Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/qlZXqLIYmGOoim6-ok_kbhdC1sg.roa
File:                     qlZXqLIYmGOoim6-ok_kbhdC1sg.roa (raw, json)
Hash identifier:          /PvzmRjnPZKuwj3dLKhEZCX0Qd+yOdoIwwmjuD4Rwlw=
Subject key identifier:   AA:56:57:A8:B2:18:98:63:A8:8A:6E:BE:A2:4F:E4:6E:17:42:D6:C8
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       018CC9BC2947E00E298B8E5080E6C6ABDF58
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/qlZXqLIYmGOoim6-ok_kbhdC1sg.roa
Signing time:             Tue 02 Jan 2024 10:33:20 +0000
ROA not before:           Tue 02 Jan 2024 10:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203918
IP address blocks:        185.117.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:29:47:e0:0e:29:8b:8e:50:80:e6:c6:ab:df:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jan  2 10:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa5657a8b2189863a88a6ebea24fe46e1742d6c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:61:4e:b9:e0:95:a6:ed:4e:c1:21:b9:35:7d:
                    c8:a1:70:a1:82:c0:06:a5:d7:d5:4c:09:08:0e:26:
                    b8:e4:bd:84:2b:45:3e:d2:11:8c:d7:d6:36:fc:ba:
                    42:4b:8a:30:71:5b:81:51:ea:4a:92:ea:08:07:f5:
                    51:00:3b:84:1e:e9:b8:0f:00:68:a1:77:64:95:88:
                    1f:dd:08:e0:02:26:29:1d:c7:ec:b7:b0:92:97:81:
                    af:bf:4d:15:3a:5d:2c:05:2b:8c:bb:4f:1f:14:42:
                    14:9e:fe:0a:1d:f6:13:fc:4f:91:36:01:ec:8f:49:
                    2b:62:78:12:4b:5d:b1:56:b4:0a:01:4f:fb:9e:c8:
                    82:79:a7:af:30:53:52:96:3a:d0:ef:d8:95:3b:bc:
                    33:a3:95:b1:09:e0:6b:3a:a0:5d:2b:1c:2c:d0:26:
                    70:b5:c1:41:9a:be:99:ba:99:10:94:00:b7:5c:24:
                    c0:9d:97:1d:3b:25:c0:3f:a0:b6:66:33:67:1b:e5:
                    6c:8a:e4:e4:03:df:60:b1:69:96:a7:d2:d1:5a:00:
                    e2:b4:cf:6a:74:90:f0:bc:a1:e9:33:7a:ae:b0:b3:
                    d7:fe:3c:4a:b7:84:a7:09:36:50:f9:cd:4a:bd:72:
                    51:c7:ec:0b:8f:59:38:a8:4d:64:98:ed:4a:29:a2:
                    14:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:56:57:A8:B2:18:98:63:A8:8A:6E:BE:A2:4F:E4:6E:17:42:D6:C8
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/qlZXqLIYmGOoim6-ok_kbhdC1sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:98:3d:89:c5:62:b0:33:2b:15:de:98:06:15:93:bd:9d:5b:
         05:53:bf:cf:c0:7a:6e:26:f7:e1:7f:36:48:03:dc:bb:89:b0:
         fa:a8:a8:f6:0c:57:9f:b3:1f:94:d7:d2:d9:57:d6:c1:40:54:
         c8:f1:d6:13:c4:b8:87:8b:e4:cb:f2:53:5d:ad:05:41:ed:77:
         16:2b:da:d8:3d:e1:3b:4b:48:a3:40:2d:0d:0b:80:2b:51:60:
         28:c5:4b:e6:91:cd:e5:39:35:56:42:91:76:72:79:cf:ef:bf:
         28:ac:2c:de:ba:ff:8f:aa:a8:a6:a5:6c:33:56:c2:3e:73:ea:
         19:07:34:66:32:e2:8c:a6:17:53:92:6e:a2:df:1c:5d:29:bb:
         9e:03:44:cd:80:20:dd:65:de:7f:00:8f:72:a1:38:38:d1:cf:
         09:93:ed:86:5b:9d:c9:52:25:d7:63:64:18:2d:62:c2:52:0a:
         de:53:73:9b:2f:8f:a0:f3:f0:b7:98:76:70:d1:6d:ee:ab:d4:
         08:9c:62:d1:34:dc:30:d7:72:c0:a6:9a:45:40:99:96:cf:19:
         ca:8a:27:26:de:eb:71:39:99:c6:f2:e6:55:03:b4:61:3b:b2:
         46:ef:84:41:91:00:62:5d:cc:4d:b2:bf:74:15:09:57:08:45:
         19:16:93:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvClH4A4pi45QgObGq99YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjQwMTAyMTAzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTU2NTdhOGIyMTg5ODYzYTg4YTZlYmVhMjRmZTQ2ZTE3NDJkNmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWFOueCVpu1OwSG5NX3IoXChgsAG
pdfVTAkIDia45L2EK0U+0hGM19Y2/LpCS4owcVuBUepKkuoIB/VRADuEHum4DwBo
oXdklYgf3QjgAiYpHcfst7CSl4Gvv00VOl0sBSuMu08fFEIUnv4KHfYT/E+RNgHs
j0krYngSS12xVrQKAU/7nsiCeaevMFNSljrQ79iVO7wzo5WxCeBrOqBdKxws0CZw
tcFBmr6ZupkQlAC3XCTAnZcdOyXAP6C2ZjNnG+VsiuTkA99gsWmWp9LRWgDitM9q
dJDwvKHpM3qusLPX/jxKt4SnCTZQ+c1KvXJRx+wLj1k4qE1kmO1KKaIUpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpWV6iyGJhjqIpuvqJP5G4XQtbIMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvcWxaWHFMSVltR09vaW02LW9rX2tiaGRDMXNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXVTMA0G
CSqGSIb3DQEBCwUAA4IBAQCHmD2JxWKwMysV3pgGFZO9nVsFU7/PwHpuJvfhfzZI
A9y7ibD6qKj2DFefsx+U19LZV9bBQFTI8dYTxLiHi+TL8lNdrQVB7XcWK9rYPeE7
S0ijQC0NC4ArUWAoxUvmkc3lOTVWQpF2cnnP778orCzeuv+PqqimpWwzVsI+c+oZ
BzRmMuKMphdTkm6i3xxdKbueA0TNgCDdZd5/AI9yoTg40c8Jk+2GW53JUiXXY2QY
LWLCUgreU3ObL4+g8/C3mHZw0W3uq9QInGLRNNww13LApppFQJmWzxnKiicm3utx
OZnG8uZVA7RhO7JG74RBkQBiXcxNsr90FQlXCEUZFpOl
-----END CERTIFICATE-----