Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/QU3JAvPGHx6Fi3ztK-qewLh80qo.roa
File:                     QU3JAvPGHx6Fi3ztK-qewLh80qo.roa (raw, json)
Hash identifier:          XVW4p0SRVe9E/QzqAVLa8xgU6jhaI7QWoeTixrkQveI=
Subject key identifier:   41:4D:C9:02:F3:C6:1F:1E:85:8B:7C:ED:2B:EA:9E:C0:B8:7C:D2:AA
Certificate issuer:       /CN=3694fcc6bf6a8740fa7814641fd9d6ec8d862e5f
Certificate serial:       018D876C91304A066C8CBC49753759AB461D
Authority key identifier: 36:94:FC:C6:BF:6A:87:40:FA:78:14:64:1F:D9:D6:EC:8D:86:2E:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpT8xr9qh0D6eBRkH9nW7I2GLl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/QU3JAvPGHx6Fi3ztK-qewLh80qo.roa
Signing time:             Thu 08 Feb 2024 06:34:15 +0000
ROA not before:           Thu 08 Feb 2024 06:34:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        185.113.64.0/23 maxlen: 23
                          185.113.64.0/24 maxlen: 24
                          185.113.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/NpT8xr9qh0D6eBRkH9nW7I2GLl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/NpT8xr9qh0D6eBRkH9nW7I2GLl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpT8xr9qh0D6eBRkH9nW7I2GLl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:87:6c:91:30:4a:06:6c:8c:bc:49:75:37:59:ab:46:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3694fcc6bf6a8740fa7814641fd9d6ec8d862e5f
        Validity
            Not Before: Feb  8 06:34:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=414dc902f3c61f1e858b7ced2bea9ec0b87cd2aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:82:6b:8e:1e:8e:d2:6c:91:68:5f:a1:65:9b:
                    a6:ff:bd:78:b8:8e:69:35:1a:06:ea:90:c4:df:14:
                    aa:4b:f3:f8:16:42:67:f4:72:f8:94:72:98:47:ce:
                    69:49:9f:b5:34:1d:24:f8:07:01:1d:53:1f:fb:a9:
                    5c:a6:ed:fd:44:ff:04:cf:75:3a:97:28:b9:c6:1c:
                    59:3b:3a:00:3e:de:cc:2a:9c:fe:6d:0a:95:a8:ef:
                    7d:5c:01:de:08:88:e3:b9:2f:45:eb:fa:6a:6f:67:
                    f7:d6:a3:54:54:c5:cb:67:a4:d0:ca:5b:41:51:ee:
                    41:9f:17:27:59:38:a1:b3:5e:cd:63:7d:bb:d5:5f:
                    82:78:0d:a1:09:65:15:cb:27:54:19:53:a9:29:12:
                    7a:31:ca:3a:ef:65:c4:7a:d9:fa:dc:ee:0c:fc:8e:
                    1b:f3:ba:65:87:7d:47:98:b8:d3:d4:e8:7e:87:6b:
                    7f:73:1a:54:4f:da:35:80:09:6c:24:35:97:74:d3:
                    20:e3:13:49:e5:3b:9d:c1:88:aa:4d:84:dd:f2:18:
                    3d:56:c7:97:18:0d:a0:db:65:5b:b5:86:f2:a0:4e:
                    a3:95:2f:4e:56:0b:aa:d7:55:b4:02:42:4d:22:5a:
                    26:d9:3e:04:f3:71:d0:31:b2:1c:c8:77:3f:c4:fa:
                    7a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:4D:C9:02:F3:C6:1F:1E:85:8B:7C:ED:2B:EA:9E:C0:B8:7C:D2:AA
            X509v3 Authority Key Identifier:
                keyid:36:94:FC:C6:BF:6A:87:40:FA:78:14:64:1F:D9:D6:EC:8D:86:2E:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpT8xr9qh0D6eBRkH9nW7I2GLl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/QU3JAvPGHx6Fi3ztK-qewLh80qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/NpT8xr9qh0D6eBRkH9nW7I2GLl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:0b:9b:cb:52:c5:67:e1:7b:25:b0:02:eb:00:f9:30:72:00:
         47:43:33:95:65:fa:f5:f7:f0:2e:ab:3a:2c:76:2e:42:79:28:
         3f:d1:6a:b9:c3:09:36:fd:24:29:2d:1d:4d:13:e3:ed:d2:81:
         08:dd:8a:30:cc:c0:6d:1d:49:af:86:c7:7c:79:7c:d3:71:33:
         f5:0e:39:36:68:2b:6d:3b:30:93:9c:86:33:1f:32:5d:e5:a8:
         85:13:3e:03:b9:16:a2:82:e4:e4:8c:85:1b:7b:f4:40:d3:63:
         e2:6f:13:e1:85:c7:3b:0f:2c:81:61:eb:f4:09:35:51:b8:27:
         88:61:4f:95:f3:38:43:ce:be:3b:49:a1:3d:92:96:20:d6:f4:
         08:8e:74:76:b6:c4:b7:70:3c:82:24:be:5b:f2:ea:e4:03:5b:
         56:bb:09:ef:df:13:9f:16:62:ad:06:37:65:e1:56:33:6b:50:
         f6:16:ea:11:01:ce:42:38:99:01:c1:69:c2:2e:88:20:32:67:
         20:a7:0f:ba:4a:42:47:df:c0:6d:d9:a8:f4:14:ae:68:6a:32:
         33:67:71:cb:05:b8:c2:ab:1d:d1:3e:dc:00:bb:93:e6:26:49:
         35:62:e3:17:4f:1f:57:f7:23:d3:41:02:40:a0:da:98:19:46:
         ee:a0:2d:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2HbJEwSgZsjLxJdTdZq0YdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTRmY2M2YmY2YTg3NDBmYTc4MTQ2NDFmZDlkNmVjOGQ4
NjJlNWYwHhcNMjQwMjA4MDYzNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTRkYzkwMmYzYzYxZjFlODU4YjdjZWQyYmVhOWVjMGI4N2NkMmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4Jrjh6O0myRaF+hZZum/714uI5p
NRoG6pDE3xSqS/P4FkJn9HL4lHKYR85pSZ+1NB0k+AcBHVMf+6lcpu39RP8Ez3U6
lyi5xhxZOzoAPt7MKpz+bQqVqO99XAHeCIjjuS9F6/pqb2f31qNUVMXLZ6TQyltB
Ue5BnxcnWTihs17NY3271V+CeA2hCWUVyydUGVOpKRJ6Mco672XEetn63O4M/I4b
87plh31HmLjT1Oh+h2t/cxpUT9o1gAlsJDWXdNMg4xNJ5TudwYiqTYTd8hg9VseX
GA2g22VbtYbyoE6jlS9OVguq11W0AkJNIlom2T4E83HQMbIcyHc/xPp6JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFNyQLzxh8ehYt87SvqnsC4fNKqMB8GA1UdIwQY
MBaAFDaU/Ma/aodA+ngUZB/Z1uyNhi5fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBUOHhyOXFoMEQ2ZUJSa0g5blc3STJHTGw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9hOGRkOWUtNzFmMi00Zjc3LWI1NzUt
MGQzZmNlNDI5YmRlLzEvUVUzSkF2UEdIeDZGaTN6dEstcWV3TGg4MHFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9hOGRkOWUtNzFmMi00Zjc3LWI1NzUtMGQzZmNlNDI5YmRl
LzEvTnBUOHhyOXFoMEQ2ZUJSa0g5blc3STJHTGw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXFAMA0G
CSqGSIb3DQEBCwUAA4IBAQCTC5vLUsVn4XslsALrAPkwcgBHQzOVZfr19/Auqzos
di5CeSg/0Wq5wwk2/SQpLR1NE+Pt0oEI3YowzMBtHUmvhsd8eXzTcTP1Djk2aCtt
OzCTnIYzHzJd5aiFEz4DuRaiguTkjIUbe/RA02PibxPhhcc7DyyBYev0CTVRuCeI
YU+V8zhDzr47SaE9kpYg1vQIjnR2tsS3cDyCJL5b8urkA1tWuwnv3xOfFmKtBjdl
4VYza1D2FuoRAc5COJkBwWnCLoggMmcgpw+6SkJH38Bt2aj0FK5oajIzZ3HLBbjC
qx3RPtwAu5PmJkk1YuMXTx9X9yPTQQJAoNqYGUbuoC2a
-----END CERTIFICATE-----