24e4umF1GQsZuH74lg8mxhLi+5x0egD1FQ4jgoIs
EKE=
-----END CERTIFICATE-----