Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/3b06a3-caf4-4d6c-bb7b-a3578c944040/1/18_QPDHDP4D1etmy3HKrqZeVo5s.roa
File:                     18_QPDHDP4D1etmy3HKrqZeVo5s.roa (raw, json)
Hash identifier:          YA9wfhkvV1de8v4NfXxuWTqHd19VrQMX+7aAhscfJsE=
Subject key identifier:   D7:CF:D0:3C:31:C3:3F:80:F5:7A:D9:B2:DC:72:AB:A9:97:95:A3:9B
Certificate issuer:       /CN=a65db89e8bb660f21eb5c4af3b9add52d57eb89f
Certificate serial:       0191B83F4FD2B8AFB679B49575CCEE51C935
Authority key identifier: A6:5D:B8:9E:8B:B6:60:F2:1E:B5:C4:AF:3B:9A:DD:52:D5:7E:B8:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pl24nou2YPIetcSvO5rdUtV-uJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/3b06a3-caf4-4d6c-bb7b-a3578c944040/1/18_QPDHDP4D1etmy3HKrqZeVo5s.roa
Signing time:             Tue 03 Sep 2024 14:17:22 +0000
ROA not before:           Tue 03 Sep 2024 14:17:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50819
IP address blocks:        91.234.168.0/23 maxlen: 23
                          194.1.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/3b06a3-caf4-4d6c-bb7b-a3578c944040/1/pl24nou2YPIetcSvO5rdUtV-uJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/3b06a3-caf4-4d6c-bb7b-a3578c944040/1/pl24nou2YPIetcSvO5rdUtV-uJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pl24nou2YPIetcSvO5rdUtV-uJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b8:3f:4f:d2:b8:af:b6:79:b4:95:75:cc:ee:51:c9:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a65db89e8bb660f21eb5c4af3b9add52d57eb89f
        Validity
            Not Before: Sep  3 14:17:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7cfd03c31c33f80f57ad9b2dc72aba99795a39b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fe:2e:b6:62:2a:31:d0:cd:bc:d0:87:61:1d:
                    3f:1a:f3:80:44:6c:cd:78:91:aa:77:36:17:dd:02:
                    96:8c:67:2d:62:45:b8:03:cb:15:90:aa:c7:e1:b6:
                    b5:a5:12:cc:d4:63:1c:65:4d:99:ea:3d:2a:4c:b5:
                    25:22:23:44:87:75:51:68:4c:0f:1d:7f:38:d7:8c:
                    1f:96:9f:d1:f9:01:f3:a9:ff:eb:e2:33:1f:00:e4:
                    6a:21:ef:2d:c7:b8:6a:ca:8b:82:60:0e:45:8d:b9:
                    91:0f:a7:55:6c:5b:ba:eb:46:ec:de:b5:58:84:af:
                    6d:f8:ed:78:1a:e1:3e:0f:7d:22:12:59:1c:28:ce:
                    17:0a:b3:14:08:24:e2:fd:7a:bc:ec:f1:6b:f4:93:
                    d8:7b:e6:a8:4a:34:3a:59:fb:b3:e4:f1:82:62:70:
                    3d:44:51:97:33:29:6f:d1:a1:f6:d0:fe:4a:19:9a:
                    7c:a2:41:c0:0a:40:f7:f3:ee:fd:e2:64:98:72:a4:
                    31:62:5a:b3:54:f9:30:b4:64:3a:01:0d:03:5b:5a:
                    e7:fe:c9:d3:d3:7f:08:1c:3f:da:92:f9:66:2b:6b:
                    6f:35:cc:69:50:ba:a4:6b:c8:6f:24:3c:a8:c3:f1:
                    76:7f:33:43:bf:5b:94:f6:e1:33:c0:a8:f5:31:1e:
                    c3:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:CF:D0:3C:31:C3:3F:80:F5:7A:D9:B2:DC:72:AB:A9:97:95:A3:9B
            X509v3 Authority Key Identifier:
