Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/954876-d45c-4669-a1cd-6cbc38d4ea4c/1/QE9BUZ0qwiftrVgYaAmZ1WuGxks.roa
File:                     QE9BUZ0qwiftrVgYaAmZ1WuGxks.roa (raw, json)
Hash identifier:          t5p7obk4MJEIeAvlrSfZZFL2HLTwCzUTvx8wZOQNw+M=
Subject key identifier:   40:4F:41:51:9D:2A:C2:27:ED:AD:58:18:68:09:99:D5:6B:86:C6:4B
Certificate issuer:       /CN=82fd6ce85e919ab9bfad3f32dd9808f614009dc0
Certificate serial:       018DE501AB0359A4C13EDF450497EE6B69AC
Authority key identifier: 82:FD:6C:E8:5E:91:9A:B9:BF:AD:3F:32:DD:98:08:F6:14:00:9D:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gv1s6F6Rmrm_rT8y3ZgI9hQAncA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/954876-d45c-4669-a1cd-6cbc38d4ea4c/1/QE9BUZ0qwiftrVgYaAmZ1WuGxks.roa
Signing time:             Mon 26 Feb 2024 10:41:48 +0000
ROA not before:           Mon 26 Feb 2024 10:41:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211270
IP address blocks:        91.216.98.0/24 maxlen: 24
                          185.84.156.0/22 maxlen: 22
                          2a12:fac0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/954876-d45c-4669-a1cd-6cbc38d4ea4c/1/gv1s6F6Rmrm_rT8y3ZgI9hQAncA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/954876-d45c-4669-a1cd-6cbc38d4ea4c/1/gv1s6F6Rmrm_rT8y3ZgI9hQAncA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gv1s6F6Rmrm_rT8y3ZgI9hQAncA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e5:01:ab:03:59:a4:c1:3e:df:45:04:97:ee:6b:69:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82fd6ce85e919ab9bfad3f32dd9808f614009dc0
        Validity
            Not Before: Feb 26 10:41:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=404f41519d2ac227edad5818680999d56b86c64b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:5d:d0:e5:7a:68:fb:11:d7:57:ff:87:51:11:
                    0a:21:71:ea:a7:79:29:35:36:5a:bb:84:4d:86:c6:
                    2a:c7:0a:2f:a2:9d:a0:0d:15:9e:a2:95:8a:3e:f9:
                    33:5c:44:84:39:54:12:6c:ff:e8:ab:e4:e1:41:02:
                    4a:cc:3b:56:45:e2:68:8f:30:1c:5d:69:9f:9f:b6:
                    a1:2a:b3:51:c6:c5:5d:18:33:67:36:23:98:f6:6a:
                    5b:90:b5:f6:b1:ce:d7:ae:68:cb:0c:d6:2c:4c:e5:
                    80:ce:23:4b:3f:70:6d:40:fb:60:3c:09:8d:bc:82:
                    04:2e:49:f1:fa:26:74:c4:6c:58:31:f9:dc:92:c9:
                    df:e2:fc:1c:a3:bf:50:d7:aa:26:a7:75:72:5c:74:
                    df:59:17:8b:4a:b1:9f:a0:21:ee:24:ba:09:6f:f2:
                    91:db:29:ca:47:c2:07:d3:8c:97:49:75:0e:42:7b:
                    f7:ca:b2:2d:80:2b:2a:db:c0:62:64:a3:d4:ae:8b:
                    d0:79:43:7c:99:b0:03:75:7f:93:c8:db:78:4c:61:
                    07:e7:8e:88:9e:8e:37:72:bc:f2:11:78:7c:50:9d:
                    4b:8b:f9:4d:17:07:a7:3f:81:13:58:4d:0d:d3:c5:
                    9f:54:d9:56:5e:d8:39:f6:fc:ad:79:8e:92:2d:2d:
                    5e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:4F:41:51:9D:2A:C2:27:ED:AD:58:18:68:09:99:D5:6B:86:C6:4B
            X509v3 Authority Key Identifier:
                keyid:82:FD:6C:E8:5E:91:9A:B9:BF:AD:3F:32:DD:98:08:F6:14:00:9D:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gv1s6F6Rmrm_rT8y3ZgI9hQAncA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/954876-d45c-4669-a1cd-6cbc38d4ea4c/1/QE9BUZ0qwiftrVgYaAmZ1WuGxks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/954876-d45c-4669-a1cd-6cbc38d4ea4c/1/gv1s6F6Rmrm_rT8y3ZgI9hQAncA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.98.0/24
                  185.84.156.0/22
                IPv6:
                  2a12:fac0::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:db:12:5d:f1:79:09:36:18:d1:64:19:75:e3:c0:5a:66:e5:
         13:0f:34:a8:b0:31:41:0a:4f:68:0e:ee:21:cc:87:84:7b:bc:
         69:9d:7f:56:05:50:34:6b:88:59:2c:20:7c:13:14:f4:a1:19:
         f5:9c:de:d1:9e:29:ec:2c:5f:a4:47:56:3b:9a:31:5a:80:dc:
         df:5a:23:d6:f8:9b:78:f1:1d:eb:7a:c8:62:10:82:48:f3:c9:
         8a:d1:a4:db:35:b2:54:12:dd:81:9d:95:dd:56:57:5f:04:96:
         1c:92:4b:9b:56:81:b7:6a:ae:ec:f1:15:39:a7:8b:e3:e4:f6:
         3c:b3:a1:26:f4:9b:ad:fc:fc:55:73:63:e5:e1:58:78:54:9d:
         b2:b8:b0:fc:1c:7f:f1:90:4a:64:ba:3c:b0:69:34:aa:b5:3e:
         a9:db:5e:24:14:4d:ca:4c:8e:b3:59:c5:c2:f7:8c:93:0e:c1:
         29:54:28:22:25:9d:61:de:e3:9e:8f:d0:91:b9:60:df:89:87:
         74:96:c5:83:0f:c7:c1:4e:cd:1e:d6:ca:8e:46:b8:5b:e7:85:
         c2:80:3e:15:d6:95:ba:62:d7:b1:8c:64:ae:a0:fc:e2:38:f5:
         e6:74:19:68:68:a9:a2:fb:4e:c1:93:c8:2a:ec:ef:9e:ad:1a:
         3e:00:03:1d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY3lAasDWaTBPt9FBJfua2msMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyZmQ2Y2U4NWU5MTlhYjliZmFkM2YzMmRkOTgwOGY2MTQw
MDlkYzAwHhcNMjQwMjI2MTA0MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDRmNDE1MTlkMmFjMjI3ZWRhZDU4MTg2ODA5OTlkNTZiODZjNjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAil3Q5Xpo+xHXV/+HUREKIXHqp3kp
NTZau4RNhsYqxwovop2gDRWeopWKPvkzXESEOVQSbP/oq+ThQQJKzDtWReJojzAc
XWmfn7ahKrNRxsVdGDNnNiOY9mpbkLX2sc7XrmjLDNYsTOWAziNLP3BtQPtgPAmN
vIIELknx+iZ0xGxYMfncksnf4vwco79Q16omp3VyXHTfWReLSrGfoCHuJLoJb/KR
2ynKR8IH04yXSXUOQnv3yrItgCsq28BiZKPUrovQeUN8mbADdX+TyNt4TGEH546I
no43crzyEXh8UJ1Li/lNFwenP4ETWE0N08WfVNlWXtg59vyteY6SLS1eswIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEBPQVGdKsIn7a1YGGgJmdVrhsZLMB8GA1UdIwQY
MBaAFIL9bOhekZq5v60/Mt2YCPYUAJ3AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3YxczZGNlJtcm1fclQ4eTNaZ0k5aFFBbmNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS85NTQ4NzYtZDQ1Yy00NjY5LWExY2Qt
NmNiYzM4ZDRlYTRjLzEvUUU5QlVaMHF3aWZ0clZnWWFBbVoxV3VHeGtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS85NTQ4NzYtZDQ1Yy00NjY5LWExY2QtNmNiYzM4ZDRlYTRj
LzEvZ3YxczZGNlJtcm1fclQ4eTNaZ0k5aFFBbmNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9hiAwQC
uVScMA0EAgACMAcDBQAqEvrAMA0GCSqGSIb3DQEBCwUAA4IBAQAp2xJd8XkJNhjR
ZBl148BaZuUTDzSosDFBCk9oDu4hzIeEe7xpnX9WBVA0a4hZLCB8ExT0oRn1nN7R
ninsLF+kR1Y7mjFagNzfWiPW+Jt48R3reshiEIJI88mK0aTbNbJUEt2BnZXdVldf
BJYckkubVoG3aq7s8RU5p4vj5PY8s6Em9Jut/PxVc2Pl4Vh4VJ2yuLD8HH/xkEpk
ujywaTSqtT6p214kFE3KTI6zWcXC94yTDsEpVCgiJZ1h3uOej9CRuWDfiYd0lsWD
D8fBTs0e1sqORrhb54XCgD4V1pW6YtexjGSuoPziOPXmdBloaKmi+07Bk8gq7O+e
rRo+AAMd
-----END CERTIFICATE-----