Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/bbb30b-2688-4a6e-b2a2-1399a282227a/1/Qqg9eqagY2OCtlh4W2g7NHT_CAw.roa
File:                     Qqg9eqagY2OCtlh4W2g7NHT_CAw.roa (raw, json)
Hash identifier:          nt7GYXL/R0kwwbVoVGaPkCkNTAlz1ruqIXPwoIsAnQI=
Subject key identifier:   42:A8:3D:7A:A6:A0:63:63:82:B6:58:78:5B:68:3B:34:74:FF:08:0C
Certificate issuer:       /CN=9a5550e908a9b9688c29aac9895353dea836c45a
Certificate serial:       018CC64AA89ED9E8E73897CE5E7F487E8AF3
Authority key identifier: 9A:55:50:E9:08:A9:B9:68:8C:29:AA:C9:89:53:53:DE:A8:36:C4:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mlVQ6QipuWiMKarJiVNT3qg2xFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/bbb30b-2688-4a6e-b2a2-1399a282227a/1/Qqg9eqagY2OCtlh4W2g7NHT_CAw.roa
Signing time:             Mon 01 Jan 2024 18:30:30 +0000
ROA not before:           Mon 01 Jan 2024 18:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.11.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/bbb30b-2688-4a6e-b2a2-1399a282227a/1/mlVQ6QipuWiMKarJiVNT3qg2xFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/bbb30b-2688-4a6e-b2a2-1399a282227a/1/mlVQ6QipuWiMKarJiVNT3qg2xFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mlVQ6QipuWiMKarJiVNT3qg2xFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:a8:9e:d9:e8:e7:38:97:ce:5e:7f:48:7e:8a:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a5550e908a9b9688c29aac9895353dea836c45a
        Validity
            Not Before: Jan  1 18:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42a83d7aa6a0636382b658785b683b3474ff080c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:df:5a:71:a2:69:fd:03:41:4c:7a:15:43:9e:
                    59:64:0b:bb:3e:71:e5:d2:ef:06:64:ea:f9:61:23:
                    59:3f:bb:3a:f9:57:48:aa:17:62:b7:b3:f5:05:30:
                    36:85:dd:6b:05:dd:9b:de:49:0b:89:d5:a1:ee:27:
                    b4:cc:0c:b2:c4:bc:0d:3e:65:12:51:46:69:d3:9e:
                    28:33:f6:6c:46:57:29:54:28:71:d1:4f:1f:71:d5:
                    3c:1f:da:a2:2f:dc:4c:4d:32:ec:dc:a4:d9:f0:02:
                    bf:bd:05:9e:21:6a:f0:b0:37:c5:fd:31:78:c3:92:
                    c0:e4:01:da:ef:89:b2:aa:f4:ce:f4:3f:a3:79:b9:
                    1a:2b:82:0a:2b:e6:bb:08:1a:cd:52:30:73:e4:bd:
                    44:5f:9d:55:47:58:c5:23:57:3e:b3:b8:2f:f6:bf:
                    ec:f4:9c:fd:02:47:88:2c:ff:f1:56:54:3b:9c:88:
                    b2:20:c1:13:9b:9c:96:ee:0b:91:01:68:c9:49:2d:
                    1c:88:d5:9d:53:07:ad:f9:37:ab:35:64:bc:4c:e9:
                    34:e4:dc:79:0f:3b:b9:d9:c9:57:09:cd:ea:f9:31:
                    ff:9a:c9:9f:92:94:a8:7b:e5:a7:2a:47:fd:f3:d3:
                    f7:9d:aa:34:b7:d5:4f:fd:8a:f6:76:59:73:ff:dc:
                    d1:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:A8:3D:7A:A6:A0:63:63:82:B6:58:78:5B:68:3B:34:74:FF:08:0C
            X509v3 Authority Key Identifier:
                keyid:9A:55:50:E9:08:A9:B9:68:8C:29:AA:C9:89:53:53:DE:A8:36:C4:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mlVQ6QipuWiMKarJiVNT3qg2xFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/bbb30b-2688-4a6e-b2a2-1399a282227a/1/Qqg9eqagY2OCtlh4W2g7NHT_CAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/bbb30b-2688-4a6e-b2a2-1399a282227a/1/mlVQ6QipuWiMKarJiVNT3qg2xFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:12:ee:ba:2d:7e:20:c9:90:1d:56:06:5e:18:74:48:2a:81:
         3e:ac:38:e7:24:c4:09:19:b1:3d:fe:bb:55:38:bd:2c:14:b8:
         8e:b8:e7:d1:5b:7a:1a:0b:d6:7a:e3:20:a8:a4:47:c8:a0:25:
         28:e8:9f:94:e1:22:d6:16:ad:d9:9c:f2:aa:05:ee:b9:cf:dc:
         80:ca:b2:f6:e1:c6:63:9d:8e:f6:34:26:d9:d7:f0:51:13:f2:
         54:54:9f:c9:fa:6d:c5:15:fe:4a:4c:e4:e3:68:e7:20:64:6d:
         b3:cc:44:26:16:81:fb:80:92:e8:e0:cd:ac:47:6f:c8:22:c8:
         a5:72:07:7c:3c:68:99:8a:6a:20:f6:fe:68:41:fa:5a:32:54:
         2c:a6:30:14:ca:ae:4e:a0:24:3f:8f:c5:16:71:29:1b:6d:f6:
         2d:31:11:6b:ea:45:ff:b5:e8:ac:42:ca:5a:dc:17:f0:5d:15:
         e5:44:f6:65:50:ab:f2:96:54:45:82:68:db:b7:36:21:a6:c6:
         87:66:63:90:89:e3:3a:84:18:dd:a6:e5:80:5d:e1:ff:2c:04:
         63:97:cc:be:22:87:99:ef:22:4d:dd:1a:f8:dc:c2:e6:a0:8b:
         37:8a:02:0b:53:7e:22:b1:53:75:30:a3:a4:c2:e1:44:d6:f7:
         5a:c8:05:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSqie2ejnOJfOXn9IforzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNTU1MGU5MDhhOWI5Njg4YzI5YWFjOTg5NTM1M2RlYTgz
NmM0NWEwHhcNMjQwMTAxMTgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmE4M2Q3YWE2YTA2MzYzODJiNjU4Nzg1YjY4M2IzNDc0ZmYwODBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl99acaJp/QNBTHoVQ55ZZAu7PnHl
0u8GZOr5YSNZP7s6+VdIqhdit7P1BTA2hd1rBd2b3kkLidWh7ie0zAyyxLwNPmUS
UUZp054oM/ZsRlcpVChx0U8fcdU8H9qiL9xMTTLs3KTZ8AK/vQWeIWrwsDfF/TF4
w5LA5AHa74myqvTO9D+jebkaK4IKK+a7CBrNUjBz5L1EX51VR1jFI1c+s7gv9r/s
9Jz9AkeILP/xVlQ7nIiyIMETm5yW7guRAWjJSS0ciNWdUwet+TerNWS8TOk05Nx5
Dzu52clXCc3q+TH/msmfkpSoe+WnKkf989P3nao0t9VP/Yr2dllz/9zRQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEKoPXqmoGNjgrZYeFtoOzR0/wgMMB8GA1UdIwQY
MBaAFJpVUOkIqblojCmqyYlTU96oNsRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWxWUTZRaXB1V2lNS2FySmlWTlQzcWcyeEZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iYmIzMGItMjY4OC00YTZlLWIyYTIt
MTM5OWEyODIyMjdhLzEvUXFnOWVxYWdZMk9DdGxoNFcyZzdOSFRfQ0F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iYmIzMGItMjY4OC00YTZlLWIyYTItMTM5OWEyODIyMjdh
LzEvbWxWUTZRaXB1V2lNS2FySmlWTlQzcWcyeEZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQt+MA0G
CSqGSIb3DQEBCwUAA4IBAQANEu66LX4gyZAdVgZeGHRIKoE+rDjnJMQJGbE9/rtV
OL0sFLiOuOfRW3oaC9Z64yCopEfIoCUo6J+U4SLWFq3ZnPKqBe65z9yAyrL24cZj
nY72NCbZ1/BRE/JUVJ/J+m3FFf5KTOTjaOcgZG2zzEQmFoH7gJLo4M2sR2/IIsil
cgd8PGiZimog9v5oQfpaMlQspjAUyq5OoCQ/j8UWcSkbbfYtMRFr6kX/teisQspa
3BfwXRXlRPZlUKvyllRFgmjbtzYhpsaHZmOQieM6hBjdpuWAXeH/LARjl8y+IoeZ
7yJN3Rr43MLmoIs3igILU34isVN1MKOkwuFE1vdayAVL
-----END CERTIFICATE-----