Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/q1DMvSF29QPIe7RsrlEjmmJw4mU.roa
File:                     q1DMvSF29QPIe7RsrlEjmmJw4mU.roa (raw, json)
Hash identifier:          CYr5D8e+S65h4qcN6inKCr3UXz/MLiUYpRNwNGAS7XI=
Subject key identifier:   AB:50:CC:BD:21:76:F5:03:C8:7B:B4:6C:AE:51:23:9A:62:70:E2:65
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018DEA6474FE8D5E59F9D16813672C825400
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/q1DMvSF29QPIe7RsrlEjmmJw4mU.roa
Signing time:             Tue 27 Feb 2024 11:47:48 +0000
ROA not before:           Tue 27 Feb 2024 11:47:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        85.208.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ea:64:74:fe:8d:5e:59:f9:d1:68:13:67:2c:82:54:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Feb 27 11:47:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab50ccbd2176f503c87bb46cae51239a6270e265
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:9b:09:3b:34:0a:1b:e4:6d:7b:83:0e:ea:5a:
                    35:35:41:fd:42:70:83:e4:4e:56:59:38:d6:59:4b:
                    d3:de:5e:ce:1f:79:52:99:fe:8d:ce:88:0b:a8:2c:
                    7c:e0:3c:55:b4:e6:20:60:7e:f4:9b:64:5d:a3:e2:
                    5c:9c:12:f1:57:cf:52:04:38:78:0e:b1:05:fd:3b:
                    35:00:63:ff:15:81:f0:a5:1d:27:36:7b:93:f0:1f:
                    0d:c0:09:49:9d:96:40:b6:12:f7:6b:06:74:a7:a6:
                    51:60:86:a0:1b:8b:79:2a:64:71:b1:a5:20:8e:9e:
                    69:79:d5:f3:1c:5f:be:44:54:74:de:cd:8a:03:48:
                    a8:29:4d:b7:e9:6d:1f:f1:5f:0b:b2:54:82:76:0d:
                    c6:2c:ab:4c:ee:60:fb:71:3a:1a:26:61:a5:21:39:
                    8e:9b:c2:e8:53:09:07:9e:f1:11:90:d1:f2:26:ed:
                    f2:e5:39:29:88:a4:eb:95:2c:09:04:92:f6:34:d9:
                    f9:ec:bb:ac:7f:75:ba:10:e4:dd:bd:56:3d:d5:6c:
                    3c:96:e7:f6:af:c7:9f:86:a1:43:9a:4b:84:36:b1:
                    64:2f:16:79:bf:70:84:39:20:35:fd:02:5e:ce:58:
                    a2:f8:26:e7:86:a6:d4:e0:db:6a:62:31:40:ad:b6:
                    ef:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:50:CC:BD:21:76:F5:03:C8:7B:B4:6C:AE:51:23:9A:62:70:E2:65
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/q1DMvSF29QPIe7RsrlEjmmJw4mU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:e3:ba:8c:09:f6:7c:fb:21:62:0d:2d:e2:0e:d4:1d:08:b6:
         f3:e4:31:26:d6:c3:8f:99:f1:66:1e:10:cf:35:30:97:97:a1:
         86:e6:92:8b:b8:9a:4c:2b:8a:58:d2:3e:0c:91:d7:b7:06:ab:
         f9:02:f8:22:63:61:4d:9c:f3:8a:84:f4:9e:8e:50:3b:66:00:
         4a:12:c0:14:41:f4:36:f4:67:b5:29:3c:b8:50:b3:7b:87:dc:
         70:a7:b0:55:ae:7a:75:96:30:cd:7a:f7:c0:da:9d:82:1b:6e:
         01:74:64:ea:e8:e7:2f:0c:b9:00:a3:8b:8d:24:5d:df:cf:07:
         8c:dd:25:73:8e:c6:cf:4a:46:8f:d3:33:41:56:62:15:8e:06:
         17:5d:d7:32:3f:40:5f:05:28:20:e3:ea:6d:68:f1:1e:a0:3e:
         08:8d:a6:1f:c0:86:0f:22:19:51:e8:40:6d:45:09:c0:22:bb:
         6c:7a:0e:1c:77:90:6d:30:24:5c:d7:1a:84:98:24:4d:fc:10:
         93:5d:54:42:c1:c4:50:28:49:cf:36:82:e3:4a:a7:32:a9:9f:
         21:69:d8:48:7d:d9:8c:40:c1:76:10:9b:18:99:31:d3:86:d6:
         50:be:c4:6c:ea:86:d9:5d:c9:40:b8:b9:b8:d2:10:ac:cf:ca:
         09:b8:aa:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3qZHT+jV5Z+dFoE2csglQAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMjI3MTE0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjUwY2NiZDIxNzZmNTAzYzg3YmI0NmNhZTUxMjM5YTYyNzBlMjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZsJOzQKG+Rte4MO6lo1NUH9QnCD
5E5WWTjWWUvT3l7OH3lSmf6NzogLqCx84DxVtOYgYH70m2Rdo+JcnBLxV89SBDh4
DrEF/Ts1AGP/FYHwpR0nNnuT8B8NwAlJnZZAthL3awZ0p6ZRYIagG4t5KmRxsaUg
jp5pedXzHF++RFR03s2KA0ioKU236W0f8V8LslSCdg3GLKtM7mD7cToaJmGlITmO
m8LoUwkHnvERkNHyJu3y5TkpiKTrlSwJBJL2NNn57Lusf3W6EOTdvVY91Ww8luf2
r8efhqFDmkuENrFkLxZ5v3CEOSA1/QJezlii+CbnhqbU4NtqYjFArbbv+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtQzL0hdvUDyHu0bK5RI5picOJlMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvcTFETXZTRjI5UVBJZTdSc3JsRWptbUp3NG1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdBwMA0G
CSqGSIb3DQEBCwUAA4IBAQA347qMCfZ8+yFiDS3iDtQdCLbz5DEm1sOPmfFmHhDP
NTCXl6GG5pKLuJpMK4pY0j4Mkde3Bqv5AvgiY2FNnPOKhPSejlA7ZgBKEsAUQfQ2
9Ge1KTy4ULN7h9xwp7BVrnp1ljDNevfA2p2CG24BdGTq6OcvDLkAo4uNJF3fzweM
3SVzjsbPSkaP0zNBVmIVjgYXXdcyP0BfBSgg4+ptaPEeoD4IjaYfwIYPIhlR6EBt
RQnAIrtseg4cd5BtMCRc1xqEmCRN/BCTXVRCwcRQKEnPNoLjSqcyqZ8hadhIfdmM
QMF2EJsYmTHThtZQvsRs6obZXclAuLm40hCsz8oJuKrf
-----END CERTIFICATE-----