Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/18d132-9951-4055-b5a6-dc0e1a725221/1/QZWdKB1JjcnCx7y02Y7LvGY3OBs.roa
File:                     QZWdKB1JjcnCx7y02Y7LvGY3OBs.roa (raw, json)
Hash identifier:          O2RdiMstAC/A0qFEmVRDniS6ZkwI8yTG8ZBTqrYQCME=
Subject key identifier:   41:95:9D:28:1D:49:8D:C9:C2:C7:BC:B4:D9:8E:CB:BC:66:37:38:1B
Certificate issuer:       /CN=d03046d16cfc391b028b88743773ce005cf97b1d
Certificate serial:       018CC64AF0E7503785D31CF9BD0A501EDF77
Authority key identifier: D0:30:46:D1:6C:FC:39:1B:02:8B:88:74:37:73:CE:00:5C:F9:7B:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0DBG0Wz8ORsCi4h0N3POAFz5ex0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/18d132-9951-4055-b5a6-dc0e1a725221/1/QZWdKB1JjcnCx7y02Y7LvGY3OBs.roa
Signing time:             Mon 01 Jan 2024 18:30:49 +0000
ROA not before:           Mon 01 Jan 2024 18:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58003
IP address blocks:        185.163.152.0/24 maxlen: 24
                          185.163.153.0/24 maxlen: 24
                          185.163.154.0/24 maxlen: 24
                          185.163.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/18d132-9951-4055-b5a6-dc0e1a725221/1/0DBG0Wz8ORsCi4h0N3POAFz5ex0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/18d132-9951-4055-b5a6-dc0e1a725221/1/0DBG0Wz8ORsCi4h0N3POAFz5ex0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0DBG0Wz8ORsCi4h0N3POAFz5ex0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f0:e7:50:37:85:d3:1c:f9:bd:0a:50:1e:df:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d03046d16cfc391b028b88743773ce005cf97b1d
        Validity
            Not Before: Jan  1 18:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41959d281d498dc9c2c7bcb4d98ecbbc6637381b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:3b:48:bc:3a:8e:37:b9:82:f6:3d:8b:9f:d9:
                    00:a2:70:74:72:30:ef:9e:ac:0e:5b:e5:53:3f:22:
                    f6:79:77:72:00:b7:4a:2a:d5:bc:a1:2a:58:b8:64:
                    fa:cc:f2:34:62:83:54:f8:12:06:12:a1:85:8c:0a:
                    24:e8:40:f8:3f:ce:b8:51:d1:cb:3d:da:db:f7:ea:
                    8a:17:35:8a:b1:b4:b9:fd:9b:a0:fa:a7:5c:69:cf:
                    b3:01:33:6d:9f:74:c8:8b:99:f8:bb:77:32:db:b9:
                    48:98:87:92:31:f7:61:84:11:57:86:4f:c3:1e:fa:
                    20:bb:3d:68:e6:5b:a9:40:76:c0:e7:64:13:82:7a:
                    67:f9:fd:46:5d:09:a0:f8:0e:8c:d0:36:02:37:48:
                    c8:af:34:09:0f:f4:d4:d1:b2:62:da:21:62:3d:d9:
                    4a:2f:dc:7e:12:c8:72:53:ee:84:54:da:90:f4:ef:
                    10:1b:46:f0:ec:17:c6:11:06:9e:33:cd:1d:0c:27:
                    5b:58:44:fa:26:3e:dc:8b:38:24:a5:cb:60:43:a7:
                    43:91:ef:3c:7d:5a:24:54:b8:9e:23:92:91:17:2c:
                    92:6f:e7:70:11:06:f4:0b:9e:65:2a:0e:11:98:67:
                    92:39:30:6e:4a:ca:f8:fc:18:06:21:e1:ae:36:87:
                    7b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:95:9D:28:1D:49:8D:C9:C2:C7:BC:B4:D9:8E:CB:BC:66:37:38:1B
