Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/QFQ60MGe6pr5to9cXA-3Sn5lvAQ.roa
File:                     QFQ60MGe6pr5to9cXA-3Sn5lvAQ.roa (raw, json)
Hash identifier:          iY4TcO6uj3TkDHK+S/3yjzjXmX3rMcu9dV4Eu0B7ajo=
Subject key identifier:   40:54:3A:D0:C1:9E:EA:9A:F9:B6:8F:5C:5C:0F:B7:4A:7E:65:BC:04
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DF9440EEF8C863845E79137931549C
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/QFQ60MGe6pr5to9cXA-3Sn5lvAQ.roa
Signing time:             Tue 02 Jan 2024 06:32:24 +0000
ROA not before:           Tue 02 Jan 2024 06:32:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15440
IP address blocks:        91.103.255.0/24 maxlen: 24
                          176.118.198.0/24 maxlen: 24
                          185.40.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:94:40:ee:f8:c8:63:84:5e:79:13:79:31:54:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40543ad0c19eea9af9b68f5c5c0fb74a7e65bc04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d5:2d:ea:1c:a9:96:58:47:a8:61:59:67:85:
                    60:ab:63:59:70:c7:8d:56:42:aa:61:2a:28:fa:c6:
                    10:76:93:1a:00:34:2a:65:a0:9d:df:8e:91:73:46:
                    24:f2:e8:57:a6:59:a0:dd:e9:88:24:a2:2c:a4:23:
                    e5:1e:de:52:07:b9:54:bb:6a:bd:8d:9f:8c:b3:7a:
                    92:61:09:9c:4f:a1:5a:b1:df:91:9e:a0:18:7d:5f:
                    f5:b1:55:22:f5:5c:d5:ef:86:81:91:bd:db:ae:2a:
                    1f:0a:ef:7a:d9:41:e9:11:32:cc:9e:1d:5f:80:5f:
                    20:6d:f7:ef:06:dd:42:02:33:f7:17:f3:b3:7c:0a:
                    3f:11:8b:9d:3c:9d:55:24:7d:ac:b7:26:9c:2e:5d:
                    0a:3b:5d:79:2c:45:9a:d9:c1:4e:ea:42:95:dc:ec:
                    7d:1c:7e:41:13:32:e2:e6:25:2d:3b:24:7a:97:d9:
                    3d:8b:3a:03:bc:e5:7c:99:f1:8e:86:0f:92:4b:3c:
                    17:40:03:23:17:52:13:e8:94:04:fc:29:8f:de:21:
                    d2:ad:fe:5a:b0:2b:a0:67:2e:c2:ab:35:11:9d:21:
                    25:a8:4e:ba:1e:03:c5:48:a8:69:20:60:ab:4f:96:
                    d2:81:c7:89:c2:0d:80:0c:c2:3f:3c:44:c7:4d:b0:
                    7d:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:54:3A:D0:C1:9E:EA:9A:F9:B6:8F:5C:5C:0F:B7:4A:7E:65:BC:04
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/QFQ60MGe6pr5to9cXA-3Sn5lvAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.255.0/24
                  176.118.198.0/24
                  185.40.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:4b:7a:ad:13:f4:fc:54:5a:1e:c1:7a:2b:13:d7:a7:2a:da:
         e3:c7:68:81:07:1c:a0:1a:12:8d:a7:d3:98:97:e8:2e:26:0f:
         72:90:f2:07:e0:be:be:51:dd:de:e6:52:ad:4d:3b:c0:c5:91:
         01:09:fa:47:54:1d:29:98:41:aa:82:97:39:c6:89:b9:fc:c3:
         17:97:44:b9:f4:bf:37:44:3c:74:c0:97:1f:e1:a4:49:b0:6d:
         5c:d7:f1:ec:60:55:eb:d8:9c:f7:dd:72:f8:bc:1c:2b:f7:40:
         19:75:cb:bf:6a:1c:57:21:f0:c9:0a:2f:7c:f8:09:94:b7:5f:
         e5:b9:26:96:ee:9b:bc:ed:66:7f:5b:fa:6a:cd:da:f8:dc:f1:
         c7:62:a0:55:14:4f:41:31:a7:48:3b:91:c3:ea:d0:3d:f3:2e:
         12:2e:b7:c3:6a:e9:ec:36:0f:50:87:f0:92:8a:a7:45:47:ca:
         27:ae:e8:a1:6e:89:8f:0d:58:cf:f9:6f:75:af:7f:b6:2e:6a:
         e5:d9:52:a3:40:82:1d:ec:de:08:c9:f2:41:46:f4:ba:90:3c:
         38:6e:c7:b7:4f:9a:1c:fa:a4:0c:cf:bb:fb:9a:37:9a:0b:c9:
         21:b7:96:82:13:7c:69:56:96:8d:9a:85:91:0d:c9:11:26:08:
         37:47:61:8d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI35RA7vjIY4ReeRN5MVScMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDU0M2FkMGMxOWVlYTlhZjliNjhmNWM1YzBmYjc0YTdlNjViYzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNUt6hypllhHqGFZZ4Vgq2NZcMeN
VkKqYSoo+sYQdpMaADQqZaCd346Rc0Yk8uhXplmg3emIJKIspCPlHt5SB7lUu2q9
jZ+Ms3qSYQmcT6Fasd+RnqAYfV/1sVUi9VzV74aBkb3briofCu962UHpETLMnh1f
gF8gbffvBt1CAjP3F/OzfAo/EYudPJ1VJH2styacLl0KO115LEWa2cFO6kKV3Ox9
HH5BEzLi5iUtOyR6l9k9izoDvOV8mfGOhg+SSzwXQAMjF1IT6JQE/CmP3iHSrf5a
sCugZy7CqzURnSElqE66HgPFSKhpIGCrT5bSgceJwg2ADMI/PETHTbB96wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEBUOtDBnuqa+baPXFwPt0p+ZbwEMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvUUZRNjBNR2U2cHI1dG85Y1hBLTNTbjVsdkFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW2f/AwQA
sHbGAwQAuSgGMA0GCSqGSIb3DQEBCwUAA4IBAQC/S3qtE/T8VFoewXorE9enKtrj
x2iBBxygGhKNp9OYl+guJg9ykPIH4L6+Ud3e5lKtTTvAxZEBCfpHVB0pmEGqgpc5
xom5/MMXl0S59L83RDx0wJcf4aRJsG1c1/HsYFXr2Jz33XL4vBwr90AZdcu/ahxX
IfDJCi98+AmUt1/luSaW7pu87WZ/W/pqzdr43PHHYqBVFE9BMadIO5HD6tA98y4S
LrfDaunsNg9Qh/CSiqdFR8onruihbomPDVjP+W91r3+2Lmrl2VKjQIId7N4IyfJB
RvS6kDw4bse3T5oc+qQMz7v7mjeaC8kht5aCE3xpVpaNmoWRDckRJgg3R2GN
-----END CERTIFICATE-----