Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/QkOXvfhuvflDbwcBZZxvegz35Zk.roa
File:                     QkOXvfhuvflDbwcBZZxvegz35Zk.roa (raw, json)
Hash identifier:          e+omVu38oSUCtUZ7Ssq1Qmcdr8HKCfDc6bXfylpa0dw=
Subject key identifier:   42:43:97:BD:F8:6E:BD:F9:43:6F:07:01:65:9C:6F:7A:0C:F7:E5:99
Certificate issuer:       /CN=db239685409f64ba1c3a54a8ef141c924e71d892
Certificate serial:       0190E3D809D326C9CA804B12B201482501C0
Authority key identifier: DB:23:96:85:40:9F:64:BA:1C:3A:54:A8:EF:14:1C:92:4E:71:D8:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2yOWhUCfZLocOlSo7xQckk5x2JI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/QkOXvfhuvflDbwcBZZxvegz35Zk.roa
Signing time:             Wed 24 Jul 2024 08:25:04 +0000
ROA not before:           Wed 24 Jul 2024 08:25:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47841
IP address blocks:        185.65.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/2yOWhUCfZLocOlSo7xQckk5x2JI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/2yOWhUCfZLocOlSo7xQckk5x2JI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2yOWhUCfZLocOlSo7xQckk5x2JI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e3:d8:09:d3:26:c9:ca:80:4b:12:b2:01:48:25:01:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db239685409f64ba1c3a54a8ef141c924e71d892
        Validity
            Not Before: Jul 24 08:25:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=424397bdf86ebdf9436f0701659c6f7a0cf7e599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b7:03:d2:7c:92:aa:a6:45:0c:fe:a3:97:74:
                    ba:7f:04:26:87:b9:10:bd:6c:86:d2:43:44:7f:d8:
                    76:24:fa:b4:d8:26:f3:d5:ff:92:5c:3b:8b:ac:69:
                    16:a1:fc:63:67:89:cf:0b:37:ee:79:73:09:5f:fd:
                    84:0c:d6:7d:42:a5:df:a3:ff:55:6d:63:52:95:66:
                    4f:56:7c:50:52:60:23:12:71:c8:7e:79:bd:25:37:
                    a6:2f:90:4f:e7:3c:27:7f:a7:2a:56:a1:7f:fb:16:
                    09:29:6e:ed:46:eb:f5:6f:3b:d6:0d:4b:b2:2f:fd:
                    aa:58:2e:52:57:6c:4c:da:9c:36:cd:f6:bb:2d:13:
                    c0:52:8e:cf:61:86:45:23:1b:40:0b:28:7b:da:8e:
                    53:2a:97:40:fc:ad:09:b8:be:e4:06:7b:76:99:e3:
                    b6:1c:bc:d2:3b:42:4b:0d:57:ab:0a:c5:c4:d1:02:
                    12:87:fc:e6:c2:94:5b:7f:3f:27:9f:99:0b:cd:35:
                    43:d9:e2:f0:91:32:5a:64:1f:ac:7b:6d:4d:79:d9:
                    b5:90:f2:f4:e9:5a:f4:ab:71:5f:b6:15:39:ed:fd:
                    17:44:ea:ee:65:50:f8:c5:e8:2b:46:8d:da:00:a3:
                    6a:ef:4f:f5:af:f6:4c:d9:7f:b8:4c:c3:c0:ca:14:
                    68:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:43:97:BD:F8:6E:BD:F9:43:6F:07:01:65:9C:6F:7A:0C:F7:E5:99
            X509v3 Authority Key Identifier:
                keyid:DB:23:96:85:40:9F:64:BA:1C:3A:54:A8:EF:14:1C:92:4E:71:D8:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2yOWhUCfZLocOlSo7xQckk5x2JI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/QkOXvfhuvflDbwcBZZxvegz35Zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/2yOWhUCfZLocOlSo7xQckk5x2JI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:18:d5:2f:03:c6:1e:c8:78:ba:31:ff:c3:71:6e:54:69:fd:
         a1:53:28:f3:da:c6:ec:c4:14:8e:36:d6:82:3e:b1:6c:1d:bf:
         35:db:af:4d:07:5f:1b:30:e8:1a:5d:4b:86:d5:64:84:68:57:
         54:cb:0b:c5:87:01:f7:16:61:63:e3:0d:b0:11:75:a9:4a:cf:
         94:41:a7:e5:e5:f6:df:6c:4b:51:23:80:89:62:60:55:a4:94:
         ad:44:19:6e:0c:b5:60:7c:7e:21:95:b8:d1:e3:13:f8:bc:03:
         dd:69:50:ca:9c:37:50:7f:19:75:1a:e7:a8:f9:da:22:d9:16:
         57:a4:95:17:e6:eb:87:80:52:3b:34:e9:78:5b:53:e7:9d:c3:
         df:04:5a:7e:bc:f7:33:23:60:c6:3a:72:f9:e2:9b:88:85:f5:
         d8:2f:b8:35:92:41:06:56:e2:01:c9:f8:15:fc:33:4d:e2:e7:
         ad:7a:9c:77:bc:f5:45:f9:c1:d8:02:0a:10:2a:35:a3:91:3d:
         d0:ef:26:75:72:b1:2c:24:1e:8f:86:03:ff:1e:dd:2c:05:20:
         c3:50:50:bc:ee:85:a3:76:6d:19:4d:b6:3f:03:2b:1f:93:ce:
         54:76:db:73:6b:aa:bf:1f:ce:12:1c:47:b9:94:80:20:1e:39:
         b7:b9:7d:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDj2AnTJsnKgEsSsgFIJQHAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMjM5Njg1NDA5ZjY0YmExYzNhNTRhOGVmMTQxYzkyNGU3
MWQ4OTIwHhcNMjQwNzI0MDgyNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjQzOTdiZGY4NmViZGY5NDM2ZjA3MDE2NTljNmY3YTBjZjdlNTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrcD0nySqqZFDP6jl3S6fwQmh7kQ
vWyG0kNEf9h2JPq02Cbz1f+SXDuLrGkWofxjZ4nPCzfueXMJX/2EDNZ9QqXfo/9V
bWNSlWZPVnxQUmAjEnHIfnm9JTemL5BP5zwnf6cqVqF/+xYJKW7tRuv1bzvWDUuy
L/2qWC5SV2xM2pw2zfa7LRPAUo7PYYZFIxtACyh72o5TKpdA/K0JuL7kBnt2meO2
HLzSO0JLDVerCsXE0QISh/zmwpRbfz8nn5kLzTVD2eLwkTJaZB+se21Nedm1kPL0
6Vr0q3FfthU57f0XROruZVD4xegrRo3aAKNq70/1r/ZM2X+4TMPAyhRoiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJDl734br35Q28HAWWcb3oM9+WZMB8GA1UdIwQY
MBaAFNsjloVAn2S6HDpUqO8UHJJOcdiSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnlPV2hVQ2ZaTG9jT2xTbzd4UWNrazV4MkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC84ZDZmZDctMWNiMy00MTNjLWEzMmIt
MmVmNDQ3ZTFiMDhjLzEvUWtPWHZmaHV2ZmxEYndjQlpaeHZlZ3ozNVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC84ZDZmZDctMWNiMy00MTNjLWEzMmItMmVmNDQ3ZTFiMDhj
LzEvMnlPV2hVQ2ZaTG9jT2xTbzd4UWNrazV4MkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUFwMA0G
CSqGSIb3DQEBCwUAA4IBAQBzGNUvA8YeyHi6Mf/DcW5Uaf2hUyjz2sbsxBSONtaC
PrFsHb81269NB18bMOgaXUuG1WSEaFdUywvFhwH3FmFj4w2wEXWpSs+UQafl5fbf
bEtRI4CJYmBVpJStRBluDLVgfH4hlbjR4xP4vAPdaVDKnDdQfxl1Gueo+doi2RZX
pJUX5uuHgFI7NOl4W1PnncPfBFp+vPczI2DGOnL54puIhfXYL7g1kkEGVuIByfgV
/DNN4uetepx3vPVF+cHYAgoQKjWjkT3Q7yZ1crEsJB6PhgP/Ht0sBSDDUFC87oWj
dm0ZTbY/Aysfk85Udttza6q/H84SHEe5lIAgHjm3uX09
-----END CERTIFICATE-----