Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dqwBReYXANBi0opncdz4OQ-1iLk.roa
File:                     dqwBReYXANBi0opncdz4OQ-1iLk.roa (raw, json)
Hash identifier:          o8nPwnENLzR4+u1H9fyPpseh0WXSvnfDjbVCd55HGNw=
Subject key identifier:   76:AC:01:45:E6:17:00:D0:62:D2:8A:67:71:DC:F8:39:0F:B5:88:B9
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018CC2DB6A33BA8D24EF2487D0E695D9F238
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dqwBReYXANBi0opncdz4OQ-1iLk.roa
Signing time:             Mon 01 Jan 2024 02:30:08 +0000
ROA not before:           Mon 01 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208167
IP address blocks:        194.28.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:6a:33:ba:8d:24:ef:24:87:d0:e6:95:d9:f2:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  1 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76ac0145e61700d062d28a6771dcf8390fb588b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:92:76:7b:e6:ed:e4:90:b4:8d:8d:c2:61:bd:
                    76:75:6a:36:d7:2e:52:9e:6c:74:70:2a:47:a3:29:
                    13:da:34:8f:c2:ff:bb:15:f2:c4:d6:65:92:0b:af:
                    b5:db:7f:6b:09:4f:0d:2d:97:8d:17:2c:17:e9:29:
                    30:da:48:aa:50:61:b4:68:04:03:45:b2:91:22:bb:
                    79:c1:93:48:91:c6:1e:50:11:24:0d:e3:51:c1:5f:
                    1e:a7:3c:51:31:1a:94:54:cd:ad:be:36:13:d7:e5:
                    a3:d9:0e:a3:97:a9:ef:b9:6d:40:e4:66:e5:67:cd:
                    65:ee:23:89:1e:a5:b0:a5:2b:a6:1c:1e:fe:22:ff:
                    d7:cc:19:36:60:e3:9a:b7:0e:da:43:1f:17:9f:86:
                    d4:76:68:97:17:4f:7d:c1:d0:96:21:95:3c:86:27:
                    4f:c2:f9:be:b7:ff:19:49:93:79:ad:22:d3:f0:a1:
                    2b:61:81:b4:1b:e4:ff:d3:15:e6:1f:61:31:b7:1c:
                    8a:8c:ee:01:14:de:c5:4b:23:6b:1b:4b:c4:9d:a1:
                    bb:03:e7:b5:6d:f9:e1:ec:ec:5f:7d:22:87:f1:26:
                    61:87:8b:76:24:c2:fa:4f:2d:5f:d8:8c:66:9f:ba:
                    61:29:e0:f0:47:e7:59:ea:c7:ce:a7:85:e0:61:09:
                    27:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:AC:01:45:E6:17:00:D0:62:D2:8A:67:71:DC:F8:39:0F:B5:88:B9
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dqwBReYXANBi0opncdz4OQ-1iLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.28.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:35:56:4d:53:81:71:52:b8:b7:9d:27:54:6c:68:57:21:9a:
         1f:24:de:a4:1e:92:4f:57:e0:9c:9b:dc:15:e7:b6:9b:1f:33:
         2d:ba:51:04:5d:fb:48:0d:4e:d3:4b:23:8d:32:ae:f4:04:81:
         13:54:79:f8:af:f6:84:18:b6:c3:42:08:a8:52:95:7f:75:c0:
         66:ed:43:81:5f:0d:da:9a:34:0e:76:c8:ad:32:95:63:fa:a9:
         35:ac:2c:1e:5d:b7:0c:c9:c6:59:ac:b8:8e:34:ac:a0:39:70:
         f2:6c:82:45:91:f0:eb:2f:49:ca:55:5d:91:73:af:fe:72:10:
         25:19:2e:7c:29:a0:a4:40:07:f8:d9:f2:ad:ef:b3:3d:83:cc:
         43:11:e5:13:9c:60:3d:19:36:8a:18:a4:b7:72:67:e9:32:62:
         32:86:4a:96:08:bd:4e:ce:6b:a7:4a:50:ae:3b:e7:89:c0:80:
         f4:02:6f:b7:10:74:25:0b:93:c9:e4:18:9b:1d:e7:fb:fc:3b:
         50:98:23:28:d0:03:3f:c2:e4:3c:0c:e5:fe:b1:50:1f:e2:3d:
         76:bb:d3:e1:18:94:3d:a4:8d:a6:dd:72:2f:60:78:f7:33:a7:
         31:c9:f4:de:cf:a1:5f:41:fc:c9:d4:4d:ab:7e:49:ca:da:3d:
         54:7a:46:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22ozuo0k7ySH0OaV2fI4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMTAxMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmFjMDE0NWU2MTcwMGQwNjJkMjhhNjc3MWRjZjgzOTBmYjU4OGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZJ2e+bt5JC0jY3CYb12dWo21y5S
nmx0cCpHoykT2jSPwv+7FfLE1mWSC6+1239rCU8NLZeNFywX6Skw2kiqUGG0aAQD
RbKRIrt5wZNIkcYeUBEkDeNRwV8epzxRMRqUVM2tvjYT1+Wj2Q6jl6nvuW1A5Gbl
Z81l7iOJHqWwpSumHB7+Iv/XzBk2YOOatw7aQx8Xn4bUdmiXF099wdCWIZU8hidP
wvm+t/8ZSZN5rSLT8KErYYG0G+T/0xXmH2ExtxyKjO4BFN7FSyNrG0vEnaG7A+e1
bfnh7OxffSKH8SZhh4t2JML6Ty1f2Ixmn7phKeDwR+dZ6sfOp4XgYQknowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHasAUXmFwDQYtKKZ3Hc+DkPtYi5MB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvZHF3QlJlWVhBTkJpMG9wbmNkejRPUS0xaUxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhzjMA0G
CSqGSIb3DQEBCwUAA4IBAQALNVZNU4FxUri3nSdUbGhXIZofJN6kHpJPV+Ccm9wV
57abHzMtulEEXftIDU7TSyONMq70BIETVHn4r/aEGLbDQgioUpV/dcBm7UOBXw3a
mjQOdsitMpVj+qk1rCweXbcMycZZrLiONKygOXDybIJFkfDrL0nKVV2Rc6/+chAl
GS58KaCkQAf42fKt77M9g8xDEeUTnGA9GTaKGKS3cmfpMmIyhkqWCL1OzmunSlCu
O+eJwID0Am+3EHQlC5PJ5BibHef7/DtQmCMo0AM/wuQ8DOX+sVAf4j12u9PhGJQ9
pI2m3XIvYHj3M6cxyfTez6FfQfzJ1E2rfknK2j1UekbG
-----END CERTIFICATE-----