Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/3b3da8-45e7-4a81-ab2e-4d60e76622db/1/qaIaoirDdyUhTchuZe1CaruMOKM.roa
File:                     qaIaoirDdyUhTchuZe1CaruMOKM.roa (raw, json)
Hash identifier:          GLh87o2mZkoxB6y9V0ltF7+nJISwFmXIWRsd7IGFDGw=
Subject key identifier:   A9:A2:1A:A2:2A:C3:77:25:21:4D:C8:6E:65:ED:42:6A:BB:8C:38:A3
Certificate issuer:       /CN=b078ae499057eb06838abd3edcc3091204a7f227
Certificate serial:       0190306EA6826B22D16E78E595EA781866D5
Authority key identifier: B0:78:AE:49:90:57:EB:06:83:8A:BD:3E:DC:C3:09:12:04:A7:F2:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sHiuSZBX6waDir0-3MMJEgSn8ic.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/3b3da8-45e7-4a81-ab2e-4d60e76622db/1/qaIaoirDdyUhTchuZe1CaruMOKM.roa
Signing time:             Wed 19 Jun 2024 12:17:56 +0000
ROA not before:           Wed 19 Jun 2024 12:17:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        185.138.104.0/22 maxlen: 24
                          2a03:a6e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/3b3da8-45e7-4a81-ab2e-4d60e76622db/1/sHiuSZBX6waDir0-3MMJEgSn8ic.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/3b3da8-45e7-4a81-ab2e-4d60e76622db/1/sHiuSZBX6waDir0-3MMJEgSn8ic.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sHiuSZBX6waDir0-3MMJEgSn8ic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:30:6e:a6:82:6b:22:d1:6e:78:e5:95:ea:78:18:66:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b078ae499057eb06838abd3edcc3091204a7f227
        Validity
            Not Before: Jun 19 12:17:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9a21aa22ac37725214dc86e65ed426abb8c38a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:d5:d9:62:6f:1e:ea:5a:29:9e:2e:28:d0:f6:
                    2a:79:8e:99:fd:a2:8b:81:93:32:1b:bc:98:15:2b:
                    9e:56:58:3e:e7:a3:be:88:a2:7f:57:9d:08:09:25:
                    e0:64:97:1c:b5:0f:ce:76:91:87:b6:00:45:c5:47:
                    66:d8:6a:63:91:cb:d3:30:cd:ba:9b:a8:e5:bd:67:
                    7e:a2:54:60:79:62:69:30:e8:83:d8:6e:eb:10:dc:
                    9f:c9:43:13:8f:de:bc:e6:f7:e6:85:24:e1:8a:40:
                    94:7a:32:20:9d:15:02:53:be:65:2c:75:96:5a:52:
                    28:04:26:a6:9c:56:51:98:d9:d6:99:10:4d:97:12:
                    d4:f4:d0:e2:59:4c:6e:9b:8a:b3:be:31:4a:16:e6:
                    4f:fb:be:14:d9:da:26:9c:8c:c8:fa:2b:e6:eb:ce:
                    ad:a0:a1:61:88:31:61:08:98:02:6f:b6:a8:ab:98:
                    09:45:71:5c:85:d2:c4:4b:0c:f9:06:9b:66:cc:1f:
                    d7:eb:ae:ab:d6:e0:6b:31:95:60:f8:c2:f8:f1:d3:
                    e8:44:68:dd:54:07:1b:d0:96:d5:75:29:43:6f:1b:
                    48:8c:d0:7a:b5:5c:c8:13:ee:f7:61:e4:a9:05:10:
                    c9:17:1d:3c:dc:d9:4b:4f:94:2a:f8:f6:d9:b0:9a:
                    38:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:A2:1A:A2:2A:C3:77:25:21:4D:C8:6E:65:ED:42:6A:BB:8C:38:A3
            X509v3 Authority Key Identifier:
                keyid:B0:78:AE:49:90:57:EB:06:83:8A:BD:3E:DC:C3:09:12:04:A7:F2:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHiuSZBX6waDir0-3MMJEgSn8ic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/3b3da8-45e7-4a81-ab2e-4d60e76622db/1/qaIaoirDdyUhTchuZe1CaruMOKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/3b3da8-45e7-4a81-ab2e-4d60e76622db/1/sHiuSZBX6waDir0-3MMJEgSn8ic.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.104.0/22
                IPv6:
                  2a03:a6e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:9e:11:e5:cd:88:06:c7:6f:59:f5:f2:59:fe:70:21:b2:6d:
         74:96:3e:ae:a3:87:ee:56:8b:6c:6b:1d:a7:98:e5:8f:d5:bb:
         f7:f9:3e:b1:3e:c6:ee:b2:76:c7:0e:f3:1e:f2:22:49:69:72:
         13:70:e7:e2:a8:cf:32:d2:e2:0a:b5:79:ec:36:e7:97:aa:4b:
         ca:bb:a7:4c:3e:68:02:02:af:f3:2e:6d:66:f9:95:14:4d:8a:
         f4:d1:11:ff:dd:4a:af:6f:b2:c2:6a:c9:3e:8f:ee:ca:a1:a1:
         99:a8:28:29:60:c4:11:63:48:40:06:1d:57:f3:83:15:16:20:
         19:26:02:b2:65:98:c9:82:5b:ce:db:36:90:d6:d2:d0:e3:c0:
         e7:63:2b:94:f4:e4:d6:2a:27:18:c5:f1:8e:59:17:92:b5:63:
         00:0e:10:03:28:c4:7b:c6:44:aa:13:9a:bb:a3:82:ce:37:f1:
         a7:13:c6:a5:15:be:1c:ef:7a:22:80:cb:a1:70:bf:57:70:67:
         ec:60:8e:dd:a8:72:26:29:a4:98:bc:fc:b5:03:e8:f3:32:fc:
         e5:7c:2d:69:68:94:6a:29:77:05:ad:06:f2:d6:b7:36:ec:17:
         f8:10:81:6c:9c:15:4d:63:d8:72:5c:bc:96:0a:57:70:f5:5a:
         65:0b:fc:dc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZAwbqaCayLRbnjllep4GGbVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNzhhZTQ5OTA1N2ViMDY4MzhhYmQzZWRjYzMwOTEyMDRh
N2YyMjcwHhcNMjQwNjE5MTIxNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWEyMWFhMjJhYzM3NzI1MjE0ZGM4NmU2NWVkNDI2YWJiOGMzOGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4tXZYm8e6lopni4o0PYqeY6Z/aKL
gZMyG7yYFSueVlg+56O+iKJ/V50ICSXgZJcctQ/OdpGHtgBFxUdm2GpjkcvTMM26
m6jlvWd+olRgeWJpMOiD2G7rENyfyUMTj9685vfmhSThikCUejIgnRUCU75lLHWW
WlIoBCamnFZRmNnWmRBNlxLU9NDiWUxum4qzvjFKFuZP+74U2domnIzI+ivm686t
oKFhiDFhCJgCb7aoq5gJRXFchdLESwz5BptmzB/X666r1uBrMZVg+ML48dPoRGjd
VAcb0JbVdSlDbxtIjNB6tVzIE+73YeSpBRDJFx083NlLT5Qq+PbZsJo41QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKmiGqIqw3clIU3IbmXtQmq7jDijMB8GA1UdIwQY
MBaAFLB4rkmQV+sGg4q9PtzDCRIEp/InMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hpdVNaQlg2d2FEaXIwLTNNTUpFZ1NuOGljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8zYjNkYTgtNDVlNy00YTgxLWFiMmUt
NGQ2MGU3NjYyMmRiLzEvcWFJYW9pckRkeVVoVGNodVplMUNhcnVNT0tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8zYjNkYTgtNDVlNy00YTgxLWFiMmUtNGQ2MGU3NjYyMmRi
LzEvc0hpdVNaQlg2d2FEaXIwLTNNTUpFZ1NuOGljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYpoMA0E
AgACMAcDBQAqA6bgMA0GCSqGSIb3DQEBCwUAA4IBAQBTnhHlzYgGx29Z9fJZ/nAh
sm10lj6uo4fuVotsax2nmOWP1bv3+T6xPsbusnbHDvMe8iJJaXITcOfiqM8y0uIK
tXnsNueXqkvKu6dMPmgCAq/zLm1m+ZUUTYr00RH/3Uqvb7LCask+j+7KoaGZqCgp
YMQRY0hABh1X84MVFiAZJgKyZZjJglvO2zaQ1tLQ48DnYyuU9OTWKicYxfGOWReS
tWMADhADKMR7xkSqE5q7o4LON/GnE8alFb4c73oigMuhcL9XcGfsYI7dqHImKaSY
vPy1A+jzMvzlfC1paJRqKXcFrQby1rc27Bf4EIFsnBVNY9hyXLyWCldw9VplC/zc
-----END CERTIFICATE-----