Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/QCgilTqnMMJkW07b6OJY7SjK-ws.roa
File:                     QCgilTqnMMJkW07b6OJY7SjK-ws.roa (raw, json)
Hash identifier:          1PYJLHO3D0Gm/N8h65PxqIkyHzyZvFPyTwspl/Ug0h4=
Subject key identifier:   40:28:22:95:3A:A7:30:C2:64:5B:4E:DB:E8:E2:58:ED:28:CA:FB:0B
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       018CC9BBD202A33F5D228E5F8AA82F986778
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/QCgilTqnMMJkW07b6OJY7SjK-ws.roa
Signing time:             Tue 02 Jan 2024 10:32:58 +0000
ROA not before:           Tue 02 Jan 2024 10:32:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58079
IP address blocks:        84.1.245.0/24 maxlen: 24
                          84.1.241.0/24 maxlen: 24
                          84.1.244.0/24 maxlen: 24
                          84.1.243.0/24 maxlen: 24
                          84.1.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:d2:02:a3:3f:5d:22:8e:5f:8a:a8:2f:98:67:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  2 10:32:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=402822953aa730c2645b4edbe8e258ed28cafb0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b6:36:55:4d:21:93:46:76:96:54:2e:f5:79:
                    b0:a2:e0:8c:d7:ea:e9:24:64:8f:c2:78:81:67:61:
                    87:dd:a7:1c:26:96:87:81:f8:cf:cd:ca:df:c3:15:
                    4e:d3:21:53:60:9b:32:5c:2a:ad:68:fb:71:81:2e:
                    74:36:ee:a1:90:4a:bb:f6:30:81:62:23:91:6e:87:
                    5a:07:8c:ef:e3:61:86:81:fb:09:e8:81:e9:f2:72:
                    2e:ef:c5:c0:1f:40:76:f1:b1:81:04:ef:a8:53:8f:
                    45:76:a7:3a:f4:41:01:0a:25:10:73:79:81:9f:f8:
                    af:2f:09:92:c2:8f:1b:c4:b4:e8:bb:6c:06:3b:2f:
                    b7:ce:37:1f:d9:9b:6a:0e:c4:24:4b:a2:78:84:9d:
                    02:ac:47:8d:dc:0d:ee:a0:62:4b:44:c9:b0:07:7e:
                    5e:bc:a4:23:3f:cd:af:e9:35:40:b0:21:bf:ea:47:
                    44:f0:51:92:1f:d3:9e:fe:1f:bb:46:89:d2:6d:23:
                    b5:20:a8:5a:b2:1c:43:af:f7:04:9f:1f:4f:d8:ef:
                    ea:d8:35:9a:4a:57:f8:6f:ca:7c:ab:e9:3c:48:99:
                    9f:ce:f1:ad:75:ec:14:51:02:d4:0c:02:6f:d7:8b:
                    be:75:b2:8d:c9:c6:9e:6a:a7:84:d4:42:6d:10:04:
                    0e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:28:22:95:3A:A7:30:C2:64:5B:4E:DB:E8:E2:58:ED:28:CA:FB:0B
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/QCgilTqnMMJkW07b6OJY7SjK-ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.1.241.0-84.1.245.255

    Signature Algorithm: sha256WithRSAEncryption
         28:9a:78:78:8e:73:06:98:a0:b9:6d:a6:e2:47:01:05:fe:94:
         d9:65:75:6b:59:f4:4a:c4:ba:62:80:a0:83:7e:70:fd:06:14:
         0e:06:6e:83:a0:51:70:ab:ee:7d:38:35:76:32:b4:70:c0:7e:
         46:f4:75:13:01:1f:2f:1f:6b:48:46:0e:6d:8b:43:f8:f5:73:
         08:d1:2a:4b:9e:da:79:fb:11:8b:73:e8:0c:68:0c:07:0e:54:
         78:60:6b:66:34:5a:19:26:c1:ed:cc:54:3d:a2:b9:31:cd:bc:
         a7:32:0b:63:6a:35:2d:c9:08:c2:92:24:82:09:4c:f1:bd:3a:
         ee:c9:b4:35:e1:6b:a4:4a:74:0b:49:5a:7b:e7:72:50:12:76:
         fa:f5:48:28:e3:f9:f3:97:70:d2:28:49:da:91:87:a9:74:5a:
         0c:48:96:e4:e2:6f:2c:a0:74:48:ac:fa:b9:bb:bd:e8:be:24:
         9f:32:fc:80:f6:81:45:d9:9f:cf:c5:40:58:aa:95:cc:01:e4:
         fc:17:ed:ea:5b:56:5e:6c:de:52:4b:73:63:98:b4:56:b6:aa:
         5e:95:95:54:2f:f2:38:cd:ac:f3:2d:9f:83:64:62:ed:ca:21:
         4c:66:4e:89:6a:35:68:1d:52:6b:c2:72:50:c1:22:93:30:85:
         ce:dc:5e:07
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJu9ICoz9dIo5fiqgvmGd4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjQwMTAyMTAzMjU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDI4MjI5NTNhYTczMGMyNjQ1YjRlZGJlOGUyNThlZDI4Y2FmYjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7Y2VU0hk0Z2llQu9XmwouCM1+rp
JGSPwniBZ2GH3accJpaHgfjPzcrfwxVO0yFTYJsyXCqtaPtxgS50Nu6hkEq79jCB
YiORbodaB4zv42GGgfsJ6IHp8nIu78XAH0B28bGBBO+oU49Fdqc69EEBCiUQc3mB
n/ivLwmSwo8bxLTou2wGOy+3zjcf2ZtqDsQkS6J4hJ0CrEeN3A3uoGJLRMmwB35e
vKQjP82v6TVAsCG/6kdE8FGSH9Oe/h+7RonSbSO1IKhashxDr/cEnx9P2O/q2DWa
Slf4b8p8q+k8SJmfzvGtdewUUQLUDAJv14u+dbKNycaeaqeE1EJtEAQOxwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEAoIpU6pzDCZFtO2+jiWO0oyvsLMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvUUNnaWxUcW5NTUprVzA3YjZPSlk3U2pLLXdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABUAfED
BAFUAfQwDQYJKoZIhvcNAQELBQADggEBACiaeHiOcwaYoLltpuJHAQX+lNlldWtZ
9ErEumKAoIN+cP0GFA4GboOgUXCr7n04NXYytHDAfkb0dRMBHy8fa0hGDm2LQ/j1
cwjRKkue2nn7EYtz6AxoDAcOVHhga2Y0Whkmwe3MVD2iuTHNvKcyC2NqNS3JCMKS
JIIJTPG9Ou7JtDXha6RKdAtJWnvnclASdvr1SCjj+fOXcNIoSdqRh6l0WgxIluTi
byygdEis+rm7vei+JJ8y/ID2gUXZn8/FQFiqlcwB5PwX7epbVl5s3lJLc2OYtFa2
ql6VlVQv8jjNrPMtn4NkYu3KIUxmTolqNWgdUmvCclDBIpMwhc7cXgc=
-----END CERTIFICATE-----