Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/7d7e1d-33c0-4342-b259-a7bf3bf902d8/1/qP9EugkF_EWF4ynAplrNBrDNi2Q.roa
File:                     qP9EugkF_EWF4ynAplrNBrDNi2Q.roa (raw, json)
Hash identifier:          oy1HxMEHvUtb7nyvbD76ezzyUibKehQ0SkyFjY2umaY=
Subject key identifier:   A8:FF:44:BA:09:05:FC:45:85:E3:29:C0:A6:5A:CD:06:B0:CD:8B:64
Certificate issuer:       /CN=576705b557b823086b6a532324bfbba36995cb1c
Certificate serial:       0192EA19A28C28D5B6F58E66C8FA4DD4A1DF
Authority key identifier: 57:67:05:B5:57:B8:23:08:6B:6A:53:23:24:BF:BB:A3:69:95:CB:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V2cFtVe4IwhralMjJL-7o2mVyxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/7d7e1d-33c0-4342-b259-a7bf3bf902d8/1/qP9EugkF_EWF4ynAplrNBrDNi2Q.roa
Signing time:             Fri 01 Nov 2024 23:40:01 +0000
ROA not before:           Fri 01 Nov 2024 23:40:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214098
IP address blocks:        185.56.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/7d7e1d-33c0-4342-b259-a7bf3bf902d8/1/V2cFtVe4IwhralMjJL-7o2mVyxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/7d7e1d-33c0-4342-b259-a7bf3bf902d8/1/V2cFtVe4IwhralMjJL-7o2mVyxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V2cFtVe4IwhralMjJL-7o2mVyxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ea:19:a2:8c:28:d5:b6:f5:8e:66:c8:fa:4d:d4:a1:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=576705b557b823086b6a532324bfbba36995cb1c
        Validity
            Not Before: Nov  1 23:40:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8ff44ba0905fc4585e329c0a65acd06b0cd8b64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f7:c6:74:f7:4a:a5:40:7f:0f:c5:9a:fa:95:
                    f2:2c:01:dd:f5:f4:4a:3f:5e:14:42:0c:2e:ca:b7:
                    71:1e:30:d8:b0:4c:86:e8:10:94:0c:0c:1b:70:fa:
                    98:3c:8e:17:ea:5e:c9:ec:33:08:34:91:cd:1f:bb:
                    33:74:87:42:83:5d:dc:37:fa:ca:3e:7c:90:c4:4f:
                    d0:b3:29:ad:15:9c:bc:b0:50:96:68:55:61:19:e0:
                    cd:46:15:3b:ea:c7:91:e2:cc:38:b7:dc:2a:b3:67:
                    7b:0b:ac:80:db:27:05:b8:ff:09:10:89:24:79:ce:
                    cb:88:62:c1:2f:12:ce:0f:81:3d:d4:2b:dc:27:c5:
                    23:a9:42:a4:9e:c3:ee:f1:b7:18:20:2a:46:12:0f:
                    00:b1:bd:7f:45:77:53:22:c5:5e:88:ed:0e:a3:df:
                    fd:01:02:11:15:f5:82:2d:32:a7:56:47:3a:64:75:
                    d5:6e:84:97:60:bb:3d:92:6f:e0:08:37:69:0b:d0:
                    d6:53:e7:30:1a:08:c0:83:6b:06:3f:2e:0c:b5:8a:
                    97:9e:4a:6d:69:41:32:be:4f:1b:ff:46:c2:f1:6b:
                    41:ff:93:dd:b1:26:d9:7b:41:8e:53:59:c2:a8:32:
                    70:b1:e9:fc:db:d2:d0:0c:05:56:0a:2c:a2:d3:34:
                    a9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:FF:44:BA:09:05:FC:45:85:E3:29:C0:A6:5A:CD:06:B0:CD:8B:64
            X509v3 Authority Key Identifier:
                keyid:57:67:05:B5:57:B8:23:08:6B:6A:53:23:24:BF:BB:A3:69:95:CB:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V2cFtVe4IwhralMjJL-7o2mVyxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/7d7e1d-33c0-4342-b259-a7bf3bf902d8/1/qP9EugkF_EWF4ynAplrNBrDNi2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/7d7e1d-33c0-4342-b259-a7bf3bf902d8/1/V2cFtVe4IwhralMjJL-7o2mVyxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:50:bb:bc:67:b0:7a:05:6d:e1:7e:6d:71:4e:72:60:c9:34:
         b0:d1:9d:03:37:09:cc:f0:06:6c:d0:0d:9e:be:d3:8d:bd:73:
         cb:e7:ac:0c:6b:d6:b7:81:c3:59:87:bb:32:34:cf:6c:0c:9f:
         46:e8:e9:7b:28:65:af:61:96:fc:c5:79:51:b0:e0:de:5e:ca:
         c3:5d:f2:2d:8b:3e:b7:59:ed:56:5b:89:86:db:5a:e1:cd:bf:
         50:2b:ae:d3:0b:79:a3:ab:2a:2c:f9:92:1f:37:55:96:06:d5:
         82:ac:46:8a:c6:5f:f2:72:60:11:69:d8:54:b6:a9:e1:87:67:
         7a:c6:47:7b:7d:04:b8:91:1f:68:22:b6:35:d0:6c:a3:6a:76:
         93:8c:bf:0d:fb:f5:29:7e:11:d9:e8:2a:1a:57:45:4b:71:8c:
         43:42:d4:ba:01:b6:c9:d8:29:fe:9f:2d:d3:3b:cf:03:7e:5b:
         25:7b:01:58:5a:3a:c8:de:88:1c:99:ab:44:e6:b5:1d:4a:18:
         bc:de:07:fc:49:7f:c1:b4:a5:7a:d4:33:92:fd:1b:86:91:82:
         10:4e:cc:24:a4:7f:11:00:ea:5e:e6:c6:e0:2d:d4:e6:11:9e:
         4f:8a:e6:d2:0e:3f:e5:8b:09:f9:f9:1a:13:53:6d:a0:f2:f2:
         5d:e2:0e:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLqGaKMKNW29Y5myPpN1KHfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NjcwNWI1NTdiODIzMDg2YjZhNTMyMzI0YmZiYmEzNjk5
NWNiMWMwHhcNMjQxMTAxMjM0MDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGZmNDRiYTA5MDVmYzQ1ODVlMzI5YzBhNjVhY2QwNmIwY2Q4YjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvfGdPdKpUB/D8Wa+pXyLAHd9fRK
P14UQgwuyrdxHjDYsEyG6BCUDAwbcPqYPI4X6l7J7DMINJHNH7szdIdCg13cN/rK
PnyQxE/QsymtFZy8sFCWaFVhGeDNRhU76seR4sw4t9wqs2d7C6yA2ycFuP8JEIkk
ec7LiGLBLxLOD4E91CvcJ8UjqUKknsPu8bcYICpGEg8Asb1/RXdTIsVeiO0Oo9/9
AQIRFfWCLTKnVkc6ZHXVboSXYLs9km/gCDdpC9DWU+cwGgjAg2sGPy4MtYqXnkpt
aUEyvk8b/0bC8WtB/5PdsSbZe0GOU1nCqDJwsen829LQDAVWCiyi0zSpNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKj/RLoJBfxFheMpwKZazQawzYtkMB8GA1UdIwQY
MBaAFFdnBbVXuCMIa2pTIyS/u6NplcscMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjJjRnRWZTRJd2hyYWxNakpMLTdvMm1WeXh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC83ZDdlMWQtMzNjMC00MzQyLWIyNTkt
YTdiZjNiZjkwMmQ4LzEvcVA5RXVna0ZfRVdGNHluQXBsck5CckROaTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC83ZDdlMWQtMzNjMC00MzQyLWIyNTktYTdiZjNiZjkwMmQ4
LzEvVjJjRnRWZTRJd2hyYWxNakpMLTdvMm1WeXh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTihMA0G
CSqGSIb3DQEBCwUAA4IBAQArULu8Z7B6BW3hfm1xTnJgyTSw0Z0DNwnM8AZs0A2e
vtONvXPL56wMa9a3gcNZh7syNM9sDJ9G6Ol7KGWvYZb8xXlRsODeXsrDXfItiz63
We1WW4mG21rhzb9QK67TC3mjqyos+ZIfN1WWBtWCrEaKxl/ycmARadhUtqnhh2d6
xkd7fQS4kR9oIrY10GyjanaTjL8N+/UpfhHZ6CoaV0VLcYxDQtS6AbbJ2Cn+ny3T
O88DflslewFYWjrI3ogcmatE5rUdShi83gf8SX/BtKV61DOS/RuGkYIQTswkpH8R
AOpe5sbgLdTmEZ5PiubSDj/liwn5+RoTU22g8vJd4g6Z
-----END CERTIFICATE-----