Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/b40d25-f444-4f60-b162-d1502f7cf234/1/Qu6S8pXP6ePTY24gK5wpwtT0y70.roa
File:                     Qu6S8pXP6ePTY24gK5wpwtT0y70.roa (raw, json)
Hash identifier:          RdnDGIeDq9XsUOB1UTn5/YoFkQukvoto3LKfruBfN+o=
Subject key identifier:   42:EE:92:F2:95:CF:E9:E3:D3:63:6E:20:2B:9C:29:C2:D4:F4:CB:BD
Certificate issuer:       /CN=e680a5610112df203987f32f0e5e15ad35e710d2
Certificate serial:       018D0516C18FE737F912B1918426821A5717
Authority key identifier: E6:80:A5:61:01:12:DF:20:39:87:F3:2F:0E:5E:15:AD:35:E7:10:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5oClYQES3yA5h_MvDl4VrTXnENI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/b40d25-f444-4f60-b162-d1502f7cf234/1/Qu6S8pXP6ePTY24gK5wpwtT0y70.roa
Signing time:             Sat 13 Jan 2024 23:09:53 +0000
ROA not before:           Sat 13 Jan 2024 23:09:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15626
IP address blocks:        213.134.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/b40d25-f444-4f60-b162-d1502f7cf234/1/5oClYQES3yA5h_MvDl4VrTXnENI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/b40d25-f444-4f60-b162-d1502f7cf234/1/5oClYQES3yA5h_MvDl4VrTXnENI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5oClYQES3yA5h_MvDl4VrTXnENI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:05:16:c1:8f:e7:37:f9:12:b1:91:84:26:82:1a:57:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e680a5610112df203987f32f0e5e15ad35e710d2
        Validity
            Not Before: Jan 13 23:09:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42ee92f295cfe9e3d3636e202b9c29c2d4f4cbbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f2:d3:3a:ae:5e:e7:01:b4:55:8e:78:bd:ce:
                    e6:8b:b5:a8:a9:d6:24:b2:79:be:6f:92:6d:2a:09:
                    2e:29:29:ff:bc:0f:a3:25:4e:6c:66:9f:41:f1:5c:
                    65:da:96:d8:2f:0f:d4:f3:38:26:32:00:c0:8e:c5:
                    bf:4e:47:9d:74:fd:82:46:b7:48:7e:4a:6b:86:a0:
                    f3:35:28:61:56:79:7c:0d:74:fe:96:a7:42:bf:81:
                    65:86:c5:f5:be:2c:c4:b9:39:1e:57:a8:36:bc:b1:
                    0b:be:b9:1d:0c:e4:da:74:08:77:6f:ee:96:51:3f:
                    33:9d:8d:84:70:5f:0b:06:b4:13:29:59:57:69:9b:
                    f5:12:96:ae:a3:50:16:f2:da:c8:7a:2a:cd:7b:77:
                    17:fc:8a:f4:3b:f5:ea:b4:07:1d:2a:7f:ce:c8:29:
                    f3:d1:83:1d:35:bb:70:16:37:c1:d3:47:eb:1a:b8:
                    b2:82:24:6f:c6:57:6e:27:19:64:1a:f3:78:e1:bf:
                    7f:91:40:68:6a:4c:57:08:80:db:a4:e3:4d:7f:ab:
                    43:ef:bb:05:64:88:e2:3a:88:e1:05:eb:05:19:5a:
                    71:b5:df:95:af:84:e6:93:8d:10:9b:97:b8:43:8f:
                    53:f2:91:f0:30:3f:a4:a8:a5:2b:2e:af:6e:a7:a6:
                    b1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:EE:92:F2:95:CF:E9:E3:D3:63:6E:20:2B:9C:29:C2:D4:F4:CB:BD
            X509v3 Authority Key Identifier:
