Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/052d38-6080-4e79-8a4b-625515ff5944/1/qzHhWrLbcYulg5Rz8NJ1yggYSc4.roa
File:                     qzHhWrLbcYulg5Rz8NJ1yggYSc4.roa (raw, json)
Hash identifier:          ZDVLeo8PfEP/BVo6iivFu2ylQ4yeIVBNq/FT1BKTv+M=
Subject key identifier:   AB:31:E1:5A:B2:DB:71:8B:A5:83:94:73:F0:D2:75:CA:08:18:49:CE
Certificate issuer:       /CN=bd85314d13c782c052dd022b3e4e20142b64170e
Certificate serial:       018CC87085AF2C92A34C49065F3EA884D856
Authority key identifier: BD:85:31:4D:13:C7:82:C0:52:DD:02:2B:3E:4E:20:14:2B:64:17:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vYUxTRPHgsBS3QIrPk4gFCtkFw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/052d38-6080-4e79-8a4b-625515ff5944/1/qzHhWrLbcYulg5Rz8NJ1yggYSc4.roa
Signing time:             Tue 02 Jan 2024 04:31:06 +0000
ROA not before:           Tue 02 Jan 2024 04:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211629
IP address blocks:        185.252.203.0/24 maxlen: 24
                          2a10:b340::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/052d38-6080-4e79-8a4b-625515ff5944/1/vYUxTRPHgsBS3QIrPk4gFCtkFw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/052d38-6080-4e79-8a4b-625515ff5944/1/vYUxTRPHgsBS3QIrPk4gFCtkFw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vYUxTRPHgsBS3QIrPk4gFCtkFw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:85:af:2c:92:a3:4c:49:06:5f:3e:a8:84:d8:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd85314d13c782c052dd022b3e4e20142b64170e
        Validity
            Not Before: Jan  2 04:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab31e15ab2db718ba5839473f0d275ca081849ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:13:76:f6:bd:44:9a:80:41:b5:34:d8:ea:c5:
                    85:79:7b:4e:6d:50:7f:7e:23:d7:3d:6e:20:b1:8a:
                    ef:4a:5a:c3:c7:72:98:e9:7e:58:10:7b:c4:83:fb:
                    8e:92:96:e9:5f:52:a4:4a:3b:ce:2d:35:80:ca:a9:
                    db:47:d6:5f:e3:2e:87:09:24:0e:30:85:cc:41:30:
                    68:ff:28:86:94:da:42:97:fc:23:46:cb:17:66:5f:
                    03:5c:1c:a4:40:50:d0:11:22:65:bb:1c:69:ad:db:
                    4d:91:2e:b0:d3:b3:ff:4a:e4:76:5a:12:7f:b2:74:
                    39:5b:25:2f:9f:90:65:5c:9a:08:fe:5e:78:66:cf:
                    9f:bc:c8:18:e7:85:4e:b7:2f:5a:9e:88:b1:e7:2e:
                    08:f8:24:88:a5:51:22:88:38:25:af:8e:fc:b2:71:
                    56:bd:99:80:65:63:6c:a5:1a:3d:74:65:a5:10:74:
                    c7:ce:22:23:32:d7:72:04:5d:ce:af:fe:6e:d5:9f:
                    5f:ea:55:7a:ba:32:12:a7:fe:29:11:b1:d5:41:69:
                    94:c5:60:23:3a:f0:1a:ae:7c:27:82:ba:3a:14:a6:
                    c9:c9:93:1f:28:3c:16:30:c3:3c:41:76:8a:31:0b:
                    06:29:e2:c2:f9:69:9a:3e:6e:9f:cb:b0:9a:d4:5d:
                    f1:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:31:E1:5A:B2:DB:71:8B:A5:83:94:73:F0:D2:75:CA:08:18:49:CE
            X509v3 Authority Key Identifier:
                keyid:BD:85:31:4D:13:C7:82:C0:52:DD:02:2B:3E:4E:20:14:2B:64:17:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vYUxTRPHgsBS3QIrPk4gFCtkFw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/052d38-6080-4e79-8a4b-625515ff5944/1/qzHhWrLbcYulg5Rz8NJ1yggYSc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/052d38-6080-4e79-8a4b-625515ff5944/1/vYUxTRPHgsBS3QIrPk4gFCtkFw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.203.0/24
                IPv6:
                  2a10:b340::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:13:be:f9:85:6e:1b:70:1e:67:9f:8e:a7:89:8a:c2:f2:d3:
         6d:1b:80:0e:d8:d0:a0:65:79:05:d3:c8:26:88:e5:d5:5a:47:
         06:44:6a:e0:f8:e2:30:50:5c:ad:a2:46:85:af:18:7e:f6:a0:
         0f:77:71:ff:13:87:7c:93:91:1f:58:fa:70:c2:0a:d8:23:41:
         6b:34:ea:4b:47:52:ca:c3:78:2c:26:45:20:26:4a:8c:e6:db:
         0a:15:fc:61:4f:81:6b:98:b4:e4:83:16:3d:c7:ae:94:f2:30:
         d4:df:17:c5:9f:f9:97:7d:71:2e:f1:0d:8f:01:11:f4:bf:1e:
         93:0d:5e:83:5e:85:e6:f1:71:3a:88:9d:11:c2:95:94:24:fa:
         19:40:5f:05:c2:4d:ef:45:5e:cf:a4:5f:fb:47:45:45:9f:7a:
         14:ac:64:d6:68:fe:8d:72:ab:fd:14:26:f5:30:ee:fb:39:a8:
         7b:41:9a:a5:0e:7f:47:a5:3c:4f:71:5b:fc:74:a6:26:59:5c:
         74:49:a8:7a:77:1a:fe:03:5d:17:cc:69:60:57:1a:16:1b:70:
         87:f3:97:cd:4e:12:c7:b8:5a:6e:ce:58:ca:e5:1f:b8:97:a7:
         4f:0c:17:de:8f:25:3c:9a:73:77:06:34:0d:49:d6:3c:a1:b5:
         2f:b3:bd:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcIWvLJKjTEkGXz6ohNhWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkODUzMTRkMTNjNzgyYzA1MmRkMDIyYjNlNGUyMDE0MmI2
NDE3MGUwHhcNMjQwMTAyMDQzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjMxZTE1YWIyZGI3MThiYTU4Mzk0NzNmMGQyNzVjYTA4MTg0OWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBN29r1EmoBBtTTY6sWFeXtObVB/
fiPXPW4gsYrvSlrDx3KY6X5YEHvEg/uOkpbpX1KkSjvOLTWAyqnbR9Zf4y6HCSQO
MIXMQTBo/yiGlNpCl/wjRssXZl8DXBykQFDQESJluxxprdtNkS6w07P/SuR2WhJ/
snQ5WyUvn5BlXJoI/l54Zs+fvMgY54VOty9anoix5y4I+CSIpVEiiDglr478snFW
vZmAZWNspRo9dGWlEHTHziIjMtdyBF3Or/5u1Z9f6lV6ujISp/4pEbHVQWmUxWAj
OvAarnwngro6FKbJyZMfKDwWMMM8QXaKMQsGKeLC+WmaPm6fy7Ca1F3xnQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKsx4Vqy23GLpYOUc/DSdcoIGEnOMB8GA1UdIwQY
MBaAFL2FMU0Tx4LAUt0CKz5OIBQrZBcOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdllVeFRSUEhnc0JTM1FJclBrNGdGQ3RrRnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8wNTJkMzgtNjA4MC00ZTc5LThhNGIt
NjI1NTE1ZmY1OTQ0LzEvcXpIaFdyTGJjWXVsZzVSejhOSjF5Z2dZU2M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8wNTJkMzgtNjA4MC00ZTc5LThhNGItNjI1NTE1ZmY1OTQ0
LzEvdllVeFRSUEhnc0JTM1FJclBrNGdGQ3RrRnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAufzLMA0E
AgACMAcDBQMqELNAMA0GCSqGSIb3DQEBCwUAA4IBAQCUE775hW4bcB5nn46niYrC
8tNtG4AO2NCgZXkF08gmiOXVWkcGRGrg+OIwUFytokaFrxh+9qAPd3H/E4d8k5Ef
WPpwwgrYI0FrNOpLR1LKw3gsJkUgJkqM5tsKFfxhT4FrmLTkgxY9x66U8jDU3xfF
n/mXfXEu8Q2PARH0vx6TDV6DXoXm8XE6iJ0RwpWUJPoZQF8Fwk3vRV7PpF/7R0VF
n3oUrGTWaP6Ncqv9FCb1MO77Oah7QZqlDn9HpTxPcVv8dKYmWVx0Sah6dxr+A10X
zGlgVxoWG3CH85fNThLHuFpuzljK5R+4l6dPDBfejyU8mnN3BjQNSdY8obUvs71B
-----END CERTIFICATE-----