Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/99107a-3b1b-4b5e-ae15-f95c60b466a0/1/QUMktcgPykbBd3K5nt8UJBMYkZM.roa
File:                     QUMktcgPykbBd3K5nt8UJBMYkZM.roa (raw, json)
Hash identifier:          /KlPyuPcpYBWK9xeQCsd21HhaoH/UWwxT6jtbT/WlRM=
Subject key identifier:   41:43:24:B5:C8:0F:CA:46:C1:77:72:B9:9E:DF:14:24:13:18:91:93
Certificate issuer:       /CN=53d9c969675a27d515d8fab2c63cde0ed056491e
Certificate serial:       018F3A40ADA1FA09DF0475740559466B1E16
Authority key identifier: 53:D9:C9:69:67:5A:27:D5:15:D8:FA:B2:C6:3C:DE:0E:D0:56:49:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U9nJaWdaJ9UV2PqyxjzeDtBWSR4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/99107a-3b1b-4b5e-ae15-f95c60b466a0/1/QUMktcgPykbBd3K5nt8UJBMYkZM.roa
Signing time:             Thu 02 May 2024 17:01:08 +0000
ROA not before:           Thu 02 May 2024 17:01:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207786
IP address blocks:        195.85.218.0/24 maxlen: 24
                          195.85.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/99107a-3b1b-4b5e-ae15-f95c60b466a0/1/U9nJaWdaJ9UV2PqyxjzeDtBWSR4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/99107a-3b1b-4b5e-ae15-f95c60b466a0/1/U9nJaWdaJ9UV2PqyxjzeDtBWSR4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U9nJaWdaJ9UV2PqyxjzeDtBWSR4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3a:40:ad:a1:fa:09:df:04:75:74:05:59:46:6b:1e:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53d9c969675a27d515d8fab2c63cde0ed056491e
        Validity
            Not Before: May  2 17:01:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=414324b5c80fca46c17772b99edf142413189193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:06:15:fe:c0:4e:77:28:c0:ac:10:7a:61:7d:
                    66:98:7e:ac:f3:7c:b1:4f:83:50:9a:b1:5a:1f:8a:
                    75:ea:07:77:85:e7:ee:f6:8a:18:07:41:ac:c5:4e:
                    46:d3:a6:25:86:57:d0:ac:55:b4:8c:69:45:d2:5e:
                    ea:82:62:a3:16:e7:87:15:00:45:45:e3:84:17:ad:
                    4d:a5:00:f0:71:b9:96:b7:56:3a:9b:cd:f3:87:7a:
                    88:2a:04:6a:61:81:0d:5c:67:48:ed:4a:a5:0f:a5:
                    24:63:c7:52:81:fb:7c:65:3c:ad:ab:17:e7:5e:41:
                    3e:e6:f0:d0:1e:39:b9:32:e7:76:5a:b0:b3:60:e3:
                    32:15:28:cd:ae:b1:c4:e3:cb:0c:49:08:cd:b4:b6:
                    14:48:68:6d:c4:c2:d9:95:45:1a:ac:45:52:93:35:
                    23:5f:91:b2:5d:bc:ad:8c:b5:29:fe:20:10:ad:bf:
                    97:f1:ec:d2:9c:0e:fc:19:1f:0a:1a:15:52:1a:f6:
                    2f:d9:e3:24:12:10:23:5b:62:8f:ec:a6:94:b6:91:
                    ed:3a:2a:ce:b3:e2:a4:d3:8b:f1:df:f1:1d:a7:22:
                    e5:c4:cb:fb:89:74:9a:43:73:62:8e:44:23:ff:22:
                    78:85:2b:b6:df:5b:21:f3:2d:50:e0:b8:62:7b:79:
                    ab:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:43:24:B5:C8:0F:CA:46:C1:77:72:B9:9E:DF:14:24:13:18:91:93
            X509v3 Authority Key Identifier:
                keyid:53:D9:C9:69:67:5A:27:D5:15:D8:FA:B2:C6:3C:DE:0E:D0:56:49:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U9nJaWdaJ9UV2PqyxjzeDtBWSR4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/99107a-3b1b-4b5e-ae15-f95c60b466a0/1/QUMktcgPykbBd3K5nt8UJBMYkZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/99107a-3b1b-4b5e-ae15-f95c60b466a0/1/U9nJaWdaJ9UV2PqyxjzeDtBWSR4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.218.0/24
                  195.85.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:35:73:13:36:fe:16:36:ea:81:d4:07:82:ed:aa:aa:79:5d:
         6d:11:b9:aa:12:7c:33:08:5f:00:57:59:5d:c8:9a:8d:98:c6:
         aa:12:ee:35:c2:ea:b0:cb:fa:1f:5c:6d:60:b6:26:07:ce:a8:
         ec:e8:79:8f:9e:0c:50:2c:c8:56:8f:5e:60:67:81:e4:31:c9:
         f6:5e:32:c8:7e:65:ee:7e:a8:42:1b:f6:06:dd:05:44:87:72:
         77:0e:85:68:09:ca:fd:f3:b6:36:f0:f7:64:c1:d3:c6:fb:7a:
         d3:99:3b:54:0a:7f:e9:8e:fc:48:c5:e7:cc:40:aa:12:88:d6:
         bc:a7:16:05:e8:bd:18:f8:4d:45:34:b2:d5:36:c3:23:b6:e3:
         a0:1b:6c:76:78:0e:28:e6:c4:cb:7f:ad:ec:49:ad:0e:ce:d4:
         df:33:28:60:6b:b3:cd:02:14:cf:0b:1a:33:0b:fb:8b:26:b8:
         29:8a:24:9b:af:a0:95:4d:0c:43:59:be:b2:2a:8a:fd:50:43:
         34:a7:73:63:d5:52:4e:d0:06:5e:e0:44:93:7e:3f:34:47:68:
         63:f4:85:3f:c8:83:bc:52:c5:1e:f6:0a:ed:00:37:aa:da:9f:
         16:9e:0f:19:05:eb:26:01:aa:42:93:48:3b:b2:48:7a:75:c8:
         32:d0:48:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY86QK2h+gnfBHV0BVlGax4WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZDljOTY5Njc1YTI3ZDUxNWQ4ZmFiMmM2M2NkZTBlZDA1
NjQ5MWUwHhcNMjQwNTAyMTcwMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTQzMjRiNWM4MGZjYTQ2YzE3NzcyYjk5ZWRmMTQyNDEzMTg5MTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQYV/sBOdyjArBB6YX1mmH6s83yx
T4NQmrFaH4p16gd3hefu9ooYB0GsxU5G06YlhlfQrFW0jGlF0l7qgmKjFueHFQBF
ReOEF61NpQDwcbmWt1Y6m83zh3qIKgRqYYENXGdI7UqlD6UkY8dSgft8ZTytqxfn
XkE+5vDQHjm5Mud2WrCzYOMyFSjNrrHE48sMSQjNtLYUSGhtxMLZlUUarEVSkzUj
X5GyXbytjLUp/iAQrb+X8ezSnA78GR8KGhVSGvYv2eMkEhAjW2KP7KaUtpHtOirO
s+Kk04vx3/EdpyLlxMv7iXSaQ3NijkQj/yJ4hSu231sh8y1Q4Lhie3mrZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEFDJLXID8pGwXdyuZ7fFCQTGJGTMB8GA1UdIwQY
MBaAFFPZyWlnWifVFdj6ssY83g7QVkkeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTluSmFXZGFKOVVWMlBxeXhqemVEdEJXU1I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC85OTEwN2EtM2IxYi00YjVlLWFlMTUt
Zjk1YzYwYjQ2NmEwLzEvUVVNa3RjZ1B5a2JCZDNLNW50OFVKQk1Za1pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC85OTEwN2EtM2IxYi00YjVlLWFlMTUtZjk1YzYwYjQ2NmEw
LzEvVTluSmFXZGFKOVVWMlBxeXhqemVEdEJXU1I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw1XaAwQA
w1X0MA0GCSqGSIb3DQEBCwUAA4IBAQAYNXMTNv4WNuqB1AeC7aqqeV1tEbmqEnwz
CF8AV1ldyJqNmMaqEu41wuqwy/ofXG1gtiYHzqjs6HmPngxQLMhWj15gZ4HkMcn2
XjLIfmXufqhCG/YG3QVEh3J3DoVoCcr987Y28PdkwdPG+3rTmTtUCn/pjvxIxefM
QKoSiNa8pxYF6L0Y+E1FNLLVNsMjtuOgG2x2eA4o5sTLf63sSa0OztTfMyhga7PN
AhTPCxozC/uLJrgpiiSbr6CVTQxDWb6yKor9UEM0p3Nj1VJO0AZe4ESTfj80R2hj
9IU/yIO8UsUe9grtADeq2p8Wng8ZBesmAapCk0g7skh6dcgy0Eih
-----END CERTIFICATE-----