Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/qRNG7CQeHpjD8TfKqnzuHk2fscU.roa
File:                     qRNG7CQeHpjD8TfKqnzuHk2fscU.roa (raw, json)
Hash identifier:          nzrRNQqrio1tkYOIZODLWIMq8ICFVhpxRc55koraZXU=
Subject key identifier:   A9:13:46:EC:24:1E:1E:98:C3:F1:37:CA:AA:7C:EE:1E:4D:9F:B1:C5
Certificate issuer:       /CN=a29d9751f3675f51332734da68ea960260045b12
Certificate serial:       0191788672BDDD999CC86CDA6897150FEE9F
Authority key identifier: A2:9D:97:51:F3:67:5F:51:33:27:34:DA:68:EA:96:02:60:04:5B:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/op2XUfNnX1EzJzTaaOqWAmAEWxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/qRNG7CQeHpjD8TfKqnzuHk2fscU.roa
Signing time:             Thu 22 Aug 2024 05:19:22 +0000
ROA not before:           Thu 22 Aug 2024 05:19:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        93.185.144.0/21 maxlen: 32
                          93.185.152.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/op2XUfNnX1EzJzTaaOqWAmAEWxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/op2XUfNnX1EzJzTaaOqWAmAEWxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/op2XUfNnX1EzJzTaaOqWAmAEWxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:78:86:72:bd:dd:99:9c:c8:6c:da:68:97:15:0f:ee:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a29d9751f3675f51332734da68ea960260045b12
        Validity
            Not Before: Aug 22 05:19:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a91346ec241e1e98c3f137caaa7cee1e4d9fb1c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f6:7a:e4:6e:a6:86:59:a4:d3:60:e6:b0:60:
                    3d:b7:53:32:ef:71:81:73:6b:f3:50:77:0f:21:76:
                    47:56:93:1d:d5:ed:89:6e:bc:c5:ed:1f:84:ec:a2:
                    68:1b:8f:ac:ce:03:00:d3:1e:5a:75:6d:b1:ec:df:
                    3c:0e:f5:af:33:ce:7c:5d:5b:e5:8c:99:eb:c3:b6:
                    b2:31:b9:f2:bd:fb:e2:4e:26:4f:b5:cf:fb:60:c9:
                    13:0c:fe:93:84:4b:c8:45:be:42:ae:9a:de:a3:4a:
                    30:9a:84:44:55:7d:c0:df:96:77:b4:33:8e:76:75:
                    d9:69:04:bf:00:89:16:ff:4e:ac:78:26:6c:81:d1:
                    73:d3:39:7a:51:75:17:7a:32:94:d8:18:3f:ca:5f:
                    04:d7:ec:d5:b0:6e:e3:e7:c6:d1:d1:86:4c:7d:12:
                    17:b6:5c:4d:f7:b7:3e:c3:21:83:19:4a:d5:52:75:
                    7d:9e:71:5a:92:de:30:94:9a:ba:fe:0f:6f:5d:8c:
                    c8:22:c5:84:e8:a9:3f:8c:bd:33:7e:15:47:92:e0:
                    06:34:c2:4c:b4:3f:02:b5:ec:fa:4f:08:21:1c:54:
                    87:15:d6:43:d8:af:c4:ce:ef:e5:54:39:c3:c7:44:
                    fa:7b:a4:33:82:12:27:46:50:fb:d3:84:0d:0b:e8:
                    b9:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:13:46:EC:24:1E:1E:98:C3:F1:37:CA:AA:7C:EE:1E:4D:9F:B1:C5
            X509v3 Authority Key Identifier:
