Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/fca2ae-25fc-444b-a868-810dc9e1aa54/1/qQg22zxseBR6RvKqkZnkZ9ERf_A.roa
File:                     qQg22zxseBR6RvKqkZnkZ9ERf_A.roa (raw, json)
Hash identifier:          zQPuQ4HlH+R5hLoobBavICO8zEfXjdJ5YjFwpC+0xgA=
Subject key identifier:   A9:08:36:DB:3C:6C:78:14:7A:46:F2:AA:91:99:E4:67:D1:11:7F:F0
Certificate issuer:       /CN=30dd0b70850e1f9895658edabe28b9d8d9ea017c
Certificate serial:       018CC56E0D277D64CF1AEA06422C2752E4DB
Authority key identifier: 30:DD:0B:70:85:0E:1F:98:95:65:8E:DA:BE:28:B9:D8:D9:EA:01:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MN0LcIUOH5iVZY7avii52NnqAXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/fca2ae-25fc-444b-a868-810dc9e1aa54/1/qQg22zxseBR6RvKqkZnkZ9ERf_A.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     553
IP address blocks:        141.37.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/fca2ae-25fc-444b-a868-810dc9e1aa54/1/MN0LcIUOH5iVZY7avii52NnqAXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/fca2ae-25fc-444b-a868-810dc9e1aa54/1/MN0LcIUOH5iVZY7avii52NnqAXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MN0LcIUOH5iVZY7avii52NnqAXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0d:27:7d:64:cf:1a:ea:06:42:2c:27:52:e4:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30dd0b70850e1f9895658edabe28b9d8d9ea017c
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a90836db3c6c78147a46f2aa9199e467d1117ff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ef:fd:92:50:75:bd:4d:ba:88:d0:16:63:a3:
                    a4:53:04:0c:92:f9:1a:ad:08:ca:13:58:9e:26:2e:
                    ee:ab:54:4f:ef:22:9f:13:5e:03:f1:c7:a4:b0:d7:
                    ec:27:7a:44:57:02:f4:aa:82:91:af:68:13:e5:17:
                    6d:06:10:88:af:04:93:e4:ff:f3:aa:39:8a:d4:ad:
                    64:19:e8:bd:d2:07:3a:33:79:0c:ed:76:3c:68:f8:
                    18:e3:fd:e9:61:ab:0b:45:a9:ce:0c:2d:6b:0f:08:
                    c3:7a:11:3b:e6:bf:11:e4:3c:e6:d7:f9:23:0c:45:
                    36:ca:78:66:86:ef:d7:29:68:08:f2:fd:62:11:ec:
                    6e:d3:b8:96:ad:99:f0:ae:bc:77:97:26:fd:8b:a8:
                    b4:b2:f7:df:f5:8b:7e:56:12:d2:b8:39:a4:d6:c8:
                    c5:68:80:a9:22:60:21:8c:eb:31:9d:2d:42:74:4d:
                    58:5b:ae:33:ae:70:03:9c:04:ca:22:d2:26:ad:a9:
                    e2:ec:25:08:09:3d:e8:26:6a:78:cb:e7:c5:8f:6e:
                    49:80:bb:52:07:a8:ce:f1:c8:64:06:43:d1:5b:61:
                    2c:05:8b:f9:eb:75:0f:0f:f2:16:fa:09:05:5a:d5:
                    47:a2:bb:0d:f2:3a:62:0f:98:12:72:e9:7b:19:95:
                    18:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:08:36:DB:3C:6C:78:14:7A:46:F2:AA:91:99:E4:67:D1:11:7F:F0
            X509v3 Authority Key Identifier:
