Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/9ea369-a28c-4c7e-9a15-c4292fac9be8/1/Q7Qtr_r5E4JdawD7HHw4rv0d_ys.roa
File:                     Q7Qtr_r5E4JdawD7HHw4rv0d_ys.roa (raw, json)
Hash identifier:          fo6B0rrNbwoo760Z//yUvBVHssGfZ0jt82e5QpX+yD0=
Subject key identifier:   43:B4:2D:AF:FA:F9:13:82:5D:6B:00:FB:1C:7C:38:AE:FD:1D:FF:2B
Certificate issuer:       /CN=447f9143ea55358fbd62fa5644547460172e1afd
Certificate serial:       0191E6C4E44B823EDB9A4A12F621DBB6ED03
Authority key identifier: 44:7F:91:43:EA:55:35:8F:BD:62:FA:56:44:54:74:60:17:2E:1A:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RH-RQ-pVNY-9YvpWRFR0YBcuGv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/9ea369-a28c-4c7e-9a15-c4292fac9be8/1/Q7Qtr_r5E4JdawD7HHw4rv0d_ys.roa
Signing time:             Thu 12 Sep 2024 15:05:48 +0000
ROA not before:           Thu 12 Sep 2024 15:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57419
IP address blocks:        91.199.204.0/24 maxlen: 24
                          185.207.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/9ea369-a28c-4c7e-9a15-c4292fac9be8/1/RH-RQ-pVNY-9YvpWRFR0YBcuGv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/9ea369-a28c-4c7e-9a15-c4292fac9be8/1/RH-RQ-pVNY-9YvpWRFR0YBcuGv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RH-RQ-pVNY-9YvpWRFR0YBcuGv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e6:c4:e4:4b:82:3e:db:9a:4a:12:f6:21:db:b6:ed:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=447f9143ea55358fbd62fa5644547460172e1afd
        Validity
            Not Before: Sep 12 15:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43b42daffaf913825d6b00fb1c7c38aefd1dff2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:6b:e6:7c:75:0e:dc:97:ca:e4:98:84:d6:69:
                    e2:42:43:4f:c0:f8:42:a6:17:e7:97:dd:7f:d2:ff:
                    1a:52:6a:55:d2:13:ad:42:65:d1:d4:b2:cf:c9:d2:
                    8b:ca:e3:96:c5:6b:d5:d0:bf:a8:c1:b5:4b:92:c9:
                    e7:66:aa:48:53:ad:6c:d6:8a:a1:f8:54:83:2c:11:
                    17:80:b7:e6:06:3f:52:b1:b0:19:0d:9b:e8:3a:a0:
                    44:10:77:5d:7c:dd:0f:01:b9:6b:c9:15:3c:c1:a9:
                    c0:41:01:a5:58:86:6c:5c:e3:2e:59:44:8a:1b:d3:
                    09:d8:1e:e5:b0:e2:24:d0:c0:c0:ee:f1:ff:66:cf:
                    69:59:72:05:d6:c5:9f:45:eb:6a:a5:f7:bd:63:e7:
                    b5:d9:b6:2f:84:f4:df:cf:eb:15:da:5e:48:8a:28:
                    e6:a6:17:af:5a:11:47:09:03:44:68:8e:51:6c:8e:
                    c6:64:9d:2a:49:d4:3e:25:bf:3e:17:18:9f:be:d1:
                    99:7d:70:3f:73:d2:42:7f:57:c8:b3:77:20:bb:a4:
                    99:4b:d0:15:23:1e:fd:b7:74:ea:32:e7:ad:fc:ff:
                    7d:0e:f1:6e:35:58:41:9c:76:40:87:9b:2d:f4:66:
                    f8:6d:a0:8d:91:03:98:8e:71:33:19:99:4d:5d:0b:
                    8b:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:B4:2D:AF:FA:F9:13:82:5D:6B:00:FB:1C:7C:38:AE:FD:1D:FF:2B
            X509v3 Authority Key Identifier:
                keyid:44:7F:91:43:EA:55:35:8F:BD:62:FA:56:44:54:74:60:17:2E:1A:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RH-RQ-pVNY-9YvpWRFR0YBcuGv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/9ea369-a28c-4c7e-9a15-c4292fac9be8/1/Q7Qtr_r5E4JdawD7HHw4rv0d_ys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/9ea369-a28c-4c7e-9a15-c4292fac9be8/1/RH-RQ-pVNY-9YvpWRFR0YBcuGv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.204.0/24
                  185.207.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:e0:9d:1c:12:d8:59:c8:7d:8f:9b:80:51:19:44:6c:7a:3c:
         db:97:ff:e3:a8:de:dd:f7:e1:bd:3a:c3:4a:ff:60:30:a5:34:
         c2:ad:a7:5e:7c:d9:33:33:9b:40:e4:ad:2b:21:9a:a1:1f:33:
         fb:01:94:90:92:4d:41:e3:8c:da:8a:65:a6:43:99:ef:99:1c:
         01:43:00:c2:87:cf:da:87:be:89:4e:51:f4:b2:a2:4e:77:f5:
         39:ba:c6:2f:3d:8a:ce:d1:08:4e:e1:5b:7c:8c:d5:b9:3d:15:
         8f:e8:25:02:92:f1:2c:b4:9c:e0:c4:ad:e0:3f:e6:11:9e:c2:
         19:8f:ef:1e:f8:a7:00:f8:b7:74:26:32:7f:d5:27:4a:75:e4:
         d9:f4:4e:40:5f:f5:86:00:61:de:27:6e:62:d4:a8:24:ef:96:
         09:94:52:a2:f7:f7:9e:b4:48:48:ab:a5:51:ca:71:2a:88:b5:
         1e:01:99:93:e5:3d:3b:99:55:a1:d9:7f:83:7b:34:5c:f7:08:
         44:17:b2:0a:4a:1e:28:60:4e:d7:ad:98:9d:da:70:07:a8:6b:
         0c:9e:56:55:b4:7d:1f:38:29:a9:0c:1d:83:99:83:a6:77:93:
         54:71:eb:b0:07:0e:04:eb:1f:dc:0e:5e:d2:58:2d:6c:8a:6d:
         c5:1b:e7:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZHmxORLgj7bmkoS9iHbtu0DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0N2Y5MTQzZWE1NTM1OGZiZDYyZmE1NjQ0NTQ3NDYwMTcy
ZTFhZmQwHhcNMjQwOTEyMTUwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2I0MmRhZmZhZjkxMzgyNWQ2YjAwZmIxYzdjMzhhZWZkMWRmZjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0GvmfHUO3JfK5JiE1mniQkNPwPhC
phfnl91/0v8aUmpV0hOtQmXR1LLPydKLyuOWxWvV0L+owbVLksnnZqpIU61s1oqh
+FSDLBEXgLfmBj9SsbAZDZvoOqBEEHddfN0PAblryRU8wanAQQGlWIZsXOMuWUSK
G9MJ2B7lsOIk0MDA7vH/Zs9pWXIF1sWfRetqpfe9Y+e12bYvhPTfz+sV2l5Iiijm
phevWhFHCQNEaI5RbI7GZJ0qSdQ+Jb8+FxifvtGZfXA/c9JCf1fIs3cgu6SZS9AV
Ix79t3TqMuet/P99DvFuNVhBnHZAh5st9Gb4baCNkQOYjnEzGZlNXQuLZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEO0La/6+ROCXWsA+xx8OK79Hf8rMB8GA1UdIwQY
MBaAFER/kUPqVTWPvWL6VkRUdGAXLhr9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkgtUlEtcFZOWS05WXZwV1JGUjBZQmN1R3YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS85ZWEzNjktYTI4Yy00YzdlLTlhMTUt
YzQyOTJmYWM5YmU4LzEvUTdRdHJfcjVFNEpkYXdEN0hIdzRydjBkX3lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS85ZWEzNjktYTI4Yy00YzdlLTlhMTUtYzQyOTJmYWM5YmU4
LzEvUkgtUlEtcFZOWS05WXZwV1JGUjBZQmN1R3YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8fMAwQA
uc8DMA0GCSqGSIb3DQEBCwUAA4IBAQAM4J0cEthZyH2Pm4BRGURsejzbl//jqN7d
9+G9OsNK/2AwpTTCradefNkzM5tA5K0rIZqhHzP7AZSQkk1B44zaimWmQ5nvmRwB
QwDCh8/ah76JTlH0sqJOd/U5usYvPYrO0QhO4Vt8jNW5PRWP6CUCkvEstJzgxK3g
P+YRnsIZj+8e+KcA+Ld0JjJ/1SdKdeTZ9E5AX/WGAGHeJ25i1Kgk75YJlFKi9/ee
tEhIq6VRynEqiLUeAZmT5T07mVWh2X+DezRc9whEF7IKSh4oYE7XrZid2nAHqGsM
nlZVtH0fOCmpDB2DmYOmd5NUceuwBw4E6x/cDl7SWC1sim3FG+cZ
-----END CERTIFICATE-----