Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/qcVjtKh7SO5NBnWSuI5FdpFeXMs.roa
File:                     qcVjtKh7SO5NBnWSuI5FdpFeXMs.roa (raw, json)
Hash identifier:          baqSXyOhvun7Ggj0VfeuV+5KHvtIDYKeQdL+Qn39CUM=
Subject key identifier:   A9:C5:63:B4:A8:7B:48:EE:4D:06:75:92:B8:8E:45:76:91:5E:5C:CB
Certificate issuer:       /CN=a62f2d3c269d935227690b28b7fbdd953e1e9edc
Certificate serial:       018CC3B727352AFC0DB2BCB01C62B053E4C7
Authority key identifier: A6:2F:2D:3C:26:9D:93:52:27:69:0B:28:B7:FB:DD:95:3E:1E:9E:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pi8tPCadk1InaQsot_vdlT4entw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/qcVjtKh7SO5NBnWSuI5FdpFeXMs.roa
Signing time:             Mon 01 Jan 2024 06:30:09 +0000
ROA not before:           Mon 01 Jan 2024 06:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     702
IP address blocks:        185.42.233.0/24 maxlen: 24
                          185.42.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/pi8tPCadk1InaQsot_vdlT4entw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/pi8tPCadk1InaQsot_vdlT4entw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pi8tPCadk1InaQsot_vdlT4entw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:27:35:2a:fc:0d:b2:bc:b0:1c:62:b0:53:e4:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a62f2d3c269d935227690b28b7fbdd953e1e9edc
        Validity
            Not Before: Jan  1 06:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9c563b4a87b48ee4d067592b88e4576915e5ccb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f5:51:77:8a:41:ce:e4:3b:1b:0e:51:cb:a7:
                    47:5d:81:61:f1:87:d1:6e:34:65:29:f8:a1:b4:c7:
                    de:bc:7d:e0:1f:14:f7:a6:b6:e0:05:cd:74:25:c7:
                    08:ab:78:69:38:32:b5:fd:3a:13:e9:d1:01:ea:e1:
                    ea:84:d9:3e:0c:a0:70:b8:a1:0e:03:1e:48:1b:1a:
                    70:bc:03:06:c2:af:7c:03:cb:d9:47:e4:c1:8a:71:
                    3a:16:b4:54:69:dd:33:a1:58:97:ed:16:1e:be:1b:
                    47:ed:e2:3e:5f:0a:16:8b:df:51:62:5a:b7:e6:7e:
                    bd:52:82:57:88:e4:d3:a1:9d:b4:0e:f7:4b:74:b4:
                    58:d3:84:99:56:f3:6e:fd:91:84:d1:39:4f:5f:d4:
                    a6:de:84:97:0d:39:a1:56:87:35:ab:56:55:b5:cd:
                    97:a1:e8:d3:e1:60:a0:4f:f2:cf:21:93:33:83:ab:
                    41:29:4a:64:f8:bb:6c:fa:5f:59:6f:7c:d6:4a:da:
                    6b:a3:97:5d:2c:b4:5e:3a:a7:07:b2:20:28:49:9c:
                    3a:b5:dc:78:3b:ee:a7:cd:3c:8e:ad:93:7b:0e:77:
                    27:0a:17:65:ed:dc:db:60:f6:96:44:8e:6e:57:8a:
                    77:87:2d:3e:99:6b:b9:48:59:9f:86:ec:64:23:4a:
                    4b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:C5:63:B4:A8:7B:48:EE:4D:06:75:92:B8:8E:45:76:91:5E:5C:CB
            X509v3 Authority Key Identifier:
                keyid:A6:2F:2D:3C:26:9D:93:52:27:69:0B:28:B7:FB:DD:95:3E:1E:9E:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pi8tPCadk1InaQsot_vdlT4entw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/qcVjtKh7SO5NBnWSuI5FdpFeXMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/pi8tPCadk1InaQsot_vdlT4entw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:43:c6:84:e2:7f:2d:4e:e8:c3:42:26:24:93:7c:65:78:3f:
         95:a5:a9:4a:89:2e:4a:d4:3d:4d:0b:71:ed:11:04:2d:eb:fe:
         f6:df:3d:89:51:2e:77:b8:19:76:88:63:6d:c9:a2:dc:42:e7:
         5f:64:8d:e5:ca:56:73:93:70:17:6f:67:39:e0:f8:f2:6b:ee:
         05:28:12:82:7c:28:b6:ce:46:3b:fa:dc:3b:4c:bf:99:03:c8:
         ab:a1:2f:ea:42:1f:9c:39:18:36:ab:ab:40:e8:44:93:31:65:
         d8:71:70:d1:39:96:d9:7d:31:6f:6f:57:10:7d:fd:a3:5a:98:
         39:ed:95:f8:1d:71:0d:9f:39:1b:e6:31:30:f1:61:de:31:9f:
         8c:90:12:3d:e6:15:42:fc:26:b9:bc:7b:ca:f7:71:d3:75:9b:
         0d:88:45:ba:12:d3:56:b3:85:d0:b4:e1:80:2f:d4:4d:10:66:
         63:fe:ca:73:99:1f:7a:b5:90:54:3e:88:be:29:25:07:9a:cc:
         e9:1f:06:17:e4:5c:0f:10:ee:23:4b:f8:9f:19:20:f6:10:92:
         be:a2:7f:a9:58:d2:3c:7f:43:53:6d:37:62:0d:4d:a5:63:5b:
         94:b4:8c:7f:af:24:b7:91:9e:29:ae:9f:8f:bf:f4:b7:86:8b:
         37:be:a1:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyc1KvwNsrywHGKwU+THMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MmYyZDNjMjY5ZDkzNTIyNzY5MGIyOGI3ZmJkZDk1M2Ux
ZTllZGMwHhcNMjQwMTAxMDYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWM1NjNiNGE4N2I0OGVlNGQwNjc1OTJiODhlNDU3NjkxNWU1Y2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPVRd4pBzuQ7Gw5Ry6dHXYFh8YfR
bjRlKfihtMfevH3gHxT3prbgBc10JccIq3hpODK1/ToT6dEB6uHqhNk+DKBwuKEO
Ax5IGxpwvAMGwq98A8vZR+TBinE6FrRUad0zoViX7RYevhtH7eI+XwoWi99RYlq3
5n69UoJXiOTToZ20DvdLdLRY04SZVvNu/ZGE0TlPX9Sm3oSXDTmhVoc1q1ZVtc2X
oejT4WCgT/LPIZMzg6tBKUpk+Lts+l9Zb3zWStpro5ddLLReOqcHsiAoSZw6tdx4
O+6nzTyOrZN7DncnChdl7dzbYPaWRI5uV4p3hy0+mWu5SFmfhuxkI0pLXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKnFY7Soe0juTQZ1kriORXaRXlzLMB8GA1UdIwQY
MBaAFKYvLTwmnZNSJ2kLKLf73ZU+Hp7cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGk4dFBDYWRrMUluYVFzb3RfdmRsVDRlbnR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zMjViODQtMmVkNC00MDkyLTkwNmMt
MTAwZWVkODEyYzQwLzEvcWNWanRLaDdTTzVOQm5XU3VJNUZkcEZlWE1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zMjViODQtMmVkNC00MDkyLTkwNmMtMTAwZWVkODEyYzQw
LzEvcGk4dFBDYWRrMUluYVFzb3RfdmRsVDRlbnR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSroMA0G
CSqGSIb3DQEBCwUAA4IBAQCQQ8aE4n8tTujDQiYkk3xleD+VpalKiS5K1D1NC3Ht
EQQt6/723z2JUS53uBl2iGNtyaLcQudfZI3lylZzk3AXb2c54Pjya+4FKBKCfCi2
zkY7+tw7TL+ZA8iroS/qQh+cORg2q6tA6ESTMWXYcXDROZbZfTFvb1cQff2jWpg5
7ZX4HXENnzkb5jEw8WHeMZ+MkBI95hVC/Ca5vHvK93HTdZsNiEW6EtNWs4XQtOGA
L9RNEGZj/spzmR96tZBUPoi+KSUHmszpHwYX5FwPEO4jS/ifGSD2EJK+on+pWNI8
f0NTbTdiDU2lY1uUtIx/ryS3kZ4prp+Pv/S3hos3vqF2
-----END CERTIFICATE-----