Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/QXA99S1k6Asan8-BTrNul16ObrU.roa
File:                     QXA99S1k6Asan8-BTrNul16ObrU.roa (raw, json)
Hash identifier:          UnHi0qW3/ULjmDWS+QsHP22dQs7SpyUU73eE860LPNc=
Subject key identifier:   41:70:3D:F5:2D:64:E8:0B:1A:9F:CF:81:4E:B3:6E:97:5E:8E:6E:B5
Certificate issuer:       /CN=e1b9a3ce0f593910819c3271e1e8d0bd1371a6be
Certificate serial:       018CC56E431C17F668E436BB8BD866F2C3E4
Authority key identifier: E1:B9:A3:CE:0F:59:39:10:81:9C:32:71:E1:E8:D0:BD:13:71:A6:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4bmjzg9ZORCBnDJx4ejQvRNxpr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/QXA99S1k6Asan8-BTrNul16ObrU.roa
Signing time:             Mon 01 Jan 2024 14:29:46 +0000
ROA not before:           Mon 01 Jan 2024 14:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203020
IP address blocks:        109.196.160.0/22 maxlen: 32
                          80.65.216.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/4bmjzg9ZORCBnDJx4ejQvRNxpr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/4bmjzg9ZORCBnDJx4ejQvRNxpr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4bmjzg9ZORCBnDJx4ejQvRNxpr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:43:1c:17:f6:68:e4:36:bb:8b:d8:66:f2:c3:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1b9a3ce0f593910819c3271e1e8d0bd1371a6be
        Validity
            Not Before: Jan  1 14:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41703df52d64e80b1a9fcf814eb36e975e8e6eb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:14:27:16:73:7d:d8:3d:52:b0:c6:8f:70:ab:
                    a7:8f:b3:83:2d:8d:3f:23:9d:2a:4f:75:18:cb:92:
                    a6:99:8a:ee:19:00:0d:fc:a8:e8:c4:e9:fd:e5:15:
                    a1:fa:24:bf:b8:60:04:67:f9:0c:98:52:47:6f:e2:
                    3c:dc:4a:00:78:bf:86:59:1f:bd:3f:5e:29:d2:06:
                    ab:fc:95:0e:64:fb:79:1d:3c:2b:ba:7f:38:6f:75:
                    9e:60:0d:df:ea:d1:bd:e2:f3:d2:81:fd:af:16:89:
                    25:2b:ed:ef:3d:fb:5d:b4:0a:53:a9:ab:5a:db:54:
                    85:23:94:3d:82:0c:af:79:6b:b8:38:a4:c9:7a:c4:
                    10:1d:3f:fc:38:a4:6d:38:92:1a:2c:84:05:6c:b5:
                    6d:e7:47:e8:f3:58:a5:d8:e0:d0:f0:13:62:eb:17:
                    f7:47:db:b8:57:1e:61:e6:b7:11:89:09:b0:e9:70:
                    0d:a6:e8:f5:93:db:c9:19:94:57:fd:ac:cf:15:57:
                    37:01:4d:20:9a:41:b9:81:ef:c9:c4:66:d0:c8:a8:
                    3a:b1:33:bb:9e:bd:92:f0:8e:c6:5b:27:07:f9:06:
                    60:18:47:d2:64:62:92:22:c9:a0:e0:ad:96:cc:27:
                    46:9a:41:a4:1a:7a:ab:bd:54:2f:f2:bc:c9:4b:77:
                    28:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:70:3D:F5:2D:64:E8:0B:1A:9F:CF:81:4E:B3:6E:97:5E:8E:6E:B5
            X509v3 Authority Key Identifier:
                keyid:E1:B9:A3:CE:0F:59:39:10:81:9C:32:71:E1:E8:D0:BD:13:71:A6:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4bmjzg9ZORCBnDJx4ejQvRNxpr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/QXA99S1k6Asan8-BTrNul16ObrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/4bmjzg9ZORCBnDJx4ejQvRNxpr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.65.216.0/22
                  109.196.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:87:f5:cb:51:b3:7f:1b:51:d5:f0:e5:fb:71:0d:f3:46:eb:
         12:66:e5:93:08:0c:a6:b4:0d:c2:63:fd:3d:f1:50:8f:85:c3:
         1f:71:ed:75:32:21:62:e4:38:ee:03:24:ff:1a:8d:9b:ec:4e:
         95:7f:06:e0:5c:b3:b0:ed:48:d6:cb:a0:54:2a:64:3a:dd:c4:
         d2:0e:0a:68:98:5f:b1:dd:92:72:64:e7:96:c4:89:08:ec:cd:
         4b:a3:b3:2b:c7:bb:a6:d3:a1:62:de:bf:0e:dd:0f:a5:81:f3:
         67:de:49:4a:fb:81:25:3a:90:db:07:96:86:1a:e6:11:d1:bf:
         72:55:af:b8:52:cb:e8:3c:a5:f1:ba:35:53:64:4c:e5:6e:29:
         85:c0:c7:79:1d:b1:b8:db:55:aa:62:cd:15:7a:36:95:73:b1:
         59:1e:4d:0a:ce:6e:c3:9c:2e:96:d8:91:b6:09:e1:20:e2:d6:
         af:2b:3e:5a:7a:31:09:4c:2d:b2:06:5c:57:7c:95:15:3a:5c:
         3b:78:aa:3a:e0:68:28:37:c9:7d:84:57:5c:8d:01:a8:4d:9d:
         ba:63:61:cd:a1:91:70:23:1f:34:5e:25:d8:f7:64:79:73:d1:
         7c:ac:b3:84:40:79:b4:e9:2e:f2:8c:1d:fb:22:4f:c9:d7:b5:
         7d:d8:e6:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbkMcF/Zo5Da7i9hm8sPkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYjlhM2NlMGY1OTM5MTA4MTljMzI3MWUxZThkMGJkMTM3
MWE2YmUwHhcNMjQwMTAxMTQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTcwM2RmNTJkNjRlODBiMWE5ZmNmODE0ZWIzNmU5NzVlOGU2ZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxQnFnN92D1SsMaPcKunj7ODLY0/
I50qT3UYy5KmmYruGQAN/KjoxOn95RWh+iS/uGAEZ/kMmFJHb+I83EoAeL+GWR+9
P14p0gar/JUOZPt5HTwrun84b3WeYA3f6tG94vPSgf2vFoklK+3vPftdtApTqata
21SFI5Q9ggyveWu4OKTJesQQHT/8OKRtOJIaLIQFbLVt50fo81il2ODQ8BNi6xf3
R9u4Vx5h5rcRiQmw6XANpuj1k9vJGZRX/azPFVc3AU0gmkG5ge/JxGbQyKg6sTO7
nr2S8I7GWycH+QZgGEfSZGKSIsmg4K2WzCdGmkGkGnqrvVQv8rzJS3coIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEFwPfUtZOgLGp/PgU6zbpdejm61MB8GA1UdIwQY
MBaAFOG5o84PWTkQgZwyceHo0L0Tcaa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGJtanpnOVpPUkNCbkRKeDRlalF2Uk54cHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8wZDhiZTgtYjRiNC00MzZlLTg2ZTIt
YmE0YzU2ZDhjMGNlLzEvUVhBOTlTMWs2QXNhbjgtQlRyTnVsMTZPYnJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8wZDhiZTgtYjRiNC00MzZlLTg2ZTItYmE0YzU2ZDhjMGNl
LzEvNGJtanpnOVpPUkNCbkRKeDRlalF2Uk54cHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCUEHYAwQC
bcSgMA0GCSqGSIb3DQEBCwUAA4IBAQBCh/XLUbN/G1HV8OX7cQ3zRusSZuWTCAym
tA3CY/098VCPhcMfce11MiFi5DjuAyT/Go2b7E6VfwbgXLOw7UjWy6BUKmQ63cTS
DgpomF+x3ZJyZOeWxIkI7M1Lo7Mrx7um06Fi3r8O3Q+lgfNn3klK+4ElOpDbB5aG
GuYR0b9yVa+4UsvoPKXxujVTZEzlbimFwMd5HbG421WqYs0VejaVc7FZHk0Kzm7D
nC6W2JG2CeEg4tavKz5aejEJTC2yBlxXfJUVOlw7eKo64GgoN8l9hFdcjQGoTZ26
Y2HNoZFwIx80XiXY92R5c9F8rLOEQHm06S7yjB37Ik/J17V92OZV
-----END CERTIFICATE-----