Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/0aa541-e90f-46fd-a0dc-03d904c802ce/1/Q7IfWocra-mTc3cj3Yz03mwL_HQ.roa
File:                     Q7IfWocra-mTc3cj3Yz03mwL_HQ.roa (raw, json)
Hash identifier:          d6XrVutZZsMBkcJIr5SxkjADv/dlXFtXWPt/2zl7zgE=
Subject key identifier:   43:B2:1F:5A:87:2B:6B:E9:93:73:77:23:DD:8C:F4:DE:6C:0B:FC:74
Certificate issuer:       /CN=f159077e043877059603caa0e3e584b1626e8f7b
Certificate serial:       018CC64B39B7C7A63BF5780420B0C2117491
Authority key identifier: F1:59:07:7E:04:38:77:05:96:03:CA:A0:E3:E5:84:B1:62:6E:8F:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8VkHfgQ4dwWWA8qg4-WEsWJuj3s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/0aa541-e90f-46fd-a0dc-03d904c802ce/1/Q7IfWocra-mTc3cj3Yz03mwL_HQ.roa
Signing time:             Mon 01 Jan 2024 18:31:07 +0000
ROA not before:           Mon 01 Jan 2024 18:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30879
IP address blocks:        195.34.200.0/22 maxlen: 24
                          83.97.8.0/21 maxlen: 24
                          2a11:d940::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/0aa541-e90f-46fd-a0dc-03d904c802ce/1/8VkHfgQ4dwWWA8qg4-WEsWJuj3s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/0aa541-e90f-46fd-a0dc-03d904c802ce/1/8VkHfgQ4dwWWA8qg4-WEsWJuj3s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8VkHfgQ4dwWWA8qg4-WEsWJuj3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:39:b7:c7:a6:3b:f5:78:04:20:b0:c2:11:74:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f159077e043877059603caa0e3e584b1626e8f7b
        Validity
            Not Before: Jan  1 18:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43b21f5a872b6be993737723dd8cf4de6c0bfc74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:fa:54:c8:8b:64:6d:1f:ce:c9:be:39:2e:80:
                    09:7a:da:e9:a3:e6:82:db:84:24:ea:33:f3:a7:86:
                    f5:77:ce:38:f6:47:44:e0:b1:f5:44:2e:bc:68:26:
                    39:e3:d4:89:f5:ba:51:ee:57:3c:09:06:78:ca:ae:
                    1f:28:66:3b:11:e0:d7:1e:d0:1a:80:c0:4f:5b:7a:
                    5c:42:c5:b9:db:10:6e:d3:f5:e4:78:b5:b5:18:8f:
                    0a:aa:31:eb:e8:38:a8:37:99:74:cf:e3:eb:f7:05:
                    61:8d:64:db:3e:fb:32:37:79:c7:67:a2:95:1f:18:
                    ad:19:da:69:3f:37:1d:0e:1d:ce:e4:e5:81:97:43:
                    31:8b:d9:35:b3:de:46:ab:ab:75:4e:dd:f2:41:46:
                    a2:3c:fe:b7:83:7a:03:2b:8c:00:19:62:04:32:54:
                    e1:3a:29:6e:62:cf:6b:c6:bf:0d:a9:43:e6:58:92:
                    e0:74:c5:65:da:a6:e3:29:91:07:95:87:ca:99:da:
                    64:77:ef:79:af:03:22:c5:b4:ed:e5:2f:34:da:75:
                    25:68:3b:61:6b:cf:0d:c9:03:27:07:bf:74:87:2f:
                    23:5a:46:33:cc:2d:ef:5d:25:84:8e:70:91:48:7e:
                    bc:6b:69:92:9a:d4:db:9b:6d:d6:90:9d:39:5c:8e:
                    43:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:B2:1F:5A:87:2B:6B:E9:93:73:77:23:DD:8C:F4:DE:6C:0B:FC:74
            X509v3 Authority Key Identifier:
                keyid:F1:59:07:7E:04:38:77:05:96:03:CA:A0:E3:E5:84:B1:62:6E:8F:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8VkHfgQ4dwWWA8qg4-WEsWJuj3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/0aa541-e90f-46fd-a0dc-03d904c802ce/1/Q7IfWocra-mTc3cj3Yz03mwL_HQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/0aa541-e90f-46fd-a0dc-03d904c802ce/1/8VkHfgQ4dwWWA8qg4-WEsWJuj3s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.8.0/21
                  195.34.200.0/22
                IPv6:
                  2a11:d940::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:db:be:33:e1:5e:bc:ce:22:1f:01:f1:b6:ea:76:9d:a8:c0:
         4a:d2:73:48:ee:db:6a:13:3b:b5:3d:44:7b:51:d5:d6:30:97:
         89:17:19:00:bd:62:f1:4c:38:3e:ed:31:bf:42:8a:8c:9d:0a:
         ea:f1:3a:fe:44:12:df:df:a8:98:c7:72:86:19:88:6b:76:dd:
         63:43:32:f7:15:1a:7c:8c:aa:f5:62:ed:30:e3:00:2c:f2:6a:
         c2:01:6b:fe:59:94:52:66:af:a8:77:29:d8:4e:f2:de:b7:05:
         bf:6c:5b:21:bb:9c:e9:7b:ef:54:0e:06:62:69:9d:3a:5b:1c:
         2f:7d:79:5f:d5:7b:6d:d4:5f:21:5b:85:fc:bc:11:1d:15:e7:
         9c:a0:ba:c1:b8:31:88:b4:44:4a:0e:6f:a4:5a:c2:0a:69:5a:
         46:0f:b1:5b:69:70:7e:15:2b:c3:b4:d5:af:db:60:0e:62:ea:
         82:79:19:86:c9:1e:07:4c:86:d1:39:94:7e:90:ec:27:52:e4:
         da:c7:f9:af:f5:1b:de:b4:0b:a4:a4:2a:3e:ae:70:fa:c4:5e:
         42:29:9e:eb:f4:7e:95:71:ff:7a:26:21:b2:3b:24:7f:8f:78:
         78:fb:e4:a7:9d:d8:85:d1:b2:84:fc:05:1d:a0:ce:ef:9d:0e:
         82:4e:8a:e8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGSzm3x6Y79XgEILDCEXSRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNTkwNzdlMDQzODc3MDU5NjAzY2FhMGUzZTU4NGIxNjI2
ZThmN2IwHhcNMjQwMTAxMTgzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2IyMWY1YTg3MmI2YmU5OTM3Mzc3MjNkZDhjZjRkZTZjMGJmYzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/pUyItkbR/Oyb45LoAJetrpo+aC
24Qk6jPzp4b1d8449kdE4LH1RC68aCY549SJ9bpR7lc8CQZ4yq4fKGY7EeDXHtAa
gMBPW3pcQsW52xBu0/XkeLW1GI8KqjHr6DioN5l0z+Pr9wVhjWTbPvsyN3nHZ6KV
HxitGdppPzcdDh3O5OWBl0Mxi9k1s95Gq6t1Tt3yQUaiPP63g3oDK4wAGWIEMlTh
OiluYs9rxr8NqUPmWJLgdMVl2qbjKZEHlYfKmdpkd+95rwMixbTt5S802nUlaDth
a88NyQMnB790hy8jWkYzzC3vXSWEjnCRSH68a2mSmtTbm23WkJ05XI5D1wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEOyH1qHK2vpk3N3I92M9N5sC/x0MB8GA1UdIwQY
MBaAFPFZB34EOHcFlgPKoOPlhLFibo97MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFZrSGZnUTRkd1dXQThxZzQtV0VzV0p1ajNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8wYWE1NDEtZTkwZi00NmZkLWEwZGMt
MDNkOTA0YzgwMmNlLzEvUTdJZldvY3JhLW1UYzNjajNZejAzbXdMX0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8wYWE1NDEtZTkwZi00NmZkLWEwZGMtMDNkOTA0YzgwMmNl
LzEvOFZrSGZnUTRkd1dXQThxZzQtV0VzV0p1ajNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDU2EIAwQC
wyLIMA0EAgACMAcDBQMqEdlAMA0GCSqGSIb3DQEBCwUAA4IBAQAG274z4V68ziIf
AfG26nadqMBK0nNI7ttqEzu1PUR7UdXWMJeJFxkAvWLxTDg+7TG/QoqMnQrq8Tr+
RBLf36iYx3KGGYhrdt1jQzL3FRp8jKr1Yu0w4wAs8mrCAWv+WZRSZq+odynYTvLe
twW/bFshu5zpe+9UDgZiaZ06WxwvfXlf1Xtt1F8hW4X8vBEdFeecoLrBuDGItERK
Dm+kWsIKaVpGD7FbaXB+FSvDtNWv22AOYuqCeRmGyR4HTIbROZR+kOwnUuTax/mv
9RvetAukpCo+rnD6xF5CKZ7r9H6Vcf96JiGyOyR/j3h4++SnndiF0bKE/AUdoM7v
nQ6CToro
-----END CERTIFICATE-----