Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/Qcv3udxBZzp5KpxEdKGc4XBm0x8.roa
File:                     Qcv3udxBZzp5KpxEdKGc4XBm0x8.roa (raw, json)
Hash identifier:          K5GGpUMtklGsk5M1tPJ8K74ao9Ro7eWjcco53PDHKrk=
Subject key identifier:   41:CB:F7:B9:DC:41:67:3A:79:2A:9C:44:74:A1:9C:E1:70:66:D3:1F
Certificate issuer:       /CN=e631b080d4ea6fd0616a6e701c7c815d6ff87c00
Certificate serial:       018CC86F9FB463C87E5E71934C54B8A8F98B
Authority key identifier: E6:31:B0:80:D4:EA:6F:D0:61:6A:6E:70:1C:7C:81:5D:6F:F8:7C:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5jGwgNTqb9Bham5wHHyBXW_4fAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/Qcv3udxBZzp5KpxEdKGc4XBm0x8.roa
Signing time:             Tue 02 Jan 2024 04:30:07 +0000
ROA not before:           Tue 02 Jan 2024 04:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202692
IP address blocks:        185.156.208.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/5jGwgNTqb9Bham5wHHyBXW_4fAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/5jGwgNTqb9Bham5wHHyBXW_4fAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5jGwgNTqb9Bham5wHHyBXW_4fAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:9f:b4:63:c8:7e:5e:71:93:4c:54:b8:a8:f9:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e631b080d4ea6fd0616a6e701c7c815d6ff87c00
        Validity
            Not Before: Jan  2 04:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41cbf7b9dc41673a792a9c4474a19ce17066d31f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ea:68:c3:3e:7c:e5:64:b7:a7:41:ba:2d:04:
                    73:aa:72:d1:2b:37:72:6b:53:eb:1f:00:f5:e7:ec:
                    e8:85:7e:03:4a:39:e2:c9:9d:36:95:8a:24:06:b7:
                    ec:fd:86:ac:41:39:91:c4:40:95:25:b1:f9:43:b4:
                    6b:b2:3d:ca:61:53:5c:3c:2c:a7:08:ae:c5:2a:9b:
                    97:3d:3b:ab:cd:df:7a:46:a5:bb:d7:fa:46:c3:aa:
                    4c:35:58:ff:3f:58:4f:f5:c4:eb:b5:9f:b0:d4:2f:
                    cf:54:c6:2a:f4:48:52:5f:ca:27:fd:4a:19:ad:6d:
                    8a:a8:41:db:46:02:a0:eb:8e:5e:40:f8:52:76:84:
                    d7:af:0a:57:10:c1:2c:3b:83:43:c9:a7:ef:fd:c5:
                    74:e3:74:a2:a0:21:ce:6b:29:f1:a1:8a:25:b5:ee:
                    db:f7:75:df:fb:f7:42:21:de:d7:c8:9d:f8:7b:ce:
                    36:ef:77:0a:53:8b:d9:2d:20:38:47:54:98:9d:82:
                    1d:77:f2:e3:75:94:a4:eb:b3:2e:7b:4e:ce:ee:3f:
                    60:4a:87:b2:28:6e:7f:2e:7d:cd:cd:17:08:20:71:
                    41:6a:99:d7:2a:ba:34:d9:09:96:f6:cb:12:57:54:
                    6f:4d:fd:70:37:ff:51:88:7d:c7:e5:e5:f1:76:e0:
                    71:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:CB:F7:B9:DC:41:67:3A:79:2A:9C:44:74:A1:9C:E1:70:66:D3:1F
            X509v3 Authority Key Identifier:
                keyid:E6:31:B0:80:D4:EA:6F:D0:61:6A:6E:70:1C:7C:81:5D:6F:F8:7C:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5jGwgNTqb9Bham5wHHyBXW_4fAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/Qcv3udxBZzp5KpxEdKGc4XBm0x8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/5jGwgNTqb9Bham5wHHyBXW_4fAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bf:8f:d1:5e:aa:91:47:cf:53:d6:76:1f:6b:e9:ba:bb:7c:0a:
         dd:c1:19:55:e7:57:c9:36:bc:09:02:7b:ba:53:c7:6e:21:2f:
         10:4e:17:5b:25:54:79:8b:bc:f7:ba:e9:0b:bd:14:9b:64:3d:
         d8:25:d4:c5:64:93:f6:7f:a3:71:83:f1:33:a6:12:2b:03:5c:
         39:c2:aa:8e:f6:9f:76:47:e2:c3:05:8c:11:cd:72:ed:ca:be:
         29:b6:b6:3b:92:61:a4:f0:0e:59:9d:f9:f3:23:dc:16:7e:e1:
         16:92:6a:e1:91:8c:b3:6f:cd:9e:17:44:48:12:f2:53:04:05:
         25:fa:06:e3:14:fa:cf:29:76:86:ab:c9:2d:6b:62:9f:fd:16:
         2b:c2:a0:a7:60:45:b8:79:93:fa:58:f6:ea:dd:bc:a8:3a:20:
         3d:d5:b8:06:9f:e8:54:bc:6a:0f:7e:f4:24:c9:53:e6:f4:eb:
         a9:7d:94:94:28:5c:86:38:24:b8:44:ad:50:ce:e8:f4:62:94:
         57:85:f8:45:73:8e:cf:13:6a:cf:a2:51:d4:18:af:c8:ce:b2:
         c5:fb:cf:68:fc:a9:ca:ef:3f:47:f1:9c:1f:f2:5a:14:2f:e0:
         1f:aa:f8:49:39:ac:8e:c0:d3:91:3f:d8:e5:29:f9:35:8d:7a:
         22:5c:0d:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb5+0Y8h+XnGTTFS4qPmLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MzFiMDgwZDRlYTZmZDA2MTZhNmU3MDFjN2M4MTVkNmZm
ODdjMDAwHhcNMjQwMTAyMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWNiZjdiOWRjNDE2NzNhNzkyYTljNDQ3NGExOWNlMTcwNjZkMzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2epowz585WS3p0G6LQRzqnLRKzdy
a1PrHwD15+zohX4DSjniyZ02lYokBrfs/YasQTmRxECVJbH5Q7Rrsj3KYVNcPCyn
CK7FKpuXPTurzd96RqW71/pGw6pMNVj/P1hP9cTrtZ+w1C/PVMYq9EhSX8on/UoZ
rW2KqEHbRgKg645eQPhSdoTXrwpXEMEsO4NDyafv/cV043SioCHOaynxoYolte7b
93Xf+/dCId7XyJ34e84273cKU4vZLSA4R1SYnYIdd/LjdZSk67Mue07O7j9gSoey
KG5/Ln3NzRcIIHFBapnXKro02QmW9ssSV1RvTf1wN/9RiH3H5eXxduBxkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHL97ncQWc6eSqcRHShnOFwZtMfMB8GA1UdIwQY
MBaAFOYxsIDU6m/QYWpucBx8gV1v+HwAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWpHd2dOVHFiOUJoYW01d0hIeUJYV180ZkFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9kY2RhZTYtZDY5NS00MjY2LWJhOWIt
OTNiM2EzNjk2ZDk2LzEvUWN2M3VkeEJaenA1S3B4RWRLR2M0WEJtMHg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9kY2RhZTYtZDY5NS00MjY2LWJhOWItOTNiM2EzNjk2ZDk2
LzEvNWpHd2dOVHFiOUJoYW01d0hIeUJYV180ZkFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZzQMA0G
CSqGSIb3DQEBCwUAA4IBAQC/j9FeqpFHz1PWdh9r6bq7fArdwRlV51fJNrwJAnu6
U8duIS8QThdbJVR5i7z3uukLvRSbZD3YJdTFZJP2f6Nxg/EzphIrA1w5wqqO9p92
R+LDBYwRzXLtyr4ptrY7kmGk8A5ZnfnzI9wWfuEWkmrhkYyzb82eF0RIEvJTBAUl
+gbjFPrPKXaGq8kta2Kf/RYrwqCnYEW4eZP6WPbq3byoOiA91bgGn+hUvGoPfvQk
yVPm9OupfZSUKFyGOCS4RK1Qzuj0YpRXhfhFc47PE2rPolHUGK/IzrLF+89o/KnK
7z9H8Zwf8loUL+AfqvhJOayOwNORP9jlKfk1jXoiXA23
-----END CERTIFICATE-----