Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/4301c9-c0ee-4040-a742-50336f5d340e/1/q2SErYnxRC9rwYdQeWyKl1_VDEQ.roa
File:                     q2SErYnxRC9rwYdQeWyKl1_VDEQ.roa (raw, json)
Hash identifier:          T+Vi/mxR19HsiChbw80qzS8ytzvDMTo/Bu8NMoC70rU=
Subject key identifier:   AB:64:84:AD:89:F1:44:2F:6B:C1:87:50:79:6C:8A:97:5F:D5:0C:44
Certificate issuer:       /CN=ed5902bdfbd74c33ea76453d145e76f6aa857c41
Certificate serial:       018CC26CF41914DE2649BA59E86260C610A3
Authority key identifier: ED:59:02:BD:FB:D7:4C:33:EA:76:45:3D:14:5E:76:F6:AA:85:7C:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7VkCvfvXTDPqdkU9FF529qqFfEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/4301c9-c0ee-4040-a742-50336f5d340e/1/q2SErYnxRC9rwYdQeWyKl1_VDEQ.roa
Signing time:             Mon 01 Jan 2024 00:29:29 +0000
ROA not before:           Mon 01 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34752
IP address blocks:        91.102.248.0/21 maxlen: 21
                          85.116.32.0/19 maxlen: 19
                          2a01:7b0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/4301c9-c0ee-4040-a742-50336f5d340e/1/7VkCvfvXTDPqdkU9FF529qqFfEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/4301c9-c0ee-4040-a742-50336f5d340e/1/7VkCvfvXTDPqdkU9FF529qqFfEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7VkCvfvXTDPqdkU9FF529qqFfEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f4:19:14:de:26:49:ba:59:e8:62:60:c6:10:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed5902bdfbd74c33ea76453d145e76f6aa857c41
        Validity
            Not Before: Jan  1 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab6484ad89f1442f6bc18750796c8a975fd50c44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4a:68:bd:7d:e8:86:d6:1b:d1:a7:dd:c9:f9:
                    89:c4:8a:77:9b:15:36:89:a9:e7:54:b0:23:f0:20:
                    4f:a4:6d:ed:ed:72:80:0e:83:a7:13:e3:7b:75:04:
                    b5:37:4d:b7:99:da:ed:e4:da:99:d6:a6:2e:35:bd:
                    5c:5d:84:8a:74:3d:39:cf:b2:c4:df:12:be:52:a6:
                    17:dc:3a:4e:cb:0f:1a:91:cc:42:32:60:44:e6:a0:
                    38:89:ea:91:f1:5d:98:4f:cb:67:e9:ca:31:ca:43:
                    8c:6d:cf:52:32:78:20:7c:83:57:ec:53:bf:65:e2:
                    20:ed:64:5e:c9:b0:cc:10:28:2e:96:bd:57:fe:f8:
                    58:fb:6f:2e:38:5f:bf:a0:f6:43:47:0b:da:8e:be:
                    65:32:3c:60:1f:1f:fd:51:fc:43:15:1b:b3:5a:a1:
                    2f:56:dd:2a:6a:ed:16:9c:12:6f:64:d2:f7:bc:ca:
                    7c:5e:16:29:1d:69:e3:8a:54:00:b3:16:6e:67:c4:
                    3a:91:52:b5:a3:76:25:81:92:e6:fd:85:db:64:05:
                    f1:2f:73:3d:70:66:a2:1f:ef:66:c2:d3:1c:03:35:
                    26:8b:69:a9:41:51:39:ad:7e:d6:41:af:5b:2d:b0:
                    26:81:ee:ed:d0:5b:9c:45:cc:dd:7a:4b:48:b3:c8:
                    93:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:64:84:AD:89:F1:44:2F:6B:C1:87:50:79:6C:8A:97:5F:D5:0C:44
            X509v3 Authority Key Identifier:
                keyid:ED:59:02:BD:FB:D7:4C:33:EA:76:45:3D:14:5E:76:F6:AA:85:7C:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7VkCvfvXTDPqdkU9FF529qqFfEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/4301c9-c0ee-4040-a742-50336f5d340e/1/q2SErYnxRC9rwYdQeWyKl1_VDEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/4301c9-c0ee-4040-a742-50336f5d340e/1/7VkCvfvXTDPqdkU9FF529qqFfEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.116.32.0/19
                  91.102.248.0/21
                IPv6:
                  2a01:7b0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b6:b5:8a:11:7e:b1:d3:b2:53:6a:48:91:a1:5b:fc:da:ca:31:
         5f:2c:53:50:d1:40:a6:ac:e3:47:ce:39:9d:79:dc:53:cc:b4:
         ec:e6:f8:7b:cf:6b:14:79:b6:b5:3e:79:65:c4:25:47:21:38:
         74:21:28:b6:99:ad:0a:f5:8f:f2:33:04:fb:95:16:8c:a8:70:
         d2:16:8f:0b:75:f8:0e:07:c4:46:0c:4d:30:8f:fd:eb:91:fc:
         8c:47:da:a4:6f:da:47:21:2e:66:ed:fe:b3:60:8d:c8:f6:77:
         e5:f6:c9:ff:e1:63:35:0d:65:6c:1b:21:84:f4:b2:e6:37:f1:
         cb:cf:ea:99:b3:dc:05:98:52:51:8e:05:fa:ba:7a:8a:8f:a7:
         59:b9:a7:3f:de:d9:ec:a5:2a:e2:3e:ca:c4:0e:3e:5e:80:ad:
         b9:3d:08:86:aa:7c:f2:a2:3e:ca:ee:53:fd:9a:38:ad:9a:3a:
         9b:b6:ac:f4:2d:42:03:81:e4:6d:89:dd:b6:58:8b:65:eb:24:
         be:73:dd:58:0f:be:f1:8b:bb:dd:06:47:09:31:0b:a5:49:b6:
         9e:6b:32:40:08:e6:f2:05:65:36:73:57:35:5b:15:f9:29:9a:
         8b:7c:cb:1a:2a:14:af:97:b1:37:47:34:76:1b:01:1e:40:d4:
         6f:d5:c0:89
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzCbPQZFN4mSbpZ6GJgxhCjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNTkwMmJkZmJkNzRjMzNlYTc2NDUzZDE0NWU3NmY2YWE4
NTdjNDEwHhcNMjQwMTAxMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjY0ODRhZDg5ZjE0NDJmNmJjMTg3NTA3OTZjOGE5NzVmZDUwYzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkpovX3ohtYb0afdyfmJxIp3mxU2
iannVLAj8CBPpG3t7XKADoOnE+N7dQS1N023mdrt5NqZ1qYuNb1cXYSKdD05z7LE
3xK+UqYX3DpOyw8akcxCMmBE5qA4ieqR8V2YT8tn6coxykOMbc9SMnggfINX7FO/
ZeIg7WReybDMECgulr1X/vhY+28uOF+/oPZDRwvajr5lMjxgHx/9UfxDFRuzWqEv
Vt0qau0WnBJvZNL3vMp8XhYpHWnjilQAsxZuZ8Q6kVK1o3YlgZLm/YXbZAXxL3M9
cGaiH+9mwtMcAzUmi2mpQVE5rX7WQa9bLbAmge7t0FucRczdektIs8iToQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKtkhK2J8UQva8GHUHlsipdf1QxEMB8GA1UdIwQY
MBaAFO1ZAr3710wz6nZFPRRedvaqhXxBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1ZrQ3ZmdlhURFBxZGtVOUZGNTI5cXFGZkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi80MzAxYzktYzBlZS00MDQwLWE3NDIt
NTAzMzZmNWQzNDBlLzEvcTJTRXJZbnhSQzlyd1lkUWVXeUtsMV9WREVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi80MzAxYzktYzBlZS00MDQwLWE3NDItNTAzMzZmNWQzNDBl
LzEvN1ZrQ3ZmdlhURFBxZGtVOUZGNTI5cXFGZkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFVXQgAwQD
W2b4MA0EAgACMAcDBQAqAQewMA0GCSqGSIb3DQEBCwUAA4IBAQC2tYoRfrHTslNq
SJGhW/zayjFfLFNQ0UCmrONHzjmdedxTzLTs5vh7z2sUeba1PnllxCVHITh0ISi2
ma0K9Y/yMwT7lRaMqHDSFo8LdfgOB8RGDE0wj/3rkfyMR9qkb9pHIS5m7f6zYI3I
9nfl9sn/4WM1DWVsGyGE9LLmN/HLz+qZs9wFmFJRjgX6unqKj6dZuac/3tnspSri
PsrEDj5egK25PQiGqnzyoj7K7lP9mjitmjqbtqz0LUIDgeRtid22WItl6yS+c91Y
D77xi7vdBkcJMQulSbaeazJACObyBWU2c1c1WxX5KZqLfMsaKhSvl7E3RzR2GwEe
QNRv1cCJ
-----END CERTIFICATE-----