Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/0dfb97-cc3b-4e7d-88dc-78f0b2a1fe90/1/QF3YlVwTFYi4slyveqt6GzkYHhU.roa
File:                     QF3YlVwTFYi4slyveqt6GzkYHhU.roa (raw, json)
Hash identifier:          QjWXviRnPMJmUn6LJcwNAaUIWnUOSmnsmpWgXSvcrT8=
Subject key identifier:   40:5D:D8:95:5C:13:15:88:B8:B2:5C:AF:7A:AB:7A:1B:39:18:1E:15
Certificate issuer:       /CN=12e452c77c5de1090a1610bac2a63e83aa72b0d3
Certificate serial:       018CC79542FD8C45869B0060023B5FD25699
Authority key identifier: 12:E4:52:C7:7C:5D:E1:09:0A:16:10:BA:C2:A6:3E:83:AA:72:B0:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EuRSx3xd4QkKFhC6wqY-g6pysNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/0dfb97-cc3b-4e7d-88dc-78f0b2a1fe90/1/QF3YlVwTFYi4slyveqt6GzkYHhU.roa
Signing time:             Tue 02 Jan 2024 00:31:37 +0000
ROA not before:           Tue 02 Jan 2024 00:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59441
IP address blocks:        185.36.231.0/24 maxlen: 24
                          2a09:1180::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/0dfb97-cc3b-4e7d-88dc-78f0b2a1fe90/1/EuRSx3xd4QkKFhC6wqY-g6pysNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/0dfb97-cc3b-4e7d-88dc-78f0b2a1fe90/1/EuRSx3xd4QkKFhC6wqY-g6pysNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EuRSx3xd4QkKFhC6wqY-g6pysNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:42:fd:8c:45:86:9b:00:60:02:3b:5f:d2:56:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12e452c77c5de1090a1610bac2a63e83aa72b0d3
        Validity
            Not Before: Jan  2 00:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=405dd8955c131588b8b25caf7aab7a1b39181e15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f3:ad:79:f5:9f:a8:1f:5a:d6:47:5e:8a:79:
                    5c:c7:7f:95:8b:1e:61:9e:bf:1b:14:96:54:f3:f3:
                    f1:63:33:be:c6:64:3a:9c:c2:ec:4e:43:67:2f:a9:
                    c7:a8:d9:c8:3f:7d:a0:7d:5a:4f:a0:c0:54:6c:03:
                    42:a5:fb:4e:9b:f7:6c:98:64:1f:1f:6e:9f:13:63:
                    b9:c1:56:9d:5c:8e:61:c8:20:ec:14:9e:4e:cf:e7:
                    87:25:05:0e:81:ec:ed:6f:e0:e7:b2:63:4f:4a:4a:
                    3b:61:21:6d:41:2b:fb:a5:4a:dd:f8:2b:1c:8a:79:
                    0d:bd:5c:88:f8:ff:14:be:82:b8:96:79:25:d0:4b:
                    9a:d5:5a:88:d3:fc:25:11:c9:23:6c:7e:5f:a0:b1:
                    d9:21:5a:47:3b:89:a6:6f:a5:10:38:c1:43:b8:db:
                    0d:61:71:b9:7b:8f:71:51:57:14:e4:21:91:93:12:
                    7d:d5:80:ef:7d:57:ac:85:59:2b:12:08:d2:ef:af:
                    fc:a7:8c:9b:9b:63:91:84:f0:ca:18:9e:f2:9d:ab:
                    a3:a6:ab:ce:32:fb:30:57:c4:da:12:8a:da:12:71:
                    84:14:a7:ca:c7:e6:85:7a:87:f6:0c:b1:b5:d9:e9:
                    e7:3b:df:2e:1d:8c:3b:fc:e3:10:67:d5:4c:40:e0:
                    e8:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:5D:D8:95:5C:13:15:88:B8:B2:5C:AF:7A:AB:7A:1B:39:18:1E:15
            X509v3 Authority Key Identifier:
                keyid:12:E4:52:C7:7C:5D:E1:09:0A:16:10:BA:C2:A6:3E:83:AA:72:B0:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EuRSx3xd4QkKFhC6wqY-g6pysNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/0dfb97-cc3b-4e7d-88dc-78f0b2a1fe90/1/QF3YlVwTFYi4slyveqt6GzkYHhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/0dfb97-cc3b-4e7d-88dc-78f0b2a1fe90/1/EuRSx3xd4QkKFhC6wqY-g6pysNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.231.0/24
                IPv6:
                  2a09:1180::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:2b:1e:13:80:30:d6:8c:2d:5d:72:60:d6:87:f4:80:5d:4d:
         12:9f:e3:a2:f7:fa:23:56:2d:3c:30:fb:03:b0:cd:1e:6f:b5:
         2d:a8:17:00:2a:34:e4:49:a7:d6:dc:1f:e8:74:0a:23:aa:41:
         d3:75:dd:bf:48:1b:3d:03:97:7b:e2:b9:7e:fe:d7:79:2a:6c:
         ef:47:74:d0:31:db:4e:92:51:71:9a:59:a2:3e:be:5a:52:97:
         48:81:71:d3:ca:14:0f:76:2a:93:33:5d:9e:8e:9f:84:6f:ea:
         a3:d6:3d:c5:af:ee:9b:e1:00:ca:61:e0:66:ef:75:8a:78:fb:
         5d:c3:eb:16:68:25:25:c8:66:b6:e6:9b:08:e2:17:cb:01:a8:
         ef:2b:4b:1f:c1:13:71:1c:93:99:c5:e8:b6:82:2d:a4:8c:39:
         2e:61:08:8c:77:29:da:c9:11:70:a4:58:ec:2d:36:96:76:be:
         b4:bd:ca:58:2d:8b:5d:09:c6:c7:54:f7:b1:29:88:fb:d1:6f:
         7b:1e:7c:92:3b:6e:93:da:b9:d4:b2:03:8a:11:c1:66:c6:af:
         85:33:ad:ca:65:9b:55:17:d3:42:16:13:21:6c:d8:5b:78:a4:
         7d:22:1d:5d:24:40:e3:25:73:12:d9:1c:59:1f:4b:40:b3:67:
         b0:26:3f:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlUL9jEWGmwBgAjtf0laZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZTQ1MmM3N2M1ZGUxMDkwYTE2MTBiYWMyYTYzZTgzYWE3
MmIwZDMwHhcNMjQwMTAyMDAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDVkZDg5NTVjMTMxNTg4YjhiMjVjYWY3YWFiN2ExYjM5MTgxZTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvOtefWfqB9a1kdeinlcx3+Vix5h
nr8bFJZU8/PxYzO+xmQ6nMLsTkNnL6nHqNnIP32gfVpPoMBUbANCpftOm/dsmGQf
H26fE2O5wVadXI5hyCDsFJ5Oz+eHJQUOgeztb+DnsmNPSko7YSFtQSv7pUrd+Csc
inkNvVyI+P8UvoK4lnkl0Eua1VqI0/wlEckjbH5foLHZIVpHO4mmb6UQOMFDuNsN
YXG5e49xUVcU5CGRkxJ91YDvfVeshVkrEgjS76/8p4ybm2ORhPDKGJ7ynaujpqvO
MvswV8TaEoraEnGEFKfKx+aFeof2DLG12ennO98uHYw7/OMQZ9VMQODopwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEBd2JVcExWIuLJcr3qrehs5GB4VMB8GA1UdIwQY
MBaAFBLkUsd8XeEJChYQusKmPoOqcrDTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXVSU3gzeGQ0UWtLRmhDNndxWS1nNnB5c05NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy8wZGZiOTctY2MzYi00ZTdkLTg4ZGMt
NzhmMGIyYTFmZTkwLzEvUUYzWWxWd1RGWWk0c2x5dmVxdDZHemtZSGhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy8wZGZiOTctY2MzYi00ZTdkLTg4ZGMtNzhmMGIyYTFmZTkw
LzEvRXVSU3gzeGQ0UWtLRmhDNndxWS1nNnB5c05NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuSTnMA0E
AgACMAcDBQMqCRGAMA0GCSqGSIb3DQEBCwUAA4IBAQBQKx4TgDDWjC1dcmDWh/SA
XU0Sn+Oi9/ojVi08MPsDsM0eb7UtqBcAKjTkSafW3B/odAojqkHTdd2/SBs9A5d7
4rl+/td5KmzvR3TQMdtOklFxmlmiPr5aUpdIgXHTyhQPdiqTM12ejp+Eb+qj1j3F
r+6b4QDKYeBm73WKePtdw+sWaCUlyGa25psI4hfLAajvK0sfwRNxHJOZxei2gi2k
jDkuYQiMdynayRFwpFjsLTaWdr60vcpYLYtdCcbHVPexKYj70W97HnySO26T2rnU
sgOKEcFmxq+FM63KZZtVF9NCFhMhbNhbeKR9Ih1dJEDjJXMS2RxZH0tAs2ewJj8q
-----END CERTIFICATE-----