Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/QrKWwBlWlshs3b0wzO7X8DSH3jM.roa
File:                     QrKWwBlWlshs3b0wzO7X8DSH3jM.roa (raw, json)
Hash identifier:          9nIAaVGTW/5YTpqDubKM4Y10+ocapI0yFSfZZZgMxsw=
Subject key identifier:   42:B2:96:C0:19:56:96:C8:6C:DD:BD:30:CC:EE:D7:F0:34:87:DE:33
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018DF6A7CCF117491E820247A48748D6517A
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/QrKWwBlWlshs3b0wzO7X8DSH3jM.roa
Signing time:             Thu 29 Feb 2024 20:56:48 +0000
ROA not before:           Thu 29 Feb 2024 20:56:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197071
IP address blocks:        185.244.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f6:a7:cc:f1:17:49:1e:82:02:47:a4:87:48:d6:51:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Feb 29 20:56:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42b296c0195696c86cddbd30cceed7f03487de33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7c:8d:bd:6e:80:92:fe:60:f6:56:9d:31:5a:
                    e4:a1:14:b5:d9:0d:18:8f:b4:7e:1f:47:f4:d3:17:
                    f8:1e:a6:11:5e:c3:5f:17:88:9d:e7:c3:7b:b1:ee:
                    ff:30:bf:8a:c9:59:04:a8:25:d9:20:8a:78:9f:9d:
                    d1:ce:48:1a:0a:9f:15:03:4d:28:25:3b:c7:4c:d8:
                    49:63:a6:9c:60:03:ad:bf:fc:2c:8c:38:b8:7f:a0:
                    b2:00:ef:5b:65:23:b0:00:f4:80:23:4e:d4:a7:0c:
                    58:dd:fb:97:ff:bd:38:9e:48:44:92:81:93:57:c0:
                    46:55:ba:37:34:89:d9:79:ed:c9:5d:8e:e1:d2:5f:
                    71:61:ae:cc:af:ca:95:67:eb:ca:5f:a7:5e:29:1f:
                    73:5a:30:c8:74:4e:27:c5:3d:90:d4:8e:9f:22:c4:
                    fa:d5:1c:b2:2e:b2:8a:bd:c6:a9:5b:1a:08:10:a3:
                    83:7a:e9:8c:01:cb:2e:0b:2c:89:4d:1c:70:5b:c0:
                    02:57:0f:0a:2a:b4:35:1e:fd:5a:21:10:24:c2:bc:
                    79:ca:30:bb:c8:87:dd:70:62:6f:01:1e:d8:76:4a:
                    2f:e4:00:b4:70:3a:c8:81:5d:32:4f:fa:62:24:e1:
                    51:f4:39:58:bd:ab:e1:7f:8a:42:2d:21:b1:06:f5:
                    6d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:B2:96:C0:19:56:96:C8:6C:DD:BD:30:CC:EE:D7:F0:34:87:DE:33
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/QrKWwBlWlshs3b0wzO7X8DSH3jM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:37:c5:00:4f:c3:c1:f0:68:08:25:c3:7c:62:4d:44:6d:25:
         dc:24:79:10:7f:80:ba:e6:7b:0b:24:5c:14:e3:54:9f:3a:e4:
         e9:8c:20:17:04:8c:b8:dc:e5:69:ff:40:4a:7e:52:f2:3d:fe:
         f4:96:3a:eb:07:c7:b4:a1:ff:6d:b5:80:68:ea:75:14:1a:95:
         a3:a7:20:bc:5c:a8:02:77:5a:2a:d4:58:c3:f3:a9:6f:3e:51:
         3c:d5:74:e7:dd:73:a7:33:55:c4:d6:4f:71:06:93:78:6b:51:
         1d:b4:0c:2f:be:4e:5e:92:e6:69:2c:47:1f:a4:c8:5b:c2:14:
         87:92:bb:c0:e2:84:c5:db:00:f7:ec:b8:b7:a4:94:e5:78:c7:
         d0:2b:fd:58:5f:f1:fd:b2:75:e4:16:79:61:05:72:ce:8e:a9:
         ec:a5:b1:d3:49:c6:85:c9:ef:f2:f0:ee:bb:0d:98:97:cf:8e:
         6e:5c:d6:d2:f1:dd:ac:9f:98:a6:e0:0c:e3:54:99:57:0b:6a:
         6a:b2:6a:b3:ec:d6:64:67:f9:6b:ba:6a:f5:4f:7e:3c:a7:a2:
         e8:9b:f2:12:0e:d8:10:04:dd:32:94:f4:20:c2:c1:7d:65:01:
         4d:9e:b4:f7:84:6b:44:a1:b3:be:ec:0a:ca:07:f0:d6:a8:dd:
         46:ee:66:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY32p8zxF0keggJHpIdI1lF6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMjI5MjA1NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmIyOTZjMDE5NTY5NmM4NmNkZGJkMzBjY2VlZDdmMDM0ODdkZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonyNvW6Akv5g9ladMVrkoRS12Q0Y
j7R+H0f00xf4HqYRXsNfF4id58N7se7/ML+KyVkEqCXZIIp4n53RzkgaCp8VA00o
JTvHTNhJY6acYAOtv/wsjDi4f6CyAO9bZSOwAPSAI07UpwxY3fuX/704nkhEkoGT
V8BGVbo3NInZee3JXY7h0l9xYa7Mr8qVZ+vKX6deKR9zWjDIdE4nxT2Q1I6fIsT6
1RyyLrKKvcapWxoIEKODeumMAcsuCyyJTRxwW8ACVw8KKrQ1Hv1aIRAkwrx5yjC7
yIfdcGJvAR7Ydkov5AC0cDrIgV0yT/piJOFR9DlYvavhf4pCLSGxBvVtRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEKylsAZVpbIbN29MMzu1/A0h94zMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvUXJLV3dCbFdsc2hzM2Iwd3pPN1g4RFNIM2pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufQZMA0G
CSqGSIb3DQEBCwUAA4IBAQA5N8UAT8PB8GgIJcN8Yk1EbSXcJHkQf4C65nsLJFwU
41SfOuTpjCAXBIy43OVp/0BKflLyPf70ljrrB8e0of9ttYBo6nUUGpWjpyC8XKgC
d1oq1FjD86lvPlE81XTn3XOnM1XE1k9xBpN4a1EdtAwvvk5ekuZpLEcfpMhbwhSH
krvA4oTF2wD37Li3pJTleMfQK/1YX/H9snXkFnlhBXLOjqnspbHTScaFye/y8O67
DZiXz45uXNbS8d2sn5im4AzjVJlXC2pqsmqz7NZkZ/lrumr1T348p6Lom/ISDtgQ
BN0ylPQgwsF9ZQFNnrT3hGtEobO+7ArKB/DWqN1G7ma+
-----END CERTIFICATE-----