Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/041d0f-be8d-4148-bcba-d70f28515fbd/1/Q0lHAN_UvKv8Fyg0crDNpyAKGh4.roa
File:                     Q0lHAN_UvKv8Fyg0crDNpyAKGh4.roa (raw, json)
Hash identifier:          ySw3otilioM4jbiqXWgj6shF/iDgaK/+iwNbVHgtzrI=
Subject key identifier:   43:49:47:00:DF:D4:BC:AB:FC:17:28:34:72:B0:CD:A7:20:0A:1A:1E
Certificate issuer:       /CN=10a5985cba32a877d3215bbc228cb07d0400917b
Certificate serial:       018CC500AE66B13334CE063AABCD2BA34F29
Authority key identifier: 10:A5:98:5C:BA:32:A8:77:D3:21:5B:BC:22:8C:B0:7D:04:00:91:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EKWYXLoyqHfTIVu8IoywfQQAkXs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/041d0f-be8d-4148-bcba-d70f28515fbd/1/Q0lHAN_UvKv8Fyg0crDNpyAKGh4.roa
Signing time:             Mon 01 Jan 2024 12:30:05 +0000
ROA not before:           Mon 01 Jan 2024 12:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21660
IP address blocks:        185.89.151.0/24 maxlen: 24
                          185.89.148.0/23 maxlen: 23
                          185.89.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/041d0f-be8d-4148-bcba-d70f28515fbd/1/EKWYXLoyqHfTIVu8IoywfQQAkXs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/041d0f-be8d-4148-bcba-d70f28515fbd/1/EKWYXLoyqHfTIVu8IoywfQQAkXs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EKWYXLoyqHfTIVu8IoywfQQAkXs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 12:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:ae:66:b1:33:34:ce:06:3a:ab:cd:2b:a3:4f:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10a5985cba32a877d3215bbc228cb07d0400917b
        Validity
            Not Before: Jan  1 12:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43494700dfd4bcabfc17283472b0cda7200a1a1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3f:97:05:d5:d4:65:92:0c:26:05:f9:49:5c:
                    ab:78:18:88:91:39:7a:6e:be:d0:c7:5e:d4:54:5c:
                    f6:fb:64:cb:0f:f0:ca:96:c0:3e:3f:18:e1:d3:21:
                    65:b4:d9:47:59:4b:42:41:46:52:b9:83:b9:c5:80:
                    96:13:97:01:92:b8:33:56:15:50:a2:77:3b:32:e1:
                    ce:44:a3:c7:41:97:67:c3:9d:02:63:d8:3b:0d:48:
                    b5:1e:f1:d0:cc:66:e2:7c:0c:8a:ed:cc:c2:ce:12:
                    79:4e:66:e7:77:42:83:5d:27:48:06:73:71:43:fa:
                    b6:0b:74:06:d1:88:e9:63:68:42:34:54:2c:37:04:
                    ed:ad:53:23:50:f5:1e:a2:d4:50:61:d8:c6:51:ac:
                    c5:55:c3:21:be:94:ff:97:85:82:93:23:f0:78:fc:
                    55:48:a3:54:1c:ca:49:e5:fd:a0:30:19:39:16:07:
                    a8:61:82:f6:6b:fe:83:50:79:db:c2:25:3f:68:80:
                    b9:64:44:30:9f:1f:d3:a8:82:dc:9a:82:f2:37:91:
                    ac:b0:06:c5:f1:e1:58:2a:3a:a1:b5:08:1b:b1:ff:
                    28:82:d1:70:3b:de:ae:1b:2c:1d:a9:07:13:79:be:
                    09:36:28:b5:49:95:12:93:5e:3e:c8:b8:ee:b9:f4:
                    10:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:49:47:00:DF:D4:BC:AB:FC:17:28:34:72:B0:CD:A7:20:0A:1A:1E
