Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/QDX81X5ghzfnLi79W60YT-lGpHs.roa
File:                     QDX81X5ghzfnLi79W60YT-lGpHs.roa (raw, json)
Hash identifier:          KJWMiMwFirQw9z0c83AI7SKZa8zoP9p52jSdJF1UJYU=
Subject key identifier:   40:35:FC:D5:7E:60:87:37:E7:2E:2E:FD:5B:AD:18:4F:E9:46:A4:7B
Certificate issuer:       /CN=dc4e453affe895b6452b84027437c5c00fd37067
Certificate serial:       018CC9BB0B0F28875AC2256D73F4FD87B705
Authority key identifier: DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/QDX81X5ghzfnLi79W60YT-lGpHs.roa
Signing time:             Tue 02 Jan 2024 10:32:07 +0000
ROA not before:           Tue 02 Jan 2024 10:32:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206309
IP address blocks:        185.179.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:0b:0f:28:87:5a:c2:25:6d:73:f4:fd:87:b7:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc4e453affe895b6452b84027437c5c00fd37067
        Validity
            Not Before: Jan  2 10:32:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4035fcd57e608737e72e2efd5bad184fe946a47b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:83:48:87:e6:c3:02:55:78:55:51:ec:1e:48:
                    5c:24:22:2e:bd:72:c5:41:7b:41:3a:d7:c4:c6:78:
                    39:dc:6e:87:16:44:5c:85:68:00:ad:ae:48:dc:c7:
                    c0:47:52:86:94:ff:96:cc:d9:06:87:81:13:fc:4a:
                    35:1f:a6:88:29:57:c1:86:16:73:49:a0:05:d0:66:
                    08:e0:a3:4d:15:6c:fc:db:8d:48:5a:74:5e:a3:10:
                    71:49:7c:ac:c2:19:9c:11:24:93:4f:75:79:bb:d6:
                    d0:cd:9d:ad:fa:85:3d:04:3e:3c:5c:af:61:0d:c0:
                    c3:04:a5:fb:16:b6:ae:fc:60:a0:e7:10:7e:73:e7:
                    54:6e:92:31:e9:a5:c8:3e:49:a9:42:90:69:14:a9:
                    70:c6:bf:08:66:05:02:c1:c8:c9:48:c7:ae:c9:bc:
                    fd:24:a5:d5:98:9d:25:64:9b:b5:44:a9:fb:0d:5e:
                    81:c1:62:b3:70:aa:11:a4:38:72:3b:b9:ee:87:a8:
                    44:0c:52:77:60:d3:e3:87:97:db:19:e1:6d:a5:97:
                    b9:40:2e:f4:90:b2:30:8c:e8:14:75:69:7e:1d:7e:
                    16:5f:47:3e:e4:e9:ed:c9:f6:91:85:e5:15:4d:24:
                    7c:fc:69:d4:4b:e0:d0:10:cf:bd:6f:1b:fe:bf:3d:
                    43:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:35:FC:D5:7E:60:87:37:E7:2E:2E:FD:5B:AD:18:4F:E9:46:A4:7B
            X509v3 Authority Key Identifier:
                keyid:DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/QDX81X5ghzfnLi79W60YT-lGpHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:6e:59:bd:92:3a:0c:fe:97:16:74:1c:2c:ac:19:d6:17:96:
         33:ee:9c:85:e7:05:6d:89:23:40:32:a0:83:2b:d0:9d:2a:67:
         4a:04:35:ad:c3:3c:de:3f:e0:ed:2b:cd:a2:36:07:c6:a0:46:
         15:bd:4a:d4:2a:14:91:36:ac:95:fd:b8:bb:3d:48:df:22:c8:
         dc:59:2b:4d:2e:34:08:4c:6c:40:cc:28:30:58:1a:8e:83:71:
         89:df:79:d6:47:c2:c0:ea:41:33:9a:ae:32:4f:55:87:33:d3:
         eb:83:1e:4d:30:71:c9:ce:db:2f:10:bf:7a:e1:d3:43:18:bf:
         ff:b2:1f:ee:1d:8d:b0:49:89:94:4a:ff:4e:25:19:f7:f7:b9:
         e7:78:b5:55:2e:0c:cc:40:7a:bf:91:f9:f9:a1:3a:b2:9f:c5:
         6b:25:e8:c7:04:e7:7e:93:8f:ce:e2:af:e2:a8:7f:2b:66:e9:
         78:13:9f:5e:30:60:7a:d6:f2:30:10:c3:79:f1:59:97:da:38:
         06:37:89:e8:dd:a8:25:64:e0:ca:f8:cf:17:de:60:82:6c:19:
         e1:f3:5e:36:4b:f7:d4:ed:f6:2f:05:8f:f7:f6:9f:00:e4:cc:
         7b:e6:8e:94:93:20:26:7f:54:0b:2f:7a:81:f0:a1:38:56:56:
         b6:16:c4:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuwsPKIdawiVtc/T9h7cFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNGU0NTNhZmZlODk1YjY0NTJiODQwMjc0MzdjNWMwMGZk
MzcwNjcwHhcNMjQwMTAyMTAzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDM1ZmNkNTdlNjA4NzM3ZTcyZTJlZmQ1YmFkMTg0ZmU5NDZhNDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4NIh+bDAlV4VVHsHkhcJCIuvXLF
QXtBOtfExng53G6HFkRchWgAra5I3MfAR1KGlP+WzNkGh4ET/Eo1H6aIKVfBhhZz
SaAF0GYI4KNNFWz8241IWnReoxBxSXyswhmcESSTT3V5u9bQzZ2t+oU9BD48XK9h
DcDDBKX7Frau/GCg5xB+c+dUbpIx6aXIPkmpQpBpFKlwxr8IZgUCwcjJSMeuybz9
JKXVmJ0lZJu1RKn7DV6BwWKzcKoRpDhyO7nuh6hEDFJ3YNPjh5fbGeFtpZe5QC70
kLIwjOgUdWl+HX4WX0c+5OntyfaRheUVTSR8/GnUS+DQEM+9bxv+vz1DWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEA1/NV+YIc35y4u/VutGE/pRqR7MB8GA1UdIwQY
MBaAFNxORTr/6JW2RSuEAnQ3xcAP03BnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEt
MTgyMjg2N2UxNTk2LzEvUURYODFYNWdoemZuTGk3OVc2MFlULWxHcEhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEtMTgyMjg2N2UxNTk2
LzEvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubMrMA0G
CSqGSIb3DQEBCwUAA4IBAQBPblm9kjoM/pcWdBwsrBnWF5Yz7pyF5wVtiSNAMqCD
K9CdKmdKBDWtwzzeP+DtK82iNgfGoEYVvUrUKhSRNqyV/bi7PUjfIsjcWStNLjQI
TGxAzCgwWBqOg3GJ33nWR8LA6kEzmq4yT1WHM9Prgx5NMHHJztsvEL964dNDGL//
sh/uHY2wSYmUSv9OJRn397nneLVVLgzMQHq/kfn5oTqyn8VrJejHBOd+k4/O4q/i
qH8rZul4E59eMGB61vIwEMN58VmX2jgGN4no3aglZODK+M8X3mCCbBnh8142S/fU
7fYvBY/39p8A5Mx75o6UkyAmf1QLL3qB8KE4Vla2FsRh
-----END CERTIFICATE-----