Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Q_BUowCnGp21liUhqMlkgBZIMYE.roa
File:                     Q_BUowCnGp21liUhqMlkgBZIMYE.roa (raw, json)
Hash identifier:          jd31XkSVxyvDAOzqr2sxDQmAOCtwjZsck/1bFOOMiXE=
Subject key identifier:   43:F0:54:A3:00:A7:1A:9D:B5:96:25:21:A8:C9:64:80:16:48:31:81
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8026DA4E28EC1BE7FC8846A90AB898B
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Q_BUowCnGp21liUhqMlkgBZIMYE.roa
Signing time:             Tue 02 Jan 2024 02:30:51 +0000
ROA not before:           Tue 02 Jan 2024 02:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3223
IP address blocks:        185.234.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:6d:a4:e2:8e:c1:be:7f:c8:84:6a:90:ab:89:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43f054a300a71a9db5962521a8c9648016483181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a6:8a:1f:94:b5:77:19:f8:7b:83:6c:de:3d:
                    2a:1e:6b:51:4f:1d:ea:b7:34:40:56:03:87:69:4d:
                    42:34:96:9a:ef:a9:8a:aa:08:b9:2a:10:4a:97:8c:
                    5b:13:85:22:85:8d:62:61:e7:80:8a:a3:65:5c:6b:
                    a9:4e:70:ec:17:54:7a:ef:a2:1d:27:39:66:fe:1e:
                    c3:8d:1d:06:a2:7a:f6:45:16:e1:bd:8f:ca:27:94:
                    b5:2b:d8:08:fa:3e:a6:42:2f:c4:72:01:ae:a3:da:
                    04:b0:80:6a:ef:3c:98:66:a0:fe:da:68:48:fb:38:
                    ef:d6:66:b0:92:87:a2:96:25:98:1e:35:81:d0:c1:
                    a1:5d:4e:ee:0f:6f:36:06:07:bc:e4:68:86:1d:99:
                    e1:0d:67:e8:d6:54:c9:b7:28:12:eb:5a:2e:3e:5c:
                    84:00:c1:2a:cd:e0:87:a6:96:a9:91:c6:43:29:83:
                    a3:d1:e9:9b:3b:dd:e8:2e:24:75:47:bd:64:1d:41:
                    27:28:d5:96:e6:e7:cc:a6:08:cf:b9:5b:87:60:34:
                    5a:7a:12:b3:38:97:6a:49:2a:87:ef:43:4c:5b:0f:
                    ee:b1:8b:27:4b:62:2a:da:53:d1:92:d1:31:ca:29:
                    a4:1c:82:f6:56:59:d3:06:de:57:02:62:e7:5b:02:
                    ea:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:F0:54:A3:00:A7:1A:9D:B5:96:25:21:A8:C9:64:80:16:48:31:81
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Q_BUowCnGp21liUhqMlkgBZIMYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:dc:8c:35:ff:86:34:ba:f2:30:2f:eb:51:34:f5:97:6f:b7:
         09:40:24:24:73:4a:b2:81:fa:91:72:2f:8f:49:4a:69:c5:02:
         f2:6b:44:cb:3c:e2:76:69:64:c3:e2:1d:38:e6:0f:51:c4:38:
         cf:e7:56:01:f4:fd:af:f1:48:33:b5:f4:55:a5:bf:6f:bd:de:
         45:21:04:d0:fd:bb:79:81:46:d5:ed:87:bd:fb:07:95:1e:11:
         d8:3a:92:e1:1e:87:06:dc:03:ba:58:20:a2:5f:58:30:b5:9e:
         93:e7:5f:a6:e6:4d:f2:69:ad:d8:8e:84:73:6b:bb:b8:d1:26:
         21:6b:23:a8:d1:49:6c:8c:d1:f1:fd:31:e4:5f:d1:e9:cc:02:
         25:87:79:b2:24:cc:e4:89:47:e3:a3:d4:6a:51:e8:5e:44:d4:
         2f:f8:de:81:ea:d8:00:6c:4d:d2:a4:18:71:9d:70:4f:86:a9:
         3f:1d:ca:e0:ba:f6:2b:b2:5e:47:fa:fe:42:fa:00:f3:7e:93:
         7f:59:83:e3:65:d5:84:2d:5b:0b:09:7d:95:43:25:9c:f4:b5:
         42:dc:5c:88:5e:d0:42:26:3a:87:6f:47:14:76:43:d2:95:c8:
         0b:bd:8b:db:f1:3f:c0:42:8c:ad:8e:98:8b:85:90:d2:e2:76:
         78:d0:45:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAm2k4o7Bvn/IhGqQq4mLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2YwNTRhMzAwYTcxYTlkYjU5NjI1MjFhOGM5NjQ4MDE2NDgzMTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKaKH5S1dxn4e4Ns3j0qHmtRTx3q
tzRAVgOHaU1CNJaa76mKqgi5KhBKl4xbE4UihY1iYeeAiqNlXGupTnDsF1R676Id
Jzlm/h7DjR0Gonr2RRbhvY/KJ5S1K9gI+j6mQi/EcgGuo9oEsIBq7zyYZqD+2mhI
+zjv1mawkoeiliWYHjWB0MGhXU7uD282Bge85GiGHZnhDWfo1lTJtygS61ouPlyE
AMEqzeCHppapkcZDKYOj0embO93oLiR1R71kHUEnKNWW5ufMpgjPuVuHYDRaehKz
OJdqSSqH70NMWw/usYsnS2Iq2lPRktExyimkHIL2VlnTBt5XAmLnWwLqewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPwVKMApxqdtZYlIajJZIAWSDGBMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUV9CVW93Q25HcDIxbGlVaHFNbGtnQlpJTVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueoWMA0G
CSqGSIb3DQEBCwUAA4IBAQCK3Iw1/4Y0uvIwL+tRNPWXb7cJQCQkc0qygfqRci+P
SUppxQLya0TLPOJ2aWTD4h045g9RxDjP51YB9P2v8UgztfRVpb9vvd5FIQTQ/bt5
gUbV7Ye9+weVHhHYOpLhHocG3AO6WCCiX1gwtZ6T51+m5k3yaa3YjoRza7u40SYh
ayOo0UlsjNHx/THkX9HpzAIlh3myJMzkiUfjo9RqUeheRNQv+N6B6tgAbE3SpBhx
nXBPhqk/HcrguvYrsl5H+v5C+gDzfpN/WYPjZdWELVsLCX2VQyWc9LVC3FyIXtBC
JjqHb0cUdkPSlcgLvYvb8T/AQoytjpiLhZDS4nZ40EWD
-----END CERTIFICATE-----