Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/20bc6d-8c8d-4e27-89c7-f512c2dac4c4/1/QsSb-NXqwEGb998W4IJ1akflpGQ.roa
File:                     QsSb-NXqwEGb998W4IJ1akflpGQ.roa (raw, json)
Hash identifier:          E+sjG2tbeo9BE+9T7qmdsWOB8p2SprY6F82jSXEqJIs=
Subject key identifier:   42:C4:9B:F8:D5:EA:C0:41:9B:F7:DF:16:E0:82:75:6A:47:E5:A4:64
Certificate issuer:       /CN=79df107d6bf1ccc818f66d8da8dd85ee924a0cea
Certificate serial:       018CC42460C28193A42C03BF297BD34A480E
Authority key identifier: 79:DF:10:7D:6B:F1:CC:C8:18:F6:6D:8D:A8:DD:85:EE:92:4A:0C:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ed8QfWvxzMgY9m2NqN2F7pJKDOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/20bc6d-8c8d-4e27-89c7-f512c2dac4c4/1/QsSb-NXqwEGb998W4IJ1akflpGQ.roa
Signing time:             Mon 01 Jan 2024 08:29:27 +0000
ROA not before:           Mon 01 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198024
IP address blocks:        193.142.176.0/21 maxlen: 21
                          193.142.184.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/20bc6d-8c8d-4e27-89c7-f512c2dac4c4/1/ed8QfWvxzMgY9m2NqN2F7pJKDOo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/20bc6d-8c8d-4e27-89c7-f512c2dac4c4/1/ed8QfWvxzMgY9m2NqN2F7pJKDOo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ed8QfWvxzMgY9m2NqN2F7pJKDOo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:60:c2:81:93:a4:2c:03:bf:29:7b:d3:4a:48:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79df107d6bf1ccc818f66d8da8dd85ee924a0cea
        Validity
            Not Before: Jan  1 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42c49bf8d5eac0419bf7df16e082756a47e5a464
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:11:7e:f3:b3:00:5b:84:eb:a4:97:a6:6d:68:
                    49:db:9e:b6:8c:82:69:c6:cb:48:de:e7:27:5f:ba:
                    98:e6:77:c5:a0:b5:3c:a0:70:fb:86:91:54:71:bc:
                    f7:54:b5:88:77:8c:1a:6b:c7:29:00:36:33:e2:eb:
                    e7:ea:eb:7d:e5:34:d8:80:dc:99:c5:95:ce:85:31:
                    0d:be:94:31:5b:6a:7f:7d:5c:30:7b:7b:2c:ee:e5:
                    f4:1a:75:27:07:f9:1b:a7:c5:17:47:ad:c1:8e:28:
                    ef:03:d1:af:9f:98:cd:8b:3a:57:da:90:98:c5:e0:
                    5c:57:a1:ce:3c:f8:3c:13:8d:ae:76:15:e7:6b:69:
                    cf:82:74:65:c3:7d:5f:ae:96:dc:bf:e3:b2:ee:12:
                    bf:e6:20:87:b1:8b:97:f1:15:63:87:ff:f3:2f:77:
                    ae:48:b6:10:db:a5:f7:cf:8d:87:20:2b:e3:d7:81:
                    cb:3a:93:eb:4d:a5:7e:55:92:21:6e:69:cb:f8:de:
                    4e:27:c4:5e:00:99:f1:42:c5:63:e6:da:5c:09:d6:
                    09:a2:27:61:7e:3f:5a:7c:6a:61:6d:fa:b7:8e:ca:
                    f5:bc:89:b6:64:f4:19:22:d8:5c:c2:15:3a:84:72:
                    d9:3a:48:2c:19:74:58:c2:1a:3a:28:c7:88:d9:d4:
                    9c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:C4:9B:F8:D5:EA:C0:41:9B:F7:DF:16:E0:82:75:6A:47:E5:A4:64
            X509v3 Authority Key Identifier:
                keyid:79:DF:10:7D:6B:F1:CC:C8:18:F6:6D:8D:A8:DD:85:EE:92:4A:0C:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed8QfWvxzMgY9m2NqN2F7pJKDOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/20bc6d-8c8d-4e27-89c7-f512c2dac4c4/1/QsSb-NXqwEGb998W4IJ1akflpGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/20bc6d-8c8d-4e27-89c7-f512c2dac4c4/1/ed8QfWvxzMgY9m2NqN2F7pJKDOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.176.0-193.142.187.255

    Signature Algorithm: sha256WithRSAEncryption
         06:70:b7:ae:f9:01:8f:48:de:0d:cd:ef:f5:7d:5e:23:3a:0c:
         e9:a4:26:f2:0d:22:ed:f3:79:1a:5e:6c:e0:21:45:e3:9d:27:
         98:bd:38:fa:cd:86:2d:d7:56:d0:cf:9f:2e:e0:be:9e:53:9e:
         8b:75:bb:c3:a5:2e:7a:0e:45:39:d1:6d:03:c5:33:f3:3a:83:
         31:8f:24:30:24:1d:04:bd:29:6a:90:eb:2c:25:8f:6f:cb:0f:
         68:cc:3e:f2:58:f9:b6:f5:a2:34:6e:00:69:3d:27:ee:8b:65:
         ac:a9:40:7d:87:23:3d:5a:ac:33:56:bc:29:64:56:2b:22:17:
         fe:d9:fd:32:5e:11:bb:7d:66:c4:63:6e:bb:06:6b:83:e5:9f:
         0a:0f:90:57:8f:6a:62:b0:e6:3c:eb:7a:b2:f7:22:28:04:1b:
         ee:d6:f8:ea:79:ca:69:99:1f:fe:1c:41:ad:0f:3b:d2:36:66:
         bd:80:6c:0b:d8:ee:0a:18:bb:35:93:d6:09:53:19:f6:8a:db:
         a3:a3:d5:10:10:cb:bd:c5:4c:4e:d1:3b:0b:7a:9c:4e:71:89:
         43:06:ee:39:4c:ac:dd:f2:a7:f6:1a:2e:39:93:ac:c7:ca:bd:
         2d:56:d1:b8:82:ed:0d:8b:a2:ec:dd:00:82:a6:2a:75:66:b3:
         cd:42:08:d2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEJGDCgZOkLAO/KXvTSkgOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZGYxMDdkNmJmMWNjYzgxOGY2NmQ4ZGE4ZGQ4NWVlOTI0
YTBjZWEwHhcNMjQwMTAxMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmM0OWJmOGQ1ZWFjMDQxOWJmN2RmMTZlMDgyNzU2YTQ3ZTVhNDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxF+87MAW4TrpJembWhJ2562jIJp
xstI3ucnX7qY5nfFoLU8oHD7hpFUcbz3VLWId4waa8cpADYz4uvn6ut95TTYgNyZ
xZXOhTENvpQxW2p/fVwwe3ss7uX0GnUnB/kbp8UXR63BjijvA9Gvn5jNizpX2pCY
xeBcV6HOPPg8E42udhXna2nPgnRlw31frpbcv+Oy7hK/5iCHsYuX8RVjh//zL3eu
SLYQ26X3z42HICvj14HLOpPrTaV+VZIhbmnL+N5OJ8ReAJnxQsVj5tpcCdYJoidh
fj9afGphbfq3jsr1vIm2ZPQZIthcwhU6hHLZOkgsGXRYwho6KMeI2dSc7QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFELEm/jV6sBBm/ffFuCCdWpH5aRkMB8GA1UdIwQY
MBaAFHnfEH1r8czIGPZtjajdhe6SSgzqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWQ4UWZXdnh6TWdZOW0yTnFOMkY3cEpLRE9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8yMGJjNmQtOGM4ZC00ZTI3LTg5Yzct
ZjUxMmMyZGFjNGM0LzEvUXNTYi1OWHF3RUdiOTk4VzRJSjFha2ZscEdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8yMGJjNmQtOGM4ZC00ZTI3LTg5YzctZjUxMmMyZGFjNGM0
LzEvZWQ4UWZXdnh6TWdZOW0yTnFOMkY3cEpLRE9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBATBjrAD
BALBjrgwDQYJKoZIhvcNAQELBQADggEBAAZwt675AY9I3g3N7/V9XiM6DOmkJvIN
Iu3zeRpebOAhReOdJ5i9OPrNhi3XVtDPny7gvp5Tnot1u8OlLnoORTnRbQPFM/M6
gzGPJDAkHQS9KWqQ6ywlj2/LD2jMPvJY+bb1ojRuAGk9J+6LZaypQH2HIz1arDNW
vClkVisiF/7Z/TJeEbt9ZsRjbrsGa4PlnwoPkFePamKw5jzrerL3IigEG+7W+Op5
ymmZH/4cQa0PO9I2Zr2AbAvY7goYuzWT1glTGfaK26Oj1RAQy73FTE7ROwt6nE5x
iUMG7jlMrN3yp/YaLjmTrMfKvS1W0biC7Q2LouzdAIKmKnVms81CCNI=
-----END CERTIFICATE-----