Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/qnUZBYe_-1R1NTzGxxb2zUZPD7I.roa
File:                     qnUZBYe_-1R1NTzGxxb2zUZPD7I.roa (raw, json)
Hash identifier:          1bOBHJdCoXLVJ/3a54RtrLd5wuJJ49kPLZGriJwGwx4=
Subject key identifier:   AA:75:19:05:87:BF:FB:54:75:35:3C:C6:C7:16:F6:CD:46:4F:0F:B2
Certificate issuer:       /CN=1474b6fc67b6b90db311c61fc0e3a9c752833c56
Certificate serial:       018CC4255F19067371796E69189377122AD0
Authority key identifier: 14:74:B6:FC:67:B6:B9:0D:B3:11:C6:1F:C0:E3:A9:C7:52:83:3C:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/qnUZBYe_-1R1NTzGxxb2zUZPD7I.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9051
IP address blocks:        185.127.180.0/24 maxlen: 24
                          185.127.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5f:19:06:73:71:79:6e:69:18:93:77:12:2a:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1474b6fc67b6b90db311c61fc0e3a9c752833c56
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa75190587bffb5475353cc6c716f6cd464f0fb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:54:18:b9:dc:00:fb:5a:3d:4b:d2:ec:f6:bf:
                    41:0c:fa:e7:78:86:c0:34:6a:b2:82:c8:8d:f6:58:
                    d8:35:cf:78:a7:90:9a:d7:9b:40:99:2f:5f:be:98:
                    36:c6:9e:54:af:61:5e:6d:12:e7:7a:49:3b:96:f8:
                    c8:00:ab:4c:7d:90:00:96:07:9e:f6:0a:68:31:37:
                    48:ee:b3:a5:54:a4:e7:e4:36:a1:da:d0:82:10:3e:
                    20:e3:89:13:be:f1:d9:d9:e0:68:de:5c:d3:bf:08:
                    b7:c3:4e:79:01:ae:76:fc:de:14:65:5a:74:59:49:
                    f1:5b:e6:86:cb:04:c9:80:7a:a7:51:7a:fb:30:4d:
                    74:a6:67:c8:ba:f0:ea:56:65:6c:7a:9c:dc:4f:8d:
                    d1:37:c8:d7:e1:3d:cd:f3:c0:63:5e:34:90:a2:73:
                    15:4e:b9:30:b9:ee:83:c9:b8:c2:31:13:42:6b:96:
                    44:13:e9:6f:c0:ce:63:4b:f5:77:f1:ed:dc:03:5b:
                    25:09:d2:c8:06:a2:a1:2d:53:fc:9b:56:0d:67:2b:
                    3a:f3:7e:7c:48:57:7c:48:5b:84:1b:85:f4:f0:ae:
                    c0:61:da:fc:bd:db:2e:92:35:6b:51:93:54:ee:e0:
                    df:f1:1c:60:4a:d9:b3:21:00:8c:f7:8a:3d:d3:23:
                    e0:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:75:19:05:87:BF:FB:54:75:35:3C:C6:C7:16:F6:CD:46:4F:0F:B2
            X509v3 Authority Key Identifier:
                keyid:14:74:B6:FC:67:B6:B9:0D:B3:11:C6:1F:C0:E3:A9:C7:52:83:3C:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/qnUZBYe_-1R1NTzGxxb2zUZPD7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:1a:43:07:89:41:d3:04:ec:27:1a:ac:11:0e:5b:ab:e2:3b:
         f2:e8:df:d3:4f:f4:1d:a0:8c:8a:71:a3:5f:ad:56:d0:af:47:
         69:43:34:ec:67:6c:d4:ac:5f:99:ac:20:af:49:b0:a2:34:7a:
         00:80:be:8d:b4:5d:d0:12:56:59:37:65:eb:6c:c9:8e:80:e5:
         08:c1:b7:2e:7d:56:ec:e6:92:b1:6b:af:86:56:88:f4:62:f6:
         94:04:1e:4c:e8:98:00:15:74:db:df:3e:82:bb:e2:42:f4:31:
         62:ad:8a:a8:2e:1b:60:6e:07:9a:a9:47:ba:8e:f0:17:9e:f4:
         e8:e2:76:06:37:0d:51:f2:c7:36:ab:14:82:4c:3d:a9:98:8f:
         6d:23:20:46:5c:79:ee:14:09:46:ae:ca:92:b1:af:5d:d8:2d:
         af:36:f5:a7:ab:3c:75:e7:9d:2c:0c:b9:7e:ef:e5:91:e6:5d:
         6a:d6:5f:cd:f4:f5:d6:dd:f3:a9:4f:31:ee:a0:96:b7:9b:0f:
         30:6a:59:c7:0d:61:d6:2d:37:df:22:4d:1b:0c:d3:43:d5:70:
         15:b7:7d:f3:27:67:64:2e:2b:38:07:7b:3f:1d:4c:06:8a:bb:
         a7:40:b4:7e:fd:02:86:4b:ca:a6:f6:48:2d:b1:0f:b3:7e:b9:
         47:c2:3e:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJV8ZBnNxeW5pGJN3EirQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NzRiNmZjNjdiNmI5MGRiMzExYzYxZmMwZTNhOWM3NTI4
MzNjNTYwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTc1MTkwNTg3YmZmYjU0NzUzNTNjYzZjNzE2ZjZjZDQ2NGYwZmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2lQYudwA+1o9S9Ls9r9BDPrneIbA
NGqygsiN9ljYNc94p5Ca15tAmS9fvpg2xp5Ur2FebRLnekk7lvjIAKtMfZAAlgee
9gpoMTdI7rOlVKTn5Dah2tCCED4g44kTvvHZ2eBo3lzTvwi3w055Aa52/N4UZVp0
WUnxW+aGywTJgHqnUXr7ME10pmfIuvDqVmVsepzcT43RN8jX4T3N88BjXjSQonMV
Trkwue6DybjCMRNCa5ZEE+lvwM5jS/V38e3cA1slCdLIBqKhLVP8m1YNZys68358
SFd8SFuEG4X08K7AYdr8vdsukjVrUZNU7uDf8RxgStmzIQCM94o90yPg5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKp1GQWHv/tUdTU8xscW9s1GTw+yMB8GA1UdIwQY
MBaAFBR0tvxntrkNsxHGH8DjqcdSgzxWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkhTMl9HZTJ1UTJ6RWNZZndPT3B4MUtEUEZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9iMWI0MWQtZDg4Ni00NDJhLTk1MjQt
OGM1NmQ4ZmUxN2I1LzEvcW5VWkJZZV8tMVIxTlR6R3h4YjJ6VVpQRDdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9iMWI0MWQtZDg4Ni00NDJhLTk1MjQtOGM1NmQ4ZmUxN2I1
LzEvRkhTMl9HZTJ1UTJ6RWNZZndPT3B4MUtEUEZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuX+0MA0G
CSqGSIb3DQEBCwUAA4IBAQB5GkMHiUHTBOwnGqwRDlur4jvy6N/TT/QdoIyKcaNf
rVbQr0dpQzTsZ2zUrF+ZrCCvSbCiNHoAgL6NtF3QElZZN2XrbMmOgOUIwbcufVbs
5pKxa6+GVoj0YvaUBB5M6JgAFXTb3z6Cu+JC9DFirYqoLhtgbgeaqUe6jvAXnvTo
4nYGNw1R8sc2qxSCTD2pmI9tIyBGXHnuFAlGrsqSsa9d2C2vNvWnqzx1550sDLl+
7+WR5l1q1l/N9PXW3fOpTzHuoJa3mw8walnHDWHWLTffIk0bDNND1XAVt33zJ2dk
Lis4B3s/HUwGirunQLR+/QKGS8qm9kgtsQ+zfrlHwj7W
-----END CERTIFICATE-----