Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/QYqHtBFuWe9TMrIrZ14wMR2BJ6M.roa
File:                     QYqHtBFuWe9TMrIrZ14wMR2BJ6M.roa (raw, json)
Hash identifier:          PRO6YRxvYlZdHTk6l3CPIfgVgz2NIT7Me9q+MNwAcwE=
Subject key identifier:   41:8A:87:B4:11:6E:59:EF:53:32:B2:2B:67:5E:30:31:1D:81:27:A3
Certificate issuer:       /CN=1d15000772b3c3fa2bbd7727d3d389391a14633e
Certificate serial:       01905E63852715E8FE82AB587666F339077C
Authority key identifier: 1D:15:00:07:72:B3:C3:FA:2B:BD:77:27:D3:D3:89:39:1A:14:63:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HRUAB3Kzw_orvXcn09OJORoUYz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/QYqHtBFuWe9TMrIrZ14wMR2BJ6M.roa
Signing time:             Fri 28 Jun 2024 10:28:18 +0000
ROA not before:           Fri 28 Jun 2024 10:28:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47381
IP address blocks:        185.224.44.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/HRUAB3Kzw_orvXcn09OJORoUYz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/HRUAB3Kzw_orvXcn09OJORoUYz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HRUAB3Kzw_orvXcn09OJORoUYz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 18:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5e:63:85:27:15:e8:fe:82:ab:58:76:66:f3:39:07:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d15000772b3c3fa2bbd7727d3d389391a14633e
        Validity
            Not Before: Jun 28 10:28:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=418a87b4116e59ef5332b22b675e30311d8127a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ff:b4:2f:2d:4b:95:3c:9c:c0:de:93:4e:ef:
                    67:5c:46:7c:85:06:d8:79:e2:c3:f2:4f:00:59:bf:
                    e8:5e:36:49:4d:0d:50:c3:2e:70:9d:a8:14:62:c3:
                    d2:35:19:8c:68:c8:90:86:2b:ea:77:0b:36:5b:b5:
                    04:1d:f1:83:b4:99:b1:08:2c:11:17:bb:5e:8f:a6:
                    e4:1a:10:29:db:0b:c9:91:c4:5b:8b:a1:2f:a6:03:
                    e4:42:13:21:a8:7e:cc:92:69:2c:15:58:02:ce:9f:
                    56:8e:76:62:27:66:bd:da:8c:e5:47:46:82:f1:6e:
                    94:30:9c:02:8f:e9:8c:98:ea:d3:e9:c5:b4:d5:81:
                    e7:b0:be:77:ea:6c:5d:50:11:41:48:ee:a9:d5:a9:
                    63:06:e0:5b:8a:63:81:0c:72:fc:11:b8:6b:1a:37:
                    6e:90:53:a4:4b:ea:95:93:91:ca:03:9a:db:66:2b:
                    58:e8:44:ef:47:7d:34:42:ac:a5:3d:1a:1f:7c:97:
                    81:6e:39:5f:8b:4b:4b:bc:ab:0c:69:24:23:19:b9:
                    b7:c6:46:51:5c:cb:87:48:c5:18:14:12:43:23:c2:
                    ac:44:89:01:5c:ad:83:9c:12:24:15:02:a1:42:35:
                    65:75:27:a0:26:be:44:28:44:c1:69:d7:2e:7b:54:
                    04:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:8A:87:B4:11:6E:59:EF:53:32:B2:2B:67:5E:30:31:1D:81:27:A3
            X509v3 Authority Key Identifier:
                keyid:1D:15:00:07:72:B3:C3:FA:2B:BD:77:27:D3:D3:89:39:1A:14:63:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HRUAB3Kzw_orvXcn09OJORoUYz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/QYqHtBFuWe9TMrIrZ14wMR2BJ6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/HRUAB3Kzw_orvXcn09OJORoUYz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:b2:5f:27:e2:09:bf:8c:0a:97:d8:12:eb:a8:f4:31:50:af:
         0d:3c:5e:84:63:cc:52:8e:13:15:ff:56:dd:4e:57:a1:30:d3:
         86:99:99:08:3e:96:38:a7:55:71:06:e4:99:63:d3:3e:cf:af:
         c9:29:9c:b7:28:52:33:23:03:bc:64:2c:e5:85:24:fc:6c:5a:
         9a:57:36:35:bd:47:4b:f8:8a:b7:3e:5e:65:98:86:a6:f8:8a:
         f7:c1:07:46:63:7b:fa:86:60:3d:4b:b5:58:3f:7d:ac:00:39:
         c4:86:f0:4a:98:9d:78:a6:a5:e3:6d:87:f9:36:1d:b8:4f:b3:
         b9:00:85:c5:29:6d:36:a0:c0:fb:53:0d:04:29:17:b8:f7:b4:
         bf:34:38:75:1a:a1:66:f6:6d:52:2b:ad:38:d4:97:a6:9e:8b:
         48:ca:c8:73:f6:12:06:29:2d:6e:d8:3e:11:7d:18:c7:2d:bf:
         f2:9f:1b:81:6d:0d:da:83:46:a6:3c:83:2a:4b:67:7e:8a:26:
         ed:c6:bf:a1:1b:9e:9c:ca:93:54:f8:f5:17:9a:3a:a8:46:d1:
         59:51:0e:a5:58:d3:5a:78:e9:e6:23:79:b7:77:f3:15:ab:18:
         b6:89:21:32:04:ec:aa:f7:11:a2:1f:7f:52:c0:04:3f:7b:00:
         78:b5:07:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBeY4UnFej+gqtYdmbzOQd8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMTUwMDA3NzJiM2MzZmEyYmJkNzcyN2QzZDM4OTM5MWEx
NDYzM2UwHhcNMjQwNjI4MTAyODE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MThhODdiNDExNmU1OWVmNTMzMmIyMmI2NzVlMzAzMTFkODEyN2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/+0Ly1LlTycwN6TTu9nXEZ8hQbY
eeLD8k8AWb/oXjZJTQ1Qwy5wnagUYsPSNRmMaMiQhivqdws2W7UEHfGDtJmxCCwR
F7tej6bkGhAp2wvJkcRbi6EvpgPkQhMhqH7MkmksFVgCzp9WjnZiJ2a92ozlR0aC
8W6UMJwCj+mMmOrT6cW01YHnsL536mxdUBFBSO6p1aljBuBbimOBDHL8EbhrGjdu
kFOkS+qVk5HKA5rbZitY6ETvR300QqylPRoffJeBbjlfi0tLvKsMaSQjGbm3xkZR
XMuHSMUYFBJDI8KsRIkBXK2DnBIkFQKhQjVldSegJr5EKETBadcue1QEIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGKh7QRblnvUzKyK2deMDEdgSejMB8GA1UdIwQY
MBaAFB0VAAdys8P6K713J9PTiTkaFGM+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFJVQUIzS3p3X29ydlhjbjA5T0pPUm9VWXo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9jZDY0NzgtY2VmNi00YTcwLWI0ODgt
YjIxMjlmYjRjYTVhLzEvUVlxSHRCRnVXZTlUTXJJcloxNHdNUjJCSjZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9jZDY0NzgtY2VmNi00YTcwLWI0ODgtYjIxMjlmYjRjYTVh
LzEvSFJVQUIzS3p3X29ydlhjbjA5T0pPUm9VWXo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueAsMA0G
CSqGSIb3DQEBCwUAA4IBAQB9sl8n4gm/jAqX2BLrqPQxUK8NPF6EY8xSjhMV/1bd
TlehMNOGmZkIPpY4p1VxBuSZY9M+z6/JKZy3KFIzIwO8ZCzlhST8bFqaVzY1vUdL
+Iq3Pl5lmIam+Ir3wQdGY3v6hmA9S7VYP32sADnEhvBKmJ14pqXjbYf5Nh24T7O5
AIXFKW02oMD7Uw0EKRe497S/NDh1GqFm9m1SK6041JemnotIyshz9hIGKS1u2D4R
fRjHLb/ynxuBbQ3ag0amPIMqS2d+iibtxr+hG56cypNU+PUXmjqoRtFZUQ6lWNNa
eOnmI3m3d/MVqxi2iSEyBOyq9xGiH39SwAQ/ewB4tQfS
-----END CERTIFICATE-----