Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/Qi-K4q1uIaWHj0y7mR9BfMvP4GA.roa
File:                     Qi-K4q1uIaWHj0y7mR9BfMvP4GA.roa (raw, json)
Hash identifier:          Mgt795fhsxBBzfPXPzhteThXFkSp9s83FwHLgSm90X8=
Subject key identifier:   42:2F:8A:E2:AD:6E:21:A5:87:8F:4C:BB:99:1F:41:7C:CB:CF:E0:60
Certificate issuer:       /CN=39247f77a3ae0af71eac03256449f5d292cffd74
Certificate serial:       0191C2DC988D74D563848ACEA146A7E8C341
Authority key identifier: 39:24:7F:77:A3:AE:0A:F7:1E:AC:03:25:64:49:F5:D2:92:CF:FD:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/Qi-K4q1uIaWHj0y7mR9BfMvP4GA.roa
Signing time:             Thu 05 Sep 2024 15:45:22 +0000
ROA not before:           Thu 05 Sep 2024 15:45:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273015
IP address blocks:        185.56.110.0/23 maxlen: 23
                          185.56.110.0/24 maxlen: 24
                          185.56.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/OSR_d6OuCvcerAMlZEn10pLP_XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/OSR_d6OuCvcerAMlZEn10pLP_XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c2:dc:98:8d:74:d5:63:84:8a:ce:a1:46:a7:e8:c3:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39247f77a3ae0af71eac03256449f5d292cffd74
        Validity
            Not Before: Sep  5 15:45:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=422f8ae2ad6e21a5878f4cbb991f417ccbcfe060
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5b:f1:b2:f1:49:da:b3:2e:4c:76:da:48:8e:
                    e9:d7:b0:be:95:12:91:a9:29:72:2d:2d:12:72:f2:
                    14:3e:22:a1:c4:c5:f3:f6:f4:a7:01:66:30:54:71:
                    59:e0:d7:3c:cc:fc:58:62:1a:c7:bb:9c:63:fa:df:
                    30:cd:37:ec:ec:99:cf:bd:8a:74:bc:34:1c:47:fb:
                    8f:fe:f7:b8:9a:89:9b:e9:92:83:fe:59:dc:95:93:
                    e7:0c:5d:be:80:9b:d8:49:89:9b:26:60:8a:dd:b3:
                    2c:a9:6c:dc:69:68:1e:cc:a7:14:30:0f:f9:97:81:
                    0a:32:e6:dc:8c:27:e9:f7:61:ae:37:e3:5a:1b:8e:
                    ca:44:5d:9a:a7:9e:79:2a:88:18:9b:9f:71:01:77:
                    80:fb:48:a6:dc:8f:f4:94:13:4c:a7:66:a5:74:2d:
                    5f:45:89:a2:2a:04:f0:5d:bd:3b:ba:48:5d:e2:b2:
                    98:68:e4:f3:26:c1:7c:57:44:a1:af:b7:ef:56:d5:
                    6d:df:37:a9:26:c4:db:fd:76:ef:7f:be:57:56:a2:
                    84:cc:52:b3:c0:dc:b2:31:8f:cc:48:74:4e:c5:84:
                    4a:e0:d0:e8:bc:93:2a:c6:6a:01:95:41:d1:95:40:
                    4d:df:96:43:69:af:26:3d:80:58:14:bc:88:17:e3:
                    04:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:2F:8A:E2:AD:6E:21:A5:87:8F:4C:BB:99:1F:41:7C:CB:CF:E0:60
            X509v3 Authority Key Identifier:
