Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/QI-MDwQsakJP1Fb7XLCzbxo0euE.roa
File:                     QI-MDwQsakJP1Fb7XLCzbxo0euE.roa (raw, json)
Hash identifier:          6C4aLK1ybfPBJ/4MBnmDKW27phOGmL48UYi0geaaZzI=
Subject key identifier:   40:8F:8C:0F:04:2C:6A:42:4F:D4:56:FB:5C:B0:B3:6F:1A:34:7A:E1
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       018CC5DCE84A3F1084A566EFD45019EDADA3
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/QI-MDwQsakJP1Fb7XLCzbxo0euE.roa
Signing time:             Mon 01 Jan 2024 16:30:38 +0000
ROA not before:           Mon 01 Jan 2024 16:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        185.106.194.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:e8:4a:3f:10:84:a5:66:ef:d4:50:19:ed:ad:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  1 16:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=408f8c0f042c6a424fd456fb5cb0b36f1a347ae1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f4:5b:56:b7:5b:d9:c5:5a:70:08:89:d9:63:
                    0e:6d:2d:70:0e:c8:02:e7:e3:44:50:55:78:28:56:
                    77:ef:7a:64:28:5f:c8:aa:cd:6c:af:4e:06:ae:a1:
                    e8:a1:1f:f1:91:d3:39:0e:96:f6:3b:6c:95:3f:10:
                    d1:2f:a4:94:01:28:6e:7e:d8:b5:01:35:f7:29:47:
                    53:70:44:4b:32:32:e8:f2:91:2e:a2:1a:20:f1:ae:
                    9c:8b:5b:4e:f0:8e:ad:6a:82:63:7d:db:a5:78:21:
                    3c:d3:59:12:c2:13:36:ce:78:01:23:85:61:e7:3e:
                    fb:58:9e:23:f7:fa:ab:58:ef:8d:35:e3:eb:9e:b6:
                    da:d2:0f:89:b3:d3:3d:30:5c:5b:b6:50:1a:e7:cf:
                    27:41:b1:78:79:0d:13:2f:44:b8:7e:0b:92:cc:45:
                    b7:92:63:ed:f8:50:3c:17:6c:f5:0e:7c:94:2f:eb:
                    26:77:70:3d:9a:aa:df:06:b9:98:41:e0:6d:5c:48:
                    f2:b5:39:99:9d:08:5b:a3:0d:48:0e:18:a6:6d:68:
                    e8:0b:7b:f4:af:87:50:57:98:2f:9a:28:fb:b6:3c:
                    a9:de:f4:e5:32:a3:d4:82:08:6d:e1:21:fe:a2:29:
                    f6:07:ae:15:9a:84:93:9c:cd:b6:39:18:aa:f9:79:
                    a4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:8F:8C:0F:04:2C:6A:42:4F:D4:56:FB:5C:B0:B3:6F:1A:34:7A:E1
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/QI-MDwQsakJP1Fb7XLCzbxo0euE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:4c:fb:f4:f7:69:f2:11:7d:38:b5:22:de:e8:f3:81:4a:cd:
         b4:5a:c2:0a:6a:e5:8b:d0:e0:04:4f:cf:7e:f7:b1:06:5e:16:
         61:ca:9b:0f:61:8f:57:ed:e6:3d:5d:36:02:f8:22:3d:c7:c7:
         0a:fe:7f:a9:aa:9e:93:84:99:c8:c2:f8:06:2e:78:9a:bc:3d:
         31:a6:51:fa:ce:0e:57:26:ed:f7:c8:6c:ec:1d:80:28:fd:5c:
         36:30:20:30:b0:33:93:4d:fa:8c:97:41:f7:13:4e:51:a5:a0:
         3b:d5:92:6d:cf:69:0e:95:17:33:85:5d:58:6c:28:6f:8d:44:
         87:7a:1f:cb:6e:e2:23:df:87:f0:cb:69:a0:44:9d:d1:01:fb:
         3b:41:ba:e9:19:64:e6:3b:c5:a5:3a:f6:7c:b4:51:f0:58:e7:
         f8:a1:a6:4b:57:57:d2:17:35:f6:f7:ad:d2:e5:2c:c0:9a:3d:
         f7:9e:4c:3f:94:82:1e:b0:38:4c:2a:59:33:ed:ca:eb:da:03:
         b7:72:ef:fc:6f:b3:0a:f4:dd:d6:b4:d8:30:4d:fa:c5:59:e2:
         c7:12:88:3b:3a:39:ed:4b:44:b0:a1:b2:1d:88:d7:01:8e:77:
         a6:c3:c9:87:16:8b:62:00:c7:1b:bd:0e:d7:29:2c:b4:fe:42:
         e2:60:2c:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3OhKPxCEpWbv1FAZ7a2jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQwMTAxMTYzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDhmOGMwZjA0MmM2YTQyNGZkNDU2ZmI1Y2IwYjM2ZjFhMzQ3YWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPRbVrdb2cVacAiJ2WMObS1wDsgC
5+NEUFV4KFZ373pkKF/Iqs1sr04GrqHooR/xkdM5Dpb2O2yVPxDRL6SUAShufti1
ATX3KUdTcERLMjLo8pEuohog8a6ci1tO8I6taoJjfduleCE801kSwhM2zngBI4Vh
5z77WJ4j9/qrWO+NNePrnrba0g+Js9M9MFxbtlAa588nQbF4eQ0TL0S4fguSzEW3
kmPt+FA8F2z1DnyUL+smd3A9mqrfBrmYQeBtXEjytTmZnQhbow1IDhimbWjoC3v0
r4dQV5gvmij7tjyp3vTlMqPUgght4SH+oin2B64VmoSTnM22ORiq+XmkqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECPjA8ELGpCT9RW+1yws28aNHrhMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvUUktTUR3UXNha0pQMUZiN1hMQ3pieG8wZXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWrCMA0G
CSqGSIb3DQEBCwUAA4IBAQBXTPv092nyEX04tSLe6POBSs20WsIKauWL0OAET89+
97EGXhZhypsPYY9X7eY9XTYC+CI9x8cK/n+pqp6ThJnIwvgGLniavD0xplH6zg5X
Ju33yGzsHYAo/Vw2MCAwsDOTTfqMl0H3E05RpaA71ZJtz2kOlRczhV1YbChvjUSH
eh/LbuIj34fwy2mgRJ3RAfs7QbrpGWTmO8WlOvZ8tFHwWOf4oaZLV1fSFzX2963S
5SzAmj33nkw/lIIesDhMKlkz7crr2gO3cu/8b7MK9N3WtNgwTfrFWeLHEog7Ojnt
S0SwobIdiNcBjnemw8mHFotiAMcbvQ7XKSy0/kLiYCyT
-----END CERTIFICATE-----