Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/qb2UkRjkgoCvV0g1kvMjr0ll7rQ.roa
File:                     qb2UkRjkgoCvV0g1kvMjr0ll7rQ.roa (raw, json)
Hash identifier:          FVkPJ6VbmC+tchIB2VyKOJBjW8iiq61Osa54IAAwRbE=
Subject key identifier:   A9:BD:94:91:18:E4:82:80:AF:57:48:35:92:F3:23:AF:49:65:EE:B4
Certificate issuer:       /CN=ba4d0e69ab769f65bb2b155bdfa83a7186eeac44
Certificate serial:       01917E370CD1B51E723CF00251B7115B7210
Authority key identifier: BA:4D:0E:69:AB:76:9F:65:BB:2B:15:5B:DF:A8:3A:71:86:EE:AC:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/qb2UkRjkgoCvV0g1kvMjr0ll7rQ.roa
Signing time:             Fri 23 Aug 2024 07:50:22 +0000
ROA not before:           Fri 23 Aug 2024 07:50:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31715
IP address blocks:        194.246.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7e:37:0c:d1:b5:1e:72:3c:f0:02:51:b7:11:5b:72:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba4d0e69ab769f65bb2b155bdfa83a7186eeac44
        Validity
            Not Before: Aug 23 07:50:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9bd949118e48280af57483592f323af4965eeb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:13:fa:61:56:ee:2d:75:79:9c:47:94:1e:30:
                    c1:f5:d6:7a:3f:55:e9:69:e7:a4:db:c3:72:24:70:
                    b1:21:28:ee:51:3b:09:a7:8e:6f:1f:d7:6c:c0:48:
                    04:9e:a1:d0:ee:5a:98:d3:e2:d7:25:ad:fc:4c:e4:
                    86:3d:00:c6:aa:d1:e0:cd:46:c9:35:1c:33:6a:5a:
                    d1:34:eb:76:6c:ba:51:1b:ef:16:68:3b:76:72:72:
                    30:f2:29:56:1c:4f:5e:21:f4:fe:fe:14:0b:5a:ff:
                    ef:48:8b:18:e3:2d:0c:ee:2b:c6:25:11:8d:01:c3:
                    58:da:26:13:27:fd:6e:c9:7b:97:04:91:79:89:0d:
                    dd:da:f6:59:9a:cc:c9:5d:d9:9a:1b:2b:78:c5:3b:
                    d7:c6:3a:c8:32:73:ee:85:e0:d6:2c:ac:57:76:f0:
                    29:79:b7:3d:ea:e9:94:eb:b5:e5:aa:2e:fd:c0:71:
                    22:16:bc:dc:c9:3f:b8:bd:07:99:e3:68:de:aa:f1:
                    10:10:3e:e7:14:96:cc:db:85:9c:70:e2:70:0a:56:
                    10:fa:f0:b8:f9:d1:89:5c:e4:81:b0:ba:6c:c8:b6:
                    69:c8:f5:7f:6f:4b:76:1f:c3:97:f2:30:5e:fc:c3:
                    ff:45:07:59:eb:1b:22:6e:c6:9b:f0:fa:2e:c8:eb:
                    bd:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:BD:94:91:18:E4:82:80:AF:57:48:35:92:F3:23:AF:49:65:EE:B4
            X509v3 Authority Key Identifier:
                keyid:BA:4D:0E:69:AB:76:9F:65:BB:2B:15:5B:DF:A8:3A:71:86:EE:AC:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/qb2UkRjkgoCvV0g1kvMjr0ll7rQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:b4:92:aa:d1:24:92:29:c3:95:1c:b8:77:00:2e:ce:35:f6:
