Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/qapmNctVsTX2rwDPGXyTm2Cw20A.roa
File:                     qapmNctVsTX2rwDPGXyTm2Cw20A.roa (raw, json)
Hash identifier:          tujT0ZNdIFZeOkreCCNXZVY838OGosbA5X7lQtsLmfI=
Subject key identifier:   A9:AA:66:35:CB:55:B1:35:F6:AF:00:CF:19:7C:93:9B:60:B0:DB:40
Certificate issuer:       /CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
Certificate serial:       018CCA2B65FFEC585A086A379B2AC7E27E3A
Authority key identifier: F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/qapmNctVsTX2rwDPGXyTm2Cw20A.roa
Signing time:             Tue 02 Jan 2024 12:34:50 +0000
ROA not before:           Tue 02 Jan 2024 12:34:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52223
IP address blocks:        91.245.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:65:ff:ec:58:5a:08:6a:37:9b:2a:c7:e2:7e:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
        Validity
            Not Before: Jan  2 12:34:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9aa6635cb55b135f6af00cf197c939b60b0db40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:77:86:1e:cc:ad:a6:ac:d5:60:97:ae:77:eb:
                    da:bd:5c:8c:75:e7:a3:a1:5b:88:0e:86:55:70:01:
                    49:46:fe:2d:1c:d0:b9:2a:b6:c4:bd:e2:69:32:76:
                    c5:40:fc:1e:6a:7b:b8:1e:2b:59:60:a5:cd:a7:7b:
                    c8:22:9f:a8:dd:34:cb:83:07:7f:96:63:6f:c8:36:
                    ab:2e:c2:cc:82:15:cf:8c:5b:4e:cf:a4:0b:df:d4:
                    ff:d2:bd:22:88:f3:d5:4f:cf:b3:36:9f:fb:91:68:
                    07:d0:38:67:97:12:39:45:1d:55:ed:11:b7:53:fc:
                    4b:eb:f4:61:39:30:f3:19:76:65:b3:85:fc:f9:98:
                    b8:f3:bb:2e:a7:22:0e:4a:01:5e:26:e4:94:2f:61:
                    c6:62:29:7a:53:5a:c0:08:92:92:af:31:09:4e:a4:
                    9f:69:f9:91:d3:16:38:b6:84:81:51:f3:f7:fd:43:
                    2e:2e:40:dd:04:a5:87:22:09:e7:66:41:a6:f4:58:
                    ad:a2:21:0e:23:95:1b:2a:c4:bb:2f:3a:ac:16:b6:
                    54:78:83:35:cd:82:3f:63:db:bb:14:35:bd:b8:37:
                    e7:8c:c8:00:f8:ca:22:e0:49:3f:dd:78:ce:1c:07:
                    00:d7:4d:43:4f:e6:3a:4e:b8:2a:93:92:ae:cc:15:
                    75:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:AA:66:35:CB:55:B1:35:F6:AF:00:CF:19:7C:93:9B:60:B0:DB:40
            X509v3 Authority Key Identifier:
                keyid:F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/qapmNctVsTX2rwDPGXyTm2Cw20A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.245.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:20:0a:93:7f:29:87:8b:cc:51:d7:e5:b9:0d:86:c5:33:94:
         1b:ac:d9:69:4a:47:c5:6b:27:b0:d9:a8:05:8d:6e:55:e3:56:
         7e:27:e6:ff:8d:a2:27:0b:6a:76:45:bd:96:f2:1d:1e:df:25:
         be:93:26:06:22:62:e3:fd:36:84:bc:32:51:5e:cb:33:d2:94:
         7b:a0:de:6c:4c:30:a8:9c:3d:b3:7b:86:6a:a0:b3:85:56:63:
         35:be:e2:b3:17:26:06:14:9f:a1:02:5a:ee:4f:3d:53:b3:25:
         95:2f:15:36:92:7e:ff:ba:64:91:8d:73:9b:8a:48:88:23:e1:
         cd:93:11:27:ef:51:9b:69:80:b8:12:75:b3:2a:fc:e4:50:53:
         6f:3f:c6:08:8d:33:bf:3b:2d:f6:8e:92:e9:3f:9d:94:ab:25:
         b6:49:bc:a2:44:5e:ea:d0:f7:a8:c8:c0:3e:76:76:b9:a8:40:
         49:e3:61:f6:9b:a4:d2:c3:32:ee:c3:04:68:73:b1:26:bf:6e:
         e3:a4:e3:4a:c7:1b:63:42:ae:f4:56:0f:f0:45:09:a4:88:3e:
         83:f8:67:fa:f7:52:fc:3b:78:7b:d2:89:c4:9d:1e:fb:42:2a:
         f1:35:64:c6:44:1c:56:0e:0f:ce:fd:87:dd:3f:4d:6d:b3:31:
         0f:71:63:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2X/7FhaCGo3myrH4n46MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNTIxMTI4Y2Y2MzRhYTZhZmE3ZWY1MmQ1MzFmM2ZjZDU1
NjI4ZjkwHhcNMjQwMTAyMTIzNDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWFhNjYzNWNiNTViMTM1ZjZhZjAwY2YxOTdjOTM5YjYwYjBkYjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHeGHsytpqzVYJeud+vavVyMdeej
oVuIDoZVcAFJRv4tHNC5KrbEveJpMnbFQPweanu4HitZYKXNp3vIIp+o3TTLgwd/
lmNvyDarLsLMghXPjFtOz6QL39T/0r0iiPPVT8+zNp/7kWgH0DhnlxI5RR1V7RG3
U/xL6/RhOTDzGXZls4X8+Zi487supyIOSgFeJuSUL2HGYil6U1rACJKSrzEJTqSf
afmR0xY4toSBUfP3/UMuLkDdBKWHIgnnZkGm9FitoiEOI5UbKsS7LzqsFrZUeIM1
zYI/Y9u7FDW9uDfnjMgA+Moi4Ek/3XjOHAcA101DT+Y6Trgqk5KuzBV1IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKmqZjXLVbE19q8Azxl8k5tgsNtAMB8GA1UdIwQY
MBaAFPBSESjPY0qmr6fvUtUx8/zVVij5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUt
ZTQ0MTliNjQyMTJlLzEvcWFwbU5jdFZzVFgycndEUEdYeVRtMkN3MjBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUtZTQ0MTliNjQyMTJl
LzEvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/XpMA0G
CSqGSIb3DQEBCwUAA4IBAQAqIAqTfymHi8xR1+W5DYbFM5QbrNlpSkfFayew2agF
jW5V41Z+J+b/jaInC2p2Rb2W8h0e3yW+kyYGImLj/TaEvDJRXssz0pR7oN5sTDCo
nD2ze4ZqoLOFVmM1vuKzFyYGFJ+hAlruTz1TsyWVLxU2kn7/umSRjXObikiII+HN
kxEn71GbaYC4EnWzKvzkUFNvP8YIjTO/Oy32jpLpP52UqyW2SbyiRF7q0PeoyMA+
dna5qEBJ42H2m6TSwzLuwwRoc7Emv27jpONKxxtjQq70Vg/wRQmkiD6D+Gf691L8
O3h70onEnR77QirxNWTGRBxWDg/O/YfdP01tszEPcWMe
-----END CERTIFICATE-----