                keyid:E6:80:A5:61:01:12:DF:20:39:87:F3:2F:0E:5E:15:AD:35:E7:10:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5oClYQES3yA5h_MvDl4VrTXnENI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/b40d25-f444-4f60-b162-d1502f7cf234/1/Qu6S8pXP6ePTY24gK5wpwtT0y70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/b40d25-f444-4f60-b162-d1502f7cf234/1/5oClYQES3yA5h_MvDl4VrTXnENI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.134.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:02:5f:91:82:b3:92:81:a4:3e:f4:9b:37:8b:17:66:11:d0:
         a6:8d:21:93:4b:03:35:04:68:a7:59:35:a3:bc:0b:71:16:a0:
         eb:fb:28:df:e6:d1:49:37:58:63:e6:33:58:ac:98:a5:70:47:
         3d:0f:87:1f:59:11:9c:16:a5:3a:02:18:4e:ae:74:6e:5a:b3:
         94:f6:aa:1d:66:69:02:6e:7a:54:b4:e4:08:05:d0:b9:68:2f:
         96:01:e8:67:f6:04:ce:1e:23:88:cf:3f:18:53:df:3b:1e:be:
         0f:b8:90:58:57:ec:c4:85:95:4a:01:e6:8a:41:0a:10:40:29:
         4b:47:6f:ec:7c:84:d6:6b:8b:cf:64:d0:de:ab:c7:25:e3:e2:
         a3:fc:e0:38:29:df:b4:4a:6c:95:41:0f:7f:54:20:9f:9a:8e:
         07:86:09:0a:47:c3:37:68:95:29:f7:57:df:d6:68:68:02:8d:
         7c:ab:55:f2:09:af:a2:b9:23:83:e9:6b:59:d6:88:14:6a:2f:
         d9:b3:ca:12:6d:c4:d0:aa:ea:84:26:c2:e7:01:52:2f:49:05:
         8a:03:7b:0a:e8:f0:a0:56:33:5a:ca:f9:90:89:1f:43:81:8e:
         f8:f6:66:91:64:2d:07:a3:f3:36:17:35:b5:69:50:f7:a4:d0:
         d4:84:d1:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0FFsGP5zf5ErGRhCaCGlcXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ODBhNTYxMDExMmRmMjAzOTg3ZjMyZjBlNWUxNWFkMzVl
NzEwZDIwHhcNMjQwMTEzMjMwOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmVlOTJmMjk1Y2ZlOWUzZDM2MzZlMjAyYjljMjljMmQ0ZjRjYmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/LTOq5e5wG0VY54vc7mi7WoqdYk
snm+b5JtKgkuKSn/vA+jJU5sZp9B8Vxl2pbYLw/U8zgmMgDAjsW/TkeddP2CRrdI
fkprhqDzNShhVnl8DXT+lqdCv4FlhsX1vizEuTkeV6g2vLELvrkdDOTadAh3b+6W
UT8znY2EcF8LBrQTKVlXaZv1Epauo1AW8trIeirNe3cX/Ir0O/XqtAcdKn/OyCnz
0YMdNbtwFjfB00frGriygiRvxlduJxlkGvN44b9/kUBoakxXCIDbpONNf6tD77sF
ZIjiOojhBesFGVpxtd+Vr4Tmk40Qm5e4Q49T8pHwMD+kqKUrLq9up6axxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFELukvKVz+nj02NuICucKcLU9Mu9MB8GA1UdIwQY
MBaAFOaApWEBEt8gOYfzLw5eFa015xDSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNW9DbFlRRVMzeUE1aF9NdkRsNFZyVFhuRU5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9iNDBkMjUtZjQ0NC00ZjYwLWIxNjIt
ZDE1MDJmN2NmMjM0LzEvUXU2UzhwWFA2ZVBUWTI0Z0s1d3B3dFQweTcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9iNDBkMjUtZjQ0NC00ZjYwLWIxNjItZDE1MDJmN2NmMjM0
LzEvNW9DbFlRRVMzeUE1aF9NdkRsNFZyVFhuRU5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YYCMA0G
CSqGSIb3DQEBCwUAA4IBAQAWAl+RgrOSgaQ+9Js3ixdmEdCmjSGTSwM1BGinWTWj
vAtxFqDr+yjf5tFJN1hj5jNYrJilcEc9D4cfWRGcFqU6AhhOrnRuWrOU9qodZmkC
bnpUtOQIBdC5aC+WAehn9gTOHiOIzz8YU987Hr4PuJBYV+zEhZVKAeaKQQoQQClL
R2/sfITWa4vPZNDeq8cl4+Kj/OA4Kd+0SmyVQQ9/VCCfmo4HhgkKR8M3aJUp91ff
1mhoAo18q1XyCa+iuSOD6WtZ1ogUai/Zs8oSbcTQquqEJsLnAVIvSQWKA3sK6PCg
VjNayvmQiR9DgY749maRZC0Ho/M2FzW1aVD3pNDUhNG3
-----END CERTIFICATE-----