Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/QVCTI2QS2PHJ2b58xnLvgcRoyzA.roa
File:                     QVCTI2QS2PHJ2b58xnLvgcRoyzA.roa (raw, json)
Hash identifier:          ejVwCHHjW4Pn1uchRaiumDDsdppyJqj9ceFP45vtILE=
Subject key identifier:   41:50:93:23:64:12:D8:F1:C9:D9:BE:7C:C6:72:EF:81:C4:68:CB:30
Certificate issuer:       /CN=699c581aff3d0a90178cfab565a388ccd9bc01ce
Certificate serial:       018CCA28EC86B8BE321E7AD496D8DFAE5ECB
Authority key identifier: 69:9C:58:1A:FF:3D:0A:90:17:8C:FA:B5:65:A3:88:CC:D9:BC:01:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/QVCTI2QS2PHJ2b58xnLvgcRoyzA.roa
Signing time:             Tue 02 Jan 2024 12:32:08 +0000
ROA not before:           Tue 02 Jan 2024 12:32:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49206
IP address blocks:        185.41.48.0/24 maxlen: 24
                          185.41.51.0/24 maxlen: 24
                          185.41.50.0/24 maxlen: 24
                          185.41.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:ec:86:b8:be:32:1e:7a:d4:96:d8:df:ae:5e:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=699c581aff3d0a90178cfab565a388ccd9bc01ce
        Validity
            Not Before: Jan  2 12:32:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=415093236412d8f1c9d9be7cc672ef81c468cb30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b2:2f:38:ae:dc:4c:ad:fe:85:f9:31:42:57:
                    e2:fe:6b:7d:68:90:15:29:d6:9f:83:79:d4:e5:f8:
                    e6:63:af:35:36:db:9a:54:0c:a7:7e:c9:20:a1:1a:
                    be:4d:5e:e6:25:e4:aa:9e:49:ba:b4:8c:3d:da:11:
                    7d:2f:53:85:c3:4e:d5:80:9c:fe:81:e7:6e:14:0b:
                    4a:8b:e3:9f:a5:f4:12:93:78:b7:d7:a4:15:9f:26:
                    c5:a4:a0:e7:9d:bb:6d:7a:7c:de:69:b9:fb:68:22:
                    6c:46:68:76:f0:86:20:00:96:4a:e6:ce:82:95:25:
                    d7:d5:75:02:0d:85:1a:2a:49:be:b0:7c:23:ab:63:
                    10:67:bf:30:1b:83:1e:cd:52:ea:3c:26:ac:26:bf:
                    92:80:c5:1e:9e:66:1c:4b:e8:5a:20:a9:c1:8c:f9:
                    07:82:cc:f7:51:5b:03:e0:c4:20:55:a2:6a:82:c1:
                    28:0d:51:2a:b0:c2:6a:16:ed:9c:2c:d6:6b:fa:c6:
                    40:68:17:fc:34:9a:04:9b:40:34:18:95:a2:7c:97:
                    ab:0c:67:a5:1e:bf:4e:be:8f:99:b0:0c:f7:6b:6a:
                    80:ba:8d:3c:13:b5:23:47:cb:2d:70:93:a8:73:e4:
                    ff:58:7e:89:2a:87:0b:ac:bd:a0:28:3c:95:f8:a1:
                    5d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:50:93:23:64:12:D8:F1:C9:D9:BE:7C:C6:72:EF:81:C4:68:CB:30
            X509v3 Authority Key Identifier:
