Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/2716ec-5657-4f56-8f43-e23103a88052/1/qundwjGOSYNdDvyax0C82NaqOPI.roa
File:                     qundwjGOSYNdDvyax0C82NaqOPI.roa (raw, json)
Hash identifier:          2XXJPzRcJWPcl+V43ZhCJas1Ta9s1nA4j68ZOBimwV8=
Subject key identifier:   AA:E9:DD:C2:31:8E:49:83:5D:0E:FC:9A:C7:40:BC:D8:D6:AA:38:F2
Certificate issuer:       /CN=b872da0f9c6c5686a3db9ee124a99042b0a882d1
Certificate serial:       018CC64B5A90A2668F820C86A27E0079915E
Authority key identifier: B8:72:DA:0F:9C:6C:56:86:A3:DB:9E:E1:24:A9:90:42:B0:A8:82:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uHLaD5xsVoaj257hJKmQQrCogtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/2716ec-5657-4f56-8f43-e23103a88052/1/qundwjGOSYNdDvyax0C82NaqOPI.roa
Signing time:             Mon 01 Jan 2024 18:31:16 +0000
ROA not before:           Mon 01 Jan 2024 18:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58291
IP address blocks:        213.156.28.0/22 maxlen: 24
                          185.102.68.0/22 maxlen: 22
                          2a01:4c01::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/2716ec-5657-4f56-8f43-e23103a88052/1/uHLaD5xsVoaj257hJKmQQrCogtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/2716ec-5657-4f56-8f43-e23103a88052/1/uHLaD5xsVoaj257hJKmQQrCogtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uHLaD5xsVoaj257hJKmQQrCogtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:5a:90:a2:66:8f:82:0c:86:a2:7e:00:79:91:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b872da0f9c6c5686a3db9ee124a99042b0a882d1
        Validity
            Not Before: Jan  1 18:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aae9ddc2318e49835d0efc9ac740bcd8d6aa38f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c8:5f:94:f7:48:f7:ba:ad:f2:f2:a3:d6:36:
                    fc:ca:da:6c:3d:a7:94:81:bf:a4:22:cf:d8:5d:60:
                    4b:1a:02:e5:ce:29:8d:75:86:55:72:1c:16:c7:8f:
                    a9:19:5e:d1:a0:cf:eb:c2:53:10:12:c5:36:9e:b9:
                    1e:58:59:b5:70:19:ed:40:d3:a9:bf:e9:61:b5:33:
                    65:93:6f:75:45:ab:d1:8b:82:9f:8f:57:bf:80:8f:
                    f1:50:78:e9:56:01:a3:7f:d6:d4:14:a2:54:c8:e1:
                    15:9f:e3:20:c0:45:1e:98:ab:d9:51:c5:ab:16:6e:
                    04:41:c2:da:56:92:89:bf:e4:9d:83:60:ff:7f:eb:
                    0b:44:90:e2:52:37:99:c0:42:e6:88:72:ad:60:12:
                    b3:78:72:76:6b:c2:fa:b9:e6:1e:8a:61:50:59:08:
                    e4:d0:38:ea:28:da:cc:4b:97:5d:14:5a:da:26:68:
                    b7:f2:1d:aa:b6:72:39:8a:f3:b8:ec:57:09:f9:35:
                    e6:62:84:76:b2:26:0e:fa:e5:e5:c4:91:07:93:68:
                    20:ab:6e:3b:ff:5f:d0:1b:89:5e:5a:58:32:59:a8:
                    c8:72:29:2b:26:8f:26:e0:81:fb:7a:5c:ef:d4:3a:
                    42:ce:1b:98:aa:0c:0f:91:84:2d:a5:22:15:c8:a9:
                    55:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:E9:DD:C2:31:8E:49:83:5D:0E:FC:9A:C7:40:BC:D8:D6:AA:38:F2
            X509v3 Authority Key Identifier:
                keyid:B8:72:DA:0F:9C:6C:56:86:A3:DB:9E:E1:24:A9:90:42:B0:A8:82:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uHLaD5xsVoaj257hJKmQQrCogtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2716ec-5657-4f56-8f43-e23103a88052/1/qundwjGOSYNdDvyax0C82NaqOPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2716ec-5657-4f56-8f43-e23103a88052/1/uHLaD5xsVoaj257hJKmQQrCogtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.68.0/22
                  213.156.28.0/22
                IPv6:
                  2a01:4c01::/32

    Signature Algorithm: sha256WithRSAEncryption
         60:34:d0:b1:48:5a:82:32:3a:a5:8f:0f:2b:45:86:9c:a2:e0:
         35:37:cc:df:90:2f:60:36:aa:10:28:2f:df:24:60:0f:67:b1:
         4c:03:6a:d5:6f:2a:05:2d:72:1c:40:31:25:69:45:33:22:f1:
         ac:22:9f:41:8b:34:2d:cd:bb:e4:ab:d2:00:eb:5e:3f:95:d5:
         e5:ee:93:eb:4d:f6:c7:9e:e6:1f:97:a5:c9:74:09:ab:16:36:
         dc:be:9e:1c:b0:c2:c3:d8:73:82:e2:ef:c0:33:6a:d4:90:ad:
         e3:f0:9d:d8:38:44:db:ec:b1:a2:bd:ce:33:b3:87:e8:95:b1:
         4d:fc:9d:91:a6:95:96:22:6f:76:91:bd:9b:51:b5:1b:b5:7e:
         5f:53:33:ff:bf:65:da:27:94:4e:35:01:ee:d7:d1:81:2b:36:
         71:c9:a8:84:19:19:cd:14:0b:3f:11:26:ea:73:cf:93:08:2c:
         27:b8:1e:6c:e3:04:7d:2c:d8:74:88:a2:39:b6:4e:e7:1f:01:
         3a:0f:5a:aa:55:26:60:94:ac:5e:12:f6:b7:17:23:8e:f4:8b:
         a3:38:74:67:66:01:29:cb:88:36:d2:a8:b3:a1:7c:29:58:e4:
         50:81:b1:98:e9:69:3f:86:4c:08:05:6a:9b:6c:a9:4f:b0:6b:
         38:d3:7f:f1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGS1qQomaPggyGon4AeZFeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NzJkYTBmOWM2YzU2ODZhM2RiOWVlMTI0YTk5MDQyYjBh
ODgyZDEwHhcNMjQwMTAxMTgzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWU5ZGRjMjMxOGU0OTgzNWQwZWZjOWFjNzQwYmNkOGQ2YWEzOGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAishflPdI97qt8vKj1jb8ytpsPaeU
gb+kIs/YXWBLGgLlzimNdYZVchwWx4+pGV7RoM/rwlMQEsU2nrkeWFm1cBntQNOp
v+lhtTNlk291RavRi4Kfj1e/gI/xUHjpVgGjf9bUFKJUyOEVn+MgwEUemKvZUcWr
Fm4EQcLaVpKJv+Sdg2D/f+sLRJDiUjeZwELmiHKtYBKzeHJ2a8L6ueYeimFQWQjk
0DjqKNrMS5ddFFraJmi38h2qtnI5ivO47FcJ+TXmYoR2siYO+uXlxJEHk2ggq247
/1/QG4leWlgyWajIcikrJo8m4IH7elzv1DpCzhuYqgwPkYQtpSIVyKlVPQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKrp3cIxjkmDXQ78msdAvNjWqjjyMB8GA1UdIwQY
MBaAFLhy2g+cbFaGo9ue4SSpkEKwqILRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUhMYUQ1eHNWb2FqMjU3aEpLbVFRckNvZ3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8yNzE2ZWMtNTY1Ny00ZjU2LThmNDMt
ZTIzMTAzYTg4MDUyLzEvcXVuZHdqR09TWU5kRHZ5YXgwQzgyTmFxT1BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8yNzE2ZWMtNTY1Ny00ZjU2LThmNDMtZTIzMTAzYTg4MDUy
LzEvdUhMYUQ1eHNWb2FqMjU3aEpLbVFRckNvZ3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuWZEAwQC
1ZwcMA0EAgACMAcDBQAqAUwBMA0GCSqGSIb3DQEBCwUAA4IBAQBgNNCxSFqCMjql
jw8rRYacouA1N8zfkC9gNqoQKC/fJGAPZ7FMA2rVbyoFLXIcQDElaUUzIvGsIp9B
izQtzbvkq9IA614/ldXl7pPrTfbHnuYfl6XJdAmrFjbcvp4csMLD2HOC4u/AM2rU
kK3j8J3YOETb7LGivc4zs4folbFN/J2RppWWIm92kb2bUbUbtX5fUzP/v2XaJ5RO
NQHu19GBKzZxyaiEGRnNFAs/ESbqc8+TCCwnuB5s4wR9LNh0iKI5tk7nHwE6D1qq
VSZglKxeEva3FyOO9IujOHRnZgEpy4g20qizoXwpWORQgbGY6Wk/hkwIBWqbbKlP
sGs403/x
-----END CERTIFICATE-----