         de:00:1c:4c:fb:e2:de:67:d4:9b:4b:5a:57:87:80:66:4c:0e:
         8e:46:d1:98:32:09:1a:06:d4:6d:00:b3:44:a9:1a:52:ed:a9:
         ed:2b:37:5a:8d:67:46:b2:fa:b1:1d:71:33:61:b5:ac:d4:a1:
         0b:5b:4f:a3:9c:eb:58:33:e0:22:ac:b2:d4:7b:05:21:4f:a3:
         44:45:94:1c:12:e2:e4:81:b2:4d:46:c1:06:8a:19:f7:88:b9:
         14:ef:4c:8d:66:a3:18:d7:e2:2c:df:35:15:bb:4e:7c:16:48:
         bb:36:46:3e:22:b5:55:7b:f0:fb:1b:84:f0:e1:c6:18:69:bd:
         9e:0f:8e:b4:c5:59:38:2d:6a:b3:02:4c:ec:75:97:81:f1:e2:
         e3:d8:9c:66:21:3c:fd:8b:a6:c0:68:53:16:a6:99:25:ca:82:
         2d:25:12:3f:39:57:17:99:2f:e4:3b:01:bb:9b:0c:50:31:48:
         bb:d8:c2:8e:30:44:2e:ac:fb:c5:ad:fa:8d:e0:ef:8d:10:84:
         50:80:99:0e:dc:30:49:cd:73:64:47:e2:91:ae:fe:27:26:dd:
         48:fa:44:7d:e8:cf:71:ab:93:78:0e:ae:a6:17:d9:fb:62:96:
         3b:ec:92:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF+NwzRtR5yPPACUbcRW3IQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNGQwZTY5YWI3NjlmNjViYjJiMTU1YmRmYTgzYTcxODZl
ZWFjNDQwHhcNMjQwODIzMDc1MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWJkOTQ5MTE4ZTQ4MjgwYWY1NzQ4MzU5MmYzMjNhZjQ5NjVlZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhP6YVbuLXV5nEeUHjDB9dZ6P1Xp
aeek28NyJHCxISjuUTsJp45vH9dswEgEnqHQ7lqY0+LXJa38TOSGPQDGqtHgzUbJ
NRwzalrRNOt2bLpRG+8WaDt2cnIw8ilWHE9eIfT+/hQLWv/vSIsY4y0M7ivGJRGN
AcNY2iYTJ/1uyXuXBJF5iQ3d2vZZmszJXdmaGyt4xTvXxjrIMnPuheDWLKxXdvAp
ebc96umU67Xlqi79wHEiFrzcyT+4vQeZ42jeqvEQED7nFJbM24WccOJwClYQ+vC4
+dGJXOSBsLpsyLZpyPV/b0t2H8OX8jBe/MP/RQdZ6xsibsab8PouyOu9XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKm9lJEY5IKAr1dINZLzI69JZe60MB8GA1UdIwQY
MBaAFLpNDmmrdp9luysVW9+oOnGG7qxEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWswT2FhdDJuMlc3S3hWYjM2ZzZjWWJ1ckVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8zZDZkNmMtZjU4ZC00MmU2LWI2ODgt
OGVmZjNmZDNjNDhhLzEvcWIyVWtSamtnb0N2VjBnMWt2TWpyMGxsN3JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8zZDZkNmMtZjU4ZC00MmU2LWI2ODgtOGVmZjNmZDNjNDhh
LzEvdWswT2FhdDJuMlc3S3hWYjM2ZzZjWWJ1ckVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvYkMA0G
CSqGSIb3DQEBCwUAA4IBAQAMtJKq0SSSKcOVHLh3AC7ONfbeABxM++LeZ9SbS1pX
h4BmTA6ORtGYMgkaBtRtALNEqRpS7antKzdajWdGsvqxHXEzYbWs1KELW0+jnOtY
M+AirLLUewUhT6NERZQcEuLkgbJNRsEGihn3iLkU70yNZqMY1+Is3zUVu058Fki7
NkY+IrVVe/D7G4Tw4cYYab2eD460xVk4LWqzAkzsdZeB8eLj2JxmITz9i6bAaFMW
ppklyoItJRI/OVcXmS/kOwG7mwxQMUi72MKOMEQurPvFrfqN4O+NEIRQgJkO3DBJ
zXNkR+KRrv4nJt1I+kR96M9xq5N4Dq6mF9n7YpY77JIV
-----END CERTIFICATE-----