Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/QidSRmQNFZ71BUn-rK3cvIbLjeQ.roa
File:                     QidSRmQNFZ71BUn-rK3cvIbLjeQ.roa (raw, json)
Hash identifier:          ZgVDgd7mpNbvhTi4B95oejQZFj/JZpHAy3WGI5afOEw=
Subject key identifier:   42:27:52:46:64:0D:15:9E:F5:05:49:FE:AC:AD:DC:BC:86:CB:8D:E4
Certificate issuer:       /CN=874bf8070cee4305d1a389e910fb5102bbcc1941
Certificate serial:       0191466953BACE052946E8DFB6551DECD663
Authority key identifier: 87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/QidSRmQNFZ71BUn-rK3cvIbLjeQ.roa
Signing time:             Mon 12 Aug 2024 11:46:33 +0000
ROA not before:           Mon 12 Aug 2024 11:46:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        85.237.72.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:46:69:53:ba:ce:05:29:46:e8:df:b6:55:1d:ec:d6:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874bf8070cee4305d1a389e910fb5102bbcc1941
        Validity
            Not Before: Aug 12 11:46:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42275246640d159ef50549feacaddcbc86cb8de4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:2d:26:75:92:85:93:a0:d6:36:b1:d8:d4:a2:
                    e2:12:36:7f:57:63:67:40:74:12:4c:0b:92:0f:8d:
                    a7:fc:56:ad:10:ee:5c:42:a7:55:87:3f:6d:6f:bf:
                    2c:0a:72:33:93:16:68:56:c0:41:d3:97:89:71:4b:
                    88:03:8f:02:1c:03:9d:cc:a5:f5:4e:5c:11:07:28:
                    0e:f8:fd:28:60:85:ff:e8:e2:d0:1b:bc:02:67:4f:
                    7a:7d:fc:19:94:ee:a3:d9:da:65:63:33:b5:2c:dd:
                    f0:c4:ca:19:41:00:81:45:14:b2:89:ce:57:91:55:
                    1e:99:c1:1b:e4:b1:0b:13:e1:3f:7c:85:92:ff:9c:
                    fa:8b:ab:6d:9f:d8:41:fb:59:41:ba:9d:2c:e8:4c:
                    31:9a:63:6f:bc:b9:03:72:f8:79:c0:75:b2:e4:d1:
                    e7:de:7a:e9:b6:65:a3:b4:27:aa:64:ed:26:c4:1e:
                    24:62:87:06:13:34:64:1c:b9:12:80:46:5c:42:fd:
                    98:06:c8:c1:55:8a:97:1a:d7:4f:7a:a2:06:7c:ef:
                    e6:ac:c0:f4:74:35:0b:0a:d9:66:62:c0:72:c0:d9:
                    8b:90:7d:3b:0c:07:71:2a:24:7f:99:1e:62:37:01:
                    91:04:dc:37:3b:6b:74:dd:5f:ad:55:64:30:87:ec:
                    fe:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:27:52:46:64:0D:15:9E:F5:05:49:FE:AC:AD:DC:BC:86:CB:8D:E4
            X509v3 Authority Key Identifier:
                keyid:87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/QidSRmQNFZ71BUn-rK3cvIbLjeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         30:f4:0f:b6:8b:cc:ae:b9:58:af:d7:07:52:2d:29:15:9c:1d:
         6c:93:44:15:97:2d:64:13:40:0e:31:df:42:40:b2:98:9d:ee:
         39:c3:47:89:f3:66:06:07:f7:6b:89:fb:7e:6e:07:09:71:c1:
         69:7b:f0:c8:d1:33:5b:97:7a:e3:59:d3:24:f5:82:11:a3:3d:
         ed:83:1e:b8:b0:ff:80:73:ad:3d:42:4a:4e:d4:cc:03:c1:42:
         c2:64:7f:a9:5e:7e:8c:9a:47:a6:0c:8b:9c:07:75:b5:9c:04:
         c9:fb:76:75:82:f1:7d:b5:89:47:d6:7f:50:23:8d:e9:e7:53:
         9e:92:f9:ef:6a:c1:2a:69:95:ef:1c:39:ee:31:50:54:8a:4f:
         1f:33:56:b4:39:50:3b:62:8f:87:77:76:83:07:75:88:6e:75:
         ef:c9:f6:7b:43:de:7a:11:67:73:a2:fd:6a:01:b0:1f:50:15:
         3d:f8:a8:17:db:a8:2d:14:ab:fc:9b:39:4e:df:cf:cc:8b:1c:
         95:66:6a:56:ab:1f:da:d2:f3:28:76:8a:92:c5:54:59:1f:ad:
         06:21:e3:d9:a5:99:a7:94:b5:b0:97:18:75:65:65:85:fb:d1:
         24:e5:67:c6:f5:a1:2e:19:41:17:20:42:95:56:2b:81:51:d5:
         df:0f:29:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFGaVO6zgUpRujftlUd7NZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGJmODA3MGNlZTQzMDVkMWEzODllOTEwZmI1MTAyYmJj
YzE5NDEwHhcNMjQwODEyMTE0NjMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjI3NTI0NjY0MGQxNTllZjUwNTQ5ZmVhY2FkZGNiYzg2Y2I4ZGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2y0mdZKFk6DWNrHY1KLiEjZ/V2Nn
QHQSTAuSD42n/FatEO5cQqdVhz9tb78sCnIzkxZoVsBB05eJcUuIA48CHAOdzKX1
TlwRBygO+P0oYIX/6OLQG7wCZ096ffwZlO6j2dplYzO1LN3wxMoZQQCBRRSyic5X
kVUemcEb5LELE+E/fIWS/5z6i6ttn9hB+1lBup0s6EwxmmNvvLkDcvh5wHWy5NHn
3nrptmWjtCeqZO0mxB4kYocGEzRkHLkSgEZcQv2YBsjBVYqXGtdPeqIGfO/mrMD0
dDULCtlmYsBywNmLkH07DAdxKiR/mR5iNwGRBNw3O2t03V+tVWQwh+z+8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEInUkZkDRWe9QVJ/qyt3LyGy43kMB8GA1UdIwQY
MBaAFIdL+AcM7kMF0aOJ6RD7UQK7zBlBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWIt
NmZlNGQ4ZmVkMTYwLzEvUWlkU1JtUU5GWjcxQlVuLXJLM2N2SWJMamVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWItNmZlNGQ4ZmVkMTYw
LzEvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVe1IMA0G
CSqGSIb3DQEBCwUAA4IBAQAw9A+2i8yuuViv1wdSLSkVnB1sk0QVly1kE0AOMd9C
QLKYne45w0eJ82YGB/drift+bgcJccFpe/DI0TNbl3rjWdMk9YIRoz3tgx64sP+A
c609QkpO1MwDwULCZH+pXn6MmkemDIucB3W1nATJ+3Z1gvF9tYlH1n9QI43p51Oe
kvnvasEqaZXvHDnuMVBUik8fM1a0OVA7Yo+Hd3aDB3WIbnXvyfZ7Q956EWdzov1q
AbAfUBU9+KgX26gtFKv8mzlO38/MixyVZmpWqx/a0vModoqSxVRZH60GIePZpZmn
lLWwlxh1ZWWF+9Ek5WfG9aEuGUEXIEKVViuBUdXfDyma
-----END CERTIFICATE-----