Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/9fe53d-eb4e-4e6b-9022-e322087870d2/1/QXIK2rVLpvNjuX6Q2eq1dxLZN_I.roa
File:                     QXIK2rVLpvNjuX6Q2eq1dxLZN_I.roa (raw, json)
Hash identifier:          RvfYy+66R0rGnzfNms2uuGCC7EdOA/ftCQWTOdK1Yh4=
Subject key identifier:   41:72:0A:DA:B5:4B:A6:F3:63:B9:7E:90:D9:EA:B5:77:12:D9:37:F2
Certificate issuer:       /CN=8ff85eff2448c73646e354afea641bcf79e7c7f9
Certificate serial:       018DF3D77E70A9A7F9C8853426A3606875CC
Authority key identifier: 8F:F8:5E:FF:24:48:C7:36:46:E3:54:AF:EA:64:1B:CF:79:E7:C7:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j_he_yRIxzZG41Sv6mQbz3nnx_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/9fe53d-eb4e-4e6b-9022-e322087870d2/1/QXIK2rVLpvNjuX6Q2eq1dxLZN_I.roa
Signing time:             Thu 29 Feb 2024 07:50:02 +0000
ROA not before:           Thu 29 Feb 2024 07:50:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197838
IP address blocks:        91.228.8.0/23 maxlen: 23
                          94.154.16.0/21 maxlen: 21
                          2001:678:a74::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/9fe53d-eb4e-4e6b-9022-e322087870d2/1/j_he_yRIxzZG41Sv6mQbz3nnx_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/9fe53d-eb4e-4e6b-9022-e322087870d2/1/j_he_yRIxzZG41Sv6mQbz3nnx_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j_he_yRIxzZG41Sv6mQbz3nnx_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f3:d7:7e:70:a9:a7:f9:c8:85:34:26:a3:60:68:75:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ff85eff2448c73646e354afea641bcf79e7c7f9
        Validity
            Not Before: Feb 29 07:50:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41720adab54ba6f363b97e90d9eab57712d937f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:01:b9:72:22:0a:7f:43:e5:16:ae:dd:12:1d:
                    5b:16:f9:d7:39:5f:1b:04:9f:20:34:f5:68:7e:52:
                    83:b7:44:a3:d2:26:f8:46:0b:86:b1:4c:95:2e:dd:
                    cb:69:b8:18:41:4b:c4:b8:27:71:c2:5c:bc:f0:84:
                    1f:45:29:81:dd:27:c1:fc:1f:12:8a:9b:94:38:6e:
                    aa:f2:25:c3:f0:ca:5c:78:a0:20:2b:4b:14:ed:9b:
                    61:2c:f6:30:bb:04:6d:62:da:41:c2:84:68:8e:bb:
                    90:36:9d:8f:2e:cc:ca:93:c2:96:6f:ad:b3:68:68:
                    ef:2f:61:8f:3d:af:e3:64:12:d8:2c:04:79:e1:f3:
                    44:40:6d:a2:9e:68:dd:81:b6:71:21:44:a9:14:f1:
                    48:33:10:9e:fe:c6:99:cb:8b:41:1d:c1:c6:1d:07:
                    65:90:45:31:d9:78:85:41:a5:b5:08:0e:7d:47:68:
                    09:5c:57:dd:96:99:51:1a:3b:8c:b3:00:39:e5:03:
                    0e:36:2c:c7:f0:77:79:e3:05:37:55:fe:b8:2e:ca:
                    0a:61:cc:6b:a8:ce:30:1d:ec:52:5e:da:03:72:84:
                    67:e1:20:e1:00:1a:02:0c:17:b1:df:42:c6:7a:31:
                    6c:e2:a1:69:da:ad:64:40:e4:b3:34:d9:27:ef:de:
                    2e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:72:0A:DA:B5:4B:A6:F3:63:B9:7E:90:D9:EA:B5:77:12:D9:37:F2
            X509v3 Authority Key Identifier:
                keyid:8F:F8:5E:FF:24:48:C7:36:46:E3:54:AF:EA:64:1B:CF:79:E7:C7:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j_he_yRIxzZG41Sv6mQbz3nnx_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/9fe53d-eb4e-4e6b-9022-e322087870d2/1/QXIK2rVLpvNjuX6Q2eq1dxLZN_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/9fe53d-eb4e-4e6b-9022-e322087870d2/1/j_he_yRIxzZG41Sv6mQbz3nnx_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.8.0/23
                  94.154.16.0/21
                IPv6:
                  2001:678:a74::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:70:1c:7f:0e:be:af:f8:89:3b:2c:81:91:b7:30:99:41:13:
         78:9b:34:25:0c:f3:37:e1:f5:04:ae:d3:67:ef:a8:d3:e9:4b:
         88:8d:ed:f1:9d:6f:d3:71:c3:0b:17:d9:9f:dc:30:00:ff:12:
         ec:5d:83:63:ff:78:a3:72:bf:e1:87:e6:a1:67:0e:b6:41:89:
         30:ec:8a:cb:15:df:36:3b:54:de:c0:6f:dc:4a:00:cd:b2:3b:
         2a:f9:97:f5:17:2c:a9:47:d5:3b:57:b4:7d:c9:bf:3a:cb:5a:
         74:35:0f:1a:6e:13:a8:00:8c:41:d5:c1:0a:4f:fe:be:d0:91:
         85:40:69:12:bd:58:f2:71:ba:09:ab:75:34:6c:15:7b:31:b6:
         7c:5f:ba:6a:b3:ca:29:5d:19:89:8f:2a:cf:90:4d:9f:fd:94:
         e0:e4:7a:a4:fe:74:54:20:64:57:d3:24:6a:30:0a:e2:b4:af:
         68:c0:19:1b:7f:4f:ef:96:9d:dc:39:43:4f:87:9a:8c:e4:7e:
         a8:32:5d:26:ae:a9:be:5a:8b:e4:cd:40:6c:ca:18:35:35:2c:
         44:9e:27:00:69:c2:c0:7b:5d:6d:fe:7e:09:31:65:65:59:fd:
         c8:7b:5a:9b:ae:99:48:42:2f:67:c0:d5:cd:44:3f:b9:56:75:
         0a:f8:9f:a2
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAY3z135wqaf5yIU0JqNgaHXMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmZjg1ZWZmMjQ0OGM3MzY0NmUzNTRhZmVhNjQxYmNmNzll
N2M3ZjkwHhcNMjQwMjI5MDc1MDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTcyMGFkYWI1NGJhNmYzNjNiOTdlOTBkOWVhYjU3NzEyZDkzN2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQG5ciIKf0PlFq7dEh1bFvnXOV8b
BJ8gNPVoflKDt0Sj0ib4RguGsUyVLt3LabgYQUvEuCdxwly88IQfRSmB3SfB/B8S
ipuUOG6q8iXD8MpceKAgK0sU7ZthLPYwuwRtYtpBwoRojruQNp2PLszKk8KWb62z
aGjvL2GPPa/jZBLYLAR54fNEQG2inmjdgbZxIUSpFPFIMxCe/saZy4tBHcHGHQdl
kEUx2XiFQaW1CA59R2gJXFfdlplRGjuMswA55QMONizH8Hd54wU3Vf64LsoKYcxr
qM4wHexSXtoDcoRn4SDhABoCDBex30LGejFs4qFp2q1kQOSzNNkn794uEQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFEFyCtq1S6bzY7l+kNnqtXcS2TfyMB8GA1UdIwQY
MBaAFI/4Xv8kSMc2RuNUr+pkG89558f5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQval9oZV95Ukl4elpHNDFTdjZtUWJ6M25ueF9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC85ZmU1M2QtZWI0ZS00ZTZiLTkwMjIt
ZTMyMjA4Nzg3MGQyLzEvUVhJSzJyVkxwdk5qdVg2UTJlcTFkeExaTl9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC85ZmU1M2QtZWI0ZS00ZTZiLTkwMjItZTMyMjA4Nzg3MGQy
LzEval9oZV95Ukl4elpHNDFTdjZtUWJ6M25ueF9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBW+QIAwQD
XpoQMA8EAgACMAkDBwAgAQZ4CnQwDQYJKoZIhvcNAQELBQADggEBABRwHH8Ovq/4
iTssgZG3MJlBE3ibNCUM8zfh9QSu02fvqNPpS4iN7fGdb9NxwwsX2Z/cMAD/Euxd
g2P/eKNyv+GH5qFnDrZBiTDsissV3zY7VN7Ab9xKAM2yOyr5l/UXLKlH1TtXtH3J
vzrLWnQ1DxpuE6gAjEHVwQpP/r7QkYVAaRK9WPJxugmrdTRsFXsxtnxfumqzyild
GYmPKs+QTZ/9lODkeqT+dFQgZFfTJGowCuK0r2jAGRt/T++Wndw5Q0+Hmozkfqgy
XSauqb5ai+TNQGzKGDU1LESeJwBpwsB7XW3+fgkxZWVZ/ch7WpuumUhCL2fA1c1E
P7lWdQr4n6I=
-----END CERTIFICATE-----