Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/qE9gGXYUSJ75m7FSreNdTRRqJks.roa
File:                     qE9gGXYUSJ75m7FSreNdTRRqJks.roa (raw, json)
Hash identifier:          dZijzHDc9AJvlk4qp7rRWmglzXa9mzuRZ39B1gmsieQ=
Subject key identifier:   A8:4F:60:19:76:14:48:9E:F9:9B:B1:52:AD:E3:5D:4D:14:6A:26:4B
Certificate issuer:       /CN=b6a1654dae96c532578ce1df1ebb8221dbb68145
Certificate serial:       018CC7958193D05725A3FF132268E7D93300
Authority key identifier: B6:A1:65:4D:AE:96:C5:32:57:8C:E1:DF:1E:BB:82:21:DB:B6:81:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/qE9gGXYUSJ75m7FSreNdTRRqJks.roa
Signing time:             Tue 02 Jan 2024 00:31:53 +0000
ROA not before:           Tue 02 Jan 2024 00:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39351
IP address blocks:        85.208.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:81:93:d0:57:25:a3:ff:13:22:68:e7:d9:33:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6a1654dae96c532578ce1df1ebb8221dbb68145
        Validity
            Not Before: Jan  2 00:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a84f60197614489ef99bb152ade35d4d146a264b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2c:0a:95:ad:70:68:7d:3f:a7:c4:15:e4:4f:
                    a6:35:96:0f:64:2e:dd:65:fc:f9:e9:11:a1:2c:87:
                    62:ac:96:e3:b1:3f:d0:dc:95:af:1c:fd:2a:ca:06:
                    dc:4b:cb:f5:bc:77:4d:28:77:ba:4c:de:ac:64:52:
                    f2:9e:f6:dd:91:fe:62:d3:e9:ec:b4:79:8d:f4:90:
                    1e:b2:2a:ff:12:55:c5:43:43:9b:e5:00:59:a7:5f:
                    83:4a:47:56:bd:b0:c5:7f:fe:e7:b1:ef:cf:6b:2e:
                    0e:57:df:ae:92:13:58:81:e6:e8:a0:33:d7:83:86:
                    ea:a4:bd:04:e1:11:d2:ef:9b:83:4c:23:51:9f:04:
                    66:77:b3:d8:fa:14:bb:a0:58:da:b3:42:55:bb:14:
                    55:e8:6f:66:80:24:b9:b7:ea:39:11:77:20:cf:59:
                    64:c1:f0:fc:2d:64:62:dc:1f:83:89:89:ce:51:7c:
                    75:18:97:ab:bc:3c:fb:15:69:21:0c:69:16:7d:b1:
                    6e:82:07:ef:da:f5:ce:ff:64:a3:71:ba:6d:9c:da:
                    be:8d:f5:af:84:4f:e0:4a:a2:e1:19:ad:bb:a2:f7:
                    83:a5:d0:18:b1:a7:86:41:7e:95:13:07:07:88:94:
                    34:da:c7:3d:0d:4a:73:c3:f1:f2:19:0d:1f:ea:2a:
                    62:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:4F:60:19:76:14:48:9E:F9:9B:B1:52:AD:E3:5D:4D:14:6A:26:4B
            X509v3 Authority Key Identifier:
                keyid:B6:A1:65:4D:AE:96:C5:32:57:8C:E1:DF:1E:BB:82:21:DB:B6:81:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/qE9gGXYUSJ75m7FSreNdTRRqJks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:60:76:c4:67:bf:09:66:9e:e3:40:09:39:be:f7:d1:33:ab:
         2a:a9:50:d3:eb:01:94:d6:af:fe:de:92:9b:e4:12:13:78:79:
         b6:53:42:32:66:99:8d:96:09:85:05:6b:56:50:8e:97:d6:49:
         68:a2:bc:41:e7:99:8d:4e:c0:89:f4:4a:bd:c9:fc:df:55:48:
         74:f5:6b:74:3e:e6:82:b0:94:4b:f0:86:cf:18:e1:c4:4a:65:
         b5:82:95:8f:02:a3:09:e6:fd:be:4c:d4:23:90:b7:45:77:44:
         45:72:6d:06:d0:34:6a:9d:e6:fa:f4:2c:07:8a:52:b3:35:03:
         98:15:1e:6a:af:e3:2d:6c:dc:49:f9:5c:bb:c6:c4:91:c6:ea:
         f1:c0:34:c2:f5:e2:3d:4e:98:0e:f5:76:2f:8c:20:ce:46:07:
         77:16:9e:a1:d1:90:26:d9:3d:ea:f3:94:e9:c1:54:98:d1:f0:
         47:1a:b0:01:24:8d:1c:1c:8c:5f:5a:28:2a:93:0e:ab:ed:4c:
         11:26:79:83:12:a0:28:f1:2c:84:89:55:fc:95:a1:ff:62:b4:
         57:c7:35:fb:c8:e1:74:d5:48:4d:fa:b7:de:cf:d7:f8:63:c8:
         02:b0:31:25:1f:24:fc:1b:c0:a5:c5:b7:ed:ba:da:04:02:b8:
         8f:17:45:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlYGT0Fclo/8TImjn2TMAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YTE2NTRkYWU5NmM1MzI1NzhjZTFkZjFlYmI4MjIxZGJi
NjgxNDUwHhcNMjQwMTAyMDAzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODRmNjAxOTc2MTQ0ODllZjk5YmIxNTJhZGUzNWQ0ZDE0NmEyNjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCwKla1waH0/p8QV5E+mNZYPZC7d
Zfz56RGhLIdirJbjsT/Q3JWvHP0qygbcS8v1vHdNKHe6TN6sZFLynvbdkf5i0+ns
tHmN9JAesir/ElXFQ0Ob5QBZp1+DSkdWvbDFf/7nse/Pay4OV9+ukhNYgebooDPX
g4bqpL0E4RHS75uDTCNRnwRmd7PY+hS7oFjas0JVuxRV6G9mgCS5t+o5EXcgz1lk
wfD8LWRi3B+DiYnOUXx1GJervDz7FWkhDGkWfbFuggfv2vXO/2SjcbptnNq+jfWv
hE/gSqLhGa27oveDpdAYsaeGQX6VEwcHiJQ02sc9DUpzw/HyGQ0f6ipiPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhPYBl2FEie+ZuxUq3jXU0UaiZLMB8GA1UdIwQY
MBaAFLahZU2ulsUyV4zh3x67giHbtoFFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHFGbFRhNld4VEpYak9IZkhydUNJZHUyZ1VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iMDExZDMtYmRiYS00NWNkLWE4YWMt
ZTBiZTg5YzRmMTY5LzEvcUU5Z0dYWVVTSjc1bTdGU3JlTmRUUlJxSmtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iMDExZDMtYmRiYS00NWNkLWE4YWMtZTBiZTg5YzRmMTY5
LzEvdHFGbFRhNld4VEpYak9IZkhydUNJZHUyZ1VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdCkMA0G
CSqGSIb3DQEBCwUAA4IBAQBcYHbEZ78JZp7jQAk5vvfRM6sqqVDT6wGU1q/+3pKb
5BITeHm2U0IyZpmNlgmFBWtWUI6X1kloorxB55mNTsCJ9Eq9yfzfVUh09Wt0PuaC
sJRL8IbPGOHESmW1gpWPAqMJ5v2+TNQjkLdFd0RFcm0G0DRqneb69CwHilKzNQOY
FR5qr+MtbNxJ+Vy7xsSRxurxwDTC9eI9TpgO9XYvjCDORgd3Fp6h0ZAm2T3q85Tp
wVSY0fBHGrABJI0cHIxfWigqkw6r7UwRJnmDEqAo8SyEiVX8laH/YrRXxzX7yOF0
1UhN+rfez9f4Y8gCsDElHyT8G8ClxbftutoEAriPF0Wn
-----END CERTIFICATE-----