Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/QXq-QREJ2__ku_CiU9IRaLrXDq0.roa
File:                     QXq-QREJ2__ku_CiU9IRaLrXDq0.roa (raw, json)
Hash identifier:          Sxo2XRD3W0GRybUsGIYlo/Gbaj2RW+PDS4/Kn0vfTRU=
Subject key identifier:   41:7A:BE:41:11:09:DB:FF:E4:BB:F0:A2:53:D2:11:68:BA:D7:0E:AD
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC80303F7BC9539CD823C6C08CE58C658
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/QXq-QREJ2__ku_CiU9IRaLrXDq0.roa
Signing time:             Tue 02 Jan 2024 02:31:29 +0000
ROA not before:           Tue 02 Jan 2024 02:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207448
IP address blocks:        193.235.64.0/24 maxlen: 24
                          2a01:280:358::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:03:f7:bc:95:39:cd:82:3c:6c:08:ce:58:c6:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=417abe411109dbffe4bbf0a253d21168bad70ead
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:c7:ee:95:0f:4f:ea:59:39:51:32:2b:ad:71:
                    0b:fc:f7:0b:4f:9b:cf:1c:fb:00:8c:fb:d3:07:71:
                    0e:57:b5:3f:46:5b:14:b1:8b:d5:fb:69:10:3b:4d:
                    41:85:71:30:c3:69:1d:18:67:bf:a2:3b:49:5f:bc:
                    5c:91:28:d7:e6:0a:04:06:7f:0d:59:c7:1c:54:c5:
                    63:02:d9:06:cd:2a:42:ad:64:a6:30:9d:0a:f3:0c:
                    cb:e4:25:cd:fd:eb:dd:0c:f5:3a:1b:b0:4b:96:8c:
                    b3:3c:d1:e3:e8:d9:dd:18:5e:ca:f9:01:65:e8:27:
                    c3:9f:79:9a:73:ce:f3:42:9c:28:23:f7:eb:09:91:
                    3a:8d:61:e5:9e:10:1d:cd:98:31:b7:93:e7:c7:cd:
                    42:5f:23:2c:20:9c:f8:ce:27:f2:9c:08:12:5e:72:
                    16:c2:ba:33:bc:7c:3e:f0:c4:17:ef:4f:1e:5d:3c:
                    99:bb:7c:d1:48:4d:1e:f5:0f:c6:c5:69:00:42:7c:
                    8a:7e:2f:88:6e:c9:ae:f2:13:e2:f1:6d:42:d4:9a:
                    5d:9b:71:df:f1:5d:d2:79:5d:6e:10:2c:d7:ac:cb:
                    31:fe:5e:78:87:33:a6:ef:8e:cb:7f:20:f6:b5:d4:
                    96:95:3e:93:58:78:72:5e:06:9e:37:cd:8f:12:66:
                    46:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:7A:BE:41:11:09:DB:FF:E4:BB:F0:A2:53:D2:11:68:BA:D7:0E:AD
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/QXq-QREJ2__ku_CiU9IRaLrXDq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.235.64.0/24
                IPv6:
                  2a01:280:358::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:ab:7b:f3:9c:c8:e3:0f:1d:81:9f:97:23:26:fc:66:a3:32:
         b7:3e:e7:2b:d1:1c:3e:c5:41:41:02:71:5f:0d:2e:c9:07:a4:
         39:f5:4f:1d:85:45:14:99:47:fb:58:9c:6c:dd:43:f5:60:22:
         50:ad:a2:67:59:e6:7b:8a:41:3b:b7:eb:f8:ff:24:67:da:ed:
         57:3a:f4:46:e6:6d:07:f0:a8:35:d9:12:a3:f1:8d:82:5c:e1:
         a1:f9:d5:17:60:f3:09:bf:7a:ca:87:95:46:3d:7a:c0:e4:da:
         d0:ea:29:0c:d1:d6:a1:e4:92:db:ae:f8:e2:64:1e:f2:83:d0:
         be:94:4d:99:00:c8:c7:34:b7:9b:c5:f3:14:12:d7:f1:fc:09:
         bb:78:ef:e2:cb:9f:87:8d:e5:52:e8:b0:35:87:87:ca:f2:31:
         f3:ec:51:b0:a0:df:84:cf:8d:fb:e0:bf:c3:90:15:14:df:c2:
         81:00:b5:00:43:89:42:8d:60:a7:8e:86:e0:5b:08:0a:92:6f:
         b3:00:0e:cd:82:98:3b:7a:cc:fe:b1:1d:a2:c0:de:d7:12:ca:
         03:da:a9:55:37:98:12:bb:5e:3c:a8:9d:e3:78:7e:59:fc:d6:
         d9:08:cc:5c:36:77:fa:fa:2e:0a:31:f3:ec:ad:be:6b:42:03:
         8f:5b:94:7b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAwP3vJU5zYI8bAjOWMZYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTdhYmU0MTExMDlkYmZmZTRiYmYwYTI1M2QyMTE2OGJhZDcwZWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMfulQ9P6lk5UTIrrXEL/PcLT5vP
HPsAjPvTB3EOV7U/RlsUsYvV+2kQO01BhXEww2kdGGe/ojtJX7xckSjX5goEBn8N
WcccVMVjAtkGzSpCrWSmMJ0K8wzL5CXN/evdDPU6G7BLloyzPNHj6NndGF7K+QFl
6CfDn3mac87zQpwoI/frCZE6jWHlnhAdzZgxt5Pnx81CXyMsIJz4zifynAgSXnIW
wrozvHw+8MQX708eXTyZu3zRSE0e9Q/GxWkAQnyKfi+Ibsmu8hPi8W1C1Jpdm3Hf
8V3SeV1uECzXrMsx/l54hzOm747LfyD2tdSWlT6TWHhyXgaeN82PEmZGjQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEF6vkERCdv/5LvwolPSEWi61w6tMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvUVhxLVFSRUoyX19rdV9DaVU5SVJhTHJYRHEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwetAMA8E
AgACMAkDBwAqAQKAA1gwDQYJKoZIhvcNAQELBQADggEBAEGre/OcyOMPHYGflyMm
/GajMrc+5yvRHD7FQUECcV8NLskHpDn1Tx2FRRSZR/tYnGzdQ/VgIlCtomdZ5nuK
QTu36/j/JGfa7Vc69EbmbQfwqDXZEqPxjYJc4aH51Rdg8wm/esqHlUY9esDk2tDq
KQzR1qHkktuu+OJkHvKD0L6UTZkAyMc0t5vF8xQS1/H8Cbt47+LLn4eN5VLosDWH
h8ryMfPsUbCg34TPjfvgv8OQFRTfwoEAtQBDiUKNYKeOhuBbCAqSb7MADs2CmDt6
zP6xHaLA3tcSygPaqVU3mBK7XjyoneN4fln81tkIzFw2d/r6Lgox8+ytvmtCA49b
lHs=
-----END CERTIFICATE-----