Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/QaxgRDKJyaLvdxoiPQbXUZgnhPA.roa
File:                     QaxgRDKJyaLvdxoiPQbXUZgnhPA.roa (raw, json)
Hash identifier:          tD30H72KtGL1zd6azHYq9qyFKlk6bzH2upiX+GmhImk=
Subject key identifier:   41:AC:60:44:32:89:C9:A2:EF:77:1A:22:3D:06:D7:51:98:27:84:F0
Certificate issuer:       /CN=2bbc002a2b359b1aa8879e1c4d70455b3192efac
Certificate serial:       018CC5DC23D58D50D99E689C84434D685C6E
Authority key identifier: 2B:BC:00:2A:2B:35:9B:1A:A8:87:9E:1C:4D:70:45:5B:31:92:EF:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K7wAKis1mxqoh54cTXBFWzGS76w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/QaxgRDKJyaLvdxoiPQbXUZgnhPA.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3301
IP address blocks:        83.150.176.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/K7wAKis1mxqoh54cTXBFWzGS76w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/K7wAKis1mxqoh54cTXBFWzGS76w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K7wAKis1mxqoh54cTXBFWzGS76w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:23:d5:8d:50:d9:9e:68:9c:84:43:4d:68:5c:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bbc002a2b359b1aa8879e1c4d70455b3192efac
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41ac60443289c9a2ef771a223d06d751982784f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:1e:35:a2:6c:dc:5c:ce:5a:de:19:59:8c:7d:
                    0d:33:57:ed:c2:39:55:c6:85:74:a3:a0:fe:72:ce:
                    34:1a:5b:bb:4d:68:39:39:7b:93:0d:b1:08:c5:a8:
                    18:dc:3d:70:82:04:ad:48:d3:0d:c1:ce:fa:83:56:
                    c9:14:2c:a0:2e:10:85:4a:61:7a:7c:80:3a:26:50:
                    fb:1b:98:51:cc:1b:f6:bc:6b:7b:0e:83:28:3f:6b:
                    aa:87:81:82:d6:1f:fa:c8:40:f8:ed:4e:b6:29:29:
                    00:ee:b2:14:22:77:62:5d:9c:93:fe:8a:d3:61:90:
                    9f:da:95:2c:a0:02:bd:12:5f:73:93:3d:e6:1d:c4:
                    84:b1:c7:a1:3b:ed:55:09:e7:ca:3c:3a:29:d0:3c:
                    f3:c1:f6:25:df:e0:c5:2b:e9:26:d0:85:ef:7b:1f:
                    d0:18:b2:83:1e:d8:ad:be:c1:e4:74:42:bc:e6:de:
                    82:29:35:43:24:d0:a9:06:3f:94:cc:07:b9:7a:4d:
                    eb:c6:a5:4f:cf:97:9b:63:5c:29:41:84:2f:bc:c4:
                    37:8f:6a:cf:1a:45:b8:25:67:2d:f8:d6:92:44:56:
                    1f:6a:98:01:5f:f9:7e:a7:37:b5:e0:0e:73:c0:ce:
                    f8:8b:24:22:11:f8:30:9b:f8:9f:75:86:9e:d2:f2:
                    9b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:AC:60:44:32:89:C9:A2:EF:77:1A:22:3D:06:D7:51:98:27:84:F0
            X509v3 Authority Key Identifier:
                keyid:2B:BC:00:2A:2B:35:9B:1A:A8:87:9E:1C:4D:70:45:5B:31:92:EF:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K7wAKis1mxqoh54cTXBFWzGS76w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/QaxgRDKJyaLvdxoiPQbXUZgnhPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/K7wAKis1mxqoh54cTXBFWzGS76w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.150.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         76:ff:46:d3:f9:a1:0d:e4:4e:4b:5f:cb:5a:13:14:05:b0:55:
         54:cb:75:b8:b3:ef:d7:b0:74:ec:7b:5f:de:ca:42:7a:78:81:
         25:c5:df:f3:ee:da:26:b7:ff:f8:5d:9e:c6:6b:6e:de:61:b6:
         69:af:b7:28:94:24:b8:9c:aa:04:ee:db:26:12:29:60:70:51:
         a9:1d:81:89:fc:5e:43:b8:71:da:70:14:8d:7e:0b:1d:df:99:
         ff:9f:12:f3:4b:f0:39:4e:82:da:16:90:43:a1:96:46:a7:ef:
         ce:30:b0:16:f5:4b:34:9a:ea:32:52:5a:5e:66:f9:87:4e:ff:
         06:19:f3:1c:8f:02:de:99:0e:a0:07:1b:62:02:8b:e0:6b:c5:
         61:b6:10:12:b6:45:a6:f2:14:fd:13:77:52:68:84:bd:12:82:
         8b:a4:cc:8c:2e:0c:e9:28:f6:87:de:ea:6f:dd:23:a2:7c:10:
         15:99:1b:07:d4:4e:d3:f8:7a:b2:51:06:6b:71:fe:b6:c3:d2:
         00:57:7f:c9:a2:00:d1:b4:eb:bf:87:2b:dd:28:54:6c:38:31:
         f8:b8:47:4a:b8:85:89:bd:9d:63:12:7f:4e:4a:aa:d9:81:28:
         66:2a:9b:ce:69:ef:b8:d3:f2:1e:dd:54:5f:25:92:6c:7c:72:
         da:1c:28:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CPVjVDZnmichENNaFxuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYmMwMDJhMmIzNTliMWFhODg3OWUxYzRkNzA0NTViMzE5
MmVmYWMwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWFjNjA0NDMyODljOWEyZWY3NzFhMjIzZDA2ZDc1MTk4Mjc4NGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjx41omzcXM5a3hlZjH0NM1ftwjlV
xoV0o6D+cs40Glu7TWg5OXuTDbEIxagY3D1wggStSNMNwc76g1bJFCygLhCFSmF6
fIA6JlD7G5hRzBv2vGt7DoMoP2uqh4GC1h/6yED47U62KSkA7rIUIndiXZyT/orT
YZCf2pUsoAK9El9zkz3mHcSEscehO+1VCefKPDop0DzzwfYl3+DFK+km0IXvex/Q
GLKDHtitvsHkdEK85t6CKTVDJNCpBj+UzAe5ek3rxqVPz5ebY1wpQYQvvMQ3j2rP
GkW4JWct+NaSRFYfapgBX/l+pze14A5zwM74iyQiEfgwm/ifdYae0vKbVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGsYEQyicmi73caIj0G11GYJ4TwMB8GA1UdIwQY
MBaAFCu8ACorNZsaqIeeHE1wRVsxku+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzd3QUtpczFteHFvaDU0Y1RYQkZXekdTNzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83YzM3MjYtMmRiZS00MTc0LWIxNjQt
YTg5ODg5Y2U1Zjg0LzEvUWF4Z1JES0p5YUx2ZHhvaVBRYlhVWmduaFBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83YzM3MjYtMmRiZS00MTc0LWIxNjQtYTg5ODg5Y2U1Zjg0
LzEvSzd3QUtpczFteHFvaDU0Y1RYQkZXekdTNzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDU5awMA0G
CSqGSIb3DQEBCwUAA4IBAQB2/0bT+aEN5E5LX8taExQFsFVUy3W4s+/XsHTse1/e
ykJ6eIElxd/z7tomt//4XZ7Ga27eYbZpr7colCS4nKoE7tsmEilgcFGpHYGJ/F5D
uHHacBSNfgsd35n/nxLzS/A5ToLaFpBDoZZGp+/OMLAW9Us0muoyUlpeZvmHTv8G
GfMcjwLemQ6gBxtiAovga8VhthAStkWm8hT9E3dSaIS9EoKLpMyMLgzpKPaH3upv
3SOifBAVmRsH1E7T+HqyUQZrcf62w9IAV3/JogDRtOu/hyvdKFRsODH4uEdKuIWJ
vZ1jEn9OSqrZgShmKpvOae+40/Ie3VRfJZJsfHLaHChg
-----END CERTIFICATE-----