Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/QoIUSTbDSDGsvb8CEfvm4eNXPBA.roa
File:                     QoIUSTbDSDGsvb8CEfvm4eNXPBA.roa (raw, json)
Hash identifier:          gPiqJD6j3kHrnXB8lrC6UOGHhiReFQLCbMSTQKZMdys=
Subject key identifier:   42:82:14:49:36:C3:48:31:AC:BD:BF:02:11:FB:E6:E1:E3:57:3C:10
Certificate issuer:       /CN=d25622457a1be33a01258866a067e0447dfd8964
Certificate serial:       018CC7956F6D1CD7A3035E6A970D03A6C34C
Authority key identifier: D2:56:22:45:7A:1B:E3:3A:01:25:88:66:A0:67:E0:44:7D:FD:89:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/QoIUSTbDSDGsvb8CEfvm4eNXPBA.roa
Signing time:             Tue 02 Jan 2024 00:31:48 +0000
ROA not before:           Tue 02 Jan 2024 00:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        185.234.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:6f:6d:1c:d7:a3:03:5e:6a:97:0d:03:a6:c3:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d25622457a1be33a01258866a067e0447dfd8964
        Validity
            Not Before: Jan  2 00:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4282144936c34831acbdbf0211fbe6e1e3573c10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:69:02:c6:62:e1:81:60:bd:4a:1f:4c:a9:25:
                    f0:d9:f9:c4:58:4c:d9:d6:3d:9f:fa:08:00:0c:31:
                    04:da:cb:b7:33:63:8c:b2:70:78:4f:9d:6b:28:c8:
                    a1:31:5c:55:89:13:a9:9b:ab:45:89:c6:58:e6:8f:
                    3d:5e:14:25:7f:b4:58:15:82:cc:03:7c:5d:0a:a6:
                    ac:c6:7c:65:89:00:f5:d8:a9:98:39:4f:c8:04:43:
                    ae:f5:47:80:44:7f:f7:3d:b1:9b:6b:dc:92:7f:01:
                    44:7f:77:3f:58:b6:1a:45:8e:1f:78:ed:50:71:3b:
                    24:6c:57:a9:29:a7:90:f0:c6:fd:d6:93:32:13:7a:
                    b2:23:2e:ce:3c:d7:ed:46:48:cc:d2:62:e1:aa:7d:
                    64:0b:11:27:07:44:0c:6c:5a:74:f5:e3:96:02:21:
                    68:85:67:1d:13:74:50:04:be:30:ea:b0:ac:1a:a9:
                    e8:d2:a3:1a:33:b0:54:dd:05:7b:97:c7:c7:ae:e1:
                    36:eb:13:c9:4f:94:35:e2:0f:61:4f:dd:11:d3:e9:
                    49:3f:a7:63:a9:e7:8d:c6:b5:2f:f1:e9:8f:af:b2:
                    56:4c:81:df:31:b3:e1:81:4a:a9:8b:f7:58:cf:9c:
                    39:3a:12:94:8e:f7:65:1b:b1:4e:dc:a0:72:72:4f:
                    6d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:82:14:49:36:C3:48:31:AC:BD:BF:02:11:FB:E6:E1:E3:57:3C:10
            X509v3 Authority Key Identifier:
                keyid:D2:56:22:45:7A:1B:E3:3A:01:25:88:66:A0:67:E0:44:7D:FD:89:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/QoIUSTbDSDGsvb8CEfvm4eNXPBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:76:1b:98:af:2a:eb:e6:aa:74:c6:6f:96:5c:c8:e7:16:54:
         84:90:99:cb:cc:89:c8:6c:a8:a6:b3:87:7e:8f:81:e8:a0:10:
         0a:6a:b9:51:6a:49:1f:c2:bb:a8:71:9d:6e:24:fd:6e:b7:4e:
         bb:b8:25:28:0e:24:8a:30:dd:ce:79:11:50:9b:36:f6:37:41:
         e6:eb:1c:95:60:f4:3e:9e:08:76:6c:ff:45:69:e6:89:75:14:
         2b:e4:fe:65:ab:6f:90:75:42:44:d7:30:d9:4e:25:a0:69:5e:
         c2:1c:b3:d6:6a:5f:05:2e:5d:3e:3d:ef:50:0b:bb:dd:cf:6e:
         3f:73:cf:89:f7:c5:57:41:ac:38:fe:f3:33:ea:b0:a6:b7:9f:
         1a:d7:37:5a:a4:08:21:1e:59:ed:34:01:b8:fd:11:5f:86:69:
         04:a6:0a:7c:e7:18:38:df:50:23:d5:1e:b8:0f:12:3e:85:e9:
         07:79:0c:7b:c1:d1:2e:56:8b:c2:94:68:8f:7f:09:47:d0:cb:
         94:43:38:36:66:13:0c:77:a1:ef:19:97:b9:1c:bb:ad:b0:7a:
         62:4c:25:8e:d4:b7:77:13:16:ca:18:a0:f9:58:00:9c:04:2f:
         5f:32:bd:1a:fd:1f:97:bb:59:cc:ab:72:14:52:d2:b3:e9:bc:
         8e:cf:e8:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlW9tHNejA15qlw0DpsNMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNTYyMjQ1N2ExYmUzM2EwMTI1ODg2NmEwNjdlMDQ0N2Rm
ZDg5NjQwHhcNMjQwMTAyMDAzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjgyMTQ0OTM2YzM0ODMxYWNiZGJmMDIxMWZiZTZlMWUzNTczYzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2kCxmLhgWC9Sh9MqSXw2fnEWEzZ
1j2f+ggADDEE2su3M2OMsnB4T51rKMihMVxViROpm6tFicZY5o89XhQlf7RYFYLM
A3xdCqasxnxliQD12KmYOU/IBEOu9UeARH/3PbGba9ySfwFEf3c/WLYaRY4feO1Q
cTskbFepKaeQ8Mb91pMyE3qyIy7OPNftRkjM0mLhqn1kCxEnB0QMbFp09eOWAiFo
hWcdE3RQBL4w6rCsGqno0qMaM7BU3QV7l8fHruE26xPJT5Q14g9hT90R0+lJP6dj
qeeNxrUv8emPr7JWTIHfMbPhgUqpi/dYz5w5OhKUjvdlG7FO3KByck9tQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEKCFEk2w0gxrL2/AhH75uHjVzwQMB8GA1UdIwQY
MBaAFNJWIkV6G+M6ASWIZqBn4ER9/YlkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGxZaVJYb2I0em9CSllobW9HZmdSSDM5aVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yNmI0N2ItZjJjZS00ZjJiLTlkMzMt
NDU1NzllNDE4ZmY3LzEvUW9JVVNUYkRTREdzdmI4Q0Vmdm00ZU5YUEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yNmI0N2ItZjJjZS00ZjJiLTlkMzMtNDU1NzllNDE4ZmY3
LzEvMGxZaVJYb2I0em9CSllobW9HZmdSSDM5aVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueoJMA0G
CSqGSIb3DQEBCwUAA4IBAQCIdhuYryrr5qp0xm+WXMjnFlSEkJnLzInIbKims4d+
j4HooBAKarlRakkfwruocZ1uJP1ut067uCUoDiSKMN3OeRFQmzb2N0Hm6xyVYPQ+
ngh2bP9FaeaJdRQr5P5lq2+QdUJE1zDZTiWgaV7CHLPWal8FLl0+Pe9QC7vdz24/
c8+J98VXQaw4/vMz6rCmt58a1zdapAghHlntNAG4/RFfhmkEpgp85xg431Aj1R64
DxI+hekHeQx7wdEuVovClGiPfwlH0MuUQzg2ZhMMd6HvGZe5HLutsHpiTCWO1Ld3
ExbKGKD5WACcBC9fMr0a/R+Xu1nMq3IUUtKz6byOz+ic
-----END CERTIFICATE-----