Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/CQFLXIVSe-dS_Uvff20qUqUr1d8.roa
File:                     CQFLXIVSe-dS_Uvff20qUqUr1d8.roa (raw, json)
Hash identifier:          lSUMhq3Ix4F9kBDI+K56HBeftr/CIwykc+8Mz84Ejbo=
Subject key identifier:   09:01:4B:5C:85:52:7B:E7:52:FD:4B:DF:7F:6D:2A:52:A5:2B:D5:DF
Certificate issuer:       /CN=b2deb3765f539f1ec3f00213ff834085b7c8c76f
Certificate serial:       018DE701D5719653654E14F57765F9843191
Authority key identifier: B2:DE:B3:76:5F:53:9F:1E:C3:F0:02:13:FF:83:40:85:B7:C8:C7:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/st6zdl9Tnx7D8AIT_4NAhbfIx28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/CQFLXIVSe-dS_Uvff20qUqUr1d8.roa
Signing time:             Mon 26 Feb 2024 20:01:13 +0000
ROA not before:           Mon 26 Feb 2024 20:01:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        194.9.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/st6zdl9Tnx7D8AIT_4NAhbfIx28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/st6zdl9Tnx7D8AIT_4NAhbfIx28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/st6zdl9Tnx7D8AIT_4NAhbfIx28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e7:01:d5:71:96:53:65:4e:14:f5:77:65:f9:84:31:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2deb3765f539f1ec3f00213ff834085b7c8c76f
        Validity
            Not Before: Feb 26 20:01:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09014b5c85527be752fd4bdf7f6d2a52a52bd5df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c6:34:1d:bb:3a:93:9f:96:f7:d1:65:57:6d:
                    3f:da:7e:cf:20:82:c6:f5:45:99:7f:ed:d8:9f:1b:
                    07:0b:8c:68:31:ef:78:bf:69:d6:bb:ed:2d:27:41:
                    97:50:b4:71:76:36:c7:1d:19:8b:02:84:15:80:43:
                    a4:9c:5f:5b:25:a6:94:ba:a0:67:7a:a1:d8:2f:43:
                    15:29:9a:49:68:41:9f:e8:56:54:dc:fa:e7:53:8c:
                    bc:18:54:05:ff:3a:07:46:a6:90:5a:38:d9:68:5c:
                    1d:17:c1:22:c1:ff:f7:81:e4:eb:7d:8d:7b:1d:7d:
                    3b:93:c2:9a:98:52:c0:64:9d:96:94:7f:3e:64:c2:
                    02:cb:4d:ba:80:92:bb:2e:ff:02:f1:f9:96:50:a0:
                    c9:61:1c:f0:1c:03:8a:df:fe:b4:28:ea:7f:ab:66:
                    49:8b:f0:1f:bb:25:65:6a:eb:ef:d0:5e:a9:5f:55:
                    14:fe:76:cd:b4:19:57:7a:7a:35:39:5b:36:80:de:
                    5c:59:be:da:05:1d:d3:50:11:b0:d1:e3:d3:1a:74:
                    e0:ab:b9:33:70:74:40:d3:9e:01:f2:77:43:65:ad:
                    98:1b:e3:e5:88:29:af:90:08:08:ee:56:62:f5:06:
                    47:70:41:24:b8:14:91:ee:34:d0:52:c9:ab:d3:08:
                    2a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:01:4B:5C:85:52:7B:E7:52:FD:4B:DF:7F:6D:2A:52:A5:2B:D5:DF
            X509v3 Authority Key Identifier:
