Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/QIkCQUf_qlTLqC5KHF6ll7iX2G0.roa
File:                     QIkCQUf_qlTLqC5KHF6ll7iX2G0.roa (raw, json)
Hash identifier:          D35VW4VV7wfjtI8N0nhEotqsZK+N1aie5dOWsmBZs8Q=
Subject key identifier:   40:89:02:41:47:FF:AA:54:CB:A8:2E:4A:1C:5E:A5:97:B8:97:D8:6D
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018CC2DB644C863C2635B2AA4969D69BD720
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/QIkCQUf_qlTLqC5KHF6ll7iX2G0.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50267
IP address blocks:        213.226.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:64:4c:86:3c:26:35:b2:aa:49:69:d6:9b:d7:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4089024147ffaa54cba82e4a1c5ea597b897d86d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:33:62:c3:c5:57:1e:9b:f7:6c:25:25:ef:70:
                    45:67:cd:3b:16:6c:92:cc:c1:42:20:58:f7:9e:cc:
                    1f:c9:66:8d:4e:cf:18:d0:46:59:fe:0b:90:1c:f1:
                    83:e5:98:10:36:b1:6f:48:c6:99:a1:81:5f:0b:b4:
                    2e:4a:97:bd:4a:eb:77:28:63:0e:a3:5b:0f:92:6b:
                    cd:31:74:8b:25:cb:00:51:f8:2a:97:50:fe:92:92:
                    9b:0c:69:5c:9a:90:7b:5b:2e:cf:47:84:d9:97:e0:
                    61:ef:73:bd:b6:55:81:cc:56:84:b4:11:52:8b:85:
                    d4:90:c2:5c:a8:3b:07:90:a7:f6:9c:c0:0c:7f:a9:
                    e5:69:d3:c2:9f:dc:2a:db:e2:30:51:f8:55:ac:46:
                    6e:67:b9:f9:14:85:95:bd:5c:5a:f4:9b:34:e4:02:
                    17:c6:12:27:0a:a1:da:5e:b2:e2:9f:9a:28:1d:cf:
                    1c:cd:a0:c7:38:68:ed:c5:a2:bf:77:f1:c0:df:a0:
                    67:54:cb:1a:ab:0d:77:d8:fa:82:03:67:4a:78:51:
                    ed:99:e1:93:cc:a7:27:de:ee:c4:ca:c7:9c:43:0b:
                    a1:07:e4:d0:2c:4c:60:b6:2c:9f:fc:5b:e9:65:ce:
                    44:a6:62:b0:10:8f:ca:b4:bb:ac:70:7b:c2:7a:50:
                    1c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:89:02:41:47:FF:AA:54:CB:A8:2E:4A:1C:5E:A5:97:B8:97:D8:6D
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/QIkCQUf_qlTLqC5KHF6ll7iX2G0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.226.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:5f:be:48:39:a7:d6:a3:b6:35:aa:2c:46:8f:f5:6b:51:7b:
         b4:88:6f:4c:95:d4:74:c8:fe:65:6c:79:9c:3d:6f:78:00:ef:
         9f:c5:f1:af:a3:0c:74:01:7b:50:37:90:bd:ba:c8:6a:2e:e0:
         e5:3a:1a:0d:9b:8d:8e:a9:ec:b0:71:88:2f:45:fa:73:d9:86:
         2c:85:a7:12:95:52:99:64:99:c1:b5:af:84:31:72:d8:9e:02:
         9a:48:3a:f4:6e:c5:75:b2:2c:b4:52:96:6b:ce:10:9b:17:72:
         21:07:09:61:4c:d0:1d:db:b1:5b:52:3e:78:ed:e6:bb:77:87:
         ab:8a:9d:03:42:2b:cf:fa:f2:93:97:f7:0f:a7:04:f2:5c:3a:
         ff:85:bb:57:39:2f:e1:e0:e5:60:7b:42:2b:60:7c:59:27:81:
         34:ce:b5:c9:c7:dc:f4:a4:1e:a7:72:72:e6:62:6c:92:61:77:
         62:4d:4a:f7:b5:9a:39:10:07:2c:1d:10:93:fc:88:ca:55:fb:
         86:f9:ba:82:86:a5:f0:4f:a9:a2:43:a7:e6:b7:81:c8:b8:85:
         00:c6:1c:23:eb:f7:b9:fd:b4:8b:48:4b:dc:28:75:60:b5:50:
         5a:85:fd:4d:6b:e5:ef:bc:c2:60:57:8d:9d:08:5c:dd:3e:e4:
         98:a0:3f:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22RMhjwmNbKqSWnWm9cgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDg5MDI0MTQ3ZmZhYTU0Y2JhODJlNGExYzVlYTU5N2I4OTdkODZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzNiw8VXHpv3bCUl73BFZ807FmyS
zMFCIFj3nswfyWaNTs8Y0EZZ/guQHPGD5ZgQNrFvSMaZoYFfC7QuSpe9Sut3KGMO
o1sPkmvNMXSLJcsAUfgql1D+kpKbDGlcmpB7Wy7PR4TZl+Bh73O9tlWBzFaEtBFS
i4XUkMJcqDsHkKf2nMAMf6nladPCn9wq2+IwUfhVrEZuZ7n5FIWVvVxa9Js05AIX
xhInCqHaXrLin5ooHc8czaDHOGjtxaK/d/HA36BnVMsaqw132PqCA2dKeFHtmeGT
zKcn3u7EysecQwuhB+TQLExgtiyf/FvpZc5EpmKwEI/KtLuscHvCelAcNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECJAkFH/6pUy6guShxepZe4l9htMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvUUlrQ1FVZl9xbFRMcUM1S0hGNmxsN2lYMkcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1eJzMA0G
CSqGSIb3DQEBCwUAA4IBAQBpX75IOafWo7Y1qixGj/VrUXu0iG9MldR0yP5lbHmc
PW94AO+fxfGvowx0AXtQN5C9ushqLuDlOhoNm42OqeywcYgvRfpz2YYshacSlVKZ
ZJnBta+EMXLYngKaSDr0bsV1siy0UpZrzhCbF3IhBwlhTNAd27FbUj547ea7d4er
ip0DQivP+vKTl/cPpwTyXDr/hbtXOS/h4OVge0IrYHxZJ4E0zrXJx9z0pB6ncnLm
YmySYXdiTUr3tZo5EAcsHRCT/IjKVfuG+bqChqXwT6miQ6fmt4HIuIUAxhwj6/e5
/bSLSEvcKHVgtVBahf1Na+XvvMJgV42dCFzdPuSYoD+l
-----END CERTIFICATE-----