            X509v3 Authority Key Identifier:
                keyid:D0:30:46:D1:6C:FC:39:1B:02:8B:88:74:37:73:CE:00:5C:F9:7B:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0DBG0Wz8ORsCi4h0N3POAFz5ex0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/18d132-9951-4055-b5a6-dc0e1a725221/1/QZWdKB1JjcnCx7y02Y7LvGY3OBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/18d132-9951-4055-b5a6-dc0e1a725221/1/0DBG0Wz8ORsCi4h0N3POAFz5ex0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:44:9e:fc:de:9f:9b:5f:99:f8:fb:04:ed:bd:28:89:2c:e9:
         92:0b:42:54:2f:90:81:31:8e:72:ef:b7:55:5f:95:c5:bd:0f:
         04:26:64:b1:0a:2c:c3:98:fc:7a:2a:ce:f4:54:a0:94:dc:05:
         b6:35:c4:97:ef:d8:36:62:94:48:bb:0f:c6:f1:e9:23:e9:0a:
         0c:f1:fb:3b:b9:21:55:b8:6e:4e:18:da:95:f2:a1:c9:14:da:
         96:78:84:d4:08:47:9c:5c:3e:40:04:0c:95:50:c0:ea:a8:42:
         59:f3:7b:be:f9:5c:f2:3c:f1:45:0b:ec:24:41:e9:0c:b7:93:
         92:aa:e7:50:db:cc:8d:a2:4c:aa:15:ac:f6:49:bc:c2:52:0d:
         af:c6:b1:3d:99:08:28:38:80:90:50:82:81:dc:24:21:15:fb:
         aa:a0:e5:4a:4c:ce:06:d3:37:40:c5:99:52:02:e0:6d:7e:a4:
         c9:ed:04:73:09:30:4d:74:6d:16:a5:c8:bc:1a:a1:34:84:f4:
         90:bf:ff:bd:40:ee:a8:ad:1c:27:66:65:d5:85:d4:53:b3:c6:
         74:ba:09:02:c1:60:3d:c3:29:fb:39:4c:d3:fb:11:f2:fb:75:
         fd:7c:63:1a:bc:b6:da:08:6c:a2:44:5a:37:d2:db:69:c7:27:
         30:1f:64:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvDnUDeF0xz5vQpQHt93MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMzA0NmQxNmNmYzM5MWIwMjhiODg3NDM3NzNjZTAwNWNm
OTdiMWQwHhcNMjQwMTAxMTgzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTk1OWQyODFkNDk4ZGM5YzJjN2JjYjRkOThlY2JiYzY2MzczODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDtIvDqON7mC9j2Ln9kAonB0cjDv
nqwOW+VTPyL2eXdyALdKKtW8oSpYuGT6zPI0YoNU+BIGEqGFjAok6ED4P864UdHL
Pdrb9+qKFzWKsbS5/Zug+qdcac+zATNtn3TIi5n4u3cy27lImIeSMfdhhBFXhk/D
Hvoguz1o5lupQHbA52QTgnpn+f1GXQmg+A6M0DYCN0jIrzQJD/TU0bJi2iFiPdlK
L9x+EshyU+6EVNqQ9O8QG0bw7BfGEQaeM80dDCdbWET6Jj7cizgkpctgQ6dDke88
fVokVLieI5KRFyySb+dwEQb0C55lKg4RmGeSOTBuSsr4/BgGIeGuNod7jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGVnSgdSY3Jwse8tNmOy7xmNzgbMB8GA1UdIwQY
MBaAFNAwRtFs/DkbAouIdDdzzgBc+XsdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMERCRzBXejhPUnNDaTRoME4zUE9BRno1ZXgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xOGQxMzItOTk1MS00MDU1LWI1YTYt
ZGMwZTFhNzI1MjIxLzEvUVpXZEtCMUpqY25DeDd5MDJZN0x2R1kzT0JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xOGQxMzItOTk1MS00MDU1LWI1YTYtZGMwZTFhNzI1MjIx
LzEvMERCRzBXejhPUnNDaTRoME4zUE9BRno1ZXgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaOYMA0G
CSqGSIb3DQEBCwUAA4IBAQCsRJ783p+bX5n4+wTtvSiJLOmSC0JUL5CBMY5y77dV
X5XFvQ8EJmSxCizDmPx6Ks70VKCU3AW2NcSX79g2YpRIuw/G8ekj6QoM8fs7uSFV
uG5OGNqV8qHJFNqWeITUCEecXD5ABAyVUMDqqEJZ83u++VzyPPFFC+wkQekMt5OS
qudQ28yNokyqFaz2SbzCUg2vxrE9mQgoOICQUIKB3CQhFfuqoOVKTM4G0zdAxZlS
AuBtfqTJ7QRzCTBNdG0Wpci8GqE0hPSQv/+9QO6orRwnZmXVhdRTs8Z0ugkCwWA9
wyn7OUzT+xHy+3X9fGMavLbaCGyiRFo30ttpxycwH2S6
-----END CERTIFICATE-----