Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/dc1724-3165-47ef-a6fe-1c6aa1f6b70b/1/QFExoFhkGQwcCgTuYoucfKSJKhE.roa
File:                     QFExoFhkGQwcCgTuYoucfKSJKhE.roa (raw, json)
Hash identifier:          IYzjSvlJifbMjECFQ8N73VVKMu2dM7s7r42tFbbOPOs=
Subject key identifier:   40:51:31:A0:58:64:19:0C:1C:0A:04:EE:62:8B:9C:7C:A4:89:2A:11
Certificate issuer:       /CN=d325fc508a7373256720a54d73fa9057d8a21c13
Certificate serial:       018CC26D7329224504EE464ED564B39A8489
Authority key identifier: D3:25:FC:50:8A:73:73:25:67:20:A5:4D:73:FA:90:57:D8:A2:1C:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0yX8UIpzcyVnIKVNc_qQV9iiHBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/dc1724-3165-47ef-a6fe-1c6aa1f6b70b/1/QFExoFhkGQwcCgTuYoucfKSJKhE.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205609
IP address blocks:        185.133.252.0/22 maxlen: 22
                          185.133.252.0/23 maxlen: 23
                          185.133.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/dc1724-3165-47ef-a6fe-1c6aa1f6b70b/1/0yX8UIpzcyVnIKVNc_qQV9iiHBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/dc1724-3165-47ef-a6fe-1c6aa1f6b70b/1/0yX8UIpzcyVnIKVNc_qQV9iiHBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0yX8UIpzcyVnIKVNc_qQV9iiHBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:73:29:22:45:04:ee:46:4e:d5:64:b3:9a:84:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d325fc508a7373256720a54d73fa9057d8a21c13
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=405131a05864190c1c0a04ee628b9c7ca4892a11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:af:2d:96:c0:9a:eb:fa:37:81:e3:b1:3a:ce:
                    25:37:a4:dc:f9:ea:72:11:e2:18:cf:11:c5:16:14:
                    c6:52:2e:49:0d:d9:99:a4:e8:50:f5:e9:11:a2:cc:
                    a1:d0:61:9d:53:20:ed:9d:02:08:9e:1a:4a:07:29:
                    6b:6e:84:e4:61:de:7c:91:26:56:7a:08:08:74:ac:
                    d8:a3:f9:2a:da:75:d3:d6:ec:f4:25:a0:83:b3:d2:
                    65:25:a7:a5:c5:0f:e1:bd:97:83:52:c9:dd:71:c2:
                    ae:56:89:a5:47:b4:c6:1c:c3:d2:f6:34:41:37:e5:
                    aa:d4:00:d2:42:12:62:93:99:95:3d:7a:6f:65:dc:
                    3f:63:91:65:0d:0d:ef:f2:19:94:81:fa:32:d7:b3:
                    9a:fc:f3:d0:f6:29:eb:e6:ac:ca:40:37:08:6f:fa:
                    aa:f8:9f:de:ee:5f:81:0e:4e:c0:b3:af:b8:d9:04:
                    07:bb:5f:8e:2a:20:c4:9b:d5:82:0d:2e:f9:4c:c0:
                    fe:5c:18:29:27:09:b3:35:5c:e8:39:7b:85:63:60:
                    d6:04:1d:bc:ea:78:48:41:58:b2:84:2e:8e:2e:1f:
                    9c:0c:cb:4c:be:26:d0:c6:3d:d7:77:d9:7b:1e:52:
                    6a:9f:b0:9b:52:ec:52:80:18:67:d0:b4:3a:27:c6:
                    21:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:51:31:A0:58:64:19:0C:1C:0A:04:EE:62:8B:9C:7C:A4:89:2A:11
            X509v3 Authority Key Identifier:
                keyid:D3:25:FC:50:8A:73:73:25:67:20:A5:4D:73:FA:90:57:D8:A2:1C:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0yX8UIpzcyVnIKVNc_qQV9iiHBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/dc1724-3165-47ef-a6fe-1c6aa1f6b70b/1/QFExoFhkGQwcCgTuYoucfKSJKhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/dc1724-3165-47ef-a6fe-1c6aa1f6b70b/1/0yX8UIpzcyVnIKVNc_qQV9iiHBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:13:76:e9:dc:d0:6a:7c:97:d0:e4:9b:07:7a:67:d3:d1:df:
         e0:de:b8:33:68:4e:a4:f6:04:e7:b2:6c:03:bd:41:3d:d2:b0:
         25:92:c1:7a:02:ec:18:0a:50:cd:f1:a8:c3:9c:f4:a7:e4:83:
         3f:40:75:e0:6f:0a:17:8b:b3:8d:a8:c0:51:0b:2b:a0:29:f0:
         64:25:ad:79:97:a9:b5:95:c1:1e:20:0d:4f:95:78:1c:06:bd:
         15:e0:ac:6d:6f:4b:e0:3d:7b:ac:94:cf:fb:4f:e5:49:91:55:
         02:8f:9c:e1:fc:5c:e9:c4:82:bc:de:2d:9d:2f:21:b8:6c:78:
         4c:cc:9d:14:70:90:59:7e:ee:ce:aa:dd:eb:de:93:ec:7a:3b:
         ec:00:7c:fe:cc:d2:30:6e:03:97:c2:20:2b:97:0d:ce:77:24:
         d0:dc:ab:b1:35:63:5a:de:88:10:50:94:3e:6f:ef:12:0a:c8:
         f9:b8:81:a5:4d:ab:fb:26:e9:55:68:cc:76:a2:cc:c2:df:f1:
         ab:84:c7:d3:8c:cf:f0:f3:fa:49:c2:41:32:e4:30:ef:2d:ef:
         a4:42:33:a9:e3:20:16:64:6b:a1:cb:54:32:07:8a:43:48:e6:
         62:e6:89:b8:46:63:ef:e5:58:b2:29:95:b1:2f:db:5a:a2:20:
         b0:51:0c:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXMpIkUE7kZO1WSzmoSJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMjVmYzUwOGE3MzczMjU2NzIwYTU0ZDczZmE5MDU3ZDhh
MjFjMTMwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDUxMzFhMDU4NjQxOTBjMWMwYTA0ZWU2MjhiOWM3Y2E0ODkyYTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr68tlsCa6/o3geOxOs4lN6Tc+epy
EeIYzxHFFhTGUi5JDdmZpOhQ9ekRosyh0GGdUyDtnQIInhpKBylrboTkYd58kSZW
eggIdKzYo/kq2nXT1uz0JaCDs9JlJaelxQ/hvZeDUsndccKuVomlR7TGHMPS9jRB
N+Wq1ADSQhJik5mVPXpvZdw/Y5FlDQ3v8hmUgfoy17Oa/PPQ9inr5qzKQDcIb/qq
+J/e7l+BDk7As6+42QQHu1+OKiDEm9WCDS75TMD+XBgpJwmzNVzoOXuFY2DWBB28
6nhIQViyhC6OLh+cDMtMvibQxj3Xd9l7HlJqn7CbUuxSgBhn0LQ6J8Yh5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEBRMaBYZBkMHAoE7mKLnHykiSoRMB8GA1UdIwQY
MBaAFNMl/FCKc3MlZyClTXP6kFfYohwTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHlYOFVJcHpjeVZuSUtWTmNfcVFWOWlpSEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9kYzE3MjQtMzE2NS00N2VmLWE2ZmUt
MWM2YWExZjZiNzBiLzEvUUZFeG9GaGtHUXdjQ2dUdVlvdWNmS1NKS2hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9kYzE3MjQtMzE2NS00N2VmLWE2ZmUtMWM2YWExZjZiNzBi
LzEvMHlYOFVJcHpjeVZuSUtWTmNfcVFWOWlpSEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYX8MA0G
CSqGSIb3DQEBCwUAA4IBAQB/E3bp3NBqfJfQ5JsHemfT0d/g3rgzaE6k9gTnsmwD
vUE90rAlksF6AuwYClDN8ajDnPSn5IM/QHXgbwoXi7ONqMBRCyugKfBkJa15l6m1
lcEeIA1PlXgcBr0V4Kxtb0vgPXuslM/7T+VJkVUCj5zh/FzpxIK83i2dLyG4bHhM
zJ0UcJBZfu7Oqt3r3pPsejvsAHz+zNIwbgOXwiArlw3OdyTQ3KuxNWNa3ogQUJQ+
b+8SCsj5uIGlTav7JulVaMx2oszC3/GrhMfTjM/w8/pJwkEy5DDvLe+kQjOp4yAW
ZGuhy1QyB4pDSOZi5om4RmPv5ViyKZWxL9taoiCwUQyN
-----END CERTIFICATE-----