Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/qpERSnH4Aqhg72wW15GA57f3WF8.roa
File:                     qpERSnH4Aqhg72wW15GA57f3WF8.roa (raw, json)
Hash identifier:          yDfkRMnmnNihj+FTjCo5VWTFjCH2QIg6BWunHAW5H88=
Subject key identifier:   AA:91:11:4A:71:F8:02:A8:60:EF:6C:16:D7:91:80:E7:B7:F7:58:5F
Certificate issuer:       /CN=21a717361309d2939351c9d8ba2173db8319a88f
Certificate serial:       018CC493946D428E44FFF94987077D274223
Authority key identifier: 21:A7:17:36:13:09:D2:93:93:51:C9:D8:BA:21:73:DB:83:19:A8:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IacXNhMJ0pOTUcnYuiFz24MZqI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/qpERSnH4Aqhg72wW15GA57f3WF8.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        195.149.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/IacXNhMJ0pOTUcnYuiFz24MZqI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/IacXNhMJ0pOTUcnYuiFz24MZqI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IacXNhMJ0pOTUcnYuiFz24MZqI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:02:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:94:6d:42:8e:44:ff:f9:49:87:07:7d:27:42:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21a717361309d2939351c9d8ba2173db8319a88f
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa91114a71f802a860ef6c16d79180e7b7f7585f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ad:0b:89:4e:6e:8f:81:ba:15:e9:b8:d7:44:
                    12:6c:2c:a9:26:85:97:d4:e5:e2:6e:dd:84:07:b7:
                    cf:f2:0c:e2:3c:bc:9a:f4:b6:1f:6a:37:a3:48:07:
                    4b:3c:3a:ed:e1:bd:81:50:d4:70:3a:97:96:5d:3d:
                    ad:d6:1d:a2:a2:81:fc:83:60:28:c7:c5:c7:91:9f:
                    d7:6a:b7:2a:49:61:41:40:95:b2:27:77:6b:fb:7a:
                    93:42:99:8a:16:36:3b:9b:60:b4:27:cb:01:65:34:
                    ef:fc:55:00:c8:06:2c:da:b3:e6:c1:11:01:0f:54:
                    78:cd:d4:a5:41:d4:8e:71:cf:62:1d:a1:46:a3:cd:
                    1c:26:94:9d:92:1f:d3:bf:13:8a:c3:04:aa:ee:82:
                    2c:09:6a:b7:04:51:72:09:50:9c:06:47:71:93:8d:
                    61:db:d6:6f:48:06:0b:d3:80:53:31:b7:fb:62:1d:
                    f3:3f:44:7c:15:7a:d6:90:3c:f0:4d:14:49:3e:b6:
                    09:4a:d5:b4:e0:a8:02:82:2a:ac:fe:12:af:aa:24:
                    f7:f8:ec:21:30:a3:0b:e8:92:d7:06:c5:f6:48:9d:
                    10:03:68:0d:77:6d:e0:19:2c:2f:d7:01:43:98:e5:
                    2f:fb:2f:13:51:c8:6b:fd:6b:d9:aa:de:39:78:88:
                    39:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:91:11:4A:71:F8:02:A8:60:EF:6C:16:D7:91:80:E7:B7:F7:58:5F
            X509v3 Authority Key Identifier:
                keyid:21:A7:17:36:13:09:D2:93:93:51:C9:D8:BA:21:73:DB:83:19:A8:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IacXNhMJ0pOTUcnYuiFz24MZqI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/qpERSnH4Aqhg72wW15GA57f3WF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/IacXNhMJ0pOTUcnYuiFz24MZqI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:1d:c2:4d:3e:d7:7c:53:ca:bd:61:1f:0b:26:7b:2e:f4:90:
         e7:a2:2f:76:45:b4:19:57:5b:92:4c:bf:e2:66:9d:5f:75:fd:
         52:48:56:c8:97:82:a9:97:3a:dd:e9:22:03:f3:54:e1:58:c5:
         63:0b:56:12:e9:2f:2d:5a:37:ad:d0:c8:f6:ab:1f:7c:2b:ff:
         6f:a0:70:09:ae:ac:cc:84:c4:c1:4d:f5:6f:98:86:6a:e7:55:
         27:c0:3b:88:67:e0:06:6f:ce:3e:a6:39:4d:cd:9c:59:5d:29:
         c2:05:c9:2c:45:d2:8f:47:e4:de:c8:d6:b3:7e:d4:5e:c6:ef:
         83:90:6f:46:1c:2c:86:f5:fa:02:11:70:c9:c6:84:c2:ec:8e:
         02:b4:a3:b8:7e:a3:d6:a1:6d:fb:1a:15:b8:62:67:11:3a:18:
         80:ee:8a:15:03:83:d2:d3:ee:be:3c:49:02:57:25:6c:84:d2:
         14:10:de:b3:a7:10:ff:02:93:ee:79:5b:da:d4:93:42:93:bd:
         58:8e:c3:cc:e3:c2:fb:b3:2b:48:20:6b:e9:0a:87:e7:d2:ba:
         cb:7d:b5:07:c5:04:3e:e8:c9:8b:c7:ae:97:74:f4:61:90:6c:
         5a:39:5c:ac:ea:e0:5b:d4:18:85:ff:9f:1e:85:7e:62:9c:66:
         de:61:90:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5RtQo5E//lJhwd9J0IjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYTcxNzM2MTMwOWQyOTM5MzUxYzlkOGJhMjE3M2RiODMx
OWE4OGYwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTkxMTE0YTcxZjgwMmE4NjBlZjZjMTZkNzkxODBlN2I3Zjc1ODVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk60LiU5uj4G6Fem410QSbCypJoWX
1OXibt2EB7fP8gziPLya9LYfajejSAdLPDrt4b2BUNRwOpeWXT2t1h2iooH8g2Ao
x8XHkZ/XarcqSWFBQJWyJ3dr+3qTQpmKFjY7m2C0J8sBZTTv/FUAyAYs2rPmwREB
D1R4zdSlQdSOcc9iHaFGo80cJpSdkh/TvxOKwwSq7oIsCWq3BFFyCVCcBkdxk41h
29ZvSAYL04BTMbf7Yh3zP0R8FXrWkDzwTRRJPrYJStW04KgCgiqs/hKvqiT3+Owh
MKML6JLXBsX2SJ0QA2gNd23gGSwv1wFDmOUv+y8TUchr/WvZqt45eIg50QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqREUpx+AKoYO9sFteRgOe391hfMB8GA1UdIwQY
MBaAFCGnFzYTCdKTk1HJ2Lohc9uDGaiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWFjWE5oTUowcE9UVWNuWXVpRnoyNE1acUk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83ZmIzODEtZmM0NC00NGY2LWEzODUt
ZjhhNDY5ZDRlMmIyLzEvcXBFUlNuSDRBcWhnNzJ3VzE1R0E1N2YzV0Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83ZmIzODEtZmM0NC00NGY2LWEzODUtZjhhNDY5ZDRlMmIy
LzEvSWFjWE5oTUowcE9UVWNuWXVpRnoyNE1acUk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5V+MA0G
CSqGSIb3DQEBCwUAA4IBAQBwHcJNPtd8U8q9YR8LJnsu9JDnoi92RbQZV1uSTL/i
Zp1fdf1SSFbIl4Kplzrd6SID81ThWMVjC1YS6S8tWjet0Mj2qx98K/9voHAJrqzM
hMTBTfVvmIZq51UnwDuIZ+AGb84+pjlNzZxZXSnCBcksRdKPR+TeyNazftRexu+D
kG9GHCyG9foCEXDJxoTC7I4CtKO4fqPWoW37GhW4YmcROhiA7ooVA4PS0+6+PEkC
VyVshNIUEN6zpxD/ApPueVva1JNCk71YjsPM48L7sytIIGvpCofn0rrLfbUHxQQ+
6MmLx66XdPRhkGxaOVys6uBb1BiF/58ehX5inGbeYZAQ
-----END CERTIFICATE-----