Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/34e076-5989-402d-96de-e88695fdd6e5/1/qqxZHEfE3BM1CD-bU9ghbsmV2_8.roa
File:                     qqxZHEfE3BM1CD-bU9ghbsmV2_8.roa (raw, json)
Hash identifier:          MZr3hrKxpbDbL2XbXqAs+TriwwJIe65qIDeWX57mFgI=
Subject key identifier:   AA:AC:59:1C:47:C4:DC:13:35:08:3F:9B:53:D8:21:6E:C9:95:DB:FF
Certificate issuer:       /CN=7c55752b7d6fce7286b1a1a2e43bc86d4584e83f
Certificate serial:       018CC2DB22F6C065FA61A7F72DA38A103374
Authority key identifier: 7C:55:75:2B:7D:6F:CE:72:86:B1:A1:A2:E4:3B:C8:6D:45:84:E8:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fFV1K31vznKGsaGi5DvIbUWE6D8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/34e076-5989-402d-96de-e88695fdd6e5/1/qqxZHEfE3BM1CD-bU9ghbsmV2_8.roa
Signing time:             Mon 01 Jan 2024 02:29:50 +0000
ROA not before:           Mon 01 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209061
IP address blocks:        185.223.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/34e076-5989-402d-96de-e88695fdd6e5/1/fFV1K31vznKGsaGi5DvIbUWE6D8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/34e076-5989-402d-96de-e88695fdd6e5/1/fFV1K31vznKGsaGi5DvIbUWE6D8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fFV1K31vznKGsaGi5DvIbUWE6D8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:22:f6:c0:65:fa:61:a7:f7:2d:a3:8a:10:33:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c55752b7d6fce7286b1a1a2e43bc86d4584e83f
        Validity
            Not Before: Jan  1 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aaac591c47c4dc1335083f9b53d8216ec995dbff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:03:21:08:4a:70:8b:a8:e3:97:4c:fa:da:18:
                    e8:e7:10:51:b0:ec:ef:0c:54:32:46:26:86:27:27:
                    fb:a8:36:f1:56:cd:93:86:44:68:12:2b:28:ac:6f:
                    fd:ae:30:a0:8e:ae:82:5d:8d:df:a5:6e:c8:97:9d:
                    06:25:2c:6d:b4:1b:9d:ba:aa:70:f2:e1:05:92:5f:
                    22:f7:a3:eb:66:b3:9b:9b:f6:38:79:7f:48:f3:84:
                    ac:07:85:39:6e:eb:b3:3b:bf:d1:6a:3d:81:70:a3:
                    77:ca:ce:68:11:16:0b:b7:2f:21:b4:8b:d6:ae:eb:
                    fe:a8:24:9a:3b:be:e8:7d:e4:08:90:d6:06:e2:f2:
                    3f:ac:ea:98:6e:02:5e:43:a7:b4:aa:a2:8e:19:d7:
                    b2:e5:e8:a0:db:17:3d:f7:68:50:5b:1e:6d:33:d1:
                    a4:c3:7e:64:dc:80:19:98:18:f7:2b:9d:b4:73:80:
                    94:b2:ce:07:1a:1c:9f:46:c4:8c:ba:6e:31:69:09:
                    f0:a7:e0:6d:49:57:07:1f:6e:44:48:6a:ec:ee:fe:
                    28:82:ab:9b:21:41:e4:f7:cd:fe:3a:98:ca:d2:01:
                    41:cc:b7:ab:ba:16:45:af:56:71:11:c2:24:1c:da:
                    24:af:cb:b6:c1:f5:93:99:b2:30:d7:bf:dd:ef:18:
                    2f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:AC:59:1C:47:C4:DC:13:35:08:3F:9B:53:D8:21:6E:C9:95:DB:FF
            X509v3 Authority Key Identifier:
                keyid:7C:55:75:2B:7D:6F:CE:72:86:B1:A1:A2:E4:3B:C8:6D:45:84:E8:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fFV1K31vznKGsaGi5DvIbUWE6D8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/34e076-5989-402d-96de-e88695fdd6e5/1/qqxZHEfE3BM1CD-bU9ghbsmV2_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/34e076-5989-402d-96de-e88695fdd6e5/1/fFV1K31vznKGsaGi5DvIbUWE6D8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:5d:85:c2:68:c1:45:63:1b:cb:0f:60:d8:a6:42:94:ee:1f:
         83:0d:e3:e9:9f:ab:af:c2:da:2a:d1:c0:78:78:d7:03:e9:ba:
         dd:e7:70:d6:a7:fc:8a:95:cb:2f:f1:7e:36:b6:34:5f:77:8b:
         5a:56:f9:22:f0:45:e5:1c:81:b8:7f:22:73:a2:4c:c5:b7:a1:
         5a:d6:a0:86:f8:7b:de:0b:f8:43:c2:12:ab:8f:fc:bb:82:ca:
         81:94:74:2a:1a:e8:a3:c4:e7:d4:8e:34:17:9c:b6:ec:b6:64:
         e6:d8:78:30:74:a6:f6:38:fa:e9:51:17:b8:02:93:c0:40:00:
         31:00:5c:39:36:01:c9:51:78:1f:66:2e:52:68:31:57:ac:39:
         51:25:df:fa:fb:ba:3e:83:e8:e5:c5:38:17:67:53:8f:4e:b7:
         b1:4b:2a:7f:5b:ec:78:d0:75:c4:9a:56:c8:d1:00:d0:4b:11:
         1b:ef:7d:6d:97:40:5c:7d:82:95:0d:4d:4d:07:42:85:ff:36:
         47:09:3e:35:d3:c1:78:74:d1:2d:7f:fd:27:3d:01:9c:99:96:
         d5:84:fe:20:a6:5d:0b:74:87:6d:f3:21:84:47:71:b9:c3:20:
         87:5a:17:c3:80:d8:67:e3:6c:dd:b1:ac:10:b9:5b:e8:72:3d:
         d0:e6:5e:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yL2wGX6Yaf3LaOKEDN0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNTU3NTJiN2Q2ZmNlNzI4NmIxYTFhMmU0M2JjODZkNDU4
NGU4M2YwHhcNMjQwMTAxMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWFjNTkxYzQ3YzRkYzEzMzUwODNmOWI1M2Q4MjE2ZWM5OTVkYmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgMhCEpwi6jjl0z62hjo5xBRsOzv
DFQyRiaGJyf7qDbxVs2ThkRoEisorG/9rjCgjq6CXY3fpW7Il50GJSxttBuduqpw
8uEFkl8i96PrZrObm/Y4eX9I84SsB4U5buuzO7/Raj2BcKN3ys5oERYLty8htIvW
ruv+qCSaO77ofeQIkNYG4vI/rOqYbgJeQ6e0qqKOGdey5eig2xc992hQWx5tM9Gk
w35k3IAZmBj3K520c4CUss4HGhyfRsSMum4xaQnwp+BtSVcHH25ESGrs7v4ogqub
IUHk983+OpjK0gFBzLeruhZFr1ZxEcIkHNokr8u2wfWTmbIw17/d7xgvRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqsWRxHxNwTNQg/m1PYIW7Jldv/MB8GA1UdIwQY
MBaAFHxVdSt9b85yhrGhouQ7yG1FhOg/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkZWMUszMXZ6bktHc2FHaTVEdkliVVdFNkQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8zNGUwNzYtNTk4OS00MDJkLTk2ZGUt
ZTg4Njk1ZmRkNmU1LzEvcXF4WkhFZkUzQk0xQ0QtYlU5Z2hic21WMl84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8zNGUwNzYtNTk4OS00MDJkLTk2ZGUtZTg4Njk1ZmRkNmU1
LzEvZkZWMUszMXZ6bktHc2FHaTVEdkliVVdFNkQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud/XMA0G
CSqGSIb3DQEBCwUAA4IBAQBEXYXCaMFFYxvLD2DYpkKU7h+DDePpn6uvwtoq0cB4
eNcD6brd53DWp/yKlcsv8X42tjRfd4taVvki8EXlHIG4fyJzokzFt6Fa1qCG+Hve
C/hDwhKrj/y7gsqBlHQqGuijxOfUjjQXnLbstmTm2HgwdKb2OPrpURe4ApPAQAAx
AFw5NgHJUXgfZi5SaDFXrDlRJd/6+7o+g+jlxTgXZ1OPTrexSyp/W+x40HXEmlbI
0QDQSxEb731tl0BcfYKVDU1NB0KF/zZHCT4108F4dNEtf/0nPQGcmZbVhP4gpl0L
dIdt8yGER3G5wyCHWhfDgNhn42zdsawQuVvocj3Q5l67
-----END CERTIFICATE-----