Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/ed4da0-0647-446f-b065-db0dcc08f452/1/Q2LvLIGmJKtctOAlQIuyCV1_KNQ.roa
File:                     Q2LvLIGmJKtctOAlQIuyCV1_KNQ.roa (raw, json)
Hash identifier:          IR5VEnnRTWrl0Dc4nezJsU2FEwjyh+6Rz7X9BuCOPb4=
Subject key identifier:   43:62:EF:2C:81:A6:24:AB:5C:B4:E0:25:40:8B:B2:09:5D:7F:28:D4
Certificate issuer:       /CN=66ef31adac663855b3ddd1931c44cf8064d6a6eb
Certificate serial:       018CC801B84492B6D8BFD86B4D788284FA8F
Authority key identifier: 66:EF:31:AD:AC:66:38:55:B3:DD:D1:93:1C:44:CF:80:64:D6:A6:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zu8xraxmOFWz3dGTHETPgGTWpus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/ed4da0-0647-446f-b065-db0dcc08f452/1/Q2LvLIGmJKtctOAlQIuyCV1_KNQ.roa
Signing time:             Tue 02 Jan 2024 02:30:05 +0000
ROA not before:           Tue 02 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.160.155.0/24 maxlen: 24
                          2a0c:9e40:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/ed4da0-0647-446f-b065-db0dcc08f452/1/Zu8xraxmOFWz3dGTHETPgGTWpus.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/ed4da0-0647-446f-b065-db0dcc08f452/1/Zu8xraxmOFWz3dGTHETPgGTWpus.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zu8xraxmOFWz3dGTHETPgGTWpus.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:b8:44:92:b6:d8:bf:d8:6b:4d:78:82:84:fa:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66ef31adac663855b3ddd1931c44cf8064d6a6eb
        Validity
            Not Before: Jan  2 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4362ef2c81a624ab5cb4e025408bb2095d7f28d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:a3:ba:d8:16:f3:69:3e:a9:0f:85:88:f9:89:
                    b3:55:01:e2:a0:99:ef:7a:1a:16:3e:c2:4e:71:6c:
                    7f:54:03:13:95:aa:69:e9:ad:66:74:8f:17:a5:c1:
                    72:08:e0:67:1e:65:77:80:69:b6:90:ca:5f:e3:47:
                    ae:9d:ef:f3:6d:1b:bf:84:36:aa:7b:8b:39:8a:9f:
                    a4:ab:59:93:5b:c3:fe:2a:b5:06:87:c3:67:75:f5:
                    49:20:4b:7d:43:23:61:08:cb:2f:95:22:ae:73:bb:
                    af:3a:86:fd:57:81:ed:f6:ed:37:c7:4f:12:b9:76:
                    af:06:ed:8b:dd:c8:c5:76:e3:b2:fa:5a:47:15:ce:
                    27:2d:fb:bd:0f:9c:46:72:7a:f8:ec:34:c7:bb:2f:
                    63:d5:d9:10:d6:33:64:6d:ca:4e:2d:9f:53:f9:8a:
                    da:17:4b:b9:e3:03:40:03:f9:8c:7b:1e:82:b1:7a:
                    4f:55:ad:45:cf:c8:b2:5e:c5:23:ca:f5:11:f8:01:
                    bb:b2:05:fc:2e:f3:7e:12:10:75:74:0f:ed:a2:14:
                    91:67:bd:b1:bc:ea:a0:ad:92:48:92:29:4b:ba:82:
                    c2:62:1b:0e:32:f0:b6:27:ab:72:5b:e1:95:29:25:
                    47:0f:5d:1e:96:89:1f:f9:66:f7:3a:62:c3:bc:71:
                    3a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:62:EF:2C:81:A6:24:AB:5C:B4:E0:25:40:8B:B2:09:5D:7F:28:D4
            X509v3 Authority Key Identifier:
                keyid:66:EF:31:AD:AC:66:38:55:B3:DD:D1:93:1C:44:CF:80:64:D6:A6:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zu8xraxmOFWz3dGTHETPgGTWpus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ed4da0-0647-446f-b065-db0dcc08f452/1/Q2LvLIGmJKtctOAlQIuyCV1_KNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ed4da0-0647-446f-b065-db0dcc08f452/1/Zu8xraxmOFWz3dGTHETPgGTWpus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.155.0/24
                IPv6:
                  2a0c:9e40:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:40:1d:1c:d1:4a:d8:6a:e0:2c:f1:cc:6c:37:24:90:02:1a:
         92:c9:65:e8:6a:75:bf:dc:80:36:ac:ed:9b:8c:9c:2c:78:77:
         7b:09:c3:86:82:f0:2b:a4:3c:57:54:6f:50:66:dc:18:88:ca:
         16:61:a6:28:6f:22:82:d2:4e:c7:9b:8d:ed:78:0b:ab:e2:f9:
         1e:dc:1b:6a:74:d6:92:e5:03:60:19:f5:5e:e4:cf:c9:03:bc:
         fd:7e:f5:73:9b:fe:4a:3d:82:ff:21:36:f8:51:9b:dd:e8:e4:
         b5:6c:7a:f2:de:04:ba:3a:58:32:13:07:1b:2a:49:39:b1:38:
         b7:ec:d4:8d:6f:94:4b:7e:bf:71:e2:c8:2e:32:90:b5:25:de:
         7a:3a:5b:8f:15:b0:2c:b0:bf:57:37:d8:dd:5f:64:28:1f:d9:
         64:92:1c:a2:92:e2:77:5c:e7:d8:95:ed:5b:36:69:6b:73:76:
         b3:62:56:8c:5b:72:fc:8f:88:63:6d:70:f8:59:72:3c:09:7e:
         60:a8:f0:81:ad:8f:b0:41:3d:36:e5:c5:c3:8f:9b:b2:35:66:
         8e:0a:36:e6:85:37:3a:41:d2:74:a1:d2:ab:a9:26:74:97:f4:
         a4:87:3d:33:c2:e1:ed:03:46:0f:72:93:ce:66:86:cf:56:dc:
         36:44:c6:90
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAbhEkrbYv9hrTXiChPqPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZWYzMWFkYWM2NjM4NTViM2RkZDE5MzFjNDRjZjgwNjRk
NmE2ZWIwHhcNMjQwMTAyMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzYyZWYyYzgxYTYyNGFiNWNiNGUwMjU0MDhiYjIwOTVkN2YyOGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjKO62BbzaT6pD4WI+YmzVQHioJnv
ehoWPsJOcWx/VAMTlapp6a1mdI8XpcFyCOBnHmV3gGm2kMpf40eune/zbRu/hDaq
e4s5ip+kq1mTW8P+KrUGh8NndfVJIEt9QyNhCMsvlSKuc7uvOob9V4Ht9u03x08S
uXavBu2L3cjFduOy+lpHFc4nLfu9D5xGcnr47DTHuy9j1dkQ1jNkbcpOLZ9T+Yra
F0u54wNAA/mMex6CsXpPVa1Fz8iyXsUjyvUR+AG7sgX8LvN+EhB1dA/tohSRZ72x
vOqgrZJIkilLuoLCYhsOMvC2J6tyW+GVKSVHD10elokf+Wb3OmLDvHE6NQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFENi7yyBpiSrXLTgJUCLsgldfyjUMB8GA1UdIwQY
MBaAFGbvMa2sZjhVs93RkxxEz4Bk1qbrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnU4eHJheG1PRld6M2RHVEhFVFBnR1RXcHVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9lZDRkYTAtMDY0Ny00NDZmLWIwNjUt
ZGIwZGNjMDhmNDUyLzEvUTJMdkxJR21KS3RjdE9BbFFJdXlDVjFfS05RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9lZDRkYTAtMDY0Ny00NDZmLWIwNjUtZGIwZGNjMDhmNDUy
LzEvWnU4eHJheG1PRld6M2RHVEhFVFBnR1RXcHVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwaCbMA8E
AgACMAkDBwAqDJ5AAAMwDQYJKoZIhvcNAQELBQADggEBAGxAHRzRSthq4CzxzGw3
JJACGpLJZehqdb/cgDas7ZuMnCx4d3sJw4aC8CukPFdUb1Bm3BiIyhZhpihvIoLS
Tsebje14C6vi+R7cG2p01pLlA2AZ9V7kz8kDvP1+9XOb/ko9gv8hNvhRm93o5LVs
evLeBLo6WDITBxsqSTmxOLfs1I1vlEt+v3HiyC4ykLUl3no6W48VsCywv1c32N1f
ZCgf2WSSHKKS4ndc59iV7Vs2aWtzdrNiVoxbcvyPiGNtcPhZcjwJfmCo8IGtj7BB
PTblxcOPm7I1Zo4KNuaFNzpB0nSh0qupJnSX9KSHPTPC4e0DRg9yk85mhs9W3DZE
xpA=
-----END CERTIFICATE-----