Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/QK65NkDdaZGAU6xtRxUTZ09A-Bw.roa
File:                     QK65NkDdaZGAU6xtRxUTZ09A-Bw.roa (raw, json)
Hash identifier:          zqIiAAvIPLH2KBaYIWClekCol424Vo7OtIUwXhdcGcM=
Subject key identifier:   40:AE:B9:36:40:DD:69:91:80:53:AC:6D:47:15:13:67:4F:40:F8:1C
Certificate issuer:       /CN=1220dd2b92da284c63cec46f6f6a41c013a9c881
Certificate serial:       018F04F6693B2D82C543F47F729577158197
Authority key identifier: 12:20:DD:2B:92:DA:28:4C:63:CE:C4:6F:6F:6A:41:C0:13:A9:C8:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EiDdK5LaKExjzsRvb2pBwBOpyIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/QK65NkDdaZGAU6xtRxUTZ09A-Bw.roa
Signing time:             Mon 22 Apr 2024 08:40:08 +0000
ROA not before:           Mon 22 Apr 2024 08:40:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     997
IP address blocks:        185.243.42.0/24 maxlen: 24
                          2a0d:280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/EiDdK5LaKExjzsRvb2pBwBOpyIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/EiDdK5LaKExjzsRvb2pBwBOpyIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EiDdK5LaKExjzsRvb2pBwBOpyIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:04:f6:69:3b:2d:82:c5:43:f4:7f:72:95:77:15:81:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1220dd2b92da284c63cec46f6f6a41c013a9c881
        Validity
            Not Before: Apr 22 08:40:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40aeb93640dd69918053ac6d471513674f40f81c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:15:a5:86:15:86:74:29:86:7e:c5:9a:41:e7:
                    87:53:29:90:0b:b3:c5:40:b2:d6:ed:ef:c3:fc:bc:
                    6b:ec:f1:3a:b8:63:1e:97:4e:85:3c:d7:2e:c2:28:
                    b5:13:14:82:ed:96:3b:6b:53:34:25:52:b4:37:2c:
                    93:79:0f:c6:d7:44:42:29:17:7a:da:05:60:16:05:
                    cb:b7:12:2e:4f:00:36:8b:45:b6:95:2b:2d:3a:01:
                    f0:6d:0a:cb:c1:c5:6d:4a:5f:74:00:4f:96:e1:27:
                    4d:ad:fd:ba:79:8a:7a:46:18:8c:8f:a2:3d:01:16:
                    33:bc:4d:7c:d2:46:de:1f:97:20:4f:c3:10:7b:b6:
                    8a:51:34:e2:1b:3b:f3:09:38:70:aa:38:45:b0:91:
                    0d:c7:ca:9b:87:6f:40:be:d7:a0:96:77:69:b4:dd:
                    53:e2:e4:4d:6a:4e:87:81:30:a9:52:19:b2:ea:10:
                    9b:86:af:36:a9:d5:f1:60:cd:8a:3b:dd:f1:94:d2:
                    e4:e9:47:6e:33:cf:56:0d:2c:c2:9f:9b:7a:c4:6f:
                    00:c5:cc:f0:f9:95:45:5b:02:78:7e:49:7e:98:d2:
                    db:4f:46:b0:ba:a8:28:75:c5:e9:fe:1a:ae:b2:d7:
                    d9:d7:eb:14:69:63:73:3a:1e:59:25:65:eb:11:8b:
                    2b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:AE:B9:36:40:DD:69:91:80:53:AC:6D:47:15:13:67:4F:40:F8:1C
            X509v3 Authority Key Identifier:
                keyid:12:20:DD:2B:92:DA:28:4C:63:CE:C4:6F:6F:6A:41:C0:13:A9:C8:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EiDdK5LaKExjzsRvb2pBwBOpyIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/QK65NkDdaZGAU6xtRxUTZ09A-Bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/EiDdK5LaKExjzsRvb2pBwBOpyIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.42.0/24
                IPv6:
                  2a0d:280::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:f8:0b:58:b0:d3:bb:be:dd:46:83:ba:c8:98:1b:c6:86:de:
         7b:e8:6c:fd:43:c0:d6:05:99:d3:4e:b2:05:de:2f:d1:87:ad:
         2c:d0:a7:f2:fc:ce:8e:a1:d6:3d:37:31:d3:0e:86:7a:3a:6f:
         74:92:cd:07:e5:73:b2:4f:ce:0c:0a:bb:3d:65:22:3b:eb:9a:
         08:c4:9e:9d:b2:8c:ff:f9:a7:60:1d:aa:56:67:ec:ca:70:a8:
         51:74:7e:9e:49:c1:c3:64:61:a4:9e:a4:2f:d3:6c:99:02:e0:
         d5:ca:ce:b9:86:71:2f:26:de:c3:b4:c2:26:c1:1f:f3:c0:49:
         87:70:b6:e0:d4:d7:c3:07:40:bf:3b:3b:bc:05:c5:8c:0b:94:
         a6:a6:3f:3b:da:72:c3:eb:58:52:ef:18:d3:eb:72:8a:e5:eb:
         e0:50:cc:a9:db:9b:a9:29:5f:85:e2:8c:9d:86:dc:04:88:15:
         ab:4f:5a:91:3c:79:6b:5d:84:7b:c9:9e:ba:c9:db:78:57:9c:
         26:97:8e:92:dc:5f:9f:4b:59:9a:ec:70:44:f1:dd:7a:fd:a1:
         e1:13:7b:f0:39:af:64:3c:00:af:3a:f2:94:71:76:a5:56:16:
         22:75:45:5b:84:11:e8:a1:10:66:59:5d:3f:3d:5a:5e:20:d1:
         4f:b5:55:3e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY8E9mk7LYLFQ/R/cpV3FYGXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMjBkZDJiOTJkYTI4NGM2M2NlYzQ2ZjZmNmE0MWMwMTNh
OWM4ODEwHhcNMjQwNDIyMDg0MDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGFlYjkzNjQwZGQ2OTkxODA1M2FjNmQ0NzE1MTM2NzRmNDBmODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxWlhhWGdCmGfsWaQeeHUymQC7PF
QLLW7e/D/Lxr7PE6uGMel06FPNcuwii1ExSC7ZY7a1M0JVK0NyyTeQ/G10RCKRd6
2gVgFgXLtxIuTwA2i0W2lSstOgHwbQrLwcVtSl90AE+W4SdNrf26eYp6RhiMj6I9
ARYzvE180kbeH5cgT8MQe7aKUTTiGzvzCThwqjhFsJENx8qbh29AvteglndptN1T
4uRNak6HgTCpUhmy6hCbhq82qdXxYM2KO93xlNLk6UduM89WDSzCn5t6xG8Axczw
+ZVFWwJ4fkl+mNLbT0awuqgodcXp/hqustfZ1+sUaWNzOh5ZJWXrEYsr+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFECuuTZA3WmRgFOsbUcVE2dPQPgcMB8GA1UdIwQY
MBaAFBIg3SuS2ihMY87Eb29qQcATqciBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlEZEs1TGFLRXhqenNSdmIycEJ3Qk9weUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8zYjhmM2ItZWJmMC00Y2I3LWE0OWIt
YTg1ODU4NDliZTE0LzEvUUs2NU5rRGRhWkdBVTZ4dFJ4VVRaMDlBLUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8zYjhmM2ItZWJmMC00Y2I3LWE0OWItYTg1ODU4NDliZTE0
LzEvRWlEZEs1TGFLRXhqenNSdmIycEJ3Qk9weUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAufMqMA0E
AgACMAcDBQMqDQKAMA0GCSqGSIb3DQEBCwUAA4IBAQCR+AtYsNO7vt1Gg7rImBvG
ht576Gz9Q8DWBZnTTrIF3i/Rh60s0Kfy/M6OodY9NzHTDoZ6Om90ks0H5XOyT84M
Crs9ZSI765oIxJ6dsoz/+adgHapWZ+zKcKhRdH6eScHDZGGknqQv02yZAuDVys65
hnEvJt7DtMImwR/zwEmHcLbg1NfDB0C/Ozu8BcWMC5Smpj872nLD61hS7xjT63KK
5evgUMyp25upKV+F4oydhtwEiBWrT1qRPHlrXYR7yZ66ydt4V5wml46S3F+fS1ma
7HBE8d16/aHhE3vwOa9kPACvOvKUcXalVhYidUVbhBHooRBmWV0/PVpeINFPtVU+
-----END CERTIFICATE-----