Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/fba2cd-4868-4254-b1e9-cad30099ab1e/1/QJg-CbaRmp7x7cWECceto1So7ig.roa
File:                     QJg-CbaRmp7x7cWECceto1So7ig.roa (raw, json)
Hash identifier:          VCDbu3ps5PQjvpKEg6A+yNRmqHLrVBgU+3KXmVTaxIg=
Subject key identifier:   40:98:3E:09:B6:91:9A:9E:F1:ED:C5:84:09:C7:AD:A3:54:A8:EE:28
Certificate issuer:       /CN=8cd2d0277ce991213e67b7bbdc7650490f8a31bf
Certificate serial:       018CC348AA2065CE33B1ECE8F684F21DA346
Authority key identifier: 8C:D2:D0:27:7C:E9:91:21:3E:67:B7:BB:DC:76:50:49:0F:8A:31:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jNLQJ3zpkSE-Z7e73HZQSQ-KMb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/fba2cd-4868-4254-b1e9-cad30099ab1e/1/QJg-CbaRmp7x7cWECceto1So7ig.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59437
IP address blocks:        91.194.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/fba2cd-4868-4254-b1e9-cad30099ab1e/1/jNLQJ3zpkSE-Z7e73HZQSQ-KMb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/fba2cd-4868-4254-b1e9-cad30099ab1e/1/jNLQJ3zpkSE-Z7e73HZQSQ-KMb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jNLQJ3zpkSE-Z7e73HZQSQ-KMb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:aa:20:65:ce:33:b1:ec:e8:f6:84:f2:1d:a3:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cd2d0277ce991213e67b7bbdc7650490f8a31bf
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40983e09b6919a9ef1edc58409c7ada354a8ee28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a7:07:dd:b2:34:8e:98:3e:b0:86:e8:6c:9e:
                    86:7e:d1:f7:e9:70:ee:cb:80:61:e5:34:ea:e5:a2:
                    1f:dd:12:1c:e2:8e:22:ce:1b:dc:72:f5:cd:af:c0:
                    cd:db:72:be:d0:cd:cf:28:18:9b:db:88:e2:62:ca:
                    a2:24:54:ff:89:a7:b2:1c:e1:4c:27:1b:78:c0:ff:
                    59:52:31:4a:4e:44:da:4e:53:cb:89:63:6f:9e:3b:
                    00:f4:a0:9c:ee:4d:c0:e6:57:6a:86:8f:91:38:81:
                    63:77:77:0b:c6:07:7d:44:37:6f:1f:fe:de:36:83:
                    13:fb:89:6a:0e:1b:0a:74:08:c3:eb:c9:a4:a4:a8:
                    f6:47:a8:7f:bf:fe:84:27:8f:8e:11:6a:71:53:81:
                    9e:69:7f:cf:ed:17:21:1b:a5:0c:d8:fa:c3:9b:6c:
                    c9:22:90:f2:dc:43:d1:a8:35:4e:3e:a9:ae:56:07:
                    5b:7e:ba:03:fa:d3:6b:4b:08:bd:7a:74:27:04:b2:
                    ab:03:1f:09:f4:a0:a0:40:c5:31:41:13:2d:fa:50:
                    0c:2c:7a:b2:81:d3:38:d5:4c:88:e7:e5:a3:6d:07:
                    cb:25:73:b6:cf:1f:29:e4:f9:2d:47:b5:d9:29:21:
                    41:bc:93:6c:97:c6:fb:0e:20:af:af:c0:e4:3c:2e:
                    ca:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:98:3E:09:B6:91:9A:9E:F1:ED:C5:84:09:C7:AD:A3:54:A8:EE:28
            X509v3 Authority Key Identifier:
