Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/QUvY20620dK6qUW49oobl2Ib9Og.roa
File:                     QUvY20620dK6qUW49oobl2Ib9Og.roa (raw, json)
Hash identifier:          E1KFLvEFY9eLPlFrZvsclW0FHMHJ6OXEK/PuT4NNzc4=
Subject key identifier:   41:4B:D8:DB:4E:B6:D1:D2:BA:A9:45:B8:F6:8A:1B:97:62:1B:F4:E8
Certificate issuer:       /CN=ed800950a31dcdacaac56adb936a42beb845e24b
Certificate serial:       018FDD7A8E3F16FB8841B69746DF7E2C5D4B
Authority key identifier: ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/QUvY20620dK6qUW49oobl2Ib9Og.roa
Signing time:             Mon 03 Jun 2024 09:42:27 +0000
ROA not before:           Mon 03 Jun 2024 09:42:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        185.221.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:dd:7a:8e:3f:16:fb:88:41:b6:97:46:df:7e:2c:5d:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed800950a31dcdacaac56adb936a42beb845e24b
        Validity
            Not Before: Jun  3 09:42:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=414bd8db4eb6d1d2baa945b8f68a1b97621bf4e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d0:82:72:0d:c3:54:8f:d8:82:d6:72:91:d0:
                    69:d3:9a:8c:8f:90:db:0f:5e:f4:db:6d:43:19:53:
                    24:b8:e9:f5:af:dd:6d:c6:d3:ac:9c:ce:84:1c:b9:
                    92:d8:f3:51:cc:af:ad:85:b2:27:c4:5c:91:66:8b:
                    a2:57:48:24:45:ab:7d:c0:1d:15:14:3e:61:d6:bb:
                    86:d3:74:04:e6:bd:ae:a2:79:76:49:78:74:2c:96:
                    17:fc:9f:9a:62:a4:f2:f4:d7:11:d0:6e:9e:38:83:
                    25:c5:cb:e3:b5:37:c1:34:0c:7a:f4:c0:e2:ea:22:
                    55:0b:3e:48:a2:50:03:97:62:f5:87:cc:f4:7c:0e:
                    de:42:8f:28:1b:21:90:64:90:74:75:cb:54:40:99:
                    c7:dd:cf:e2:a6:d7:3e:0e:96:e3:e2:6a:1e:19:eb:
                    2c:b6:d4:f3:0d:7d:81:c0:2f:58:c0:04:53:01:45:
                    82:4a:d9:f0:df:29:16:a3:8b:3e:53:3f:d2:7f:23:
                    cb:dc:7e:12:b4:23:bf:f7:58:37:96:5a:1a:06:14:
                    52:a8:f2:c5:7d:b3:c4:a2:e2:07:d3:f6:26:a5:27:
                    d2:73:e2:35:e1:a2:4c:95:c3:a3:99:a3:fa:38:16:
                    93:88:18:4d:ca:9b:67:be:d0:17:da:01:cc:9b:30:
                    05:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:4B:D8:DB:4E:B6:D1:D2:BA:A9:45:B8:F6:8A:1B:97:62:1B:F4:E8
            X509v3 Authority Key Identifier:
                keyid:ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/QUvY20620dK6qUW49oobl2Ib9Og.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:23:57:99:00:b6:7b:79:d2:c3:46:75:e0:a0:75:08:78:39:
         61:a5:20:68:10:d9:7c:b1:b9:70:87:eb:b8:af:3c:ad:9c:7c:
         e4:1d:f9:01:db:cc:ef:02:95:10:bc:7a:6b:d1:5e:ac:02:18:
         c6:e0:96:35:6e:1c:18:59:78:f8:8d:8f:a6:81:b3:fa:2f:a8:
         9c:92:ba:0d:7b:0b:af:e2:b6:e7:a5:c6:84:c4:44:61:0a:42:
         53:fa:dd:b5:48:6e:bf:f3:df:6a:4f:07:53:e1:6c:4c:79:84:
         f8:13:39:bd:45:78:1e:b9:64:ef:00:81:bb:46:8e:1d:64:dd:
         ad:ff:7a:57:2d:b8:02:b1:4d:8e:d4:6b:6d:02:a4:c7:89:b1:
         89:15:94:e5:42:1b:c1:06:d6:b1:ef:76:c0:cd:79:b6:aa:23:
         cd:c4:15:17:66:de:c5:06:3d:27:ca:6c:57:70:42:c2:de:a2:
         40:23:01:2b:64:9d:ac:fb:65:1e:12:3a:88:90:b6:75:4f:04:
         5e:71:5e:c9:f2:2a:96:6e:e3:cd:c6:ab:87:02:a0:c5:a5:45:
         f3:86:30:71:8e:98:91:26:18:72:2b:d0:9d:3c:87:e8:8a:fe:
         26:5a:8a:ed:df:e0:b1:a8:f9:f2:51:b8:31:bf:80:a1:63:b2:
         40:8a:94:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/deo4/FvuIQbaXRt9+LF1LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkODAwOTUwYTMxZGNkYWNhYWM1NmFkYjkzNmE0MmJlYjg0
NWUyNGIwHhcNMjQwNjAzMDk0MjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTRiZDhkYjRlYjZkMWQyYmFhOTQ1YjhmNjhhMWI5NzYyMWJmNGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNCCcg3DVI/YgtZykdBp05qMj5Db
D170221DGVMkuOn1r91txtOsnM6EHLmS2PNRzK+thbInxFyRZouiV0gkRat9wB0V
FD5h1ruG03QE5r2uonl2SXh0LJYX/J+aYqTy9NcR0G6eOIMlxcvjtTfBNAx69MDi
6iJVCz5IolADl2L1h8z0fA7eQo8oGyGQZJB0dctUQJnH3c/iptc+Dpbj4moeGess
ttTzDX2BwC9YwARTAUWCStnw3ykWo4s+Uz/SfyPL3H4StCO/91g3lloaBhRSqPLF
fbPEouIH0/YmpSfSc+I14aJMlcOjmaP6OBaTiBhNyptnvtAX2gHMmzAFowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFL2NtOttHSuqlFuPaKG5diG/ToMB8GA1UdIwQY
MBaAFO2ACVCjHc2sqsVq25NqQr64ReJLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUt
YTdmZDZjOGU3MGZkLzEvUVV2WTIwNjIwZEs2cVVXNDlvb2JsMkliOU9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUtYTdmZDZjOGU3MGZk
LzEvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud3ZMA0G
CSqGSIb3DQEBCwUAA4IBAQCJI1eZALZ7edLDRnXgoHUIeDlhpSBoENl8sblwh+u4
rzytnHzkHfkB28zvApUQvHpr0V6sAhjG4JY1bhwYWXj4jY+mgbP6L6ickroNewuv
4rbnpcaExERhCkJT+t21SG6/899qTwdT4WxMeYT4Ezm9RXgeuWTvAIG7Ro4dZN2t
/3pXLbgCsU2O1GttAqTHibGJFZTlQhvBBtax73bAzXm2qiPNxBUXZt7FBj0nymxX
cELC3qJAIwErZJ2s+2UeEjqIkLZ1TwRecV7J8iqWbuPNxquHAqDFpUXzhjBxjpiR
JhhyK9CdPIfoiv4mWort3+CxqPnyUbgxv4ChY7JAipRf
-----END CERTIFICATE-----