                keyid:B2:DE:B3:76:5F:53:9F:1E:C3:F0:02:13:FF:83:40:85:B7:C8:C7:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/st6zdl9Tnx7D8AIT_4NAhbfIx28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/CQFLXIVSe-dS_Uvff20qUqUr1d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/st6zdl9Tnx7D8AIT_4NAhbfIx28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:91:c4:03:01:56:d1:d4:1a:79:ac:e9:79:ff:7a:ca:f3:9c:
         fc:18:c1:75:34:05:89:a6:3d:62:54:9b:59:ad:8d:9b:70:28:
         93:66:36:77:bb:ac:53:21:3f:4d:af:57:20:c9:3a:08:ea:56:
         23:fb:da:17:db:7f:78:1e:ef:9a:42:ff:13:17:55:89:94:a0:
         19:d9:9c:8f:94:82:d6:dd:4a:dd:36:54:37:3c:17:a0:11:64:
         8f:e0:e7:17:65:40:5b:8b:05:d2:14:b3:51:3b:0a:28:1e:e0:
         51:e7:ba:a5:e9:3b:2a:f1:d9:d1:d8:3a:45:01:0c:26:6b:0a:
         2f:6e:c4:a2:1c:04:2a:a2:62:fb:c4:fb:2a:ab:9c:c9:2b:2d:
         e9:9d:a6:c6:59:a7:bd:2b:fd:47:3c:ae:4c:4b:2f:69:bf:ff:
         f1:2d:34:5a:5b:eb:47:1a:6e:7b:2e:d9:e6:88:f7:ef:c2:12:
         4b:e1:3c:dc:85:6c:bc:9e:31:e4:e7:c0:33:8e:17:54:33:49:
         a7:0c:7f:40:3a:d2:68:f0:80:85:2d:bc:31:ab:38:ec:58:65:
         b2:e4:6a:91:17:9b:ce:69:2b:b2:7d:c0:42:4c:23:53:86:97:
         2c:92:c8:02:e6:a0:81:3e:ab:e6:7e:75:ec:db:7e:f4:9e:b8:
         45:0b:f0:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3nAdVxllNlThT1d2X5hDGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZGViMzc2NWY1MzlmMWVjM2YwMDIxM2ZmODM0MDg1Yjdj
OGM3NmYwHhcNMjQwMjI2MjAwMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTAxNGI1Yzg1NTI3YmU3NTJmZDRiZGY3ZjZkMmE1MmE1MmJkNWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncY0Hbs6k5+W99FlV20/2n7PIILG
9UWZf+3YnxsHC4xoMe94v2nWu+0tJ0GXULRxdjbHHRmLAoQVgEOknF9bJaaUuqBn
eqHYL0MVKZpJaEGf6FZU3PrnU4y8GFQF/zoHRqaQWjjZaFwdF8Eiwf/3geTrfY17
HX07k8KamFLAZJ2WlH8+ZMICy026gJK7Lv8C8fmWUKDJYRzwHAOK3/60KOp/q2ZJ
i/AfuyVlauvv0F6pX1UU/nbNtBlXeno1OVs2gN5cWb7aBR3TUBGw0ePTGnTgq7kz
cHRA054B8ndDZa2YG+PliCmvkAgI7lZi9QZHcEEkuBSR7jTQUsmr0wgqSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkBS1yFUnvnUv1L339tKlKlK9XfMB8GA1UdIwQY
MBaAFLLes3ZfU58ew/ACE/+DQIW3yMdvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3Q2emRsOVRueDdEOEFJVF80TkFoYmZJeDI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC84YzYzOTUtNjQ2YS00N2EyLWI0YjYt
YzZmNmUzZjI4OTU2LzEvQ1FGTFhJVlNlLWRTX1V2ZmYyMHFVcVVyMWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC84YzYzOTUtNjQ2YS00N2EyLWI0YjYtYzZmNmUzZjI4OTU2
LzEvc3Q2emRsOVRueDdEOEFJVF80TkFoYmZJeDI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgl3MA0G
CSqGSIb3DQEBCwUAA4IBAQCAkcQDAVbR1Bp5rOl5/3rK85z8GMF1NAWJpj1iVJtZ
rY2bcCiTZjZ3u6xTIT9Nr1cgyToI6lYj+9oX2394Hu+aQv8TF1WJlKAZ2ZyPlILW
3UrdNlQ3PBegEWSP4OcXZUBbiwXSFLNROwooHuBR57ql6Tsq8dnR2DpFAQwmawov
bsSiHAQqomL7xPsqq5zJKy3pnabGWae9K/1HPK5MSy9pv//xLTRaW+tHGm57Ltnm
iPfvwhJL4TzchWy8njHk58AzjhdUM0mnDH9AOtJo8ICFLbwxqzjsWGWy5GqRF5vO
aSuyfcBCTCNThpcsksgC5qCBPqvmfnXs2370nrhFC/BR
-----END CERTIFICATE-----