Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/61db6b-1d73-4ec2-8be0-f37cbaf7ce5a/1/qvjFRVQgVVnxcDZCMlYN4wr6AFo.roa
File:                     qvjFRVQgVVnxcDZCMlYN4wr6AFo.roa (raw, json)
Hash identifier:          6B1iO5XvFd/TTops2oyRgkvCSRJIZV5UtFq0IHChAR4=
Subject key identifier:   AA:F8:C5:45:54:20:55:59:F1:70:36:42:32:56:0D:E3:0A:FA:00:5A
Certificate issuer:       /CN=3a7b03913e3a285efe51cdac65f5504c87a34460
Certificate serial:       018CC9BC2CB8D7A667B6D9849A29E4FBDCCE
Authority key identifier: 3A:7B:03:91:3E:3A:28:5E:FE:51:CD:AC:65:F5:50:4C:87:A3:44:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OnsDkT46KF7-Uc2sZfVQTIejRGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/61db6b-1d73-4ec2-8be0-f37cbaf7ce5a/1/qvjFRVQgVVnxcDZCMlYN4wr6AFo.roa
Signing time:             Tue 02 Jan 2024 10:33:21 +0000
ROA not before:           Tue 02 Jan 2024 10:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35043
IP address blocks:        185.95.181.0/24 maxlen: 24
                          185.95.182.0/24 maxlen: 24
                          185.95.180.0/24 maxlen: 24
                          185.95.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/61db6b-1d73-4ec2-8be0-f37cbaf7ce5a/1/OnsDkT46KF7-Uc2sZfVQTIejRGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/61db6b-1d73-4ec2-8be0-f37cbaf7ce5a/1/OnsDkT46KF7-Uc2sZfVQTIejRGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OnsDkT46KF7-Uc2sZfVQTIejRGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:2c:b8:d7:a6:67:b6:d9:84:9a:29:e4:fb:dc:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a7b03913e3a285efe51cdac65f5504c87a34460
        Validity
            Not Before: Jan  2 10:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aaf8c54554205559f170364232560de30afa005a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:88:c5:51:1d:ee:66:69:c7:a3:e5:1e:7c:25:
                    a2:0c:bc:16:26:c9:e3:ad:31:1a:72:1e:9d:88:2a:
                    36:13:b4:e6:d4:fe:27:69:02:85:fe:f4:79:c2:c4:
                    e7:03:46:34:2e:ba:18:00:2b:a1:59:dc:d7:1b:3f:
                    ae:57:a9:7f:bc:ac:c0:6d:31:f2:44:ff:b1:b8:00:
                    63:29:5b:ac:a2:2c:64:a1:1e:85:92:02:88:1c:93:
                    8a:9c:eb:f3:1a:48:17:da:8f:bf:85:ed:c0:74:97:
                    44:3b:7f:c5:4f:96:4d:ce:72:7a:ba:69:10:b5:07:
                    33:72:1a:e8:34:cf:93:25:5a:9f:5a:de:52:4f:d4:
                    e3:67:ed:86:f5:ba:b6:54:ce:94:e9:1b:29:89:e8:
                    c8:2a:b6:4c:73:bf:23:82:da:4c:11:7f:3f:52:2d:
                    54:44:28:cd:e8:3d:38:c2:42:4f:94:bf:a4:1f:50:
                    44:df:f9:3a:7b:2e:87:b3:ac:e4:63:46:ba:1d:ef:
                    fd:91:72:d9:4c:bf:5d:5c:a5:e8:e5:44:e6:bb:23:
                    5e:84:ba:b6:95:c8:f3:e8:e4:da:8a:8d:27:ec:01:
                    42:57:8a:d4:46:95:11:8a:78:a3:88:76:14:5d:9e:
                    e1:36:e6:48:76:cd:7d:94:62:a4:02:bd:04:ba:bb:
                    76:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:F8:C5:45:54:20:55:59:F1:70:36:42:32:56:0D:E3:0A:FA:00:5A
