Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/cbca0b-6453-494c-8727-57e08f61f2ec/1/qMA5Wb0lFgoNqw-0corus6K0Wlc.roa
File:                     qMA5Wb0lFgoNqw-0corus6K0Wlc.roa (raw, json)
Hash identifier:          dSUWFOJsf69PbcPIT8V+4SOsi/ESlg9B/i/idnWhmNk=
Subject key identifier:   A8:C0:39:59:BD:25:16:0A:0D:AB:0F:B4:72:8A:EE:B3:A2:B4:5A:57
Certificate issuer:       /CN=d2617d15db58fe3062d1badbe04d30c1949dd5ff
Certificate serial:       018D3050170026B7C54B8E1E737F79225E7D
Authority key identifier: D2:61:7D:15:DB:58:FE:30:62:D1:BA:DB:E0:4D:30:C1:94:9D:D5:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0mF9FdtY_jBi0brb4E0wwZSd1f8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/cbca0b-6453-494c-8727-57e08f61f2ec/1/qMA5Wb0lFgoNqw-0corus6K0Wlc.roa
Signing time:             Mon 22 Jan 2024 08:36:11 +0000
ROA not before:           Mon 22 Jan 2024 08:36:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201542
IP address blocks:        185.71.92.0/24 maxlen: 24
                          185.71.93.0/24 maxlen: 24
                          185.71.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/cbca0b-6453-494c-8727-57e08f61f2ec/1/0mF9FdtY_jBi0brb4E0wwZSd1f8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/cbca0b-6453-494c-8727-57e08f61f2ec/1/0mF9FdtY_jBi0brb4E0wwZSd1f8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0mF9FdtY_jBi0brb4E0wwZSd1f8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:30:50:17:00:26:b7:c5:4b:8e:1e:73:7f:79:22:5e:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2617d15db58fe3062d1badbe04d30c1949dd5ff
        Validity
            Not Before: Jan 22 08:36:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8c03959bd25160a0dab0fb4728aeeb3a2b45a57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:aa:a0:ca:75:1a:5d:b8:1e:eb:5f:0d:93:2d:
                    f9:c5:5b:b1:19:52:8d:4a:4a:b1:08:d6:fb:3c:33:
                    dd:2e:74:36:be:3f:d4:95:94:5b:d9:31:dd:f8:47:
                    00:f6:8e:35:eb:bf:96:36:dc:98:c7:77:4a:00:7a:
                    19:8b:eb:be:6a:a0:e9:28:f9:fb:71:bc:0a:a0:7c:
                    21:df:a8:34:df:bb:6a:67:5d:aa:99:26:dc:2f:83:
                    64:1f:6c:77:ce:db:9e:85:6d:22:5b:64:05:48:75:
                    11:c9:bb:67:45:9e:2b:96:0f:1f:59:bf:2d:63:e1:
                    29:c9:62:bd:9c:bc:79:e3:66:4b:2d:d5:df:27:db:
                    0e:0a:ef:72:8e:1e:38:11:71:3d:c0:20:cb:2c:37:
                    97:98:d7:38:e1:0c:52:38:bc:c6:9c:f0:0e:dd:a3:
                    d0:93:62:88:5e:08:bf:35:43:be:0b:8b:ed:d1:ef:
                    4b:de:b3:42:97:fc:dd:34:3a:7d:0c:bc:70:8d:21:
                    fd:16:ba:a7:aa:62:5a:41:14:51:27:7c:a3:57:65:
                    ed:a3:d3:19:36:15:b4:ae:1f:fc:03:10:f7:ab:82:
                    f2:4b:1b:ca:24:14:1d:de:13:ad:ed:6c:48:db:4f:
                    4a:ae:48:f7:9b:ca:1f:17:15:94:b8:27:07:53:2b:
                    7f:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:C0:39:59:BD:25:16:0A:0D:AB:0F:B4:72:8A:EE:B3:A2:B4:5A:57
            X509v3 Authority Key Identifier:
