Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/095ac9-c3fa-465d-831d-47c950336e2f/1/KQt1-zXzYMFQ4PTOAKpwp55nhlY.roa
File:                     KQt1-zXzYMFQ4PTOAKpwp55nhlY.roa (raw, json)
Hash identifier:          pHBs+pYMVuuntdmcfXm92fBVui6m7Rp3V4u+L0Ec/0Q=
Subject key identifier:   29:0B:75:FB:35:F3:60:C1:50:E0:F4:CE:00:AA:70:A7:9E:67:86:56
Certificate issuer:       /CN=85d05e017e333d17b3aeb8c5d4943be8dc67c084
Certificate serial:       018CC6B852C684FA73539BBBCC3E1E1B1C60
Authority key identifier: 85:D0:5E:01:7E:33:3D:17:B3:AE:B8:C5:D4:94:3B:E8:DC:67:C0:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hdBeAX4zPRezrrjF1JQ76NxnwIQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/095ac9-c3fa-465d-831d-47c950336e2f/1/KQt1-zXzYMFQ4PTOAKpwp55nhlY.roa
Signing time:             Mon 01 Jan 2024 20:30:17 +0000
ROA not before:           Mon 01 Jan 2024 20:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200023
IP address blocks:        194.176.127.0/24 maxlen: 24
                          45.82.184.0/22 maxlen: 22
                          2a0e:7180::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/095ac9-c3fa-465d-831d-47c950336e2f/1/hdBeAX4zPRezrrjF1JQ76NxnwIQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/095ac9-c3fa-465d-831d-47c950336e2f/1/hdBeAX4zPRezrrjF1JQ76NxnwIQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hdBeAX4zPRezrrjF1JQ76NxnwIQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:52:c6:84:fa:73:53:9b:bb:cc:3e:1e:1b:1c:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85d05e017e333d17b3aeb8c5d4943be8dc67c084
        Validity
            Not Before: Jan  1 20:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=290b75fb35f360c150e0f4ce00aa70a79e678656
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:68:82:c1:a0:fe:5b:7d:94:d9:08:a0:bd:11:
                    f2:0a:a1:37:69:f1:6f:18:ef:cb:ca:a5:3f:b4:0d:
                    10:ee:b6:96:96:ca:56:bb:54:5d:1c:d8:c2:9e:d9:
                    2b:53:05:a2:74:1f:f5:2a:a1:52:a0:bb:95:d5:47:
                    04:5d:f9:3e:6c:2b:77:0f:60:63:96:af:e8:c3:bb:
                    d0:c1:54:c8:d3:45:87:6d:56:22:65:d7:d7:76:83:
                    d0:e2:a9:fd:ce:c8:f6:a9:f4:5f:88:8a:cc:df:06:
                    19:8b:eb:f2:f7:c2:c1:0e:8f:91:6e:af:cc:31:e7:
                    15:15:61:50:aa:07:04:7e:a1:26:9c:a7:23:96:59:
                    61:bf:ce:f1:7f:5f:9b:75:6d:df:b0:39:d9:b3:ce:
                    7d:59:b8:a2:c3:c2:ef:24:c0:73:48:9a:22:54:9f:
                    97:11:b0:55:c3:08:d2:f7:a6:84:83:22:5e:8b:3e:
                    d8:04:2e:40:f9:e0:01:b4:37:46:d9:79:17:6d:60:
                    d3:12:03:39:83:c4:90:6b:12:2f:64:6d:2d:d0:20:
                    59:02:d7:30:cf:1b:0c:7a:f2:b6:73:af:69:89:9c:
                    d5:ed:c6:c5:0d:dd:d9:7f:e3:84:41:00:8e:ca:49:
                    62:df:14:99:24:46:53:96:5a:5c:4f:a7:4e:a9:33:
                    19:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:0B:75:FB:35:F3:60:C1:50:E0:F4:CE:00:AA:70:A7:9E:67:86:56
            X509v3 Authority Key Identifier:
                keyid:85:D0:5E:01:7E:33:3D:17:B3:AE:B8:C5:D4:94:3B:E8:DC:67:C0:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hdBeAX4zPRezrrjF1JQ76NxnwIQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/095ac9-c3fa-465d-831d-47c950336e2f/1/KQt1-zXzYMFQ4PTOAKpwp55nhlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/095ac9-c3fa-465d-831d-47c950336e2f/1/hdBeAX4zPRezrrjF1JQ76NxnwIQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.184.0/22
                  194.176.127.0/24
                IPv6:
                  2a0e:7180::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:37:6e:3a:67:cd:c0:00:95:c4:9f:03:72:61:be:cf:af:8f:
         73:84:c1:a9:fd:88:4a:12:79:95:bd:96:dd:b3:52:65:90:7a:
         43:e5:66:ea:68:5e:00:2a:db:9f:d7:6a:35:0d:c7:6a:5e:b6:
         72:12:3c:68:f3:3f:a7:e1:ca:d6:ca:5d:be:63:dd:97:a7:81:
         c8:a8:d0:0c:94:ca:79:fa:d0:70:95:18:20:1d:15:ce:68:44:
         e3:71:03:b9:85:a1:e1:6f:27:36:84:12:39:73:0d:25:1b:1c:
         c9:3b:61:9c:c8:cb:91:ce:f5:b7:e2:bf:11:ad:1a:3b:5f:82:
         62:ae:fc:0f:3a:60:1c:d5:f1:81:ff:a7:7d:b0:27:81:d0:b3:
         f7:57:0b:5e:32:29:a9:26:1f:5e:01:70:63:07:8c:85:0f:d9:
         97:d1:d5:dc:55:ec:eb:2e:e5:a9:ad:b3:c6:d7:9b:be:80:c4:
         42:8a:87:c1:14:e3:b6:45:6b:f7:a3:e4:0f:1c:c6:7e:9d:6a:
         a2:6e:30:17:21:f9:e0:48:77:e2:c8:b9:45:50:ab:12:ff:02:
         79:2d:30:e8:da:33:c3:33:e7:b8:bc:32:d2:93:ab:40:1a:d8:
         2d:c8:e2:cc:81:d8:37:e7:ee:31:02:79:68:e1:bd:7c:fe:1b:
         38:56:99:d0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGuFLGhPpzU5u7zD4eGxxgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZDA1ZTAxN2UzMzNkMTdiM2FlYjhjNWQ0OTQzYmU4ZGM2
N2MwODQwHhcNMjQwMTAxMjAzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTBiNzVmYjM1ZjM2MGMxNTBlMGY0Y2UwMGFhNzBhNzllNjc4NjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmiCwaD+W32U2QigvRHyCqE3afFv
GO/LyqU/tA0Q7raWlspWu1RdHNjCntkrUwWidB/1KqFSoLuV1UcEXfk+bCt3D2Bj
lq/ow7vQwVTI00WHbVYiZdfXdoPQ4qn9zsj2qfRfiIrM3wYZi+vy98LBDo+Rbq/M
MecVFWFQqgcEfqEmnKcjlllhv87xf1+bdW3fsDnZs859Wbiiw8LvJMBzSJoiVJ+X
EbBVwwjS96aEgyJeiz7YBC5A+eABtDdG2XkXbWDTEgM5g8SQaxIvZG0t0CBZAtcw
zxsMevK2c69piZzV7cbFDd3Zf+OEQQCOykli3xSZJEZTllpcT6dOqTMZKwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCkLdfs182DBUOD0zgCqcKeeZ4ZWMB8GA1UdIwQY
MBaAFIXQXgF+Mz0Xs664xdSUO+jcZ8CEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGRCZUFYNHpQUmV6cnJqRjFKUTc2Tnhud0lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8wOTVhYzktYzNmYS00NjVkLTgzMWQt
NDdjOTUwMzM2ZTJmLzEvS1F0MS16WHpZTUZRNFBUT0FLcHdwNTVuaGxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8wOTVhYzktYzNmYS00NjVkLTgzMWQtNDdjOTUwMzM2ZTJm
LzEvaGRCZUFYNHpQUmV6cnJqRjFKUTc2Tnhud0lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLVK4AwQA
wrB/MA0EAgACMAcDBQMqDnGAMA0GCSqGSIb3DQEBCwUAA4IBAQBkN246Z83AAJXE
nwNyYb7Pr49zhMGp/YhKEnmVvZbds1JlkHpD5WbqaF4AKtuf12o1DcdqXrZyEjxo
8z+n4crWyl2+Y92Xp4HIqNAMlMp5+tBwlRggHRXOaETjcQO5haHhbyc2hBI5cw0l
GxzJO2GcyMuRzvW34r8RrRo7X4JirvwPOmAc1fGB/6d9sCeB0LP3VwteMimpJh9e
AXBjB4yFD9mX0dXcVezrLuWprbPG15u+gMRCiofBFOO2RWv3o+QPHMZ+nWqibjAX
IfngSHfiyLlFUKsS/wJ5LTDo2jPDM+e4vDLSk6tAGtgtyOLMgdg35+4xAnlo4b18
/hs4VpnQ
-----END CERTIFICATE-----