            X509v3 Authority Key Identifier:
                keyid:3A:7B:03:91:3E:3A:28:5E:FE:51:CD:AC:65:F5:50:4C:87:A3:44:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OnsDkT46KF7-Uc2sZfVQTIejRGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/61db6b-1d73-4ec2-8be0-f37cbaf7ce5a/1/qvjFRVQgVVnxcDZCMlYN4wr6AFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/61db6b-1d73-4ec2-8be0-f37cbaf7ce5a/1/OnsDkT46KF7-Uc2sZfVQTIejRGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:a2:7b:d5:93:36:3a:20:04:0f:cb:d6:87:68:63:64:b5:49:
         e9:3a:4c:a4:8b:c0:e7:7f:a6:9f:84:f2:25:de:22:c5:27:ed:
         79:5e:61:73:cc:16:23:85:8e:32:a1:59:3b:63:74:97:79:04:
         0c:e8:cc:78:29:09:ed:fa:e1:e7:1e:0b:8a:99:ca:10:df:cb:
         4d:62:e3:ea:b3:6f:2a:5c:fc:28:32:3b:7b:d5:40:fa:36:de:
         70:1f:c3:6b:a7:9a:83:6e:b4:39:6f:ef:c3:d3:11:65:da:e5:
         07:e1:37:f8:e9:7d:a8:22:a5:e5:dc:29:92:e5:50:5c:cf:a8:
         55:42:33:89:0d:43:35:63:fe:f2:b3:5e:f6:23:b6:6f:5e:96:
         75:7a:5c:9f:4a:22:03:21:14:04:dc:02:6a:1c:a5:7b:a8:23:
         f7:f0:35:7f:c3:0e:d5:17:fc:d3:3d:16:94:90:40:7a:d3:12:
         aa:6d:3c:0b:f3:ca:3f:64:af:01:a5:66:40:02:3a:fb:13:db:
         6f:69:8b:c3:a8:89:9d:d3:a9:76:c8:20:7c:96:84:db:46:5a:
         1f:2e:d2:45:32:88:89:ad:a7:fb:a8:fd:60:94:d6:af:30:b4:
         fc:b0:9c:42:51:10:63:d8:20:85:7d:66:ed:7e:8f:6c:2c:73:
         8c:a2:c7:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCy416ZnttmEmink+9zOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhN2IwMzkxM2UzYTI4NWVmZTUxY2RhYzY1ZjU1MDRjODdh
MzQ0NjAwHhcNMjQwMTAyMTAzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWY4YzU0NTU0MjA1NTU5ZjE3MDM2NDIzMjU2MGRlMzBhZmEwMDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIjFUR3uZmnHo+UefCWiDLwWJsnj
rTEach6diCo2E7Tm1P4naQKF/vR5wsTnA0Y0LroYACuhWdzXGz+uV6l/vKzAbTHy
RP+xuABjKVusoixkoR6FkgKIHJOKnOvzGkgX2o+/he3AdJdEO3/FT5ZNznJ6umkQ
tQczchroNM+TJVqfWt5ST9TjZ+2G9bq2VM6U6RspiejIKrZMc78jgtpMEX8/Ui1U
RCjN6D04wkJPlL+kH1BE3/k6ey6Hs6zkY0a6He/9kXLZTL9dXKXo5UTmuyNehLq2
lcjz6OTaio0n7AFCV4rURpURinijiHYUXZ7hNuZIds19lGKkAr0Eurt2FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKr4xUVUIFVZ8XA2QjJWDeMK+gBaMB8GA1UdIwQY
MBaAFDp7A5E+Oihe/lHNrGX1UEyHo0RgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT25zRGtUNDZLRjctVWMyc1pmVlFUSWVqUkdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC82MWRiNmItMWQ3My00ZWMyLThiZTAt
ZjM3Y2JhZjdjZTVhLzEvcXZqRlJWUWdWVm54Y0RaQ01sWU40d3I2QUZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC82MWRiNmItMWQ3My00ZWMyLThiZTAtZjM3Y2JhZjdjZTVh
LzEvT25zRGtUNDZLRjctVWMyc1pmVlFUSWVqUkdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuV+0MA0G
CSqGSIb3DQEBCwUAA4IBAQCKonvVkzY6IAQPy9aHaGNktUnpOkyki8Dnf6afhPIl
3iLFJ+15XmFzzBYjhY4yoVk7Y3SXeQQM6Mx4KQnt+uHnHguKmcoQ38tNYuPqs28q
XPwoMjt71UD6Nt5wH8Nrp5qDbrQ5b+/D0xFl2uUH4Tf46X2oIqXl3CmS5VBcz6hV
QjOJDUM1Y/7ys172I7ZvXpZ1elyfSiIDIRQE3AJqHKV7qCP38DV/ww7VF/zTPRaU
kEB60xKqbTwL88o/ZK8BpWZAAjr7E9tvaYvDqImd06l2yCB8loTbRlofLtJFMoiJ
raf7qP1glNavMLT8sJxCURBj2CCFfWbtfo9sLHOMoseh
-----END CERTIFICATE-----