Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Q0R-eTWECQMm2DDpmGB12qymTsA.roa
File:                     Q0R-eTWECQMm2DDpmGB12qymTsA.roa (raw, json)
Hash identifier:          qtSBOZcL+jl8pmBJNi6WgferTxfE4a/QYLHAWBuAggM=
Subject key identifier:   43:44:7E:79:35:84:09:03:26:D8:30:E9:98:60:75:DA:AC:A6:4E:C0
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7F965FDCDACFDC0FBF438E8615B3F819
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Q0R-eTWECQMm2DDpmGB12qymTsA.roa
Signing time:             Wed 27 Mar 2024 11:05:45 +0000
ROA not before:           Wed 27 Mar 2024 11:05:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10474
IP address blocks:        2.17.204.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:96:5f:dc:da:cf:dc:0f:bf:43:8e:86:15:b3:f8:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 27 11:05:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43447e793584090326d830e9986075daaca64ec0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:18:08:cf:00:3d:6d:2c:70:7f:72:6d:14:72:
                    9a:89:60:9a:80:87:ab:0c:1d:32:42:07:1f:b4:95:
                    69:ab:bc:f7:26:3e:f5:5d:53:df:f9:29:00:13:bd:
                    c6:2a:f4:3e:11:3b:97:d3:c2:f7:b9:a7:92:06:9e:
                    3f:3d:2b:87:2b:d1:46:05:96:23:27:8d:ea:0b:1e:
                    83:e7:d6:81:25:eb:00:a6:74:07:a3:e4:b9:7e:08:
                    54:c6:22:07:78:52:ee:70:66:4d:1e:c3:0d:a1:67:
                    46:e3:87:5e:5f:1f:6e:31:d0:cb:34:3e:00:0c:a6:
                    7d:d2:3d:51:47:97:2e:b9:a9:8a:af:6a:3d:fe:e7:
                    5c:56:8a:8e:51:cd:54:f3:bd:f8:95:bb:09:1c:99:
                    b1:df:73:9e:d5:42:ea:80:a7:8d:0c:02:3f:6a:f0:
                    df:cd:cb:14:20:9c:37:a5:2f:44:35:ac:14:c8:0f:
                    d4:8e:53:d0:16:be:af:b7:21:99:e9:49:b4:02:b5:
                    75:eb:7e:86:0d:8f:a3:24:c9:41:d2:4f:8e:f7:d9:
                    7b:a7:87:13:a2:83:30:d4:6c:05:82:fb:a6:c7:26:
                    ff:a6:31:2e:62:40:f9:7c:e9:c3:08:c9:00:e9:6d:
                    48:16:c3:14:d4:9c:ff:a2:9b:a8:f9:39:ea:98:0f:
                    da:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:44:7E:79:35:84:09:03:26:D8:30:E9:98:60:75:DA:AC:A6:4E:C0
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Q0R-eTWECQMm2DDpmGB12qymTsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.17.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:6c:3c:9d:c9:e7:ef:34:fc:93:d6:78:94:8e:51:10:30:63:
         d2:bf:48:fd:56:39:01:54:f3:4a:b9:47:8a:c5:8f:40:83:ec:
         69:31:0c:d5:d7:7b:d2:e0:c6:f9:80:22:08:07:0e:39:13:fc:
         d9:8e:83:08:c3:2e:58:59:67:07:35:cb:90:c1:da:16:2c:17:
         89:54:85:0b:91:3c:c7:44:57:2d:18:00:ec:d5:14:f9:b0:7d:
         34:78:9d:59:c8:81:bf:17:d9:6f:8c:e0:cb:ae:4a:89:56:f1:
         87:be:10:01:f5:84:5d:91:76:3e:ab:15:6d:1d:fe:ec:e7:6e:
         3d:a6:8c:61:f9:b5:88:ea:cb:0f:ac:75:e6:b7:7f:d0:e6:9e:
         92:03:af:ed:41:cd:09:51:8e:e2:52:44:36:0b:03:ec:2f:b2:
         6c:4c:a1:24:96:ec:4c:48:a6:ac:4c:93:74:d3:0c:04:ef:89:
         cb:27:b0:24:2c:ce:c8:18:d2:51:b9:4b:28:7a:9c:93:61:9e:
         8f:45:ef:ab:6e:80:05:38:15:da:7c:5b:70:24:90:1c:da:2a:
         a4:a5:79:35:a3:3a:7e:55:9a:1d:c5:3b:6e:3b:35:9b:cd:64:
         0c:cd:1d:dc:aa:04:45:30:d1:92:8c:78:c3:fb:be:ef:cc:89:
         6a:5b:87:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5/ll/c2s/cD79DjoYVs/gZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI3MTEwNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzQ0N2U3OTM1ODQwOTAzMjZkODMwZTk5ODYwNzVkYWFjYTY0ZWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxgIzwA9bSxwf3JtFHKaiWCagIer
DB0yQgcftJVpq7z3Jj71XVPf+SkAE73GKvQ+ETuX08L3uaeSBp4/PSuHK9FGBZYj
J43qCx6D59aBJesApnQHo+S5fghUxiIHeFLucGZNHsMNoWdG44deXx9uMdDLND4A
DKZ90j1RR5cuuamKr2o9/udcVoqOUc1U8734lbsJHJmx33Oe1ULqgKeNDAI/avDf
zcsUIJw3pS9ENawUyA/UjlPQFr6vtyGZ6Um0ArV1636GDY+jJMlB0k+O99l7p4cT
ooMw1GwFgvumxyb/pjEuYkD5fOnDCMkA6W1IFsMU1Jz/opuo+TnqmA/aIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENEfnk1hAkDJtgw6Zhgddqspk7AMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvUTBSLWVUV0VDUU1tMkREcG1HQjEycXltVHNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAhHMMA0G
CSqGSIb3DQEBCwUAA4IBAQCjbDydyefvNPyT1niUjlEQMGPSv0j9VjkBVPNKuUeK
xY9Ag+xpMQzV13vS4Mb5gCIIBw45E/zZjoMIwy5YWWcHNcuQwdoWLBeJVIULkTzH
RFctGADs1RT5sH00eJ1ZyIG/F9lvjODLrkqJVvGHvhAB9YRdkXY+qxVtHf7s5249
poxh+bWI6ssPrHXmt3/Q5p6SA6/tQc0JUY7iUkQ2CwPsL7JsTKEkluxMSKasTJN0
0wwE74nLJ7AkLM7IGNJRuUsoepyTYZ6PRe+rboAFOBXafFtwJJAc2iqkpXk1ozp+
VZodxTtuOzWbzWQMzR3cqgRFMNGSjHjD+77vzIlqW4ek
-----END CERTIFICATE-----