Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/QFQ7fzKP6oMbcHTnMafiCMksOC4.roa
File:                     QFQ7fzKP6oMbcHTnMafiCMksOC4.roa (raw, json)
Hash identifier:          yTwLcAjy466PmZ4UFCsJaco1bQbn4uBssuz0J89FioA=
Subject key identifier:   40:54:3B:7F:32:8F:EA:83:1B:70:74:E7:31:A7:E2:08:C9:2C:38:2E
Certificate issuer:       /CN=a3e2161d7f01fa6fd0842c211080633f3ed36ba5
Certificate serial:       018CC801403BB9301CDC381DA92E3173DFE2
Authority key identifier: A3:E2:16:1D:7F:01:FA:6F:D0:84:2C:21:10:80:63:3F:3E:D3:6B:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/QFQ7fzKP6oMbcHTnMafiCMksOC4.roa
Signing time:             Tue 02 Jan 2024 02:29:34 +0000
ROA not before:           Tue 02 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205192
IP address blocks:        185.241.139.0/24 maxlen: 24
                          185.241.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:40:3b:b9:30:1c:dc:38:1d:a9:2e:31:73:df:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3e2161d7f01fa6fd0842c211080633f3ed36ba5
        Validity
            Not Before: Jan  2 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40543b7f328fea831b7074e731a7e208c92c382e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:3f:e3:c9:94:94:0f:58:fa:fb:1a:f3:57:e7:
                    89:b0:0d:cc:9e:59:b4:be:1d:06:5b:67:fe:e3:88:
                    1e:c8:40:1e:e6:e5:64:02:81:1f:16:75:ce:0b:21:
                    e6:ee:bf:a8:a3:14:8e:d1:5c:03:0f:95:23:b4:97:
                    33:62:c4:bf:5e:69:2e:83:2e:63:45:f6:5f:f8:30:
                    be:7b:51:91:49:73:c2:89:81:1f:72:43:ae:d7:73:
                    06:f3:56:ca:ed:ce:84:c1:dd:0f:81:39:96:0a:5e:
                    db:8e:f2:35:fa:7f:e4:64:e5:13:0c:3b:ef:38:16:
                    04:ef:81:bd:23:21:5b:9f:02:66:90:89:f0:3b:b7:
                    53:95:a4:2a:33:71:7f:78:25:d6:3b:50:ce:30:d3:
                    d7:41:70:c8:8a:6d:45:88:64:5d:f7:ad:41:92:15:
                    0a:45:bd:1d:11:4b:f7:65:7e:f5:3f:89:1c:7e:31:
                    3f:0f:96:29:35:b8:33:38:04:ac:c1:4b:c5:af:fc:
                    f0:05:07:17:78:c9:ab:cb:a6:67:71:0f:9f:5a:c0:
                    6b:8e:24:56:65:fd:51:db:54:d2:e5:5a:f8:a9:e3:
                    fd:3b:98:88:b0:84:ff:bd:67:fe:27:b4:b1:1c:96:
                    f6:a6:e3:23:a3:9e:50:85:47:08:ad:0e:4a:72:de:
                    10:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:54:3B:7F:32:8F:EA:83:1B:70:74:E7:31:A7:E2:08:C9:2C:38:2E
            X509v3 Authority Key Identifier:
                keyid:A3:E2:16:1D:7F:01:FA:6F:D0:84:2C:21:10:80:63:3F:3E:D3:6B:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/QFQ7fzKP6oMbcHTnMafiCMksOC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:50:50:3c:1d:98:05:c1:98:65:f3:68:8e:85:d0:3b:84:45:
         dc:f3:41:b0:e4:bc:44:4d:16:88:1d:29:8f:56:93:e0:27:a8:
         61:4d:8b:3b:c6:81:ca:84:44:56:2f:fb:de:54:48:b3:8d:62:
         35:dc:bc:ee:86:a3:82:0e:56:99:88:2a:af:78:d9:4d:37:af:
         77:17:82:33:52:f0:21:f3:b9:c3:6a:ea:fa:e0:f7:38:04:8d:
         49:71:e1:5b:02:f3:f2:69:37:7b:13:83:ec:97:00:9e:1a:a1:
         b5:91:6a:71:62:83:03:01:2d:b0:a0:17:82:c5:2e:5d:12:ae:
         23:62:9f:35:e8:7a:d0:78:56:da:f9:9a:fd:19:14:6a:74:d9:
         5d:7b:8e:82:bd:91:ca:cc:c3:a9:4b:c7:52:6a:02:15:6a:88:
         dd:a2:e1:f5:84:f5:7e:3b:47:17:3a:a2:d9:7f:1f:5d:77:7b:
         28:0e:25:15:14:24:00:e9:58:91:5a:ea:77:9c:5d:4e:96:38:
         69:aa:22:2b:fd:b2:63:02:12:eb:53:77:ca:e2:e2:99:0c:37:
         30:23:6e:2f:35:82:d3:ca:52:c3:26:4d:f6:7e:3f:56:fa:fb:
         ff:30:e2:69:6e:d6:d1:50:19:e6:e7:20:ac:19:02:a4:a7:6c:
         36:a8:fd:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUA7uTAc3DgdqS4xc9/iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzZTIxNjFkN2YwMWZhNmZkMDg0MmMyMTEwODA2MzNmM2Vk
MzZiYTUwHhcNMjQwMTAyMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDU0M2I3ZjMyOGZlYTgzMWI3MDc0ZTczMWE3ZTIwOGM5MmMzODJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6T/jyZSUD1j6+xrzV+eJsA3Mnlm0
vh0GW2f+44geyEAe5uVkAoEfFnXOCyHm7r+ooxSO0VwDD5UjtJczYsS/Xmkugy5j
RfZf+DC+e1GRSXPCiYEfckOu13MG81bK7c6Ewd0PgTmWCl7bjvI1+n/kZOUTDDvv
OBYE74G9IyFbnwJmkInwO7dTlaQqM3F/eCXWO1DOMNPXQXDIim1FiGRd961BkhUK
Rb0dEUv3ZX71P4kcfjE/D5YpNbgzOASswUvFr/zwBQcXeMmry6ZncQ+fWsBrjiRW
Zf1R21TS5Vr4qeP9O5iIsIT/vWf+J7SxHJb2puMjo55QhUcIrQ5Kct4Q+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEBUO38yj+qDG3B05zGn4gjJLDguMB8GA1UdIwQY
MBaAFKPiFh1/Afpv0IQsIRCAYz8+02ulMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvby1JV0hYOEItbV9RaEN3aEVJQmpQejdUYTZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82YTY0ZWEtOWYxZS00YjQzLWJmMmEt
N2UwMzQwZWM5NjY3LzEvUUZRN2Z6S1A2b01iY0hUbk1hZmlDTWtzT0M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82YTY0ZWEtOWYxZS00YjQzLWJmMmEtN2UwMzQwZWM5NjY3
LzEvby1JV0hYOEItbV9RaEN3aEVJQmpQejdUYTZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufGKMA0G
CSqGSIb3DQEBCwUAA4IBAQCNUFA8HZgFwZhl82iOhdA7hEXc80Gw5LxETRaIHSmP
VpPgJ6hhTYs7xoHKhERWL/veVEizjWI13LzuhqOCDlaZiCqveNlNN693F4IzUvAh
87nDaur64Pc4BI1JceFbAvPyaTd7E4PslwCeGqG1kWpxYoMDAS2woBeCxS5dEq4j
Yp816HrQeFba+Zr9GRRqdNlde46CvZHKzMOpS8dSagIVaojdouH1hPV+O0cXOqLZ
fx9dd3soDiUVFCQA6ViRWup3nF1OljhpqiIr/bJjAhLrU3fK4uKZDDcwI24vNYLT
ylLDJk32fj9W+vv/MOJpbtbRUBnm5yCsGQKkp2w2qP3P
-----END CERTIFICATE-----