Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/q_bFvm8_yyfPPmzpJc8AYpoA7qA.roa
File:                     q_bFvm8_yyfPPmzpJc8AYpoA7qA.roa (raw, json)
Hash identifier:          bf3iQnl8+VzznCCd7Gm1JIZFvIadEtKGWDwoaV4tV+o=
Subject key identifier:   AB:F6:C5:BE:6F:3F:CB:27:CF:3E:6C:E9:25:CF:00:62:9A:00:EE:A0
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       018DF3C9C0B93E2FE4A2DAAA16DA297BFC22
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/q_bFvm8_yyfPPmzpJc8AYpoA7qA.roa
Signing time:             Thu 29 Feb 2024 07:35:02 +0000
ROA not before:           Thu 29 Feb 2024 07:35:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206092
IP address blocks:        185.132.186.0/24 maxlen: 24
                          185.132.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f3:c9:c0:b9:3e:2f:e4:a2:da:aa:16:da:29:7b:fc:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: Feb 29 07:35:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abf6c5be6f3fcb27cf3e6ce925cf00629a00eea0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6b:c5:ec:3e:83:19:d3:dd:24:c0:f4:9f:77:
                    7e:94:e9:f1:e3:0e:08:67:ae:e6:3b:47:64:ec:4e:
                    5b:b5:15:c3:e5:10:9d:7b:8e:1a:e1:83:3f:27:cb:
                    33:b3:70:40:7f:36:59:df:7d:a4:e6:19:5c:19:61:
                    9b:22:8b:c9:70:61:d2:fd:71:6f:17:c6:ea:2e:1a:
                    18:05:7c:e2:3e:f9:fc:2d:00:6d:5b:8a:e6:5b:d2:
                    1d:18:68:8f:77:45:b6:16:0a:39:23:1a:3a:e2:7f:
                    85:22:ee:7a:23:59:a5:83:57:fe:d3:cd:07:c4:6b:
                    4f:77:f1:2e:21:0a:7d:9f:b7:69:90:f1:ec:a1:f1:
                    6f:48:51:dd:f3:f6:8e:77:ed:15:1b:28:7f:2f:80:
                    30:42:52:b8:78:dd:ce:15:13:9d:1a:18:67:92:d1:
                    90:bd:f8:ca:76:7e:81:b0:d6:1d:20:c6:a6:80:4c:
                    e9:f9:1b:14:bb:ec:99:fd:21:03:e2:a9:b9:39:6c:
                    9d:27:d6:68:76:d1:b3:8e:d5:75:63:83:91:08:c0:
                    cc:ba:8e:a7:03:22:db:21:4f:e6:87:79:17:0b:31:
                    aa:ae:8f:5a:15:fa:6e:d3:05:74:1a:8e:e8:32:91:
                    4f:c6:da:3a:b9:00:85:6d:60:95:06:2d:fd:83:83:
                    79:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:F6:C5:BE:6F:3F:CB:27:CF:3E:6C:E9:25:CF:00:62:9A:00:EE:A0
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/q_bFvm8_yyfPPmzpJc8AYpoA7qA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.132.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:85:7c:7b:5d:8e:59:0e:6a:83:1b:66:ce:ff:8f:e7:bb:e4:
         e5:a5:b8:f3:70:3f:58:ea:a9:03:16:2a:cc:cd:b9:95:ad:c2:
         90:f8:57:e2:3c:bd:ee:0b:da:1f:4c:e3:21:41:c6:3a:91:fe:
         fa:6a:31:11:2d:93:62:46:93:7c:43:88:e4:25:af:9c:0a:ce:
         91:f0:8c:5b:a2:cc:d8:36:1e:b7:88:01:c3:a3:b6:11:b5:a1:
         33:7a:6b:ae:c0:29:8d:42:e2:87:38:02:01:3a:56:1d:db:b9:
         57:7a:d9:7a:f8:91:78:fc:5d:87:10:a8:a1:95:01:76:95:07:
         6a:d2:4e:60:b7:43:b1:8d:4b:72:c9:ab:0c:93:72:91:30:9b:
         31:fe:ee:ad:5b:eb:cc:a7:b9:6c:bb:37:b0:86:62:b9:d2:fb:
         3a:09:3b:72:ff:21:b4:9a:75:49:de:92:b1:ad:5c:8e:fe:4c:
         78:aa:19:31:dd:f7:63:40:40:f4:0e:42:1d:3a:63:96:9f:49:
         cf:7d:62:68:7f:2a:a4:66:db:1e:d7:fe:5e:e0:b6:6c:c9:49:
         00:a2:fc:d8:e5:8b:7f:1f:23:c1:9b:da:27:ec:c0:01:a6:18:
         7f:69:a4:fe:f1:af:87:4d:03:b0:3b:54:dd:b4:ad:0f:39:88:
         39:bc:12:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3zycC5Pi/kotqqFtope/wiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjQwMjI5MDczNTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmY2YzViZTZmM2ZjYjI3Y2YzZTZjZTkyNWNmMDA2MjlhMDBlZWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2vF7D6DGdPdJMD0n3d+lOnx4w4I
Z67mO0dk7E5btRXD5RCde44a4YM/J8szs3BAfzZZ332k5hlcGWGbIovJcGHS/XFv
F8bqLhoYBXziPvn8LQBtW4rmW9IdGGiPd0W2Fgo5Ixo64n+FIu56I1mlg1f+080H
xGtPd/EuIQp9n7dpkPHsofFvSFHd8/aOd+0VGyh/L4AwQlK4eN3OFROdGhhnktGQ
vfjKdn6BsNYdIMamgEzp+RsUu+yZ/SED4qm5OWydJ9ZodtGzjtV1Y4ORCMDMuo6n
AyLbIU/mh3kXCzGqro9aFfpu0wV0Go7oMpFPxto6uQCFbWCVBi39g4N5YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKv2xb5vP8snzz5s6SXPAGKaAO6gMB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvcV9iRnZtOF95eWZQUG16cEpjOEFZcG9BN3FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYS6MA0G
CSqGSIb3DQEBCwUAA4IBAQB+hXx7XY5ZDmqDG2bO/4/nu+TlpbjzcD9Y6qkDFirM
zbmVrcKQ+FfiPL3uC9ofTOMhQcY6kf76ajERLZNiRpN8Q4jkJa+cCs6R8IxboszY
Nh63iAHDo7YRtaEzemuuwCmNQuKHOAIBOlYd27lXetl6+JF4/F2HEKihlQF2lQdq
0k5gt0OxjUtyyasMk3KRMJsx/u6tW+vMp7lsuzewhmK50vs6CTty/yG0mnVJ3pKx
rVyO/kx4qhkx3fdjQED0DkIdOmOWn0nPfWJofyqkZtse1/5e4LZsyUkAovzY5Yt/
HyPBm9on7MABphh/aaT+8a+HTQOwO1TdtK0POYg5vBKB
-----END CERTIFICATE-----