            X509v3 Authority Key Identifier:
                keyid:10:A5:98:5C:BA:32:A8:77:D3:21:5B:BC:22:8C:B0:7D:04:00:91:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EKWYXLoyqHfTIVu8IoywfQQAkXs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/041d0f-be8d-4148-bcba-d70f28515fbd/1/Q0lHAN_UvKv8Fyg0crDNpyAKGh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/041d0f-be8d-4148-bcba-d70f28515fbd/1/EKWYXLoyqHfTIVu8IoywfQQAkXs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:bc:56:4f:13:e4:fe:37:66:ca:4e:9e:77:e6:82:51:ae:64:
         ce:c8:0c:b2:7e:2a:b0:97:78:b7:3f:23:dd:93:c0:7a:30:25:
         64:df:09:5c:57:dd:67:2d:4d:55:16:99:75:49:12:48:7f:c0:
         8c:a5:3b:14:49:bd:58:bc:fe:c0:95:56:c6:7a:b9:7c:6c:f1:
         b0:34:d2:2b:0f:92:47:c3:20:58:b4:de:ba:49:e5:01:74:99:
         f7:4c:0e:a6:bf:f2:6e:1a:fa:6d:e4:df:a6:44:1d:81:98:c0:
         86:21:45:d7:28:83:de:db:39:e9:63:24:aa:9d:07:4a:39:2c:
         49:3c:6a:08:ed:58:64:91:43:08:d6:e5:05:a4:72:98:f5:e3:
         9a:bd:89:cd:e2:87:eb:37:26:25:fc:6f:87:de:7d:d4:a9:d2:
         ef:b7:d1:61:e5:2e:9d:a2:76:92:93:f3:9e:fa:93:4d:0c:ee:
         ca:0a:6e:91:33:c8:e4:f9:b0:8b:a5:6b:69:bc:e7:2b:78:1f:
         40:f0:fb:f2:0b:b8:1f:bd:ca:b4:d5:3a:03:66:5e:71:2f:25:
         75:85:2e:19:7a:26:b2:f0:b6:c0:b9:dd:10:33:21:0f:3f:77:
         9c:c3:e6:06:cc:16:25:86:fc:72:f4:e4:ed:e7:c6:42:fc:67:
         28:fe:5a:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAK5msTM0zgY6q80ro08pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwYTU5ODVjYmEzMmE4NzdkMzIxNWJiYzIyOGNiMDdkMDQw
MDkxN2IwHhcNMjQwMTAxMTIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzQ5NDcwMGRmZDRiY2FiZmMxNzI4MzQ3MmIwY2RhNzIwMGExYTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzT+XBdXUZZIMJgX5SVyreBiIkTl6
br7Qx17UVFz2+2TLD/DKlsA+Pxjh0yFltNlHWUtCQUZSuYO5xYCWE5cBkrgzVhVQ
onc7MuHORKPHQZdnw50CY9g7DUi1HvHQzGbifAyK7czCzhJ5Tmbnd0KDXSdIBnNx
Q/q2C3QG0YjpY2hCNFQsNwTtrVMjUPUeotRQYdjGUazFVcMhvpT/l4WCkyPwePxV
SKNUHMpJ5f2gMBk5FgeoYYL2a/6DUHnbwiU/aIC5ZEQwnx/TqILcmoLyN5GssAbF
8eFYKjqhtQgbsf8ogtFwO96uGywdqQcTeb4JNii1SZUSk14+yLjuufQQewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENJRwDf1Lyr/BcoNHKwzacgChoeMB8GA1UdIwQY
MBaAFBClmFy6Mqh30yFbvCKMsH0EAJF7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUtXWVhMb3lxSGZUSVZ1OElveXdmUVFBa1hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8wNDFkMGYtYmU4ZC00MTQ4LWJjYmEt
ZDcwZjI4NTE1ZmJkLzEvUTBsSEFOX1V2S3Y4RnlnMGNyRE5weUFLR2g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8wNDFkMGYtYmU4ZC00MTQ4LWJjYmEtZDcwZjI4NTE1ZmJk
LzEvRUtXWVhMb3lxSGZUSVZ1OElveXdmUVFBa1hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVmUMA0G
CSqGSIb3DQEBCwUAA4IBAQBnvFZPE+T+N2bKTp535oJRrmTOyAyyfiqwl3i3PyPd
k8B6MCVk3wlcV91nLU1VFpl1SRJIf8CMpTsUSb1YvP7AlVbGerl8bPGwNNIrD5JH
wyBYtN66SeUBdJn3TA6mv/JuGvpt5N+mRB2BmMCGIUXXKIPe2znpYySqnQdKOSxJ
PGoI7VhkkUMI1uUFpHKY9eOavYnN4ofrNyYl/G+H3n3UqdLvt9Fh5S6donaSk/Oe
+pNNDO7KCm6RM8jk+bCLpWtpvOcreB9A8PvyC7gfvcq01ToDZl5xLyV1hS4Zeiay
8LbAud0QMyEPP3ecw+YGzBYlhvxy9OTt58ZC/Gco/lrF
-----END CERTIFICATE-----