                keyid:30:DD:0B:70:85:0E:1F:98:95:65:8E:DA:BE:28:B9:D8:D9:EA:01:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MN0LcIUOH5iVZY7avii52NnqAXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/fca2ae-25fc-444b-a868-810dc9e1aa54/1/qQg22zxseBR6RvKqkZnkZ9ERf_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/fca2ae-25fc-444b-a868-810dc9e1aa54/1/MN0LcIUOH5iVZY7avii52NnqAXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.37.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0e:b8:7b:f6:6f:a9:b9:1a:e9:fb:02:7d:81:01:e9:f1:d7:d0:
         1c:c6:7b:b2:da:d6:d3:3a:d0:35:0c:2d:ce:ac:c1:9e:be:92:
         3c:c8:29:18:96:ce:09:dd:bf:85:b9:ac:ba:6e:f5:6e:a2:ca:
         0f:6d:50:1e:cf:8b:58:75:48:01:3c:eb:6d:69:9c:7d:6c:c9:
         69:29:b8:62:d1:92:e3:d0:26:22:4d:b7:e4:a1:80:45:23:6e:
         4c:81:01:ab:5e:e1:27:df:b5:4b:b0:79:17:6e:33:81:35:8f:
         12:df:35:6e:a8:9d:cb:38:2c:8d:c8:4f:3a:fc:83:9c:d1:c3:
         e5:99:a8:22:bc:8a:ee:ed:9e:e4:86:1d:7f:4f:cf:14:8f:e3:
         62:1d:65:09:dd:59:51:10:61:0a:30:99:d1:92:a4:19:55:b7:
         a7:2d:dd:da:04:94:89:6b:53:01:81:16:53:5e:f8:fb:83:fb:
         6a:06:a6:d6:cd:98:ee:ef:c0:da:5b:0b:1d:5c:b5:c6:eb:95:
         f1:e7:3f:95:7f:17:97:8f:f6:56:53:a3:24:0e:f7:f9:15:66:
         7a:9c:aa:24:0a:2b:ee:97:ec:3d:dc:72:4b:1c:5e:28:17:93:
         f4:7a:51:53:25:a6:4f:11:85:57:e0:7e:9b:58:d1:45:a1:67:
         39:7f:b5:59
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFbg0nfWTPGuoGQiwnUuTbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZGQwYjcwODUwZTFmOTg5NTY1OGVkYWJlMjhiOWQ4ZDll
YTAxN2MwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTA4MzZkYjNjNmM3ODE0N2E0NmYyYWE5MTk5ZTQ2N2QxMTE3ZmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArO/9klB1vU26iNAWY6OkUwQMkvka
rQjKE1ieJi7uq1RP7yKfE14D8ceksNfsJ3pEVwL0qoKRr2gT5RdtBhCIrwST5P/z
qjmK1K1kGei90gc6M3kM7XY8aPgY4/3pYasLRanODC1rDwjDehE75r8R5Dzm1/kj
DEU2ynhmhu/XKWgI8v1iEexu07iWrZnwrrx3lyb9i6i0svff9Yt+VhLSuDmk1sjF
aICpImAhjOsxnS1CdE1YW64zrnADnATKItImrani7CUICT3oJmp4y+fFj25JgLtS
B6jO8chkBkPRW2EsBYv563UPD/IW+gkFWtVHorsN8jpiD5gScul7GZUYaQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFKkINts8bHgUekbyqpGZ5GfREX/wMB8GA1UdIwQY
MBaAFDDdC3CFDh+YlWWO2r4oudjZ6gF8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU4wTGNJVU9INWlWWlk3YXZpaTUyTm5xQVh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9mY2EyYWUtMjVmYy00NDRiLWE4Njgt
ODEwZGM5ZTFhYTU0LzEvcVFnMjJ6eHNlQlI2UnZLcWtabmtaOUVSZl9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9mY2EyYWUtMjVmYy00NDRiLWE4NjgtODEwZGM5ZTFhYTU0
LzEvTU4wTGNJVU9INWlWWlk3YXZpaTUyTm5xQVh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjSUwDQYJ
KoZIhvcNAQELBQADggEBAA64e/Zvqbka6fsCfYEB6fHX0BzGe7La1tM60DUMLc6s
wZ6+kjzIKRiWzgndv4W5rLpu9W6iyg9tUB7Pi1h1SAE8621pnH1syWkpuGLRkuPQ
JiJNt+ShgEUjbkyBAate4SfftUuweRduM4E1jxLfNW6oncs4LI3ITzr8g5zRw+WZ
qCK8iu7tnuSGHX9PzxSP42IdZQndWVEQYQowmdGSpBlVt6ct3doElIlrUwGBFlNe
+PuD+2oGptbNmO7vwNpbCx1ctcbrlfHnP5V/F5eP9lZToyQO9/kVZnqcqiQKK+6X
7D3cckscXigXk/R6UVMlpk8RhVfgfptY0UWhZzl/tVk=
-----END CERTIFICATE-----