                keyid:A2:9D:97:51:F3:67:5F:51:33:27:34:DA:68:EA:96:02:60:04:5B:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/op2XUfNnX1EzJzTaaOqWAmAEWxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/qRNG7CQeHpjD8TfKqnzuHk2fscU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/op2XUfNnX1EzJzTaaOqWAmAEWxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.144.0-93.185.155.255

    Signature Algorithm: sha256WithRSAEncryption
         79:54:fd:8c:3e:3b:21:f2:eb:29:07:23:9e:8d:82:2a:ed:bc:
         22:a3:4c:9d:68:b8:14:72:51:89:77:7d:3a:00:24:25:45:d5:
         e3:9f:22:6a:ec:a6:1c:52:bd:5d:b2:a7:7d:b1:9b:90:58:01:
         85:2c:83:7c:11:34:ba:70:eb:ad:19:ad:d9:49:07:ef:9b:82:
         7a:47:d3:18:ff:bf:5c:d1:1f:10:81:e2:01:b5:86:40:63:04:
         6d:17:7e:81:c5:8d:8b:f8:09:56:f4:82:22:ec:18:09:ef:18:
         34:7e:e3:fe:fa:eb:ec:18:a5:3d:20:8f:4a:e3:e5:98:71:59:
         22:11:a8:1f:d8:6b:d0:c9:f6:e9:38:35:71:7e:4d:fb:71:a8:
         d1:f4:80:6d:1b:ed:a8:5b:31:4c:e8:18:f3:39:2e:19:11:97:
         1a:7a:8c:d9:40:4f:59:cc:59:d3:2b:60:9c:80:aa:da:ae:3d:
         5b:5b:d5:5c:e6:79:3a:52:3e:a3:43:9a:a8:76:1a:38:83:1c:
         3d:b7:29:db:be:cb:0e:e6:12:7d:d6:c8:60:93:00:18:29:db:
         23:d0:c8:9e:7e:7a:dc:f2:b7:5d:63:ea:aa:7d:35:cc:95:b0:
         a1:46:98:cc:a7:3a:1f:f2:5b:13:56:63:97:d6:d2:ae:e7:f9:
         6b:78:eb:de
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZF4hnK93ZmcyGzaaJcVD+6fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOWQ5NzUxZjM2NzVmNTEzMzI3MzRkYTY4ZWE5NjAyNjAw
NDViMTIwHhcNMjQwODIyMDUxOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTEzNDZlYzI0MWUxZTk4YzNmMTM3Y2FhYTdjZWUxZTRkOWZiMWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/Z65G6mhlmk02DmsGA9t1My73GB
c2vzUHcPIXZHVpMd1e2JbrzF7R+E7KJoG4+szgMA0x5adW2x7N88DvWvM858XVvl
jJnrw7ayMbnyvfviTiZPtc/7YMkTDP6ThEvIRb5Crpreo0owmoREVX3A35Z3tDOO
dnXZaQS/AIkW/06seCZsgdFz0zl6UXUXejKU2Bg/yl8E1+zVsG7j58bR0YZMfRIX
tlxN97c+wyGDGUrVUnV9nnFakt4wlJq6/g9vXYzIIsWE6Kk/jL0zfhVHkuAGNMJM
tD8Ctez6TwghHFSHFdZD2K/Ezu/lVDnDx0T6e6QzghInRlD704QNC+i5nQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKkTRuwkHh6Yw/E3yqp87h5Nn7HFMB8GA1UdIwQY
MBaAFKKdl1HzZ19RMyc02mjqlgJgBFsSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3AyWFVmTm5YMUV6SnpUYWFPcVdBbUFFV3hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9lNjQzOTgtOTYwMS00YjdjLWI3ODMt
MDc5YmEwNTcwZjc1LzEvcVJORzdDUWVIcGpEOFRmS3FuenVIazJmc2NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9lNjQzOTgtOTYwMS00YjdjLWI3ODMtMDc5YmEwNTcwZjc1
LzEvb3AyWFVmTm5YMUV6SnpUYWFPcVdBbUFFV3hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBARduZAD
BAJduZgwDQYJKoZIhvcNAQELBQADggEBAHlU/Yw+OyHy6ykHI56NgirtvCKjTJ1o
uBRyUYl3fToAJCVF1eOfImrsphxSvV2yp32xm5BYAYUsg3wRNLpw660ZrdlJB++b
gnpH0xj/v1zRHxCB4gG1hkBjBG0XfoHFjYv4CVb0giLsGAnvGDR+4/766+wYpT0g
j0rj5ZhxWSIRqB/Ya9DJ9uk4NXF+TftxqNH0gG0b7ahbMUzoGPM5LhkRlxp6jNlA
T1nMWdMrYJyAqtquPVtb1VzmeTpSPqNDmqh2GjiDHD23Kdu+yw7mEn3WyGCTABgp
2yPQyJ5+etzyt11j6qp9NcyVsKFGmMynOh/yWxNWY5fW0q7n+Wt4694=
-----END CERTIFICATE-----