Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/01bf96-81b6-4e4c-ab80-e0bc41078426/1/K_QaNOCd3y4BWCpscOH5Sp8PXrY.roa
File:                     K_QaNOCd3y4BWCpscOH5Sp8PXrY.roa (raw, json)
Hash identifier:          eVzzQV/1CH7yS24h91yBcbFSiCxpwKrwjOPkfQDI8WM=
Subject key identifier:   2B:F4:1A:34:E0:9D:DF:2E:01:58:2A:6C:70:E1:F9:4A:9F:0F:5E:B6
Certificate issuer:       /CN=dc0f9ea04636d7e71418b93091ccd0e57015be49
Certificate serial:       018CC5010A31677772A313C3F234F12D8074
Authority key identifier: DC:0F:9E:A0:46:36:D7:E7:14:18:B9:30:91:CC:D0:E5:70:15:BE:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3A-eoEY21-cUGLkwkczQ5XAVvkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/01bf96-81b6-4e4c-ab80-e0bc41078426/1/K_QaNOCd3y4BWCpscOH5Sp8PXrY.roa
Signing time:             Mon 01 Jan 2024 12:30:28 +0000
ROA not before:           Mon 01 Jan 2024 12:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41026
IP address blocks:        185.56.244.0/22 maxlen: 22
                          2a02:5660::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/01bf96-81b6-4e4c-ab80-e0bc41078426/1/3A-eoEY21-cUGLkwkczQ5XAVvkk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/01bf96-81b6-4e4c-ab80-e0bc41078426/1/3A-eoEY21-cUGLkwkczQ5XAVvkk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3A-eoEY21-cUGLkwkczQ5XAVvkk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:0a:31:67:77:72:a3:13:c3:f2:34:f1:2d:80:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc0f9ea04636d7e71418b93091ccd0e57015be49
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bf41a34e09ddf2e01582a6c70e1f94a9f0f5eb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a3:de:4a:06:c8:64:1d:f3:93:ef:c7:1e:35:
                    d5:de:4f:ac:9a:48:3e:0a:b4:a5:dd:da:17:5d:e5:
                    b3:b3:11:a1:6f:0e:79:ac:a7:dc:aa:52:df:41:cf:
                    47:1f:7d:dc:4d:89:75:61:38:36:10:0a:99:7b:30:
                    72:7e:f5:17:37:f8:d9:19:83:03:f5:87:3f:2d:7d:
                    da:52:ec:49:34:50:f9:e7:ad:c8:39:f5:bc:a1:f2:
                    46:f8:c8:e1:9c:58:67:c2:90:7d:19:c1:49:48:63:
                    d2:13:14:6c:d8:d0:2d:81:50:4c:00:ec:c8:05:40:
                    84:7a:36:37:61:b7:a2:a5:60:65:16:cc:36:c7:76:
                    86:c4:01:5e:fd:cd:c3:4d:97:64:a8:5f:73:89:33:
                    28:d7:46:86:90:bd:b8:d2:20:bd:f4:15:bb:86:04:
                    f0:63:62:66:59:41:d8:70:6d:48:76:db:a1:7a:50:
                    fa:8e:21:25:97:4f:96:f8:b7:52:40:52:70:8b:f2:
                    d0:1a:f1:bb:ae:93:75:af:b4:0b:79:ab:97:a2:01:
                    c3:c1:66:b0:80:cf:5e:31:25:36:80:f3:43:52:89:
                    a8:0d:fa:df:b7:e3:b2:6a:33:b8:73:11:0f:e6:e4:
                    5f:f4:b0:4a:b8:97:e6:66:48:cf:33:91:47:cf:a7:
                    ee:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:F4:1A:34:E0:9D:DF:2E:01:58:2A:6C:70:E1:F9:4A:9F:0F:5E:B6
            X509v3 Authority Key Identifier:
                keyid:DC:0F:9E:A0:46:36:D7:E7:14:18:B9:30:91:CC:D0:E5:70:15:BE:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3A-eoEY21-cUGLkwkczQ5XAVvkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/01bf96-81b6-4e4c-ab80-e0bc41078426/1/K_QaNOCd3y4BWCpscOH5Sp8PXrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/01bf96-81b6-4e4c-ab80-e0bc41078426/1/3A-eoEY21-cUGLkwkczQ5XAVvkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.244.0/22
                IPv6:
                  2a02:5660::/32

    Signature Algorithm: sha256WithRSAEncryption
         49:03:34:54:ab:7b:42:8b:d2:91:f1:2d:41:c0:a8:89:ac:ee:
         b5:62:5e:f5:40:a2:67:6a:81:00:6e:be:d0:78:a7:e3:07:0d:
         a9:d9:db:42:0a:0e:1f:8e:92:0d:23:3d:8a:dd:b9:4c:9f:36:
         e8:a0:4d:bf:3c:d0:92:ba:f0:4f:05:c4:21:f8:d7:55:e8:7b:
         46:e0:b6:67:11:ae:92:37:1c:93:4a:2e:86:ef:dc:df:9b:a5:
         b9:fe:7e:e3:70:1c:71:7a:45:f4:a6:03:0c:4d:ed:b7:19:96:
         e1:f9:87:e3:df:a3:81:33:71:9c:d6:cc:68:d1:ab:31:0d:3b:
         db:8a:03:bd:5d:f9:a8:b9:98:c5:ec:c0:a4:c9:a2:3a:00:ff:
         ed:41:38:8a:a2:b7:34:d1:10:aa:ed:03:04:5b:38:85:fe:97:
         54:84:5b:ce:ba:88:20:e8:dd:ff:74:f2:93:43:c8:c7:33:9b:
         9b:86:66:16:28:50:da:c4:22:3f:51:02:e6:a8:fb:35:3f:b3:
         4d:90:f9:fc:0f:f1:97:99:75:67:56:63:10:09:1c:52:06:da:
         8d:35:e3:3f:36:4c:d4:be:cf:2c:cc:e7:0c:66:c5:e5:d7:56:
         17:bb:f8:c7:d7:51:7f:72:a3:61:f8:17:09:cb:4c:93:70:bf:
         1e:f8:0e:18
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAQoxZ3dyoxPD8jTxLYB0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMGY5ZWEwNDYzNmQ3ZTcxNDE4YjkzMDkxY2NkMGU1NzAx
NWJlNDkwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmY0MWEzNGUwOWRkZjJlMDE1ODJhNmM3MGUxZjk0YTlmMGY1ZWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKPeSgbIZB3zk+/HHjXV3k+smkg+
CrSl3doXXeWzsxGhbw55rKfcqlLfQc9HH33cTYl1YTg2EAqZezByfvUXN/jZGYMD
9Yc/LX3aUuxJNFD5563IOfW8ofJG+MjhnFhnwpB9GcFJSGPSExRs2NAtgVBMAOzI
BUCEejY3YbeipWBlFsw2x3aGxAFe/c3DTZdkqF9ziTMo10aGkL240iC99BW7hgTw
Y2JmWUHYcG1IdtuhelD6jiEll0+W+LdSQFJwi/LQGvG7rpN1r7QLeauXogHDwWaw
gM9eMSU2gPNDUomoDfrft+OyajO4cxEP5uRf9LBKuJfmZkjPM5FHz6fuuwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCv0GjTgnd8uAVgqbHDh+UqfD162MB8GA1UdIwQY
MBaAFNwPnqBGNtfnFBi5MJHM0OVwFb5JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0EtZW9FWTIxLWNVR0xrd2tjelE1WEFWdmtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8wMWJmOTYtODFiNi00ZTRjLWFiODAt
ZTBiYzQxMDc4NDI2LzEvS19RYU5PQ2QzeTRCV0Nwc2NPSDVTcDhQWHJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8wMWJmOTYtODFiNi00ZTRjLWFiODAtZTBiYzQxMDc4NDI2
LzEvM0EtZW9FWTIxLWNVR0xrd2tjelE1WEFWdmtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTj0MA0E
AgACMAcDBQAqAlZgMA0GCSqGSIb3DQEBCwUAA4IBAQBJAzRUq3tCi9KR8S1BwKiJ
rO61Yl71QKJnaoEAbr7QeKfjBw2p2dtCCg4fjpINIz2K3blMnzbooE2/PNCSuvBP
BcQh+NdV6HtG4LZnEa6SNxyTSi6G79zfm6W5/n7jcBxxekX0pgMMTe23GZbh+Yfj
36OBM3Gc1sxo0asxDTvbigO9XfmouZjF7MCkyaI6AP/tQTiKorc00RCq7QMEWziF
/pdUhFvOuogg6N3/dPKTQ8jHM5ubhmYWKFDaxCI/UQLmqPs1P7NNkPn8D/GXmXVn
VmMQCRxSBtqNNeM/NkzUvs8szOcMZsXl11YXu/jH11F/cqNh+BcJy0yTcL8e+A4Y
-----END CERTIFICATE-----