Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/QgOQbBUCQOAgD5Bcvk78hLNc6v8.roa
File:                     QgOQbBUCQOAgD5Bcvk78hLNc6v8.roa (raw, json)
Hash identifier:          BrO2qJVep7avRN2gm4b8y009dzSO2x9I7uZSPfGAm2o=
Subject key identifier:   42:03:90:6C:15:02:40:E0:20:0F:90:5C:BE:4E:FC:84:B3:5C:EA:FF
Certificate issuer:       /CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
Certificate serial:       018CC425355D237CDE5B7553CCFD51775FFF
Authority key identifier: D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/QgOQbBUCQOAgD5Bcvk78hLNc6v8.roa
Signing time:             Mon 01 Jan 2024 08:30:21 +0000
ROA not before:           Mon 01 Jan 2024 08:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208346
IP address blocks:        94.154.132.0/24 maxlen: 24
                          94.154.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:35:5d:23:7c:de:5b:75:53:cc:fd:51:77:5f:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
        Validity
            Not Before: Jan  1 08:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4203906c150240e0200f905cbe4efc84b35ceaff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:39:09:ff:57:ea:54:c8:b1:48:c8:48:3e:b2:
                    51:b4:41:f4:ca:c1:26:aa:6d:f7:7a:cd:71:84:9f:
                    71:e0:0e:5b:0b:92:ca:d4:9c:4c:12:36:f6:ed:55:
                    57:04:45:73:93:35:c7:a2:7d:d5:0c:ec:14:c5:f0:
                    e8:84:96:4a:44:d1:53:f1:1f:71:c5:e0:79:24:7a:
                    6e:93:81:10:a6:87:ab:96:df:89:38:d0:17:e0:ba:
                    12:9b:16:bc:55:80:c8:0f:70:87:5a:c3:32:3b:72:
                    35:a0:de:4d:94:3d:c0:48:15:92:9e:a6:d7:d3:4a:
                    49:6a:48:93:91:bf:30:3c:bb:db:64:12:0b:0e:4a:
                    3a:8e:f4:43:24:00:fa:93:bb:0a:a9:44:91:bb:8c:
                    fd:92:47:43:af:64:f2:d2:76:cf:ab:4d:7b:2b:02:
                    aa:3f:90:dc:a4:26:8c:b4:1a:4d:6f:f7:87:ef:00:
                    d7:88:ab:2e:9d:85:7c:18:50:46:d5:fd:33:92:0e:
                    21:2d:dc:2d:73:2f:46:0e:11:bf:ee:c3:5f:1c:36:
                    d3:36:a2:f9:13:59:44:58:cb:14:3f:24:b3:7e:72:
                    fe:fd:0a:6d:b1:38:21:1c:fd:a0:f0:b9:9d:ae:3d:
                    4a:64:8d:2c:58:5a:18:8d:1c:1a:e3:c7:f9:22:7f:
                    5b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:03:90:6C:15:02:40:E0:20:0F:90:5C:BE:4E:FC:84:B3:5C:EA:FF
            X509v3 Authority Key Identifier:
                keyid:D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/QgOQbBUCQOAgD5Bcvk78hLNc6v8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:2c:91:75:11:97:22:64:5a:e1:0d:6d:21:62:57:8c:5b:d6:
         35:9f:a2:2f:d5:9c:37:1c:99:59:73:75:88:ac:18:4a:a6:ac:
         e6:ac:f6:10:80:ea:26:57:7b:d6:7c:8c:13:bb:ee:65:c7:22:
         99:af:f0:e3:36:06:56:37:d4:4b:6b:0e:08:ad:9d:29:18:9c:
         09:96:83:1e:19:48:34:81:aa:42:e4:36:25:31:b2:b2:f7:d5:
         4c:87:28:42:bc:3e:ba:75:8f:cb:ec:dc:d0:30:da:9a:1f:83:
         7d:5a:bf:39:22:25:27:1f:a0:a8:37:45:96:5c:20:0e:8d:f8:
         6f:0b:69:dd:2b:45:8a:1c:d9:c4:96:fa:00:f7:a3:69:dc:ef:
         68:2f:20:73:6e:d2:a6:07:fa:7e:a1:1e:bb:2e:4a:56:87:3d:
         a0:c1:ff:24:49:58:79:29:ba:5c:19:28:a0:cd:5a:ca:6e:f5:
         3f:4d:46:0b:ac:39:b7:42:0a:df:d6:21:8b:38:12:9a:6d:03:
         02:47:55:53:79:af:f7:ad:34:28:6c:49:4c:5c:f6:ac:af:a9:
         66:4c:f6:b7:56:7a:d3:de:fe:a3:fd:f2:bc:b7:f8:78:12:dd:
         d0:c1:54:46:34:b6:b1:12:13:c1:7c:f2:39:84:f4:a7:89:fb:
         18:ff:26:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTVdI3zeW3VTzP1Rd1//MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjAwY2JhZmQyNmZlZTUwNjRmYzg5ZjMwMWRmYzhlM2Mx
ZDNjYTUwHhcNMjQwMTAxMDgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjAzOTA2YzE1MDI0MGUwMjAwZjkwNWNiZTRlZmM4NGIzNWNlYWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjkJ/1fqVMixSMhIPrJRtEH0ysEm
qm33es1xhJ9x4A5bC5LK1JxMEjb27VVXBEVzkzXHon3VDOwUxfDohJZKRNFT8R9x
xeB5JHpuk4EQpoerlt+JONAX4LoSmxa8VYDID3CHWsMyO3I1oN5NlD3ASBWSnqbX
00pJakiTkb8wPLvbZBILDko6jvRDJAD6k7sKqUSRu4z9kkdDr2Ty0nbPq017KwKq
P5DcpCaMtBpNb/eH7wDXiKsunYV8GFBG1f0zkg4hLdwtcy9GDhG/7sNfHDbTNqL5
E1lEWMsUPySzfnL+/QptsTghHP2g8Lmdrj1KZI0sWFoYjRwa48f5In9bmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIDkGwVAkDgIA+QXL5O/ISzXOr/MB8GA1UdIwQY
MBaAFNNgDLr9Jv7lBk/InzAd/I48HTylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmIt
MWM2ODBhZGY3YTI2LzEvUWdPUWJCVUNRT0FnRDVCY3ZrNzhoTE5jNnY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmItMWM2ODBhZGY3YTI2
LzEvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXpqEMA0G
CSqGSIb3DQEBCwUAA4IBAQChLJF1EZciZFrhDW0hYleMW9Y1n6Iv1Zw3HJlZc3WI
rBhKpqzmrPYQgOomV3vWfIwTu+5lxyKZr/DjNgZWN9RLaw4IrZ0pGJwJloMeGUg0
gapC5DYlMbKy99VMhyhCvD66dY/L7NzQMNqaH4N9Wr85IiUnH6CoN0WWXCAOjfhv
C2ndK0WKHNnElvoA96Np3O9oLyBzbtKmB/p+oR67LkpWhz2gwf8kSVh5KbpcGSig
zVrKbvU/TUYLrDm3Qgrf1iGLOBKabQMCR1VTea/3rTQobElMXPasr6lmTPa3VnrT
3v6j/fK8t/h4Et3QwVRGNLaxEhPBfPI5hPSnifsY/yZg
-----END CERTIFICATE-----