Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9dfa0f-18a4-42f6-b9d5-06a4655c6362/1/QnVJsrrYT_1VW0m5yoN3CMONfdg.roa
File:                     QnVJsrrYT_1VW0m5yoN3CMONfdg.roa (raw, json)
Hash identifier:          5khTHtvZyAwF3jSm3k8rWbH24Kh3oH0FCN1g/3ApYs8=
Subject key identifier:   42:75:49:B2:BA:D8:4F:FD:55:5B:49:B9:CA:83:77:08:C3:8D:7D:D8
Certificate issuer:       /CN=8b515fbb31b30ca22d2f947c519ac471f02bb605
Certificate serial:       018CC50010BEB53A4EB7845B1B338A6737AD
Authority key identifier: 8B:51:5F:BB:31:B3:0C:A2:2D:2F:94:7C:51:9A:C4:71:F0:2B:B6:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i1FfuzGzDKItL5R8UZrEcfArtgU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9dfa0f-18a4-42f6-b9d5-06a4655c6362/1/QnVJsrrYT_1VW0m5yoN3CMONfdg.roa
Signing time:             Mon 01 Jan 2024 12:29:24 +0000
ROA not before:           Mon 01 Jan 2024 12:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206815
IP address blocks:        83.229.24.0/24 maxlen: 24
                          2a13:b280::/29 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9dfa0f-18a4-42f6-b9d5-06a4655c6362/1/i1FfuzGzDKItL5R8UZrEcfArtgU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9dfa0f-18a4-42f6-b9d5-06a4655c6362/1/i1FfuzGzDKItL5R8UZrEcfArtgU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i1FfuzGzDKItL5R8UZrEcfArtgU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:10:be:b5:3a:4e:b7:84:5b:1b:33:8a:67:37:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b515fbb31b30ca22d2f947c519ac471f02bb605
        Validity
            Not Before: Jan  1 12:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=427549b2bad84ffd555b49b9ca837708c38d7dd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e8:46:86:20:4d:70:9c:55:c6:dd:bd:99:76:
                    38:30:7a:6a:56:68:58:54:85:75:58:f9:e5:fc:6c:
                    dd:d4:45:0b:84:db:8e:5b:a2:60:3b:dc:3c:6d:3e:
                    36:ef:e7:87:28:18:38:13:5f:ae:53:c6:ad:ae:0a:
                    43:9d:1b:70:14:90:43:8b:0d:6b:d2:f4:65:a1:16:
                    70:7f:b5:d9:f8:ac:dd:d4:34:2f:da:ff:86:92:df:
                    d2:37:ff:76:83:81:37:74:41:e5:86:0a:22:68:da:
                    4e:35:8b:8a:00:42:08:f5:39:ec:6e:45:3f:07:bd:
                    d0:06:54:90:b3:bc:90:58:66:e5:13:8d:34:5d:fd:
                    33:b7:79:a9:a5:87:d9:67:63:44:f8:59:18:7f:bd:
                    4e:a0:a5:43:14:8d:6d:1f:69:44:4c:33:5c:98:2f:
                    f9:90:54:b0:e8:6a:12:b9:19:02:ca:75:36:64:6c:
                    7a:d1:43:e9:3a:e1:d2:89:9c:d3:7f:14:6d:1c:17:
                    de:0d:0a:5f:a1:0f:a4:f0:7c:0f:5a:e1:30:ed:91:
                    a8:6b:b2:81:1b:68:74:75:3a:a3:69:5d:5d:b3:51:
                    89:e5:a4:34:e9:dc:29:e1:a2:92:fa:ed:b8:b1:ba:
                    a5:42:b3:4a:96:28:43:ae:17:a3:1e:e3:48:5d:e0:
                    bd:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:75:49:B2:BA:D8:4F:FD:55:5B:49:B9:CA:83:77:08:C3:8D:7D:D8
            X509v3 Authority Key Identifier:
                keyid:8B:51:5F:BB:31:B3:0C:A2:2D:2F:94:7C:51:9A:C4:71:F0:2B:B6:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i1FfuzGzDKItL5R8UZrEcfArtgU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9dfa0f-18a4-42f6-b9d5-06a4655c6362/1/QnVJsrrYT_1VW0m5yoN3CMONfdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9dfa0f-18a4-42f6-b9d5-06a4655c6362/1/i1FfuzGzDKItL5R8UZrEcfArtgU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.229.24.0/24
                IPv6:
                  2a13:b280::/29

    Signature Algorithm: sha256WithRSAEncryption
         b4:f8:79:25:10:93:f5:1b:a8:85:28:ed:01:8c:9b:de:df:f3:
         ec:11:bd:39:73:56:03:ad:49:20:7c:17:d2:74:e0:6f:84:93:
         db:56:40:bd:60:d5:26:c5:d5:78:7c:f8:c7:4f:6b:14:a9:0c:
         c5:64:b5:b2:83:9c:82:12:86:64:be:a3:e5:72:0e:1d:3d:aa:
         fb:68:2a:a6:94:da:57:23:e8:40:93:8b:cb:95:d1:de:29:40:
         d5:ca:76:b8:2c:4a:df:2e:b6:8f:61:be:88:06:fa:80:d7:fb:
         26:88:3c:08:3c:54:d6:69:bf:fb:0b:4e:fa:5e:bf:71:cd:0c:
         f1:d6:22:9b:a5:8b:c7:a8:4f:37:be:10:0d:25:55:6f:95:8b:
         b3:47:38:d8:96:cf:c6:51:5e:bd:59:de:c0:34:ca:ad:4d:66:
         e5:df:e5:ba:f1:ca:5c:36:1d:96:f0:0e:f0:d6:48:bc:ee:a3:
         12:91:3d:85:f2:c6:4f:8d:16:96:2c:1e:15:37:d4:cc:a4:67:
         52:30:ba:bb:01:ee:ec:fc:68:b8:10:e1:19:2f:01:1d:d0:e5:
         c5:d9:89:9e:a7:65:04:4a:69:2b:f5:4f:19:fb:61:96:cf:d4:
         e4:73:f4:d7:80:60:fc:36:18:84:fe:28:73:4f:8c:67:4b:ce:
         96:90:dd:f5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFABC+tTpOt4RbGzOKZzetMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNTE1ZmJiMzFiMzBjYTIyZDJmOTQ3YzUxOWFjNDcxZjAy
YmI2MDUwHhcNMjQwMTAxMTIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjc1NDliMmJhZDg0ZmZkNTU1YjQ5YjljYTgzNzcwOGMzOGQ3ZGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+hGhiBNcJxVxt29mXY4MHpqVmhY
VIV1WPnl/Gzd1EULhNuOW6JgO9w8bT427+eHKBg4E1+uU8atrgpDnRtwFJBDiw1r
0vRloRZwf7XZ+Kzd1DQv2v+Gkt/SN/92g4E3dEHlhgoiaNpONYuKAEII9TnsbkU/
B73QBlSQs7yQWGblE400Xf0zt3mppYfZZ2NE+FkYf71OoKVDFI1tH2lETDNcmC/5
kFSw6GoSuRkCynU2ZGx60UPpOuHSiZzTfxRtHBfeDQpfoQ+k8HwPWuEw7ZGoa7KB
G2h0dTqjaV1ds1GJ5aQ06dwp4aKS+u24sbqlQrNKlihDrhejHuNIXeC9HwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEJ1SbK62E/9VVtJucqDdwjDjX3YMB8GA1UdIwQY
MBaAFItRX7sxswyiLS+UfFGaxHHwK7YFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTFGZnV6R3pES0l0TDVSOFVackVjZkFydGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85ZGZhMGYtMThhNC00MmY2LWI5ZDUt
MDZhNDY1NWM2MzYyLzEvUW5WSnNycllUXzFWVzBtNXlvTjNDTU9OZmRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85ZGZhMGYtMThhNC00MmY2LWI5ZDUtMDZhNDY1NWM2MzYy
LzEvaTFGZnV6R3pES0l0TDVSOFVackVjZkFydGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAU+UYMA0E
AgACMAcDBQMqE7KAMA0GCSqGSIb3DQEBCwUAA4IBAQC0+HklEJP1G6iFKO0BjJve
3/PsEb05c1YDrUkgfBfSdOBvhJPbVkC9YNUmxdV4fPjHT2sUqQzFZLWyg5yCEoZk
vqPlcg4dPar7aCqmlNpXI+hAk4vLldHeKUDVyna4LErfLraPYb6IBvqA1/smiDwI
PFTWab/7C076Xr9xzQzx1iKbpYvHqE83vhANJVVvlYuzRzjYls/GUV69Wd7ANMqt
TWbl3+W68cpcNh2W8A7w1ki87qMSkT2F8sZPjRaWLB4VN9TMpGdSMLq7Ae7s/Gi4
EOEZLwEd0OXF2Ymep2UESmkr9U8Z+2GWz9Tkc/TXgGD8NhiE/ihzT4xnS86WkN31
-----END CERTIFICATE-----