Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/d1ade7-fbe2-4203-8551-b6542e6447a0/1/Q2PTAgsRCglGy8eZW7islDi2Wkg.roa
File:                     Q2PTAgsRCglGy8eZW7islDi2Wkg.roa (raw, json)
Hash identifier:          7U+45wlPgUPDK0KYYGQyuC/LydX/3x9YaVe0cKDQgKc=
Subject key identifier:   43:63:D3:02:0B:11:0A:09:46:CB:C7:99:5B:B8:AC:94:38:B6:5A:48
Certificate issuer:       /CN=8b19f3d7ffea957261501e91664ff6823ed936ad
Certificate serial:       018CC7273F9101A8BF17628868D959103AAA
Authority key identifier: 8B:19:F3:D7:FF:EA:95:72:61:50:1E:91:66:4F:F6:82:3E:D9:36:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ixnz1__qlXJhUB6RZk_2gj7ZNq0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/d1ade7-fbe2-4203-8551-b6542e6447a0/1/Q2PTAgsRCglGy8eZW7islDi2Wkg.roa
Signing time:             Mon 01 Jan 2024 22:31:27 +0000
ROA not before:           Mon 01 Jan 2024 22:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8758
IP address blocks:        185.166.96.0/22 maxlen: 22
                          2a0a:de00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/d1ade7-fbe2-4203-8551-b6542e6447a0/1/ixnz1__qlXJhUB6RZk_2gj7ZNq0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/d1ade7-fbe2-4203-8551-b6542e6447a0/1/ixnz1__qlXJhUB6RZk_2gj7ZNq0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ixnz1__qlXJhUB6RZk_2gj7ZNq0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3f:91:01:a8:bf:17:62:88:68:d9:59:10:3a:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b19f3d7ffea957261501e91664ff6823ed936ad
        Validity
            Not Before: Jan  1 22:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4363d3020b110a0946cbc7995bb8ac9438b65a48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:94:26:69:6d:62:57:ac:d9:e4:0b:cf:4a:02:
                    24:2a:b4:e0:ba:94:65:47:ab:6f:a8:20:91:57:13:
                    ea:f5:a4:0e:a6:a3:e8:51:cf:ae:9e:d6:0b:6c:d4:
                    ad:6a:22:8d:5d:19:d7:ff:be:8f:b3:ab:c1:b9:15:
                    32:45:9f:e2:38:f8:47:3c:2f:f6:4b:82:45:bb:68:
                    6a:b8:72:76:27:67:51:00:a4:e5:61:5b:19:68:81:
                    73:ad:f6:5c:c3:8a:2c:45:47:ef:ad:de:de:81:c0:
                    48:6b:b0:30:e3:de:73:48:bf:b8:19:3c:4b:63:67:
                    f3:33:02:7d:88:5d:bd:d3:84:53:e8:77:a5:1f:2b:
                    97:ed:9f:50:5a:2e:11:55:69:33:90:4f:3b:cd:40:
                    1c:0a:36:27:fa:44:b1:17:b8:ec:ac:fb:e9:8c:13:
                    dc:65:8c:8d:9d:25:8c:50:72:4b:b6:8c:d1:19:76:
                    60:34:56:67:b7:d8:cb:42:1a:fe:32:a2:09:45:71:
                    d5:db:4a:32:d9:4a:78:be:70:15:08:a4:c4:9f:73:
                    5e:8b:0e:a2:89:20:b9:b3:3d:c2:7b:24:47:78:c3:
                    7c:7d:ef:a5:94:30:dd:91:65:90:41:1c:d5:f0:5c:
                    46:58:b1:32:8b:b8:1c:99:5c:70:89:51:2d:78:da:
                    d5:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:63:D3:02:0B:11:0A:09:46:CB:C7:99:5B:B8:AC:94:38:B6:5A:48
            X509v3 Authority Key Identifier:
