Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/ba16ba-a8c8-442a-bab9-45e4740023db/1/Qbbgrcs6_70vAos7Kn2XjgmhhW0.roa
File:                     Qbbgrcs6_70vAos7Kn2XjgmhhW0.roa (raw, json)
Hash identifier:          u/xC4ZNNbPkeNaw/PwUsFeeYYHizJLUZS9CvRGT96uY=
Subject key identifier:   41:B6:E0:AD:CB:3A:FF:BD:2F:02:8B:3B:2A:7D:97:8E:09:A1:85:6D
Certificate issuer:       /CN=dd48d508215340eac0f14f0b74749d1c8ec9f566
Certificate serial:       018CC726A9127CDFE6AAD2EDD76E86747391
Authority key identifier: DD:48:D5:08:21:53:40:EA:C0:F1:4F:0B:74:74:9D:1C:8E:C9:F5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3UjVCCFTQOrA8U8LdHSdHI7J9WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/ba16ba-a8c8-442a-bab9-45e4740023db/1/Qbbgrcs6_70vAos7Kn2XjgmhhW0.roa
Signing time:             Mon 01 Jan 2024 22:30:48 +0000
ROA not before:           Mon 01 Jan 2024 22:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39294
IP address blocks:        213.5.76.0/22 maxlen: 22
                          91.234.108.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/ba16ba-a8c8-442a-bab9-45e4740023db/1/3UjVCCFTQOrA8U8LdHSdHI7J9WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/ba16ba-a8c8-442a-bab9-45e4740023db/1/3UjVCCFTQOrA8U8LdHSdHI7J9WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3UjVCCFTQOrA8U8LdHSdHI7J9WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 13:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:a9:12:7c:df:e6:aa:d2:ed:d7:6e:86:74:73:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd48d508215340eac0f14f0b74749d1c8ec9f566
        Validity
            Not Before: Jan  1 22:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41b6e0adcb3affbd2f028b3b2a7d978e09a1856d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:1d:1e:25:12:aa:57:78:2a:14:af:57:8c:53:
                    a7:d7:49:e9:56:38:54:cc:72:8a:6c:39:5c:f0:5c:
                    50:1a:c1:f9:51:a0:15:ea:06:01:51:b1:0a:ea:db:
                    af:4f:45:34:14:2e:2f:2c:bc:52:88:f5:2c:9a:d2:
                    65:94:18:d3:ec:1f:12:38:1d:8a:83:1d:6b:a1:5e:
                    d9:d8:d2:71:2e:67:9f:2b:8f:71:6d:9e:0a:e4:bd:
                    b0:96:f4:3f:55:bb:52:ae:d0:d7:ff:ea:d8:ef:7b:
                    62:2f:94:21:bb:03:5b:24:b8:ef:5b:44:c7:36:fa:
                    51:57:21:a8:fa:37:2a:4a:81:14:08:80:02:66:4d:
                    9c:65:4f:98:88:57:e2:9e:c7:dd:99:2a:9a:01:01:
                    c9:dd:b4:62:f7:51:b8:54:0e:0c:97:d0:71:17:f6:
                    e3:38:ad:c1:43:22:70:7c:2a:f6:51:96:fa:4a:80:
                    f8:f4:45:47:e2:82:2c:f2:41:7d:0a:58:08:6d:b9:
                    70:93:a9:50:1c:31:a5:77:ab:16:14:90:34:af:a3:
                    71:5c:67:f7:27:c3:2a:f5:81:55:d5:bd:16:27:ac:
                    1e:08:40:a3:b3:b0:85:0c:72:59:1d:8f:1a:a6:72:
                    c9:de:58:6c:13:6a:7a:fd:27:7e:c9:af:85:6a:3f:
                    d2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:B6:E0:AD:CB:3A:FF:BD:2F:02:8B:3B:2A:7D:97:8E:09:A1:85:6D
            X509v3 Authority Key Identifier:
                keyid:DD:48:D5:08:21:53:40:EA:C0:F1:4F:0B:74:74:9D:1C:8E:C9:F5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3UjVCCFTQOrA8U8LdHSdHI7J9WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/ba16ba-a8c8-442a-bab9-45e4740023db/1/Qbbgrcs6_70vAos7Kn2XjgmhhW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/ba16ba-a8c8-442a-bab9-45e4740023db/1/3UjVCCFTQOrA8U8LdHSdHI7J9WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.108.0/22
                  213.5.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:e4:81:ae:88:1f:49:97:78:f7:6a:d2:be:83:14:61:a1:bf:
         4f:f4:c4:73:5f:8d:a8:90:35:aa:ac:b0:71:8c:65:fb:e1:35:
         ba:8c:0d:60:a4:a9:04:89:c2:a6:8a:0f:a0:84:e5:db:97:07:
         12:f2:56:70:96:d5:e9:d5:af:b5:a5:4a:49:9a:10:63:7e:e6:
         fc:d8:c2:35:bd:39:fc:ed:16:e0:35:d7:4e:c8:56:c3:d1:0b:
         2f:bc:c3:00:88:8e:80:80:be:14:3b:66:16:a0:28:61:a0:cd:
         68:70:77:e8:bf:6b:ea:16:57:6d:b3:c5:b9:08:4e:5c:9b:5b:
         70:a3:67:b9:38:75:fe:9d:62:f1:f5:af:1c:68:5c:e6:f7:fe:
         e3:2e:ee:5e:35:0e:e3:3b:92:44:47:1b:1b:35:9c:68:17:53:
         3c:d0:fc:74:3b:d3:89:2a:cb:ea:78:a6:60:1c:52:03:37:15:
         f4:01:58:d4:76:7c:62:4e:a9:30:4f:4f:cc:1e:70:57:b1:dd:
         e2:57:9d:59:79:f9:aa:49:4d:1d:53:58:f2:57:8e:02:b7:27:
         64:ea:14:91:22:d5:6d:39:e4:55:1c:3c:a4:c3:7b:31:1d:6e:
         c0:4b:e4:d3:ec:9b:42:98:ac:5c:37:f9:1f:60:af:9d:af:ba:
         cd:b6:5c:5a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJqkSfN/mqtLt126GdHORMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNDhkNTA4MjE1MzQwZWFjMGYxNGYwYjc0NzQ5ZDFjOGVj
OWY1NjYwHhcNMjQwMTAxMjIzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWI2ZTBhZGNiM2FmZmJkMmYwMjhiM2IyYTdkOTc4ZTA5YTE4NTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4R0eJRKqV3gqFK9XjFOn10npVjhU
zHKKbDlc8FxQGsH5UaAV6gYBUbEK6tuvT0U0FC4vLLxSiPUsmtJllBjT7B8SOB2K
gx1roV7Z2NJxLmefK49xbZ4K5L2wlvQ/VbtSrtDX/+rY73tiL5QhuwNbJLjvW0TH
NvpRVyGo+jcqSoEUCIACZk2cZU+YiFfinsfdmSqaAQHJ3bRi91G4VA4Ml9BxF/bj
OK3BQyJwfCr2UZb6SoD49EVH4oIs8kF9ClgIbblwk6lQHDGld6sWFJA0r6NxXGf3
J8Mq9YFV1b0WJ6weCECjs7CFDHJZHY8apnLJ3lhsE2p6/Sd+ya+Faj/SiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEG24K3LOv+9LwKLOyp9l44JoYVtMB8GA1UdIwQY
MBaAFN1I1QghU0DqwPFPC3R0nRyOyfVmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1VqVkNDRlRRT3JBOFU4TGRIU2RISTdKOVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9iYTE2YmEtYThjOC00NDJhLWJhYjkt
NDVlNDc0MDAyM2RiLzEvUWJiZ3JjczZfNzB2QW9zN0tuMlhqZ21oaFcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9iYTE2YmEtYThjOC00NDJhLWJhYjktNDVlNDc0MDAyM2Ri
LzEvM1VqVkNDRlRRT3JBOFU4TGRIU2RISTdKOVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW+psAwQC
1QVMMA0GCSqGSIb3DQEBCwUAA4IBAQBM5IGuiB9Jl3j3atK+gxRhob9P9MRzX42o
kDWqrLBxjGX74TW6jA1gpKkEicKmig+ghOXblwcS8lZwltXp1a+1pUpJmhBjfub8
2MI1vTn87RbgNddOyFbD0QsvvMMAiI6AgL4UO2YWoChhoM1ocHfov2vqFldts8W5
CE5cm1two2e5OHX+nWLx9a8caFzm9/7jLu5eNQ7jO5JERxsbNZxoF1M80Px0O9OJ
KsvqeKZgHFIDNxX0AVjUdnxiTqkwT0/MHnBXsd3iV51ZefmqSU0dU1jyV44Ctydk
6hSRItVtOeRVHDykw3sxHW7AS+TT7JtCmKxcN/kfYK+dr7rNtlxa
-----END CERTIFICATE-----