Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/qnxuSQ_77tU7cI5WpI_SIb0bRmc.roa
File:                     qnxuSQ_77tU7cI5WpI_SIb0bRmc.roa (raw, json)
Hash identifier:          gwXEb7F7XPZVZBmPWjk+PgPa7gBx8XzqKnlSLtHcdp0=
Subject key identifier:   AA:7C:6E:49:0F:FB:EE:D5:3B:70:8E:56:A4:8F:D2:21:BD:1B:46:67
Certificate issuer:       /CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
Certificate serial:       018CC8710610A944876B6E0435B1168BD401
Authority key identifier: 79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/qnxuSQ_77tU7cI5WpI_SIb0bRmc.roa
Signing time:             Tue 02 Jan 2024 04:31:39 +0000
ROA not before:           Tue 02 Jan 2024 04:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198456
IP address blocks:        185.17.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:06:10:a9:44:87:6b:6e:04:35:b1:16:8b:d4:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
        Validity
            Not Before: Jan  2 04:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa7c6e490ffbeed53b708e56a48fd221bd1b4667
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:8e:25:fa:43:78:1b:25:d9:a2:72:4c:e1:c6:
                    43:5a:5c:95:44:aa:cf:e0:a0:11:5e:67:05:84:a3:
                    b4:6e:f6:b0:92:6f:e4:bf:ec:d4:c9:19:d1:d1:45:
                    4e:ef:7e:e5:c1:99:5c:c4:2e:ed:d6:57:e7:6f:c6:
                    a6:3a:67:e4:f1:e8:4e:88:5a:31:1d:f9:e7:e6:4c:
                    66:f5:2f:64:a6:45:48:e2:bf:da:91:cb:50:26:e9:
                    80:2d:7d:4e:8d:76:0a:f0:92:b0:02:c1:e8:85:e8:
                    47:96:ad:99:92:da:5e:8c:76:5b:02:49:49:c7:50:
                    9b:99:ba:18:68:21:bf:62:30:b0:03:cc:68:63:ed:
                    3d:63:a8:6c:35:ee:90:76:bf:26:6c:2d:ae:69:aa:
                    e4:b8:31:ce:7e:4e:b7:9a:da:2b:31:6b:2e:5b:e2:
                    ad:89:d6:d9:56:fb:2a:9e:d5:11:e5:6d:bf:7a:8a:
                    78:a6:24:7e:14:e8:11:dd:49:09:4a:eb:c2:01:87:
                    98:d8:5c:23:31:ca:7a:e8:b9:01:63:9e:41:94:c6:
                    a5:ba:a2:6b:5b:6a:30:37:7e:0e:49:43:ea:6d:32:
                    07:87:96:30:6f:e2:98:dc:2c:8c:29:1e:ef:4f:5a:
                    29:be:eb:88:ab:80:ef:97:3f:60:a2:41:2f:b2:71:
                    59:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:7C:6E:49:0F:FB:EE:D5:3B:70:8E:56:A4:8F:D2:21:BD:1B:46:67
            X509v3 Authority Key Identifier:
                keyid:79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/qnxuSQ_77tU7cI5WpI_SIb0bRmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:be:59:fc:4a:69:c3:6f:51:25:3e:65:fd:c2:29:f1:70:d8:
         37:4b:e7:5d:f7:92:55:6b:bd:fb:30:2f:78:10:5f:31:df:ea:
         64:ab:80:9e:1c:39:f4:a4:a3:7e:19:ab:f7:c0:06:c6:f7:c8:
         16:c9:27:cf:c0:e3:c3:3b:7e:b1:ea:6e:4c:96:a0:9f:4a:b3:
         b1:b7:f3:21:dd:49:71:2c:96:4b:f3:14:74:63:a8:58:09:97:
         4a:3d:f0:6c:bb:c9:90:c1:90:4d:8c:16:4d:dc:b0:86:3f:dd:
         93:85:36:91:e9:14:d4:1a:56:3e:47:8f:7d:8b:e4:a2:55:69:
         36:19:be:b4:b3:34:f2:74:1f:01:06:44:ff:16:18:75:74:5f:
         ff:56:81:d1:52:e0:bf:05:2b:50:bc:17:82:e4:3e:60:1e:ae:
         cd:43:fd:4f:f0:11:7d:4f:55:77:7c:5f:f8:a2:ab:1a:99:68:
         4d:be:f2:76:05:58:9a:ae:60:a2:61:04:f5:67:bb:08:11:4c:
         f6:3c:2e:bb:0d:38:64:54:b1:f0:c6:63:ab:25:7e:cb:40:39:
         3a:81:b2:8e:59:46:66:07:d2:14:8d:a1:d1:d8:f8:d4:78:f1:
         14:40:7a:63:41:44:7a:b9:88:2a:75:ff:98:05:71:ab:70:10:
         5c:59:19:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcQYQqUSHa24ENbEWi9QBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Nzk4NjNjZWE4MmFlYjhlOWRmMzg0YjM5YWE1MTc2ZjRi
Y2ZhNjEwHhcNMjQwMTAyMDQzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTdjNmU0OTBmZmJlZWQ1M2I3MDhlNTZhNDhmZDIyMWJkMWI0NjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoY4l+kN4GyXZonJM4cZDWlyVRKrP
4KARXmcFhKO0bvawkm/kv+zUyRnR0UVO737lwZlcxC7t1lfnb8amOmfk8ehOiFox
Hfnn5kxm9S9kpkVI4r/akctQJumALX1OjXYK8JKwAsHohehHlq2ZktpejHZbAklJ
x1CbmboYaCG/YjCwA8xoY+09Y6hsNe6Qdr8mbC2uaarkuDHOfk63mtorMWsuW+Kt
idbZVvsqntUR5W2/eop4piR+FOgR3UkJSuvCAYeY2FwjMcp66LkBY55BlMaluqJr
W2owN34OSUPqbTIHh5Ywb+KY3CyMKR7vT1opvuuIq4Dvlz9gokEvsnFZlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKp8bkkP++7VO3COVqSP0iG9G0ZnMB8GA1UdIwQY
MBaAFHl5hjzqgq646d84SzmqUXb0vPphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEt
ZGU0YWNmNDQ3ZmFlLzEvcW54dVNRXzc3dFU3Y0k1V3BJX1NJYjBiUm1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEtZGU0YWNmNDQ3ZmFl
LzEvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRFWMA0G
CSqGSIb3DQEBCwUAA4IBAQAZvln8SmnDb1ElPmX9winxcNg3S+dd95JVa737MC94
EF8x3+pkq4CeHDn0pKN+Gav3wAbG98gWySfPwOPDO36x6m5MlqCfSrOxt/Mh3Ulx
LJZL8xR0Y6hYCZdKPfBsu8mQwZBNjBZN3LCGP92ThTaR6RTUGlY+R499i+SiVWk2
Gb60szTydB8BBkT/Fhh1dF//VoHRUuC/BStQvBeC5D5gHq7NQ/1P8BF9T1V3fF/4
oqsamWhNvvJ2BViarmCiYQT1Z7sIEUz2PC67DThkVLHwxmOrJX7LQDk6gbKOWUZm
B9IUjaHR2PjUePEUQHpjQUR6uYgqdf+YBXGrcBBcWRn+
-----END CERTIFICATE-----