Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/qt_6XMijfn9-t5ApxdqorV7ej3k.roa
File:                     qt_6XMijfn9-t5ApxdqorV7ej3k.roa (raw, json)
Hash identifier:          N7OorP1cutLkoQbkLwd+V58V2mv5IuczKgU5DcGFzCI=
Subject key identifier:   AA:DF:FA:5C:C8:A3:7E:7F:7E:B7:90:29:C5:DA:A8:AD:5E:DE:8F:79
Certificate issuer:       /CN=e168e36ba577ed47e6928729691991e4e7f235da
Certificate serial:       018CC5DCA5B228E5B8AA2DB1A4A6ECACDA32
Authority key identifier: E1:68:E3:6B:A5:77:ED:47:E6:92:87:29:69:19:91:E4:E7:F2:35:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Wjja6V37UfmkocpaRmR5OfyNdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/qt_6XMijfn9-t5ApxdqorV7ej3k.roa
Signing time:             Mon 01 Jan 2024 16:30:21 +0000
ROA not before:           Mon 01 Jan 2024 16:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205655
IP address blocks:        185.211.11.0/24 maxlen: 24
                          2a0b:60c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/4Wjja6V37UfmkocpaRmR5OfyNdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/4Wjja6V37UfmkocpaRmR5OfyNdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Wjja6V37UfmkocpaRmR5OfyNdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:a5:b2:28:e5:b8:aa:2d:b1:a4:a6:ec:ac:da:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e168e36ba577ed47e6928729691991e4e7f235da
        Validity
            Not Before: Jan  1 16:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aadffa5cc8a37e7f7eb79029c5daa8ad5ede8f79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c4:95:12:ee:78:d4:30:63:97:c8:3c:10:6b:
                    83:f2:a2:6b:18:17:83:0d:22:d3:74:02:64:88:3d:
                    5a:b1:45:8b:b2:8d:0a:5c:f9:5b:b7:08:dc:ba:7e:
                    35:3a:4c:c9:cb:06:bd:0f:0b:83:5f:ea:28:bd:85:
                    3a:c1:89:ba:57:b8:4f:a4:43:b7:4d:99:f6:cc:98:
                    b1:ce:47:36:eb:96:00:f7:f8:e3:87:73:89:c8:fc:
                    64:04:aa:6c:45:ea:f6:aa:6a:2f:cc:1b:63:9c:84:
                    35:b4:40:6a:85:ac:d0:28:32:fb:5c:cd:f0:9d:d4:
                    2d:76:95:87:c4:32:25:43:1b:f0:5d:6e:45:34:a9:
                    d9:7e:8a:e7:0c:c4:61:4e:24:68:21:27:d6:6f:7c:
                    1f:f5:89:ca:1b:20:9d:46:14:10:6c:8b:8e:30:71:
                    cd:45:ad:b9:74:d8:f1:94:fc:aa:10:cb:33:af:c4:
                    a1:eb:41:57:30:49:15:e5:b9:67:8a:c7:4b:0d:c2:
                    10:6b:6e:00:f7:62:39:32:1d:2b:d9:92:9d:bf:bb:
                    20:9d:9c:2b:4f:a5:58:35:5e:ff:96:b1:a0:90:44:
                    db:26:92:13:19:d6:b4:36:c8:49:96:8f:f2:3b:76:
                    a5:d5:f9:b3:28:7a:50:db:5d:f8:98:5d:77:9f:8d:
                    e8:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:DF:FA:5C:C8:A3:7E:7F:7E:B7:90:29:C5:DA:A8:AD:5E:DE:8F:79
            X509v3 Authority Key Identifier:
                keyid:E1:68:E3:6B:A5:77:ED:47:E6:92:87:29:69:19:91:E4:E7:F2:35:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Wjja6V37UfmkocpaRmR5OfyNdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/qt_6XMijfn9-t5ApxdqorV7ej3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/4Wjja6V37UfmkocpaRmR5OfyNdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.11.0/24
                IPv6:
                  2a0b:60c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         04:55:2b:19:e4:a9:41:5b:7d:e5:71:90:57:f2:12:a9:b5:30:
         8a:a6:12:be:04:87:64:f8:65:de:d5:31:45:5a:a2:1b:b2:87:
         80:23:e4:3d:69:8a:57:35:0b:0e:56:a8:5b:ad:73:25:39:5c:
         05:37:a3:cd:f6:2c:a6:4d:54:68:d3:f5:fb:c3:e2:e6:af:1c:
         c7:aa:65:d7:14:2b:ec:bb:2b:d1:f5:ad:2c:4b:65:32:3f:f4:
         8a:7a:d3:c0:a5:e4:bb:18:c7:ca:19:46:07:3a:c5:30:3f:8a:
         5e:80:6a:8f:4d:e7:88:86:69:ba:cc:c3:40:70:59:bd:92:dc:
         2b:2c:bd:55:23:37:fd:95:ee:fa:34:dc:6e:4e:c5:0e:48:2e:
         c9:2d:39:23:22:20:51:d6:f3:ea:9d:27:59:37:81:21:e4:7e:
         f8:24:63:0f:b9:24:70:f7:62:a3:e5:6c:d4:4a:9f:c5:fb:f1:
         8c:dd:5f:3f:73:11:9c:fb:90:e6:0c:42:f3:59:7c:4b:ce:97:
         5a:c2:9b:b2:21:40:82:15:ae:e1:97:ef:57:e4:13:fc:af:4a:
         d5:57:5b:0a:bb:91:12:ff:65:2f:65:fe:dc:bd:6d:0f:2f:e5:
         85:3e:ae:77:03:02:bb:8f:0c:36:29:22:26:59:63:df:23:78:
         00:31:5d:c9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3KWyKOW4qi2xpKbsrNoyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNjhlMzZiYTU3N2VkNDdlNjkyODcyOTY5MTk5MWU0ZTdm
MjM1ZGEwHhcNMjQwMTAxMTYzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWRmZmE1Y2M4YTM3ZTdmN2ViNzkwMjljNWRhYThhZDVlZGU4Zjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8SVEu541DBjl8g8EGuD8qJrGBeD
DSLTdAJkiD1asUWLso0KXPlbtwjcun41OkzJywa9DwuDX+oovYU6wYm6V7hPpEO3
TZn2zJixzkc265YA9/jjh3OJyPxkBKpsRer2qmovzBtjnIQ1tEBqhazQKDL7XM3w
ndQtdpWHxDIlQxvwXW5FNKnZfornDMRhTiRoISfWb3wf9YnKGyCdRhQQbIuOMHHN
Ra25dNjxlPyqEMszr8Sh60FXMEkV5blnisdLDcIQa24A92I5Mh0r2ZKdv7sgnZwr
T6VYNV7/lrGgkETbJpITGda0NshJlo/yO3al1fmzKHpQ2134mF13n43opQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKrf+lzIo35/freQKcXaqK1e3o95MB8GA1UdIwQY
MBaAFOFo42uld+1H5pKHKWkZkeTn8jXaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFdqamE2VjM3VWZta29jcGFSbVI1T2Z5TmRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny85YTI5N2QtY2VlNS00YzkzLWIyNTgt
Y2I0YmFiZTlkYzhmLzEvcXRfNlhNaWpmbjktdDVBcHhkcW9yVjdlajNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny85YTI5N2QtY2VlNS00YzkzLWIyNTgtY2I0YmFiZTlkYzhm
LzEvNFdqamE2VjM3VWZta29jcGFSbVI1T2Z5TmRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudMLMA0E
AgACMAcDBQMqC2DAMA0GCSqGSIb3DQEBCwUAA4IBAQAEVSsZ5KlBW33lcZBX8hKp
tTCKphK+BIdk+GXe1TFFWqIbsoeAI+Q9aYpXNQsOVqhbrXMlOVwFN6PN9iymTVRo
0/X7w+LmrxzHqmXXFCvsuyvR9a0sS2UyP/SKetPApeS7GMfKGUYHOsUwP4pegGqP
TeeIhmm6zMNAcFm9ktwrLL1VIzf9le76NNxuTsUOSC7JLTkjIiBR1vPqnSdZN4Eh
5H74JGMPuSRw92Kj5WzUSp/F+/GM3V8/cxGc+5DmDELzWXxLzpdawpuyIUCCFa7h
l+9X5BP8r0rVV1sKu5ES/2UvZf7cvW0PL+WFPq53AwK7jww2KSImWWPfI3gAMV3J
-----END CERTIFICATE-----