                keyid:8C:D2:D0:27:7C:E9:91:21:3E:67:B7:BB:DC:76:50:49:0F:8A:31:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jNLQJ3zpkSE-Z7e73HZQSQ-KMb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/fba2cd-4868-4254-b1e9-cad30099ab1e/1/QJg-CbaRmp7x7cWECceto1So7ig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/fba2cd-4868-4254-b1e9-cad30099ab1e/1/jNLQJ3zpkSE-Z7e73HZQSQ-KMb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:dd:55:38:31:a1:a2:94:32:4b:a8:c1:59:ec:27:5c:b9:03:
         df:d4:5f:46:e3:2d:54:57:96:59:a6:6d:2d:09:fa:99:53:10:
         73:d4:15:52:d0:82:af:1f:3a:8d:f9:41:69:06:d2:aa:2f:2a:
         0e:20:21:2b:f8:07:94:e2:ed:63:84:1f:f5:b8:bd:4d:57:65:
         2f:df:cb:5a:c9:09:d3:dc:8e:ad:56:d8:16:6c:97:59:35:99:
         79:86:3f:e3:d2:14:6c:e9:60:19:b3:63:c2:24:75:9f:a5:0c:
         a7:87:e3:dd:67:63:29:f2:96:37:9d:c9:0b:9a:81:2f:82:9d:
         fc:74:31:47:c9:fc:ce:fe:42:9e:d0:90:a0:b7:21:8e:27:64:
         95:1c:c1:36:50:82:0c:49:59:6c:e2:ef:1c:86:67:b1:17:70:
         91:04:4e:5a:8d:11:b0:b3:c3:df:4f:36:54:2f:45:d6:01:7d:
         0e:6b:cb:93:39:33:ae:13:e9:ba:4a:15:d0:04:e7:0a:a4:61:
         23:9f:df:3e:02:80:8a:df:04:6b:94:c1:29:22:b2:2c:2d:1e:
         b1:89:3a:e2:de:45:18:eb:69:3c:4a:7a:71:15:31:74:93:a6:
         e2:09:a6:21:89:64:ad:bc:2a:12:f6:8b:4e:df:af:14:8f:6e:
         c5:51:e5:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKogZc4zsezo9oTyHaNGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZDJkMDI3N2NlOTkxMjEzZTY3YjdiYmRjNzY1MDQ5MGY4
YTMxYmYwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDk4M2UwOWI2OTE5YTllZjFlZGM1ODQwOWM3YWRhMzU0YThlZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqcH3bI0jpg+sIbobJ6GftH36XDu
y4Bh5TTq5aIf3RIc4o4izhvccvXNr8DN23K+0M3PKBib24jiYsqiJFT/iaeyHOFM
Jxt4wP9ZUjFKTkTaTlPLiWNvnjsA9KCc7k3A5ldqho+ROIFjd3cLxgd9RDdvH/7e
NoMT+4lqDhsKdAjD68mkpKj2R6h/v/6EJ4+OEWpxU4GeaX/P7RchG6UM2PrDm2zJ
IpDy3EPRqDVOPqmuVgdbfroD+tNrSwi9enQnBLKrAx8J9KCgQMUxQRMt+lAMLHqy
gdM41UyI5+WjbQfLJXO2zx8p5PktR7XZKSFBvJNsl8b7DiCvr8DkPC7KWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECYPgm2kZqe8e3FhAnHraNUqO4oMB8GA1UdIwQY
MBaAFIzS0Cd86ZEhPme3u9x2UEkPijG/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak5MUUozenBrU0UtWjdlNzNIWlFTUS1LTWI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9mYmEyY2QtNDg2OC00MjU0LWIxZTkt
Y2FkMzAwOTlhYjFlLzEvUUpnLUNiYVJtcDd4N2NXRUNjZXRvMVNvN2lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9mYmEyY2QtNDg2OC00MjU0LWIxZTktY2FkMzAwOTlhYjFl
LzEvak5MUUozenBrU0UtWjdlNzNIWlFTUS1LTWI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8LIMA0G
CSqGSIb3DQEBCwUAA4IBAQBz3VU4MaGilDJLqMFZ7CdcuQPf1F9G4y1UV5ZZpm0t
CfqZUxBz1BVS0IKvHzqN+UFpBtKqLyoOICEr+AeU4u1jhB/1uL1NV2Uv38tayQnT
3I6tVtgWbJdZNZl5hj/j0hRs6WAZs2PCJHWfpQynh+PdZ2Mp8pY3nckLmoEvgp38
dDFHyfzO/kKe0JCgtyGOJ2SVHME2UIIMSVls4u8chmexF3CRBE5ajRGws8PfTzZU
L0XWAX0Oa8uTOTOuE+m6ShXQBOcKpGEjn98+AoCK3wRrlMEpIrIsLR6xiTri3kUY
62k8SnpxFTF0k6biCaYhiWStvCoS9otO368Uj27FUeVF
-----END CERTIFICATE-----