                keyid:D2:61:7D:15:DB:58:FE:30:62:D1:BA:DB:E0:4D:30:C1:94:9D:D5:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0mF9FdtY_jBi0brb4E0wwZSd1f8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/cbca0b-6453-494c-8727-57e08f61f2ec/1/qMA5Wb0lFgoNqw-0corus6K0Wlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/cbca0b-6453-494c-8727-57e08f61f2ec/1/0mF9FdtY_jBi0brb4E0wwZSd1f8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.92.0/23
                  185.71.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:bb:a1:83:49:54:32:44:87:e4:6a:0b:90:16:5a:48:fd:60:
         34:24:85:c1:b4:0b:10:53:14:f3:86:d8:a9:fd:0e:1b:fe:0d:
         59:2a:4e:b0:bc:0f:ad:02:b0:ca:31:1e:79:3f:32:49:58:42:
         ea:87:96:46:91:bc:a5:fd:59:e3:f5:ea:a8:7f:80:b7:cc:f6:
         8f:7c:1c:bd:aa:71:62:13:88:1e:49:8e:82:a5:8a:f3:c3:36:
         a0:08:16:9a:f3:00:18:85:37:02:d3:56:40:c0:24:3d:64:d7:
         a8:23:b2:97:ef:54:b9:9c:87:b6:2a:af:c6:a5:c6:8e:03:70:
         69:b4:8c:2e:f4:26:d5:66:a7:e5:60:cc:f6:8d:d5:24:d0:70:
         60:df:8b:89:b2:fb:78:d2:30:57:ef:c4:c2:ce:5f:3d:54:1f:
         78:1c:02:4f:94:cd:88:2a:ef:01:48:1c:29:bd:73:76:3e:ed:
         af:fe:b6:8e:1e:90:55:6e:fd:de:df:d0:03:34:36:1d:0e:88:
         fc:a9:ea:22:cc:1d:63:41:29:be:25:6e:e8:33:9e:91:3f:d1:
         65:65:41:5f:a8:2c:2f:3c:54:cd:7f:5f:b5:05:81:c3:99:51:
         60:05:cf:a9:28:d3:a4:42:8b:9a:9c:57:3e:c5:9e:e3:c5:14:
         df:76:3e:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY0wUBcAJrfFS44ec395Il59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNjE3ZDE1ZGI1OGZlMzA2MmQxYmFkYmUwNGQzMGMxOTQ5
ZGQ1ZmYwHhcNMjQwMTIyMDgzNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGMwMzk1OWJkMjUxNjBhMGRhYjBmYjQ3MjhhZWViM2EyYjQ1YTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKqgynUaXbge618Nky35xVuxGVKN
SkqxCNb7PDPdLnQ2vj/UlZRb2THd+EcA9o4167+WNtyYx3dKAHoZi+u+aqDpKPn7
cbwKoHwh36g037tqZ12qmSbcL4NkH2x3ztuehW0iW2QFSHURybtnRZ4rlg8fWb8t
Y+EpyWK9nLx542ZLLdXfJ9sOCu9yjh44EXE9wCDLLDeXmNc44QxSOLzGnPAO3aPQ
k2KIXgi/NUO+C4vt0e9L3rNCl/zdNDp9DLxwjSH9FrqnqmJaQRRRJ3yjV2Xto9MZ
NhW0rh/8AxD3q4LySxvKJBQd3hOt7WxI209Krkj3m8ofFxWUuCcHUyt/GQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKjAOVm9JRYKDasPtHKK7rOitFpXMB8GA1UdIwQY
MBaAFNJhfRXbWP4wYtG62+BNMMGUndX/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG1GOUZkdFlfakJpMGJyYjRFMHd3WlNkMWY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9jYmNhMGItNjQ1My00OTRjLTg3Mjct
NTdlMDhmNjFmMmVjLzEvcU1BNVdiMGxGZ29OcXctMGNvcnVzNkswV2xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9jYmNhMGItNjQ1My00OTRjLTg3MjctNTdlMDhmNjFmMmVj
LzEvMG1GOUZkdFlfakJpMGJyYjRFMHd3WlNkMWY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuUdcAwQA
uUdfMA0GCSqGSIb3DQEBCwUAA4IBAQBdu6GDSVQyRIfkaguQFlpI/WA0JIXBtAsQ
UxTzhtip/Q4b/g1ZKk6wvA+tArDKMR55PzJJWELqh5ZGkbyl/Vnj9eqof4C3zPaP
fBy9qnFiE4geSY6CpYrzwzagCBaa8wAYhTcC01ZAwCQ9ZNeoI7KX71S5nIe2Kq/G
pcaOA3BptIwu9CbVZqflYMz2jdUk0HBg34uJsvt40jBX78TCzl89VB94HAJPlM2I
Ku8BSBwpvXN2Pu2v/raOHpBVbv3e39ADNDYdDoj8qeoizB1jQSm+JW7oM56RP9Fl
ZUFfqCwvPFTNf1+1BYHDmVFgBc+pKNOkQouanFc+xZ7jxRTfdj7c
-----END CERTIFICATE-----