Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/QtcCMPs6pCHsIsyxPCsun0NHYxs.roa
File:                     QtcCMPs6pCHsIsyxPCsun0NHYxs.roa (raw, json)
Hash identifier:          xP0Y09MjatlcyDHG5UGgPezad6af4JmxucaGZAFQTNA=
Subject key identifier:   42:D7:02:30:FB:3A:A4:21:EC:22:CC:B1:3C:2B:2E:9F:43:47:63:1B
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       0190FE59EF27D7F369CC663B949FD255A2B3
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/QtcCMPs6pCHsIsyxPCsun0NHYxs.roa
Signing time:             Mon 29 Jul 2024 11:57:04 +0000
ROA not before:           Mon 29 Jul 2024 11:57:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        109.205.8.0/24 maxlen: 24
                          109.205.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fe:59:ef:27:d7:f3:69:cc:66:3b:94:9f:d2:55:a2:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Jul 29 11:57:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42d70230fb3aa421ec22ccb13c2b2e9f4347631b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:69:f2:c6:0a:4d:23:a5:58:c6:69:70:ad:77:
                    05:ab:2a:58:45:a4:fb:95:cb:72:54:6a:35:d4:75:
                    ac:b9:25:c2:85:4a:ad:7c:7e:f3:fe:fd:8e:c5:e6:
                    57:7e:66:cd:59:5d:07:f5:06:e3:20:8c:18:32:dc:
                    89:ad:f6:31:35:bd:e3:81:ab:2c:84:2d:bd:03:4c:
                    71:42:d8:96:1f:5a:46:67:13:e9:59:87:2f:b6:cf:
                    48:cc:db:16:57:5a:6b:1a:21:cd:04:b0:20:aa:d2:
                    aa:8f:0f:2c:4c:d2:f9:14:b9:cc:b4:6b:1b:c9:c7:
                    3a:b9:3e:7f:01:63:b3:8e:da:fe:4f:c7:0f:67:c9:
                    6a:c8:6f:69:3d:ee:0f:ee:65:ae:4d:1b:4c:fc:de:
                    14:57:e8:38:d2:08:77:5a:d6:6e:6d:86:af:58:00:
                    a4:aa:7c:5a:7b:46:bd:b2:f1:4c:c3:44:21:88:44:
                    a4:4e:bb:01:93:56:27:be:cd:03:64:a9:78:8d:83:
                    09:35:bf:ac:bf:ee:3d:09:bb:d9:94:76:a0:1f:a2:
                    27:83:91:6d:cb:fa:a4:53:de:5c:29:d7:43:62:73:
                    05:b3:45:89:bb:c2:90:e1:20:17:16:54:af:ce:34:
                    bc:6a:34:0c:16:8d:d7:17:71:a7:64:1d:6d:78:75:
                    f2:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:D7:02:30:FB:3A:A4:21:EC:22:CC:B1:3C:2B:2E:9F:43:47:63:1B
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/QtcCMPs6pCHsIsyxPCsun0NHYxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9c:c7:48:f6:a3:7e:98:5b:ba:ef:7c:a8:65:1e:5b:cc:ff:0a:
         1a:9d:94:87:cc:73:74:11:8a:e3:b0:41:0d:f2:09:27:dd:bf:
         bd:fb:36:23:98:2d:47:50:4f:19:18:e8:c9:97:40:07:23:df:
         82:69:45:4a:a8:51:b9:99:f8:38:85:20:a9:06:27:43:f2:93:
         3b:4b:a4:16:85:1c:06:3a:1c:0f:97:b7:ea:20:5b:67:af:1d:
         8a:40:5b:69:3b:bf:8d:9e:94:7e:12:43:3c:ad:db:84:ee:1b:
         97:d8:e9:de:89:22:90:57:75:5d:be:9c:d2:53:1e:31:42:e7:
         4f:c2:92:b4:31:4c:a5:6a:69:70:79:53:05:fb:22:a2:69:d3:
         54:1c:d6:ca:23:8e:7b:8a:b2:1b:de:c3:84:02:7f:64:e0:ff:
         1b:cc:60:a9:8e:a2:99:63:c6:8b:92:b8:e9:f9:7a:31:c2:21:
         a6:1e:16:26:72:c1:01:53:39:fe:04:50:b9:d5:b8:2c:13:d1:
         3c:e6:7c:bf:7d:d8:c6:f4:ea:39:2b:65:89:a5:0d:20:7f:af:
         0c:54:18:35:4d:73:c1:12:95:6b:50:bb:98:e8:77:d8:f1:13:
         20:08:21:43:23:4e:08:bb:62:cf:11:01:93:33:b1:29:8f:f1:
         e6:7e:ae:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZD+We8n1/NpzGY7lJ/SVaKzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjQwNzI5MTE1NzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmQ3MDIzMGZiM2FhNDIxZWMyMmNjYjEzYzJiMmU5ZjQzNDc2MzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGnyxgpNI6VYxmlwrXcFqypYRaT7
lctyVGo11HWsuSXChUqtfH7z/v2OxeZXfmbNWV0H9QbjIIwYMtyJrfYxNb3jgass
hC29A0xxQtiWH1pGZxPpWYcvts9IzNsWV1prGiHNBLAgqtKqjw8sTNL5FLnMtGsb
ycc6uT5/AWOzjtr+T8cPZ8lqyG9pPe4P7mWuTRtM/N4UV+g40gh3WtZubYavWACk
qnxae0a9svFMw0QhiESkTrsBk1Ynvs0DZKl4jYMJNb+sv+49CbvZlHagH6Ing5Ft
y/qkU95cKddDYnMFs0WJu8KQ4SAXFlSvzjS8ajQMFo3XF3GnZB1teHXypwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFELXAjD7OqQh7CLMsTwrLp9DR2MbMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvUXRjQ01QczZwQ0hzSXN5eFBDc3VuME5IWXhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbc0IMA0G
CSqGSIb3DQEBCwUAA4IBAQCcx0j2o36YW7rvfKhlHlvM/woanZSHzHN0EYrjsEEN
8gkn3b+9+zYjmC1HUE8ZGOjJl0AHI9+CaUVKqFG5mfg4hSCpBidD8pM7S6QWhRwG
OhwPl7fqIFtnrx2KQFtpO7+NnpR+EkM8rduE7huX2OneiSKQV3VdvpzSUx4xQudP
wpK0MUylamlweVMF+yKiadNUHNbKI457irIb3sOEAn9k4P8bzGCpjqKZY8aLkrjp
+XoxwiGmHhYmcsEBUzn+BFC51bgsE9E85ny/fdjG9Oo5K2WJpQ0gf68MVBg1TXPB
EpVrULuY6HfY8RMgCCFDI04Iu2LPEQGTM7Epj/Hmfq7u
-----END CERTIFICATE-----