Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/78fde9-6df0-4ae2-9b37-a7c4b2f6e276/1/Qpgj6dBPSxcgU9Sgx_I7D5AQ6_8.roa
File:                     Qpgj6dBPSxcgU9Sgx_I7D5AQ6_8.roa (raw, json)
Hash identifier:          9ZRPhHzWCjteg7Rfts1ZTX0oFYEm/FizkiyyptlUGeE=
Subject key identifier:   42:98:23:E9:D0:4F:4B:17:20:53:D4:A0:C7:F2:3B:0F:90:10:EB:FF
Certificate issuer:       /CN=d3c6178fb034905130af0ce1cd275154f2b59b78
Certificate serial:       018CC348FBA226F85043FD68CE51CEE63FC8
Authority key identifier: D3:C6:17:8F:B0:34:90:51:30:AF:0C:E1:CD:27:51:54:F2:B5:9B:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08YXj7A0kFEwrwzhzSdRVPK1m3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/78fde9-6df0-4ae2-9b37-a7c4b2f6e276/1/Qpgj6dBPSxcgU9Sgx_I7D5AQ6_8.roa
Signing time:             Mon 01 Jan 2024 04:29:49 +0000
ROA not before:           Mon 01 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205166
IP address blocks:        185.228.29.0/24 maxlen: 24
                          185.228.28.0/22 maxlen: 22
                          185.228.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/78fde9-6df0-4ae2-9b37-a7c4b2f6e276/1/08YXj7A0kFEwrwzhzSdRVPK1m3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/78fde9-6df0-4ae2-9b37-a7c4b2f6e276/1/08YXj7A0kFEwrwzhzSdRVPK1m3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08YXj7A0kFEwrwzhzSdRVPK1m3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:fb:a2:26:f8:50:43:fd:68:ce:51:ce:e6:3f:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3c6178fb034905130af0ce1cd275154f2b59b78
        Validity
            Not Before: Jan  1 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=429823e9d04f4b172053d4a0c7f23b0f9010ebff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:64:af:d3:41:a3:8a:4a:55:f2:40:43:27:16:
                    49:74:ba:ad:f8:c3:67:e9:78:fe:15:bb:3c:2a:bf:
                    87:2a:2a:66:89:5c:8a:05:8b:af:ea:14:74:d5:0a:
                    17:3a:b8:14:48:87:3f:08:cb:1b:10:ee:de:9d:dd:
                    7f:3a:b2:90:25:40:5f:7e:f3:4a:ba:ec:34:fc:9f:
                    ec:3b:e5:74:0d:e2:47:7f:05:71:1a:0c:67:93:fa:
                    d2:cb:fa:10:02:93:b0:f7:24:c1:f1:c2:4f:68:75:
                    98:11:0b:29:62:e0:3c:89:28:e0:d7:81:aa:94:cf:
                    9c:c8:79:ff:91:09:03:e5:e5:0f:c1:3f:cb:81:12:
                    d4:56:82:2d:32:c4:60:e3:d1:e5:4f:ce:a5:c0:b2:
                    20:3b:93:01:d1:49:55:e1:bf:48:59:f7:88:10:0d:
                    01:8c:e5:27:3c:b8:46:69:aa:85:f7:46:c0:0c:ad:
                    58:ec:bb:4b:b9:50:36:e0:9f:4d:4c:d8:c8:af:9e:
                    c5:c6:d7:02:d7:59:e0:a4:d3:a2:62:2a:ae:60:5f:
                    7c:99:1d:29:42:08:be:80:8c:84:8c:a2:28:13:2a:
                    d7:83:01:d9:14:2e:28:f1:6b:e2:78:5b:db:42:a7:
                    02:ff:92:23:01:c2:b3:3f:e2:52:f6:1f:b7:88:09:
                    a3:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:98:23:E9:D0:4F:4B:17:20:53:D4:A0:C7:F2:3B:0F:90:10:EB:FF
            X509v3 Authority Key Identifier:
                keyid:D3:C6:17:8F:B0:34:90:51:30:AF:0C:E1:CD:27:51:54:F2:B5:9B:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08YXj7A0kFEwrwzhzSdRVPK1m3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/78fde9-6df0-4ae2-9b37-a7c4b2f6e276/1/Qpgj6dBPSxcgU9Sgx_I7D5AQ6_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/78fde9-6df0-4ae2-9b37-a7c4b2f6e276/1/08YXj7A0kFEwrwzhzSdRVPK1m3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:60:6c:4c:39:8f:08:11:69:05:1e:52:f5:97:99:1e:81:1a:
         6b:ab:d9:1f:c1:2f:6b:2e:9f:a1:da:5c:35:c7:56:08:56:55:
         a3:01:1b:34:79:7c:35:d8:95:75:b8:03:72:96:3f:d2:c4:89:
         24:09:33:f4:d3:0c:cf:ed:9d:f9:16:2a:86:64:26:65:55:cf:
         ed:21:40:6d:54:0a:7f:75:76:c9:6c:b2:3f:1f:a4:c1:ea:f2:
         69:9a:cd:44:cb:20:08:e4:e3:b1:f1:d6:db:cb:85:da:f0:a1:
         e7:33:ce:08:f0:6f:2c:9c:8f:88:71:3a:89:2f:d4:8e:12:0a:
         88:2b:f7:f3:d7:1e:33:39:d1:ce:4b:92:8a:c2:27:2c:6e:a2:
         38:2d:4c:54:6c:64:35:76:b3:cf:00:cb:ba:e0:e0:a0:7b:9a:
         ed:f7:13:66:56:21:38:af:95:67:f4:45:8a:e4:3a:d6:d7:1f:
         3e:a4:14:70:64:86:0a:c0:96:b2:ca:2e:bc:6f:d2:47:d2:eb:
         c9:a0:0c:48:f0:a0:28:99:7e:cc:43:ff:93:0c:64:7f:f9:25:
         b1:58:3e:db:68:99:e5:be:68:92:8e:8e:fd:2d:7e:22:85:e1:
         6b:98:fd:1b:fb:b8:dd:f0:45:91:b9:1c:0b:cf:a7:4f:81:f6:
         d1:3d:c7:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPuiJvhQQ/1ozlHO5j/IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYzYxNzhmYjAzNDkwNTEzMGFmMGNlMWNkMjc1MTU0ZjJi
NTliNzgwHhcNMjQwMTAxMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjk4MjNlOWQwNGY0YjE3MjA1M2Q0YTBjN2YyM2IwZjkwMTBlYmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWSv00GjikpV8kBDJxZJdLqt+MNn
6Xj+Fbs8Kr+HKipmiVyKBYuv6hR01QoXOrgUSIc/CMsbEO7end1/OrKQJUBffvNK
uuw0/J/sO+V0DeJHfwVxGgxnk/rSy/oQApOw9yTB8cJPaHWYEQspYuA8iSjg14Gq
lM+cyHn/kQkD5eUPwT/LgRLUVoItMsRg49HlT86lwLIgO5MB0UlV4b9IWfeIEA0B
jOUnPLhGaaqF90bADK1Y7LtLuVA24J9NTNjIr57FxtcC11ngpNOiYiquYF98mR0p
Qgi+gIyEjKIoEyrXgwHZFC4o8WvieFvbQqcC/5IjAcKzP+JS9h+3iAmjDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEKYI+nQT0sXIFPUoMfyOw+QEOv/MB8GA1UdIwQY
MBaAFNPGF4+wNJBRMK8M4c0nUVTytZt4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDhZWGo3QTBrRkV3cnd6aHpTZFJWUEsxbTNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83OGZkZTktNmRmMC00YWUyLTliMzct
YTdjNGIyZjZlMjc2LzEvUXBnajZkQlBTeGNnVTlTZ3hfSTdENUFRNl84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83OGZkZTktNmRmMC00YWUyLTliMzctYTdjNGIyZjZlMjc2
LzEvMDhZWGo3QTBrRkV3cnd6aHpTZFJWUEsxbTNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueQcMA0G
CSqGSIb3DQEBCwUAA4IBAQCDYGxMOY8IEWkFHlL1l5kegRprq9kfwS9rLp+h2lw1
x1YIVlWjARs0eXw12JV1uANylj/SxIkkCTP00wzP7Z35FiqGZCZlVc/tIUBtVAp/
dXbJbLI/H6TB6vJpms1EyyAI5OOx8dbby4Xa8KHnM84I8G8snI+IcTqJL9SOEgqI
K/fz1x4zOdHOS5KKwicsbqI4LUxUbGQ1drPPAMu64OCge5rt9xNmViE4r5Vn9EWK
5DrW1x8+pBRwZIYKwJayyi68b9JH0uvJoAxI8KAomX7MQ/+TDGR/+SWxWD7baJnl
vmiSjo79LX4iheFrmP0b+7jd8EWRuRwLz6dPgfbRPcdo
-----END CERTIFICATE-----