Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/AVqaisBA7GKa9d0RGu5icY8HrTU.roa
File:                     AVqaisBA7GKa9d0RGu5icY8HrTU.roa (raw, json)
Hash identifier:          hQF7Klkoi+T0e4SXiycc12Xq2Q/ZEWbCVkxAT4oP1Gw=
Subject key identifier:   01:5A:9A:8A:C0:40:EC:62:9A:F5:DD:11:1A:EE:62:71:8F:07:AD:35
Certificate issuer:       /CN=ff62562cae873f4fc4a3232bf49dd5343b7084f9
Certificate serial:       0190C140991F89C9A001DB42B0F40C76476F
Authority key identifier: FF:62:56:2C:AE:87:3F:4F:C4:A3:23:2B:F4:9D:D5:34:3B:70:84:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_2JWLK6HP0_EoyMr9J3VNDtwhPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/AVqaisBA7GKa9d0RGu5icY8HrTU.roa
Signing time:             Wed 17 Jul 2024 15:12:34 +0000
ROA not before:           Wed 17 Jul 2024 15:12:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        185.187.123.0/24 maxlen: 24
                          2a0b:9e80:2000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/_2JWLK6HP0_EoyMr9J3VNDtwhPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/_2JWLK6HP0_EoyMr9J3VNDtwhPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_2JWLK6HP0_EoyMr9J3VNDtwhPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c1:40:99:1f:89:c9:a0:01:db:42:b0:f4:0c:76:47:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff62562cae873f4fc4a3232bf49dd5343b7084f9
        Validity
            Not Before: Jul 17 15:12:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=015a9a8ac040ec629af5dd111aee62718f07ad35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e3:b2:f4:af:f6:a0:2d:39:f9:11:c5:42:9a:
                    33:92:39:e8:f4:69:a4:1e:8f:96:58:ee:dc:cc:44:
                    59:04:74:cf:5a:66:6d:9b:e6:84:a1:1f:36:cd:09:
                    72:55:02:73:20:1f:3b:b5:81:45:32:a5:b1:9c:78:
                    de:9c:ee:81:e1:51:cb:c1:8e:93:df:ba:01:62:ce:
                    43:e2:33:b0:1a:f3:55:f3:f4:a0:9e:a7:ad:46:57:
                    65:88:27:99:b6:b3:e1:57:a3:1b:de:3f:1e:b2:eb:
                    22:c8:0e:28:60:a7:73:a4:1c:ff:78:24:94:cc:ef:
                    e9:fb:e0:09:2b:b2:43:7f:ff:bb:55:63:41:6d:40:
                    e3:d3:b2:e0:cd:62:7d:45:20:7f:71:70:e8:a0:f5:
                    fb:8b:ab:3b:0f:42:ad:49:14:8b:77:62:c3:6f:b2:
                    0b:27:d4:01:1c:cd:40:66:5f:49:25:ed:72:c2:bc:
                    bd:c0:5d:d3:7c:1b:76:b9:2d:bb:4e:80:cf:ae:ca:
                    dd:8d:b4:0c:1b:6d:83:e0:03:ba:22:43:02:a5:e1:
                    27:58:58:43:c3:28:6c:81:31:09:08:23:ec:64:89:
                    01:e9:31:bf:6d:ed:8a:63:67:9b:df:29:c4:fd:5a:
                    dc:b2:6a:59:2a:c5:d7:c7:14:26:d1:89:22:9c:1d:
                    95:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:5A:9A:8A:C0:40:EC:62:9A:F5:DD:11:1A:EE:62:71:8F:07:AD:35
            X509v3 Authority Key Identifier:
                keyid:FF:62:56:2C:AE:87:3F:4F:C4:A3:23:2B:F4:9D:D5:34:3B:70:84:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_2JWLK6HP0_EoyMr9J3VNDtwhPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/AVqaisBA7GKa9d0RGu5icY8HrTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/_2JWLK6HP0_EoyMr9J3VNDtwhPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.123.0/24
                IPv6:
                  2a0b:9e80:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:cc:3a:5d:e4:32:85:11:1f:4b:bc:d6:e2:d1:29:0d:6c:ee:
         11:76:2f:85:2b:00:d3:1d:8d:f8:60:80:99:f9:3c:37:ae:68:
         a4:02:4a:68:52:fe:fc:a5:aa:c9:7f:81:94:2f:c3:dc:e8:a1:
         01:6f:54:c0:e5:32:0c:87:59:9b:53:c0:d1:64:86:73:11:cd:
         b3:b0:3e:26:fd:eb:2f:ad:75:4d:c3:6c:43:10:6c:76:04:c3:
         62:87:f6:9a:ab:6e:2b:10:3b:e2:90:fa:22:2b:66:a2:39:78:
         4e:b8:95:f1:b4:13:0a:fd:63:4a:89:24:db:31:96:90:7c:41:
         d4:62:33:02:d6:66:60:9a:63:5b:50:8f:be:38:8b:7d:b0:31:
         11:50:fd:04:59:12:cd:5a:8a:a1:a2:d5:e4:32:92:df:f1:da:
         3c:31:bb:91:29:a4:ef:74:1c:a0:f8:08:d3:d5:7e:81:d4:2c:
         98:e0:f3:31:dc:20:e1:cb:80:af:7c:da:24:e4:d4:55:96:a2:
         46:80:6f:9a:de:a5:f2:fc:86:dc:5b:43:ac:de:b4:03:db:b1:
         80:63:e2:b7:f9:ba:9b:a5:7f:54:b5:fd:e2:af:b4:fc:07:e4:
         fb:b3:21:79:a6:d0:02:79:71:0f:bb:82:9e:b9:f7:11:b5:51:
         20:c2:29:b7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZDBQJkficmgAdtCsPQMdkdvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNjI1NjJjYWU4NzNmNGZjNGEzMjMyYmY0OWRkNTM0M2I3
MDg0ZjkwHhcNMjQwNzE3MTUxMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTVhOWE4YWMwNDBlYzYyOWFmNWRkMTExYWVlNjI3MThmMDdhZDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuOy9K/2oC05+RHFQpozkjno9Gmk
Ho+WWO7czERZBHTPWmZtm+aEoR82zQlyVQJzIB87tYFFMqWxnHjenO6B4VHLwY6T
37oBYs5D4jOwGvNV8/SgnqetRldliCeZtrPhV6Mb3j8esusiyA4oYKdzpBz/eCSU
zO/p++AJK7JDf/+7VWNBbUDj07LgzWJ9RSB/cXDooPX7i6s7D0KtSRSLd2LDb7IL
J9QBHM1AZl9JJe1ywry9wF3TfBt2uS27ToDPrsrdjbQMG22D4AO6IkMCpeEnWFhD
wyhsgTEJCCPsZIkB6TG/be2KY2eb3ynE/VrcsmpZKsXXxxQm0YkinB2VMwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAFamorAQOximvXdERruYnGPB601MB8GA1UdIwQY
MBaAFP9iViyuhz9PxKMjK/Sd1TQ7cIT5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzJKV0xLNkhQMF9Fb3lNcjlKM1ZORHR3aFBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zZGMzYzQtOWM0OC00YTY0LThmYTEt
ODhmN2I5MWI2ZTMyLzEvQVZxYWlzQkE3R0thOWQwUkd1NWljWThIclRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zZGMzYzQtOWM0OC00YTY0LThmYTEtODhmN2I5MWI2ZTMy
LzEvXzJKV0xLNkhQMF9Fb3lNcjlKM1ZORHR3aFBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAubt7MA8E
AgACMAkDBwAqC56AIAAwDQYJKoZIhvcNAQELBQADggEBAEfMOl3kMoURH0u81uLR
KQ1s7hF2L4UrANMdjfhggJn5PDeuaKQCSmhS/vylqsl/gZQvw9zooQFvVMDlMgyH
WZtTwNFkhnMRzbOwPib96y+tdU3DbEMQbHYEw2KH9pqrbisQO+KQ+iIrZqI5eE64
lfG0Ewr9Y0qJJNsxlpB8QdRiMwLWZmCaY1tQj744i32wMRFQ/QRZEs1aiqGi1eQy
kt/x2jwxu5EppO90HKD4CNPVfoHULJjg8zHcIOHLgK982iTk1FWWokaAb5repfL8
htxbQ6zetAPbsYBj4rf5upulf1S1/eKvtPwH5PuzIXmm0AJ5cQ+7gp659xG1USDC
Kbc=
-----END CERTIFICATE-----