Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/Q4PlefsqmXWqy5gnAYkw40HhENM.roa
File:                     Q4PlefsqmXWqy5gnAYkw40HhENM.roa (raw, json)
Hash identifier:          6tK0YkOLEby5pL4YKwgq5GvyZ87BoABxTyu7qzz9cmk=
Subject key identifier:   43:83:E5:79:FB:2A:99:75:AA:CB:98:27:01:89:30:E3:41:E1:10:D3
Certificate issuer:       /CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
Certificate serial:       018CC94C2A8288F5E6751B84A760BA2D6DDE
Authority key identifier: D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/Q4PlefsqmXWqy5gnAYkw40HhENM.roa
Signing time:             Tue 02 Jan 2024 08:31:01 +0000
ROA not before:           Tue 02 Jan 2024 08:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        193.58.222.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:2a:82:88:f5:e6:75:1b:84:a7:60:ba:2d:6d:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
        Validity
            Not Before: Jan  2 08:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4383e579fb2a9975aacb9827018930e341e110d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:44:1f:de:19:5f:86:0a:b9:8a:8b:2e:84:3a:
                    e9:f6:2f:73:c7:65:61:45:7f:ea:c0:d5:ea:f0:0a:
                    bd:14:01:5e:4b:aa:d0:12:8e:ed:6e:0f:26:8b:29:
                    62:7a:cc:a4:24:d3:d7:92:ec:12:e8:53:dd:fb:e5:
                    db:da:2e:c4:65:11:6e:ce:a5:cb:b2:7e:76:ab:5f:
                    0a:3c:d8:d9:d4:79:a5:84:22:fc:d3:8f:29:73:47:
                    67:d2:ea:f1:47:62:76:08:2b:74:bd:b4:8d:58:32:
                    12:f0:4b:9e:53:a5:e6:54:78:35:1a:8b:6d:76:cb:
                    d9:7a:9c:d9:2a:89:e3:4c:f5:3f:c9:ce:57:9a:57:
                    ea:63:b1:17:0f:70:e0:a2:15:7a:e5:40:8c:fb:75:
                    7e:db:31:b6:7c:41:57:ac:4f:f9:22:15:7b:18:34:
                    61:62:4e:5c:de:9a:65:04:0a:03:7d:3c:78:53:67:
                    d1:bb:99:12:e7:35:b8:83:0d:12:73:e3:39:e8:ce:
                    4b:54:53:54:0f:af:5b:f0:d3:e8:a1:9a:66:88:29:
                    0a:33:5d:df:1c:cd:53:a8:ef:8a:72:93:76:d7:fe:
                    fa:77:88:88:a6:7b:11:6b:4b:7b:76:56:2b:dd:e5:
                    e0:3c:a7:46:5d:43:55:94:f9:21:dc:ba:27:56:1d:
                    59:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:83:E5:79:FB:2A:99:75:AA:CB:98:27:01:89:30:E3:41:E1:10:D3
            X509v3 Authority Key Identifier:
                keyid:D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/Q4PlefsqmXWqy5gnAYkw40HhENM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:17:61:3a:d4:26:17:2e:c5:b8:60:f8:41:3d:f7:99:a4:0b:
         17:8d:d5:53:f8:64:0c:e7:68:2a:9b:7c:2e:83:e8:4b:e4:c0:
         e4:2a:ff:08:5c:65:a3:e9:fb:11:df:1d:1a:7c:89:5d:49:c7:
         55:e2:7d:14:81:aa:5b:68:58:7d:03:b0:04:7b:c7:94:01:bc:
         e0:a8:61:07:8f:60:be:21:6b:bd:4a:68:1d:f5:dd:af:9a:5a:
         2b:1c:eb:d9:40:ca:d6:08:4a:34:a0:4c:3a:73:58:0b:31:04:
         08:f4:74:d4:9d:78:19:98:59:5e:0c:0a:d3:af:b2:43:7a:d4:
         68:43:2e:5a:9c:3f:bb:12:d2:10:a8:20:e6:a4:55:dc:98:22:
         b9:7f:39:7a:c4:23:9d:34:20:66:67:d0:2f:aa:5d:92:a6:5b:
         74:0b:92:ef:57:b9:1e:43:de:65:61:b6:36:1c:d4:31:a1:5b:
         ca:be:58:85:36:82:fc:4c:26:d7:42:f9:a8:98:4d:3d:69:e2:
         8d:f3:15:d1:4d:b0:d0:af:6e:d3:52:ab:8f:68:3c:f5:45:36:
         ac:cc:72:58:e3:8b:fd:4e:bf:b8:6f:05:7e:3e:8a:11:0c:21:
         21:62:09:89:0c:2d:79:b7:8d:52:23:48:b9:69:96:06:2a:39:
         b7:66:b8:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTCqCiPXmdRuEp2C6LW3eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMWRkMWE1MTRkM2E3ZTNkZmRiOGJmYjc1ZDdkMjRlZDk4
ZDQ3OWYwHhcNMjQwMTAyMDgzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzgzZTU3OWZiMmE5OTc1YWFjYjk4MjcwMTg5MzBlMzQxZTExMGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEQf3hlfhgq5iosuhDrp9i9zx2Vh
RX/qwNXq8Aq9FAFeS6rQEo7tbg8miyliesykJNPXkuwS6FPd++Xb2i7EZRFuzqXL
sn52q18KPNjZ1HmlhCL8048pc0dn0urxR2J2CCt0vbSNWDIS8EueU6XmVHg1Gott
dsvZepzZKonjTPU/yc5XmlfqY7EXD3DgohV65UCM+3V+2zG2fEFXrE/5IhV7GDRh
Yk5c3pplBAoDfTx4U2fRu5kS5zW4gw0Sc+M56M5LVFNUD69b8NPooZpmiCkKM13f
HM1TqO+KcpN21/76d4iIpnsRa0t7dlYr3eXgPKdGXUNVlPkh3LonVh1ZHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOD5Xn7Kpl1qsuYJwGJMONB4RDTMB8GA1UdIwQY
MBaAFNMd0aUU06fj39uL+3XX0k7ZjUefMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjIt
YjE2NmFlMmVmMjg3LzEvUTRQbGVmc3FtWFdxeTVnbkFZa3c0MEhoRU5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjItYjE2NmFlMmVmMjg3
LzEvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwTreMA0G
CSqGSIb3DQEBCwUAA4IBAQBgF2E61CYXLsW4YPhBPfeZpAsXjdVT+GQM52gqm3wu
g+hL5MDkKv8IXGWj6fsR3x0afIldScdV4n0UgapbaFh9A7AEe8eUAbzgqGEHj2C+
IWu9Smgd9d2vmlorHOvZQMrWCEo0oEw6c1gLMQQI9HTUnXgZmFleDArTr7JDetRo
Qy5anD+7EtIQqCDmpFXcmCK5fzl6xCOdNCBmZ9Avql2Splt0C5LvV7keQ95lYbY2
HNQxoVvKvliFNoL8TCbXQvmomE09aeKN8xXRTbDQr27TUquPaDz1RTaszHJY44v9
Tr+4bwV+PooRDCEhYgmJDC15t41SI0i5aZYGKjm3ZriX
-----END CERTIFICATE-----