                keyid:39:24:7F:77:A3:AE:0A:F7:1E:AC:03:25:64:49:F5:D2:92:CF:FD:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/Qi-K4q1uIaWHj0y7mR9BfMvP4GA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/OSR_d6OuCvcerAMlZEn10pLP_XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:bf:40:79:80:94:1c:91:f8:80:ac:99:95:4b:ae:97:83:4a:
         4c:d7:93:0d:62:79:5f:57:0b:5c:de:a2:5d:f3:f7:b0:eb:95:
         89:55:31:fb:87:17:51:20:43:17:9f:9e:a5:86:1e:cc:20:95:
         95:97:56:3e:56:95:a7:fe:ef:93:b7:22:1e:cf:88:a8:15:a6:
         d4:d6:2f:cb:60:32:c1:1a:c6:b6:08:2d:a9:a5:30:26:6a:fd:
         43:cb:7d:34:e5:b5:d5:9f:52:c1:f1:bc:be:1c:bd:bb:8a:b8:
         e0:33:2a:c5:91:5a:c9:15:bc:a2:a6:0d:83:ab:50:82:78:33:
         6b:4c:4d:f2:1b:80:a7:cd:b9:42:74:76:f0:c1:d7:30:d0:83:
         2e:74:92:81:4f:0a:64:d6:1e:56:f9:d4:fb:39:4f:ee:cb:13:
         ec:0a:c3:00:39:16:1a:07:58:ef:ae:bc:8c:54:b5:a5:8c:20:
         ab:dc:ef:f9:41:cf:f0:dc:37:ba:c4:46:b6:8a:f8:c5:8c:b1:
         5d:a8:85:df:09:04:68:99:a1:04:d0:20:e8:79:19:2a:e0:4f:
         bb:9d:d4:9a:81:20:61:f3:16:20:37:86:da:37:f8:87:b8:cc:
         2c:ec:52:7e:e6:24:69:f1:ac:fc:ca:0c:8f:81:99:89:3e:56:
         11:d5:06:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHC3JiNdNVjhIrOoUan6MNBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MjQ3Zjc3YTNhZTBhZjcxZWFjMDMyNTY0NDlmNWQyOTJj
ZmZkNzQwHhcNMjQwOTA1MTU0NTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjJmOGFlMmFkNmUyMWE1ODc4ZjRjYmI5OTFmNDE3Y2NiY2ZlMDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlvxsvFJ2rMuTHbaSI7p17C+lRKR
qSlyLS0ScvIUPiKhxMXz9vSnAWYwVHFZ4Nc8zPxYYhrHu5xj+t8wzTfs7JnPvYp0
vDQcR/uP/ve4momb6ZKD/lnclZPnDF2+gJvYSYmbJmCK3bMsqWzcaWgezKcUMA/5
l4EKMubcjCfp92GuN+NaG47KRF2ap555KogYm59xAXeA+0im3I/0lBNMp2aldC1f
RYmiKgTwXb07ukhd4rKYaOTzJsF8V0Shr7fvVtVt3zepJsTb/Xbvf75XVqKEzFKz
wNyyMY/MSHROxYRK4NDovJMqxmoBlUHRlUBN35ZDaa8mPYBYFLyIF+ME3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIviuKtbiGlh49Mu5kfQXzLz+BgMB8GA1UdIwQY
MBaAFDkkf3ejrgr3HqwDJWRJ9dKSz/10MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1NSX2Q2T3VDdmNlckFNbFpFbjEwcExQX1hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmVkOWMtN2MxMy00OGI5LWE4ODYt
Y2Q2NmFkNTM0ODEyLzEvUWktSzRxMXVJYVdIajB5N21SOUJmTXZQNEdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmVkOWMtN2MxMy00OGI5LWE4ODYtY2Q2NmFkNTM0ODEy
LzEvT1NSX2Q2T3VDdmNlckFNbFpFbjEwcExQX1hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuThuMA0G
CSqGSIb3DQEBCwUAA4IBAQA1v0B5gJQckfiArJmVS66Xg0pM15MNYnlfVwtc3qJd
8/ew65WJVTH7hxdRIEMXn56lhh7MIJWVl1Y+VpWn/u+TtyIez4ioFabU1i/LYDLB
Gsa2CC2ppTAmav1Dy3005bXVn1LB8by+HL27irjgMyrFkVrJFbyipg2Dq1CCeDNr
TE3yG4CnzblCdHbwwdcw0IMudJKBTwpk1h5W+dT7OU/uyxPsCsMAORYaB1jvrryM
VLWljCCr3O/5Qc/w3De6xEa2ivjFjLFdqIXfCQRomaEE0CDoeRkq4E+7ndSagSBh
8xYgN4baN/iHuMws7FJ+5iRp8az8ygyPgZmJPlYR1QY+
-----END CERTIFICATE-----