Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/qDLq-MfQeEiPhcANKolsbyZmoXo.roa
File:                     qDLq-MfQeEiPhcANKolsbyZmoXo.roa (raw, json)
Hash identifier:          d7Se2U1FZ+NNN2/PCKRcmbyaVCfHhY0GQ753VuRxISE=
Subject key identifier:   A8:32:EA:F8:C7:D0:78:48:8F:85:C0:0D:2A:89:6C:6F:26:66:A1:7A
Certificate issuer:       /CN=84a69fc568894cb3985edef22216bd99974de251
Certificate serial:       018CC64B4C2929F4ADA71BD82154617EB5BE
Authority key identifier: 84:A6:9F:C5:68:89:4C:B3:98:5E:DE:F2:22:16:BD:99:97:4D:E2:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hKafxWiJTLOYXt7yIha9mZdN4lE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/qDLq-MfQeEiPhcANKolsbyZmoXo.roa
Signing time:             Mon 01 Jan 2024 18:31:12 +0000
ROA not before:           Mon 01 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56339
IP address blocks:        91.243.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/hKafxWiJTLOYXt7yIha9mZdN4lE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/hKafxWiJTLOYXt7yIha9mZdN4lE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hKafxWiJTLOYXt7yIha9mZdN4lE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:4c:29:29:f4:ad:a7:1b:d8:21:54:61:7e:b5:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84a69fc568894cb3985edef22216bd99974de251
        Validity
            Not Before: Jan  1 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a832eaf8c7d078488f85c00d2a896c6f2666a17a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a6:82:d8:ac:4d:a8:30:61:96:cd:92:cc:3b:
                    9d:88:2a:c8:f9:5c:d4:a5:79:d3:d5:8a:30:9a:e2:
                    c6:4e:02:81:db:e0:33:66:de:c4:3c:fd:d6:5c:0b:
                    07:cb:3b:f4:1e:4a:e4:46:d5:3a:93:b2:10:4b:38:
                    2a:4e:77:69:09:39:fb:d1:94:64:de:08:0f:6b:2f:
                    2e:7b:25:c5:bd:9b:72:2f:d0:de:2c:dc:17:f6:84:
                    98:32:58:ca:ef:0d:a0:74:e2:ef:e5:4d:b5:4a:c2:
                    a4:16:35:41:1e:2a:06:62:e0:cb:28:61:00:2d:8b:
                    98:2b:0c:42:37:69:a6:14:d2:e7:b1:a0:82:f2:73:
                    b6:85:29:27:92:dc:0e:ed:06:fc:e2:67:6c:7b:9f:
                    fe:8b:1e:66:6e:f4:d5:55:50:3c:83:69:32:f7:34:
                    aa:1c:74:e6:78:19:d5:8b:7b:4b:03:fa:18:db:a9:
                    bb:be:67:0b:e6:01:2b:14:41:01:4f:77:0e:1f:66:
                    e9:c8:09:e6:4e:28:1e:1f:6c:9f:61:12:dd:a4:2e:
                    ea:7d:c0:a9:54:1e:e7:42:f0:48:3d:19:35:3a:63:
                    b6:0a:01:ca:6f:35:95:3f:1c:dc:07:9c:d5:32:ef:
                    cb:74:82:73:45:d4:8d:26:79:8d:53:79:d0:ab:33:
                    57:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:32:EA:F8:C7:D0:78:48:8F:85:C0:0D:2A:89:6C:6F:26:66:A1:7A
            X509v3 Authority Key Identifier:
                keyid:84:A6:9F:C5:68:89:4C:B3:98:5E:DE:F2:22:16:BD:99:97:4D:E2:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hKafxWiJTLOYXt7yIha9mZdN4lE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/qDLq-MfQeEiPhcANKolsbyZmoXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/hKafxWiJTLOYXt7yIha9mZdN4lE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.243.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:76:ac:4a:a8:fa:6d:be:5e:ae:4f:3d:3f:ef:68:78:71:9d:
         a3:e1:c2:b9:77:d8:88:12:18:f2:d5:9c:c5:d0:4c:7d:3d:0c:
         68:72:60:77:ae:a2:0a:bd:6c:da:59:c9:89:e3:d7:81:85:cc:
         14:53:34:c9:e5:b9:b4:d1:55:b3:69:b4:06:0e:05:fa:16:34:
         25:89:61:ae:9a:39:9d:32:07:39:39:9d:74:00:8d:c9:e2:df:
         dd:2b:72:6e:f5:bb:f8:ac:26:7c:1c:4a:2c:f5:81:3b:42:b1:
         55:da:f2:6e:c6:f2:f7:57:47:19:d9:bd:f4:11:b8:e5:a2:b6:
         e1:42:8d:1a:ef:c8:18:14:be:e4:10:07:8e:eb:0b:ee:68:14:
         30:7a:67:61:83:53:04:21:4f:ac:85:49:07:77:d5:cb:11:d5:
         4f:fa:42:f7:28:9b:39:96:af:8f:9d:06:95:49:fa:02:ed:93:
         47:f8:a1:43:81:17:15:aa:24:db:75:33:76:37:e5:d1:a0:be:
         30:90:75:b9:c1:a4:4f:b1:23:50:db:95:6b:07:d2:da:50:0f:
         a6:c7:36:5f:4d:72:38:3e:65:8d:5a:99:94:d1:e8:c7:37:bc:
         34:49:27:dc:ed:48:91:4f:8d:03:9c:ba:d5:89:90:11:e2:cb:
         6a:f7:d0:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS0wpKfStpxvYIVRhfrW+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YTY5ZmM1Njg4OTRjYjM5ODVlZGVmMjIyMTZiZDk5OTc0
ZGUyNTEwHhcNMjQwMTAxMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODMyZWFmOGM3ZDA3ODQ4OGY4NWMwMGQyYTg5NmM2ZjI2NjZhMTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6aC2KxNqDBhls2SzDudiCrI+VzU
pXnT1YowmuLGTgKB2+AzZt7EPP3WXAsHyzv0HkrkRtU6k7IQSzgqTndpCTn70ZRk
3ggPay8ueyXFvZtyL9DeLNwX9oSYMljK7w2gdOLv5U21SsKkFjVBHioGYuDLKGEA
LYuYKwxCN2mmFNLnsaCC8nO2hSknktwO7Qb84mdse5/+ix5mbvTVVVA8g2ky9zSq
HHTmeBnVi3tLA/oY26m7vmcL5gErFEEBT3cOH2bpyAnmTigeH2yfYRLdpC7qfcCp
VB7nQvBIPRk1OmO2CgHKbzWVPxzcB5zVMu/LdIJzRdSNJnmNU3nQqzNXVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKgy6vjH0HhIj4XADSqJbG8mZqF6MB8GA1UdIwQY
MBaAFISmn8VoiUyzmF7e8iIWvZmXTeJRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEthZnhXaUpUTE9ZWHQ3eUloYTltWmRONGxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9jNjBhMWUtOTA4MC00YjA4LTk1ZGEt
NDM3ZmU1MGJiNGY3LzEvcURMcS1NZlFlRWlQaGNBTktvbHNieVptb1hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9jNjBhMWUtOTA4MC00YjA4LTk1ZGEtNDM3ZmU1MGJiNGY3
LzEvaEthZnhXaUpUTE9ZWHQ3eUloYTltWmRONGxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/N1MA0G
CSqGSIb3DQEBCwUAA4IBAQCOdqxKqPptvl6uTz0/72h4cZ2j4cK5d9iIEhjy1ZzF
0Ex9PQxocmB3rqIKvWzaWcmJ49eBhcwUUzTJ5bm00VWzabQGDgX6FjQliWGumjmd
Mgc5OZ10AI3J4t/dK3Ju9bv4rCZ8HEos9YE7QrFV2vJuxvL3V0cZ2b30Ebjlorbh
Qo0a78gYFL7kEAeO6wvuaBQwemdhg1MEIU+shUkHd9XLEdVP+kL3KJs5lq+PnQaV
SfoC7ZNH+KFDgRcVqiTbdTN2N+XRoL4wkHW5waRPsSNQ25VrB9LaUA+mxzZfTXI4
PmWNWpmU0ejHN7w0SSfc7UiRT40DnLrViZAR4stq99BR
-----END CERTIFICATE-----