Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/d9b596-601e-4426-a428-46957bd8860d/1/QVpFuu8b3M3SM3tYURtLx_63KgE.roa
File:                     QVpFuu8b3M3SM3tYURtLx_63KgE.roa (raw, json)
Hash identifier:          bd1+jvX9pSmYRn5RDTWfPknY/z2r97mBhvSxIh2QIaA=
Subject key identifier:   41:5A:45:BA:EF:1B:DC:CD:D2:33:7B:58:51:1B:4B:C7:FE:B7:2A:01
Certificate issuer:       /CN=389755423f832a528c93136110f0fe4b10453582
Certificate serial:       018E8545255EBDC8579EA781164B2DA1C0AA
Authority key identifier: 38:97:55:42:3F:83:2A:52:8C:93:13:61:10:F0:FE:4B:10:45:35:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OJdVQj-DKlKMkxNhEPD-SxBFNYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/d9b596-601e-4426-a428-46957bd8860d/1/QVpFuu8b3M3SM3tYURtLx_63KgE.roa
Signing time:             Thu 28 Mar 2024 13:34:44 +0000
ROA not before:           Thu 28 Mar 2024 13:34:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212150
IP address blocks:        188.213.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/d9b596-601e-4426-a428-46957bd8860d/1/OJdVQj-DKlKMkxNhEPD-SxBFNYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/d9b596-601e-4426-a428-46957bd8860d/1/OJdVQj-DKlKMkxNhEPD-SxBFNYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OJdVQj-DKlKMkxNhEPD-SxBFNYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:85:45:25:5e:bd:c8:57:9e:a7:81:16:4b:2d:a1:c0:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=389755423f832a528c93136110f0fe4b10453582
        Validity
            Not Before: Mar 28 13:34:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=415a45baef1bdccdd2337b58511b4bc7feb72a01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:41:0b:0b:f5:60:e6:24:32:b9:de:4b:3e:cb:
                    d0:ed:76:24:dc:cd:84:46:14:a2:a1:65:c0:e0:7a:
                    ca:6b:a7:46:7a:49:4b:f6:f1:f4:48:0c:cc:21:99:
                    24:cb:9b:f7:23:1e:e8:2a:06:0c:75:6b:21:85:6c:
                    62:c9:03:48:92:cd:9e:f1:eb:ab:d6:96:76:1d:f3:
                    0a:5c:b8:eb:37:c8:90:6c:57:4f:d5:8d:ce:a8:f6:
                    89:7e:63:33:ef:d0:51:5a:35:f2:0b:2e:45:5d:68:
                    d5:e0:d5:2b:33:15:b1:5f:4f:e1:7f:20:89:2d:a7:
                    b1:fc:a4:da:6e:c7:df:c4:de:a7:ff:58:b0:13:58:
                    ef:a3:f5:74:0a:93:17:4b:e7:4c:b2:66:e5:b5:a4:
                    6d:34:b2:a4:fe:57:2e:af:9e:fb:e0:07:cf:5d:82:
                    41:02:e5:73:74:64:be:fc:c8:4e:44:d1:dd:80:78:
                    43:23:bc:d9:4f:d9:43:ed:12:f9:e5:1d:9a:2c:08:
                    e4:ae:01:84:1a:7c:ee:64:1c:0e:8a:f2:dd:73:33:
                    24:11:0f:1a:3d:e2:af:eb:78:56:00:26:0f:2c:8b:
                    fa:54:57:fc:b4:16:f9:db:f4:85:c1:7b:35:f6:96:
                    54:d0:29:89:4f:d0:c7:78:12:40:ad:ab:ec:e0:75:
                    80:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:5A:45:BA:EF:1B:DC:CD:D2:33:7B:58:51:1B:4B:C7:FE:B7:2A:01
            X509v3 Authority Key Identifier:
                keyid:38:97:55:42:3F:83:2A:52:8C:93:13:61:10:F0:FE:4B:10:45:35:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OJdVQj-DKlKMkxNhEPD-SxBFNYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/d9b596-601e-4426-a428-46957bd8860d/1/QVpFuu8b3M3SM3tYURtLx_63KgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/d9b596-601e-4426-a428-46957bd8860d/1/OJdVQj-DKlKMkxNhEPD-SxBFNYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.213.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:26:43:a7:d3:83:f4:cb:26:b1:e3:cd:95:d3:69:47:23:ba:
         e5:c5:33:3a:a9:f6:9a:43:67:fd:41:d5:a4:2b:be:fc:4f:39:
         db:85:65:55:0a:15:a3:9b:9a:e6:8c:98:71:66:76:b3:70:82:
         77:17:dd:f3:63:ae:65:91:b4:08:42:78:0d:e4:95:bc:4d:49:
         f6:d8:dc:48:0e:a0:4b:42:00:98:47:3d:de:3b:94:b2:c6:bb:
         81:c7:4e:6d:80:7f:c5:f1:a5:47:9c:93:fb:ac:7a:9c:d4:de:
         07:02:7e:4c:b1:63:52:f6:1e:b7:90:41:60:63:86:47:86:99:
         88:fe:ff:1f:ba:1d:96:df:60:c2:ee:82:6e:f0:fe:c5:e2:ea:
         f7:29:41:72:77:22:75:e7:27:10:07:2c:b4:4b:fc:aa:15:b4:
         c9:c5:31:13:71:a4:25:29:3f:41:22:34:b2:f9:42:bc:04:02:
         8a:d5:ff:84:55:9a:71:db:be:70:d2:d6:35:bb:60:3e:3b:89:
         b7:9e:dd:09:f6:2f:0b:05:1b:ff:3b:13:04:cb:b4:db:0c:75:
         22:5e:03:7a:58:0e:51:7a:99:8a:28:af:01:4b:68:77:5c:d6:
         c8:1a:7b:49:64:9a:de:a9:9d:a1:55:79:5f:23:f3:fc:cf:e3:
         0e:52:3a:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6FRSVevchXnqeBFkstocCqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4OTc1NTQyM2Y4MzJhNTI4YzkzMTM2MTEwZjBmZTRiMTA0
NTM1ODIwHhcNMjQwMzI4MTMzNDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTVhNDViYWVmMWJkY2NkZDIzMzdiNTg1MTFiNGJjN2ZlYjcyYTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEELC/Vg5iQyud5LPsvQ7XYk3M2E
RhSioWXA4HrKa6dGeklL9vH0SAzMIZkky5v3Ix7oKgYMdWshhWxiyQNIks2e8eur
1pZ2HfMKXLjrN8iQbFdP1Y3OqPaJfmMz79BRWjXyCy5FXWjV4NUrMxWxX0/hfyCJ
Laex/KTabsffxN6n/1iwE1jvo/V0CpMXS+dMsmbltaRtNLKk/lcur5774AfPXYJB
AuVzdGS+/MhORNHdgHhDI7zZT9lD7RL55R2aLAjkrgGEGnzuZBwOivLdczMkEQ8a
PeKv63hWACYPLIv6VFf8tBb52/SFwXs19pZU0CmJT9DHeBJAravs4HWA0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFaRbrvG9zN0jN7WFEbS8f+tyoBMB8GA1UdIwQY
MBaAFDiXVUI/gypSjJMTYRDw/ksQRTWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0pkVlFqLURLbEtNa3hOaEVQRC1TeEJGTllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9kOWI1OTYtNjAxZS00NDI2LWE0Mjgt
NDY5NTdiZDg4NjBkLzEvUVZwRnV1OGIzTTNTTTN0WVVSdEx4XzYzS2dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9kOWI1OTYtNjAxZS00NDI2LWE0MjgtNDY5NTdiZDg4NjBk
LzEvT0pkVlFqLURLbEtNa3hOaEVQRC1TeEJGTllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNUXMA0G
CSqGSIb3DQEBCwUAA4IBAQCPJkOn04P0yyax482V02lHI7rlxTM6qfaaQ2f9QdWk
K778TznbhWVVChWjm5rmjJhxZnazcIJ3F93zY65lkbQIQngN5JW8TUn22NxIDqBL
QgCYRz3eO5SyxruBx05tgH/F8aVHnJP7rHqc1N4HAn5MsWNS9h63kEFgY4ZHhpmI
/v8fuh2W32DC7oJu8P7F4ur3KUFydyJ15ycQByy0S/yqFbTJxTETcaQlKT9BIjSy
+UK8BAKK1f+EVZpx275w0tY1u2A+O4m3nt0J9i8LBRv/OxMEy7TbDHUiXgN6WA5R
epmKKK8BS2h3XNbIGntJZJreqZ2hVXlfI/P8z+MOUjrS
-----END CERTIFICATE-----