                keyid:8B:19:F3:D7:FF:EA:95:72:61:50:1E:91:66:4F:F6:82:3E:D9:36:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ixnz1__qlXJhUB6RZk_2gj7ZNq0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/d1ade7-fbe2-4203-8551-b6542e6447a0/1/Q2PTAgsRCglGy8eZW7islDi2Wkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/d1ade7-fbe2-4203-8551-b6542e6447a0/1/ixnz1__qlXJhUB6RZk_2gj7ZNq0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.96.0/22
                IPv6:
                  2a0a:de00::/32

    Signature Algorithm: sha256WithRSAEncryption
         b6:39:17:63:ea:71:ef:83:de:30:15:dd:25:6e:e7:de:90:27:
         a4:e6:5d:0c:e6:a7:64:fa:5c:ea:d5:a2:2c:30:6e:f8:a3:25:
         0f:88:3b:87:c8:cc:82:a2:2c:19:d2:4d:91:4e:59:c3:de:af:
         ec:0b:87:d8:e8:fe:94:6d:e4:1f:c0:cc:15:7f:22:ca:07:62:
         36:c6:f5:ea:09:ae:e8:78:1e:fc:37:05:f9:83:24:5b:90:92:
         ad:fa:0d:fe:7e:a6:2e:1e:ee:e0:bf:7c:be:c9:42:33:fd:a1:
         cb:9a:96:15:fe:ea:cd:26:44:28:32:ad:3c:93:b2:70:b0:01:
         be:7f:09:39:38:a2:9f:47:47:44:d9:5f:f3:c4:49:74:86:53:
         54:05:32:41:30:32:98:2e:50:55:09:63:0d:30:de:e0:61:8d:
         ce:e4:b2:9f:4a:56:a2:3d:48:78:9c:bb:aa:a0:9e:d7:93:6e:
         aa:48:89:d7:93:19:f6:f8:74:c2:02:e5:b0:b6:6b:37:18:94:
         64:ca:ea:57:ea:c4:f3:f9:52:c0:53:97:29:87:df:de:a2:13:
         ac:b1:2c:8a:b3:fa:b5:ce:99:08:d9:2b:4f:ec:f3:94:f7:74:
         44:a8:d8:3e:d9:a1:aa:12:e0:e2:ce:39:56:f6:d0:40:5c:b7:
         08:65:51:25
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJz+RAai/F2KIaNlZEDqqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMTlmM2Q3ZmZlYTk1NzI2MTUwMWU5MTY2NGZmNjgyM2Vk
OTM2YWQwHhcNMjQwMTAxMjIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzYzZDMwMjBiMTEwYTA5NDZjYmM3OTk1YmI4YWM5NDM4YjY1YTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZQmaW1iV6zZ5AvPSgIkKrTgupRl
R6tvqCCRVxPq9aQOpqPoUc+untYLbNStaiKNXRnX/76Ps6vBuRUyRZ/iOPhHPC/2
S4JFu2hquHJ2J2dRAKTlYVsZaIFzrfZcw4osRUfvrd7egcBIa7Aw495zSL+4GTxL
Y2fzMwJ9iF2904RT6HelHyuX7Z9QWi4RVWkzkE87zUAcCjYn+kSxF7jsrPvpjBPc
ZYyNnSWMUHJLtozRGXZgNFZnt9jLQhr+MqIJRXHV20oy2Up4vnAVCKTEn3Neiw6i
iSC5sz3CeyRHeMN8fe+llDDdkWWQQRzV8FxGWLEyi7gcmVxwiVEteNrVgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFENj0wILEQoJRsvHmVu4rJQ4tlpIMB8GA1UdIwQY
MBaAFIsZ89f/6pVyYVAekWZP9oI+2TatMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXhuejFfX3FsWEpoVUI2UlprXzJnajdaTnEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9kMWFkZTctZmJlMi00MjAzLTg1NTEt
YjY1NDJlNjQ0N2EwLzEvUTJQVEFnc1JDZ2xHeThlWlc3aXNsRGkyV2tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9kMWFkZTctZmJlMi00MjAzLTg1NTEtYjY1NDJlNjQ0N2Ew
LzEvaXhuejFfX3FsWEpoVUI2UlprXzJnajdaTnEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaZgMA0E
AgACMAcDBQAqCt4AMA0GCSqGSIb3DQEBCwUAA4IBAQC2ORdj6nHvg94wFd0lbufe
kCek5l0M5qdk+lzq1aIsMG74oyUPiDuHyMyCoiwZ0k2RTlnD3q/sC4fY6P6UbeQf
wMwVfyLKB2I2xvXqCa7oeB78NwX5gyRbkJKt+g3+fqYuHu7gv3y+yUIz/aHLmpYV
/urNJkQoMq08k7JwsAG+fwk5OKKfR0dE2V/zxEl0hlNUBTJBMDKYLlBVCWMNMN7g
YY3O5LKfSlaiPUh4nLuqoJ7Xk26qSInXkxn2+HTCAuWwtms3GJRkyupX6sTz+VLA
U5cph9/eohOssSyKs/q1zpkI2StP7POU93REqNg+2aGqEuDizjlW9tBAXLcIZVEl
-----END CERTIFICATE-----