Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/QTIrB7ChLY4mWleknUzGts0GiNY.roa
File:                     QTIrB7ChLY4mWleknUzGts0GiNY.roa (raw, json)
Hash identifier:          9SPBpVLQCdRGHZldeBlgVdJJnWukF3L/SA14lgwVUmw=
Subject key identifier:   41:32:2B:07:B0:A1:2D:8E:26:5A:57:A4:9D:4C:C6:B6:CD:06:88:D6
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC56EF1E7F74C723874ABCD7FE54AD12A
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/QTIrB7ChLY4mWleknUzGts0GiNY.roa
Signing time:             Mon 01 Jan 2024 14:30:31 +0000
ROA not before:           Mon 01 Jan 2024 14:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     272697
IP address blocks:        130.185.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f1:e7:f7:4c:72:38:74:ab:cd:7f:e5:4a:d1:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  1 14:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41322b07b0a12d8e265a57a49d4cc6b6cd0688d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b7:b6:95:2b:29:1f:eb:58:52:4b:0b:67:f5:
                    2a:81:da:2d:e9:aa:67:0b:e3:fe:c7:32:a2:6d:77:
                    0d:08:2b:4a:14:22:48:13:4e:86:a3:96:bd:32:bc:
                    f7:dc:76:2a:90:f5:fe:f1:a3:c6:06:81:30:4c:65:
                    85:c1:6d:c2:11:c4:4d:bc:e3:cf:c7:b6:63:70:ef:
                    a4:de:0f:a3:d1:26:4d:f5:af:62:de:3b:de:ac:c8:
                    e4:27:89:b5:31:2e:13:17:e4:2d:ce:72:5b:18:5d:
                    cc:17:f7:29:e3:4c:e5:75:51:2f:d6:f2:8c:13:fd:
                    95:d6:63:30:3f:0b:7d:33:c8:02:9b:8b:cc:52:62:
                    ee:75:0a:6f:a4:9c:b0:57:ea:8e:3c:3d:49:56:d8:
                    35:f5:11:45:af:8f:f1:3f:ba:54:82:c4:93:71:4e:
                    13:a0:36:2e:17:07:2a:e0:68:27:54:1a:4a:5d:27:
                    03:76:8c:61:09:90:f5:65:8b:c9:4c:b1:77:34:a0:
                    4a:f1:77:ff:3d:ce:db:8f:c9:70:3d:f8:3f:bc:b3:
                    70:2d:c5:d4:77:2e:f8:3d:a1:29:be:7f:bc:2a:8d:
                    24:1d:8e:be:7e:60:90:92:15:8c:64:61:e4:ab:bd:
                    70:a9:8a:39:46:cb:d6:6a:30:5b:18:a5:62:91:ed:
                    d4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:32:2B:07:B0:A1:2D:8E:26:5A:57:A4:9D:4C:C6:B6:CD:06:88:D6
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/QTIrB7ChLY4mWleknUzGts0GiNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:56:7f:d1:56:c5:48:a9:44:69:08:1a:b4:83:b9:21:ef:7e:
         f8:1d:ad:35:b9:e7:ca:0f:07:7c:48:3b:8e:8f:07:14:af:52:
         c0:b4:d3:87:fa:72:4a:6a:93:4e:13:1b:6f:74:12:32:28:ff:
         46:a9:17:8e:12:a5:d6:4d:55:45:b0:c1:63:d0:2d:62:55:43:
         75:04:f3:23:71:a3:16:0f:79:9b:04:d8:12:78:b2:f3:52:59:
         9f:84:23:8c:d6:c5:48:27:d6:7f:a4:8c:32:fb:bd:bc:98:42:
         54:72:26:c6:43:49:63:87:27:49:f3:84:3b:5d:cf:34:3d:1a:
         b7:44:e7:6c:b4:3e:3c:24:04:ed:ae:79:41:29:dc:c0:b6:70:
         f8:68:69:d6:a2:e5:27:c3:b5:f9:1f:cd:a2:8f:f3:cb:65:2e:
         34:ba:53:0b:1d:e9:f0:6a:75:68:11:65:17:ef:b8:25:d3:fe:
         bf:47:58:58:aa:cb:ab:84:f0:f0:8e:82:7f:f3:9d:b9:8f:6a:
         eb:54:7a:c6:bf:cf:0c:45:00:3c:a0:ca:66:fe:37:24:8b:f1:
         dc:7c:7d:de:5c:da:af:f9:43:a9:d5:0b:67:f8:63:27:3f:0c:
         85:c6:1f:a1:0b:c5:99:68:8e:9e:26:52:d6:91:71:28:4e:00:
         5e:28:8a:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvHn90xyOHSrzX/lStEqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAxMTQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTMyMmIwN2IwYTEyZDhlMjY1YTU3YTQ5ZDRjYzZiNmNkMDY4OGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApre2lSspH+tYUksLZ/Uqgdot6apn
C+P+xzKibXcNCCtKFCJIE06Go5a9Mrz33HYqkPX+8aPGBoEwTGWFwW3CEcRNvOPP
x7ZjcO+k3g+j0SZN9a9i3jverMjkJ4m1MS4TF+QtznJbGF3MF/cp40zldVEv1vKM
E/2V1mMwPwt9M8gCm4vMUmLudQpvpJywV+qOPD1JVtg19RFFr4/xP7pUgsSTcU4T
oDYuFwcq4GgnVBpKXScDdoxhCZD1ZYvJTLF3NKBK8Xf/Pc7bj8lwPfg/vLNwLcXU
dy74PaEpvn+8Ko0kHY6+fmCQkhWMZGHkq71wqYo5RsvWajBbGKVike3UvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEEyKwewoS2OJlpXpJ1MxrbNBojWMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvUVRJckI3Q2hMWTRtV2xla25Vekd0czBHaU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgrnuMA0G
CSqGSIb3DQEBCwUAA4IBAQAiVn/RVsVIqURpCBq0g7kh7374Ha01uefKDwd8SDuO
jwcUr1LAtNOH+nJKapNOExtvdBIyKP9GqReOEqXWTVVFsMFj0C1iVUN1BPMjcaMW
D3mbBNgSeLLzUlmfhCOM1sVIJ9Z/pIwy+728mEJUcibGQ0ljhydJ84Q7Xc80PRq3
ROdstD48JATtrnlBKdzAtnD4aGnWouUnw7X5H82ij/PLZS40ulMLHenwanVoEWUX
77gl0/6/R1hYqsurhPDwjoJ/8525j2rrVHrGv88MRQA8oMpm/jcki/HcfH3eXNqv
+UOp1Qtn+GMnPwyFxh+hC8WZaI6eJlLWkXEoTgBeKIpp
-----END CERTIFICATE-----