                keyid:A6:5D:B8:9E:8B:B6:60:F2:1E:B5:C4:AF:3B:9A:DD:52:D5:7E:B8:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pl24nou2YPIetcSvO5rdUtV-uJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/3b06a3-caf4-4d6c-bb7b-a3578c944040/1/18_QPDHDP4D1etmy3HKrqZeVo5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/3b06a3-caf4-4d6c-bb7b-a3578c944040/1/pl24nou2YPIetcSvO5rdUtV-uJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.168.0/23
                  194.1.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:bb:2b:6b:71:d6:5b:3b:bd:39:c0:d9:dd:c8:81:50:99:27:
         0e:bd:0e:c6:5b:5e:09:3e:a0:77:86:a7:69:16:b7:31:81:13:
         4c:7e:7a:38:2d:a2:6b:d4:72:08:b1:d0:68:8c:11:8c:be:e2:
         89:ff:0a:4e:1e:67:a7:a7:b3:23:1c:f4:59:d0:9d:a5:b2:aa:
         88:79:32:85:a6:8e:6d:cf:3f:e1:54:ca:5f:56:4e:f0:10:58:
         64:73:67:40:a7:ca:4b:e2:d4:3e:96:3d:ca:3f:d1:68:92:e2:
         b2:ca:0a:87:26:f6:49:14:59:b2:82:dc:87:bf:53:fa:fc:42:
         58:7d:0d:03:75:34:ac:a8:0d:f5:b7:55:a6:e4:84:de:eb:cd:
         03:11:19:eb:68:c7:21:57:66:f2:9f:8b:55:42:fe:60:2c:7d:
         91:0e:3c:7a:59:00:89:79:fb:51:0f:41:71:7f:40:97:15:a3:
         81:ce:7a:09:7c:eb:03:31:b7:7c:eb:8f:cc:44:75:25:8e:5f:
         51:93:58:e8:37:8b:85:8a:3b:4f:28:11:e2:60:3b:49:1d:b3:
         8d:a0:5a:be:d1:e4:f6:3d:54:55:99:f4:9f:bc:d4:1c:b7:f9:
         fd:e6:1f:6b:a3:4e:56:c9:6f:ec:0b:67:a5:b8:f8:61:7e:5e:
         b6:38:26:4f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZG4P0/SuK+2ebSVdczuUck1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NWRiODllOGJiNjYwZjIxZWI1YzRhZjNiOWFkZDUyZDU3
ZWI4OWYwHhcNMjQwOTAzMTQxNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2NmZDAzYzMxYzMzZjgwZjU3YWQ5YjJkYzcyYWJhOTk3OTVhMzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsf4utmIqMdDNvNCHYR0/GvOARGzN
eJGqdzYX3QKWjGctYkW4A8sVkKrH4ba1pRLM1GMcZU2Z6j0qTLUlIiNEh3VRaEwP
HX8414wflp/R+QHzqf/r4jMfAORqIe8tx7hqyouCYA5FjbmRD6dVbFu660bs3rVY
hK9t+O14GuE+D30iElkcKM4XCrMUCCTi/Xq87PFr9JPYe+aoSjQ6Wfuz5PGCYnA9
RFGXMylv0aH20P5KGZp8okHACkD38+794mSYcqQxYlqzVPkwtGQ6AQ0DW1rn/snT
038IHD/akvlmK2tvNcxpULqka8hvJDyow/F2fzNDv1uU9uEzwKj1MR7DOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNfP0Dwxwz+A9XrZstxyq6mXlaObMB8GA1UdIwQY
MBaAFKZduJ6LtmDyHrXErzua3VLVfrifMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGwyNG5vdTJZUElldGNTdk81cmRVdFYtdUo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS8zYjA2YTMtY2FmNC00ZDZjLWJiN2It
YTM1NzhjOTQ0MDQwLzEvMThfUVBESERQNEQxZXRteTNIS3JxWmVWbzVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS8zYjA2YTMtY2FmNC00ZDZjLWJiN2ItYTM1NzhjOTQ0MDQw
LzEvcGwyNG5vdTJZUElldGNTdk81cmRVdFYtdUo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+qoAwQA
wgGpMA0GCSqGSIb3DQEBCwUAA4IBAQC7uytrcdZbO705wNndyIFQmScOvQ7GW14J
PqB3hqdpFrcxgRNMfno4LaJr1HIIsdBojBGMvuKJ/wpOHmenp7MjHPRZ0J2lsqqI
eTKFpo5tzz/hVMpfVk7wEFhkc2dAp8pL4tQ+lj3KP9FokuKyygqHJvZJFFmygtyH
v1P6/EJYfQ0DdTSsqA31t1Wm5ITe680DERnraMchV2byn4tVQv5gLH2RDjx6WQCJ
eftRD0Fxf0CXFaOBznoJfOsDMbd864/MRHUljl9Rk1joN4uFijtPKBHiYDtJHbON
oFq+0eT2PVRVmfSfvNQct/n95h9ro05WyW/sC2eluPhhfl62OCZP
-----END CERTIFICATE-----