Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/7c2e07-6cf2-4122-99f4-9c6bea4cd5b5/1/CqbO2_slOXKtNd89wTiAsTzCVDs.roa
File:                     CqbO2_slOXKtNd89wTiAsTzCVDs.roa (raw, json)
Hash identifier:          DhfhriyVWcBKKRUTpl8wdNZpeNbl5fgzXd+OtzlCmGk=
Subject key identifier:   0A:A6:CE:DB:FB:25:39:72:AD:35:DF:3D:C1:38:80:B1:3C:C2:54:3B
Certificate issuer:       /CN=07ac64191435789995bc5a67f5b51d9685002815
Certificate serial:       018CC86F835E42599DC13B30AE7AFB712C50
Authority key identifier: 07:AC:64:19:14:35:78:99:95:BC:5A:67:F5:B5:1D:96:85:00:28:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B6xkGRQ1eJmVvFpn9bUdloUAKBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/7c2e07-6cf2-4122-99f4-9c6bea4cd5b5/1/CqbO2_slOXKtNd89wTiAsTzCVDs.roa
Signing time:             Tue 02 Jan 2024 04:30:00 +0000
ROA not before:           Tue 02 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34049
IP address blocks:        185.137.124.0/22 maxlen: 22
                          2a07:3c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/7c2e07-6cf2-4122-99f4-9c6bea4cd5b5/1/B6xkGRQ1eJmVvFpn9bUdloUAKBU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/7c2e07-6cf2-4122-99f4-9c6bea4cd5b5/1/B6xkGRQ1eJmVvFpn9bUdloUAKBU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B6xkGRQ1eJmVvFpn9bUdloUAKBU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:83:5e:42:59:9d:c1:3b:30:ae:7a:fb:71:2c:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07ac64191435789995bc5a67f5b51d9685002815
        Validity
            Not Before: Jan  2 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0aa6cedbfb253972ad35df3dc13880b13cc2543b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:83:71:d9:1b:44:e0:27:55:b3:1e:2d:4b:d5:
                    f7:80:85:93:49:b2:10:05:2b:f9:44:ad:a2:5e:4a:
                    15:a4:1f:47:8e:bd:94:0e:96:eb:4e:9e:cc:09:da:
                    49:c0:60:76:af:b5:9a:ee:a1:2e:c1:3f:90:cf:82:
                    c2:ff:b1:e8:a7:95:23:dd:1b:c7:35:31:5c:de:ae:
                    b3:8e:11:f2:41:8b:74:5d:79:b3:fe:29:9a:5b:ef:
                    e6:c3:a7:79:62:a4:1b:98:d2:af:de:e6:8b:6b:0c:
                    7d:0d:60:4c:55:af:a5:e4:58:aa:c4:55:13:3a:ec:
                    78:37:6b:c8:9a:29:dd:3a:d6:6e:93:09:06:86:4f:
                    5a:3b:e0:34:4e:cb:8f:13:67:c0:60:56:86:48:52:
                    31:a8:bd:93:b0:18:5a:02:20:d7:4c:d5:75:da:4f:
                    8d:02:d7:e3:32:d4:91:ff:77:2d:5b:27:84:84:2f:
                    2b:8e:ba:4a:1e:ab:d9:71:3a:bd:bc:60:e4:96:09:
                    dd:84:8c:3b:69:ae:b3:c3:a0:5e:ca:40:2a:9e:81:
                    f3:8b:88:a5:ef:97:57:9b:e5:f0:d8:4e:b9:94:cc:
                    ea:ec:41:d7:d3:fc:e6:6a:6c:d8:d8:64:bd:0a:52:
                    c8:86:b6:c8:d2:83:fa:22:78:83:c7:c1:33:38:5a:
                    6e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:A6:CE:DB:FB:25:39:72:AD:35:DF:3D:C1:38:80:B1:3C:C2:54:3B
            X509v3 Authority Key Identifier:
                keyid:07:AC:64:19:14:35:78:99:95:BC:5A:67:F5:B5:1D:96:85:00:28:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6xkGRQ1eJmVvFpn9bUdloUAKBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/7c2e07-6cf2-4122-99f4-9c6bea4cd5b5/1/CqbO2_slOXKtNd89wTiAsTzCVDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/7c2e07-6cf2-4122-99f4-9c6bea4cd5b5/1/B6xkGRQ1eJmVvFpn9bUdloUAKBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.124.0/22
                IPv6:
                  2a07:3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:c6:3d:f8:e2:c7:37:54:78:5f:f6:6c:f5:61:31:e6:d1:cd:
         fb:08:db:78:48:c7:14:b9:6a:69:e2:9d:9f:b8:fd:ba:b2:ca:
         79:db:4f:7d:58:4f:e3:92:c4:37:50:78:63:bf:2d:29:e5:e0:
         f1:f1:74:14:01:5c:1c:69:f8:d3:38:ed:67:f2:06:1c:f0:f0:
         aa:04:8a:8f:01:0c:81:02:47:a8:d9:73:bb:d4:51:d1:9f:9b:
         44:6b:cd:71:1e:48:ab:1b:83:6a:33:fe:f0:74:2e:fe:a8:02:
         4e:66:69:c2:9c:f0:d5:9a:4e:fa:be:55:7c:2a:d3:57:98:eb:
         59:9b:0d:a0:e1:70:b9:3c:ae:d4:09:2a:7d:3c:8e:c2:28:ec:
         09:4e:65:51:06:c6:7c:9f:b9:3a:88:91:06:1b:b0:16:01:99:
         52:f8:b3:b5:a8:bc:5f:69:11:7e:5d:4f:bc:e5:97:ea:51:ff:
         b7:ea:e0:d0:49:af:3f:28:f8:7c:2b:cd:6a:9a:90:42:3f:5e:
         5a:b3:8e:b8:c9:84:9f:af:bb:20:04:fe:bf:8e:62:90:09:1a:
         b7:85:92:35:9d:93:09:40:d6:c0:b8:2f:48:f2:a0:8f:7b:a2:
         65:04:03:4e:cf:29:45:94:29:5a:a3:f1:b5:5e:1e:28:ae:5b:
         df:1c:46:5c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb4NeQlmdwTswrnr7cSxQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YWM2NDE5MTQzNTc4OTk5NWJjNWE2N2Y1YjUxZDk2ODUw
MDI4MTUwHhcNMjQwMTAyMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWE2Y2VkYmZiMjUzOTcyYWQzNWRmM2RjMTM4ODBiMTNjYzI1NDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsINx2RtE4CdVsx4tS9X3gIWTSbIQ
BSv5RK2iXkoVpB9Hjr2UDpbrTp7MCdpJwGB2r7Wa7qEuwT+Qz4LC/7Hop5Uj3RvH
NTFc3q6zjhHyQYt0XXmz/imaW+/mw6d5YqQbmNKv3uaLawx9DWBMVa+l5FiqxFUT
Oux4N2vImindOtZukwkGhk9aO+A0TsuPE2fAYFaGSFIxqL2TsBhaAiDXTNV12k+N
AtfjMtSR/3ctWyeEhC8rjrpKHqvZcTq9vGDklgndhIw7aa6zw6BeykAqnoHzi4il
75dXm+Xw2E65lMzq7EHX0/zmamzY2GS9ClLIhrbI0oP6IniDx8EzOFpu8QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAqmztv7JTlyrTXfPcE4gLE8wlQ7MB8GA1UdIwQY
MBaAFAesZBkUNXiZlbxaZ/W1HZaFACgVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjZ4a0dSUTFlSm1WdkZwbjliVWRsb1VBS0JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS83YzJlMDctNmNmMi00MTIyLTk5ZjQt
OWM2YmVhNGNkNWI1LzEvQ3FiTzJfc2xPWEt0TmQ4OXdUaUFzVHpDVkRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS83YzJlMDctNmNmMi00MTIyLTk5ZjQtOWM2YmVhNGNkNWI1
LzEvQjZ4a0dSUTFlSm1WdkZwbjliVWRsb1VBS0JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYl8MA0E
AgACMAcDBQMqBwPAMA0GCSqGSIb3DQEBCwUAA4IBAQCBxj344sc3VHhf9mz1YTHm
0c37CNt4SMcUuWpp4p2fuP26ssp52099WE/jksQ3UHhjvy0p5eDx8XQUAVwcafjT
OO1n8gYc8PCqBIqPAQyBAkeo2XO71FHRn5tEa81xHkirG4NqM/7wdC7+qAJOZmnC
nPDVmk76vlV8KtNXmOtZmw2g4XC5PK7UCSp9PI7CKOwJTmVRBsZ8n7k6iJEGG7AW
AZlS+LO1qLxfaRF+XU+85ZfqUf+36uDQSa8/KPh8K81qmpBCP15as464yYSfr7sg
BP6/jmKQCRq3hZI1nZMJQNbAuC9I8qCPe6JlBANOzylFlClao/G1Xh4orlvfHEZc
-----END CERTIFICATE-----