Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/61959a-e18b-4ab0-8caa-87d1de943552/1/qnVxrr-pzkU05H4H0xx8YVDbhqc.roa
File:                     qnVxrr-pzkU05H4H0xx8YVDbhqc.roa (raw, json)
Hash identifier:          iEWugk2bGafQl8l1qWbgZtYYGMFNn4xpA148oysueZU=
Subject key identifier:   AA:75:71:AE:BF:A9:CE:45:34:E4:7E:07:D3:1C:7C:61:50:DB:86:A7
Certificate issuer:       /CN=e889cbbf69e3a67caa83b54debec2722e5536883
Certificate serial:       0192D95F0977F52B5D45A02E1500D03127B5
Authority key identifier: E8:89:CB:BF:69:E3:A6:7C:AA:83:B5:4D:EB:EC:27:22:E5:53:68:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6InLv2njpnyqg7VN6-wnIuVTaIM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/61959a-e18b-4ab0-8caa-87d1de943552/1/qnVxrr-pzkU05H4H0xx8YVDbhqc.roa
Signing time:             Tue 29 Oct 2024 17:42:17 +0000
ROA not before:           Tue 29 Oct 2024 17:42:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201442
IP address blocks:        185.74.164.0/24 maxlen: 24
                          185.74.166.0/24 maxlen: 24
                          185.74.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/61959a-e18b-4ab0-8caa-87d1de943552/1/6InLv2njpnyqg7VN6-wnIuVTaIM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/61959a-e18b-4ab0-8caa-87d1de943552/1/6InLv2njpnyqg7VN6-wnIuVTaIM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6InLv2njpnyqg7VN6-wnIuVTaIM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 14:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d9:5f:09:77:f5:2b:5d:45:a0:2e:15:00:d0:31:27:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e889cbbf69e3a67caa83b54debec2722e5536883
        Validity
            Not Before: Oct 29 17:42:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa7571aebfa9ce4534e47e07d31c7c6150db86a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c9:16:e2:fd:f0:31:df:6c:f4:42:ea:ff:d3:
                    bd:36:f4:0a:b8:63:11:dc:5d:f8:c2:61:d0:23:8d:
                    3a:24:89:51:cb:80:f8:30:2a:ac:78:86:61:90:62:
                    37:33:31:fd:ca:59:b9:68:25:e6:05:48:34:2e:03:
                    e7:02:31:e5:46:19:95:33:f0:eb:33:84:a7:0c:2d:
                    04:d7:47:8b:5e:5b:59:fb:d6:7d:22:f2:c3:28:31:
                    ed:96:14:3d:4a:6f:38:80:56:ce:7a:84:69:aa:c7:
                    cf:cf:e3:5e:1d:4b:25:c3:6d:c3:0b:b5:64:c9:ea:
                    6b:a1:45:10:e9:c4:8b:26:f5:65:84:89:ec:d5:99:
                    c0:38:b3:83:89:ee:3f:70:3b:4c:34:84:99:1c:0a:
                    0c:62:e1:85:d5:05:b0:7e:75:46:6d:d0:f4:d4:d1:
                    ce:37:83:83:63:11:61:76:9f:23:f5:9a:66:d8:15:
                    6c:40:96:67:e1:ce:32:68:ae:b8:eb:e5:2f:c7:b5:
                    f4:5d:80:fb:36:10:0c:df:09:fa:59:2e:32:8a:14:
                    b4:79:80:32:8c:50:61:2c:21:f4:a4:be:bd:c5:a1:
                    eb:31:ad:d5:ae:43:96:96:e9:0f:b1:6b:34:ef:1f:
                    ce:d7:5e:1d:2f:2f:be:3e:23:90:b6:ca:6a:21:af:
                    b6:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:75:71:AE:BF:A9:CE:45:34:E4:7E:07:D3:1C:7C:61:50:DB:86:A7
            X509v3 Authority Key Identifier:
                keyid:E8:89:CB:BF:69:E3:A6:7C:AA:83:B5:4D:EB:EC:27:22:E5:53:68:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6InLv2njpnyqg7VN6-wnIuVTaIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/61959a-e18b-4ab0-8caa-87d1de943552/1/qnVxrr-pzkU05H4H0xx8YVDbhqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/61959a-e18b-4ab0-8caa-87d1de943552/1/6InLv2njpnyqg7VN6-wnIuVTaIM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.74.164.0/24
                  185.74.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:d6:79:aa:75:2a:03:6b:82:72:9d:53:12:52:e6:60:99:f1:
         02:c4:3a:3a:67:3f:42:c4:28:0f:b4:06:f3:43:73:bc:45:73:
         b8:6b:ca:63:16:f1:d9:7f:36:68:c2:9c:a9:e3:d3:1b:ae:28:
         b1:0b:42:66:ef:6d:4a:49:9e:65:18:cd:fd:46:e8:53:f8:d2:
         e9:17:be:94:36:28:6c:6e:13:a5:7a:53:48:e1:dc:09:77:56:
         8d:34:3d:83:87:a0:2f:f7:4c:10:59:52:ae:ed:ee:c4:61:76:
         e7:1f:fb:8a:8f:50:11:f0:11:43:b8:7e:12:ea:e0:df:9c:fa:
         9c:29:9b:d4:c4:80:e9:55:52:25:ea:84:2b:5f:e3:ff:25:84:
         02:24:1c:d5:e0:62:07:31:a9:d2:2f:12:82:d9:5f:75:90:c4:
         02:25:59:f4:2c:87:b2:e8:8a:8b:15:81:ef:6e:5b:18:d6:2d:
         75:01:6f:a5:f6:32:7f:0c:51:f1:58:10:2f:31:36:e8:25:54:
         ec:03:de:b1:dc:da:c7:e3:1e:2a:6a:0a:ca:e7:e4:31:ac:bd:
         35:ab:ec:08:96:2b:b2:a9:1f:a3:4b:7c:bf:89:c8:e4:2f:c2:
         0a:37:4c:20:0b:9b:21:20:4a:c6:5c:de:dd:49:24:66:51:b5:
         0d:df:39:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLZXwl39StdRaAuFQDQMSe1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4ODljYmJmNjllM2E2N2NhYTgzYjU0ZGViZWMyNzIyZTU1
MzY4ODMwHhcNMjQxMDI5MTc0MjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTc1NzFhZWJmYTljZTQ1MzRlNDdlMDdkMzFjN2M2MTUwZGI4NmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApskW4v3wMd9s9ELq/9O9NvQKuGMR
3F34wmHQI406JIlRy4D4MCqseIZhkGI3MzH9ylm5aCXmBUg0LgPnAjHlRhmVM/Dr
M4SnDC0E10eLXltZ+9Z9IvLDKDHtlhQ9Sm84gFbOeoRpqsfPz+NeHUslw23DC7Vk
yeproUUQ6cSLJvVlhIns1ZnAOLODie4/cDtMNISZHAoMYuGF1QWwfnVGbdD01NHO
N4ODYxFhdp8j9Zpm2BVsQJZn4c4yaK646+Uvx7X0XYD7NhAM3wn6WS4yihS0eYAy
jFBhLCH0pL69xaHrMa3VrkOWlukPsWs07x/O114dLy++PiOQtspqIa+2CwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKp1ca6/qc5FNOR+B9McfGFQ24anMB8GA1UdIwQY
MBaAFOiJy79p46Z8qoO1TevsJyLlU2iDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkluTHYybmpwbnlxZzdWTjYtd25JdVZUYUlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My82MTk1OWEtZTE4Yi00YWIwLThjYWEt
ODdkMWRlOTQzNTUyLzEvcW5WeHJyLXB6a1UwNUg0SDB4eDhZVkRiaHFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My82MTk1OWEtZTE4Yi00YWIwLThjYWEtODdkMWRlOTQzNTUy
LzEvNkluTHYybmpwbnlxZzdWTjYtd25JdVZUYUlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuUqkAwQB
uUqmMA0GCSqGSIb3DQEBCwUAA4IBAQBg1nmqdSoDa4JynVMSUuZgmfECxDo6Zz9C
xCgPtAbzQ3O8RXO4a8pjFvHZfzZowpyp49MbriixC0Jm721KSZ5lGM39RuhT+NLp
F76UNihsbhOlelNI4dwJd1aNND2Dh6Av90wQWVKu7e7EYXbnH/uKj1AR8BFDuH4S
6uDfnPqcKZvUxIDpVVIl6oQrX+P/JYQCJBzV4GIHManSLxKC2V91kMQCJVn0LIey
6IqLFYHvblsY1i11AW+l9jJ/DFHxWBAvMTboJVTsA96x3NrH4x4qagrK5+QxrL01
q+wIliuyqR+jS3y/icjkL8IKN0wgC5shIErGXN7dSSRmUbUN3znX
-----END CERTIFICATE-----