                keyid:69:9C:58:1A:FF:3D:0A:90:17:8C:FA:B5:65:A3:88:CC:D9:BC:01:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/QVCTI2QS2PHJ2b58xnLvgcRoyzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:f4:a0:68:ff:99:00:2f:54:b9:27:cd:ba:db:b6:10:bc:41:
         a3:27:b5:eb:9b:6b:62:5d:4b:cd:0e:1e:26:d1:0a:f0:f8:76:
         7d:2d:c5:6e:e4:9c:20:ff:39:95:d0:95:0a:10:69:d0:36:1f:
         a3:cf:67:32:2f:6a:ff:01:fa:0b:35:27:f5:e5:07:1b:ab:42:
         a5:57:e2:72:f5:a9:4d:83:70:33:db:46:cf:1a:ac:3f:e7:8f:
         8a:58:0f:31:f5:75:9a:c8:1a:21:21:fe:62:e0:c7:20:9a:ea:
         b6:75:65:38:ac:fe:49:c0:c5:c1:ba:f4:25:08:f5:24:30:f6:
         62:5f:9c:07:9a:94:a0:8b:0c:4f:a3:f8:08:64:6d:fb:e5:3b:
         15:e3:2e:3a:94:e6:bd:6b:88:d0:16:dd:8f:c8:fa:e0:93:eb:
         1a:4b:e0:14:ab:74:ef:46:38:6f:83:9b:5c:47:78:a1:a4:a1:
         40:52:b3:98:20:5f:ce:43:ae:e4:9d:11:09:dd:89:7f:6f:28:
         29:46:fc:e9:8b:fa:b1:80:93:5f:89:48:7d:66:c2:ca:24:9a:
         02:dc:59:26:89:01:83:58:51:ec:d1:1f:22:5d:c9:34:27:b4:
         ed:51:21:03:f3:f3:87:23:e9:65:b5:da:33:53:de:9f:70:3d:
         95:9d:ee:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKOyGuL4yHnrUltjfrl7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OWM1ODFhZmYzZDBhOTAxNzhjZmFiNTY1YTM4OGNjZDli
YzAxY2UwHhcNMjQwMTAyMTIzMjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTUwOTMyMzY0MTJkOGYxYzlkOWJlN2NjNjcyZWY4MWM0NjhjYjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprIvOK7cTK3+hfkxQlfi/mt9aJAV
Kdafg3nU5fjmY681NtuaVAynfskgoRq+TV7mJeSqnkm6tIw92hF9L1OFw07VgJz+
geduFAtKi+OfpfQSk3i316QVnybFpKDnnbttenzeabn7aCJsRmh28IYgAJZK5s6C
lSXX1XUCDYUaKkm+sHwjq2MQZ78wG4MezVLqPCasJr+SgMUenmYcS+haIKnBjPkH
gsz3UVsD4MQgVaJqgsEoDVEqsMJqFu2cLNZr+sZAaBf8NJoEm0A0GJWifJerDGel
Hr9Ovo+ZsAz3a2qAuo08E7UjR8stcJOoc+T/WH6JKocLrL2gKDyV+KFdqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFQkyNkEtjxydm+fMZy74HEaMswMB8GA1UdIwQY
MBaAFGmcWBr/PQqQF4z6tWWjiMzZvAHOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVp4WUd2ODlDcEFYalBxMVphT0l6Tm04QWM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9mYjlkNWUtYTYyOC00ZjIzLTg4YTUt
ZTVkZGQyYmI1MWM1LzEvUVZDVEkyUVMyUEhKMmI1OHhuTHZnY1JveXpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9mYjlkNWUtYTYyOC00ZjIzLTg4YTUtZTVkZGQyYmI1MWM1
LzEvYVp4WUd2ODlDcEFYalBxMVphT0l6Tm04QWM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSkwMA0G
CSqGSIb3DQEBCwUAA4IBAQB49KBo/5kAL1S5J82627YQvEGjJ7Xrm2tiXUvNDh4m
0Qrw+HZ9LcVu5Jwg/zmV0JUKEGnQNh+jz2cyL2r/AfoLNSf15Qcbq0KlV+Jy9alN
g3Az20bPGqw/54+KWA8x9XWayBohIf5i4Mcgmuq2dWU4rP5JwMXBuvQlCPUkMPZi
X5wHmpSgiwxPo/gIZG375TsV4y46lOa9a4jQFt2PyPrgk+saS+AUq3TvRjhvg5tc
R3ihpKFAUrOYIF/OQ67knREJ3Yl/bygpRvzpi/qxgJNfiUh9ZsLKJJoC3FkmiQGD
WFHs0R8iXck0J7TtUSED8/OHI+lltdozU96fcD2Vne5t
-----END CERTIFICATE-----