Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/QPY32uoctn6hjvJCcxEqaYc-dTA.roa
File:                     QPY32uoctn6hjvJCcxEqaYc-dTA.roa (raw, json)
Hash identifier:          Osefay2ccgICi8IcJAbrHsIyN8L58eS1cUVD2D27+S4=
Subject key identifier:   40:F6:37:DA:EA:1C:B6:7E:A1:8E:F2:42:73:11:2A:69:87:3E:75:30
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC47FF0E6FBA25D61B65DEF3B2E6D5
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/QPY32uoctn6hjvJCcxEqaYc-dTA.roa
Signing time:             Mon 01 Jan 2024 16:29:56 +0000
ROA not before:           Mon 01 Jan 2024 16:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50340
IP address blocks:        193.232.164.0/24 maxlen: 24
                          212.192.62.0/24 maxlen: 24
                          194.85.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:47:ff:0e:6f:ba:25:d6:1b:65:de:f3:b2:e6:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40f637daea1cb67ea18ef24273112a69873e7530
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:3d:b1:7d:39:3d:43:36:7b:5e:f4:f5:a7:d9:
                    a1:65:aa:33:9a:e6:28:1a:4b:7a:bc:2c:8b:be:b1:
                    09:b6:01:4c:fe:28:ee:9b:3c:26:bf:97:76:b2:e1:
                    e3:7b:06:54:c6:f5:6b:c5:cd:67:31:be:95:6b:51:
                    cc:66:89:1e:36:df:b7:e3:37:fb:26:ef:4d:29:4d:
                    30:02:81:5d:9d:ca:da:68:39:dd:7e:a9:c3:44:e7:
                    1d:7e:b2:1e:af:6a:43:bf:1d:d4:37:de:84:88:82:
                    0b:ae:8e:79:96:3a:10:c0:68:79:5b:83:ed:ea:62:
                    69:a6:d7:a1:5e:6f:e6:44:d2:ee:30:ca:77:a9:ee:
                    ab:b2:89:d5:33:46:a1:75:62:10:db:3d:e3:58:cd:
                    73:c0:af:78:3e:86:2d:b6:dc:a2:74:ae:e8:7f:88:
                    76:df:79:ef:ad:9b:69:17:05:8e:ac:16:1f:e3:ec:
                    77:76:d0:dd:de:e0:f4:2d:17:21:ab:46:3d:e1:03:
                    eb:c9:73:5d:9d:9a:e1:2b:f5:20:dc:9b:9c:bd:39:
                    d8:e5:83:52:fe:23:cd:75:58:18:9a:9f:b9:96:34:
                    16:85:bd:d0:5d:c7:94:ba:42:d9:fd:5c:17:11:fc:
                    51:8e:7b:d9:47:78:18:cc:c3:89:e0:6e:7b:d2:49:
                    36:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:F6:37:DA:EA:1C:B6:7E:A1:8E:F2:42:73:11:2A:69:87:3E:75:30
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/QPY32uoctn6hjvJCcxEqaYc-dTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.164.0/24
                  194.85.116.0/24
                  212.192.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:22:5a:b8:a1:d0:a3:3a:0e:84:69:71:e3:ed:91:af:86:7c:
         57:7a:e4:a7:ef:3e:10:85:75:17:45:de:f0:e5:67:11:a9:90:
         78:85:57:15:e1:ba:f4:da:78:c4:e2:fb:c6:5d:6d:1b:53:f0:
         c3:c9:dd:0e:fd:0c:19:88:b9:b5:34:b0:93:16:db:fd:84:80:
         39:8d:11:d5:49:ef:2c:3d:11:66:2b:3a:79:69:6d:88:ce:21:
         5f:cf:7f:ae:f3:48:0f:18:6c:c6:ca:f5:37:94:ae:5a:53:87:
         d7:33:65:e6:e1:cd:1d:9c:58:b2:7d:dd:24:db:b1:14:57:f9:
         b5:b7:5a:9b:10:4c:ae:98:fd:33:2b:b0:cf:cf:f5:84:43:5a:
         af:2c:04:7e:6e:45:8d:3b:1f:3c:f9:2f:f7:88:4f:19:20:d2:
         7b:23:32:88:56:a4:89:d8:c5:c7:b8:7d:1c:28:e7:11:b4:96:
         2a:82:7e:06:94:57:e9:db:48:e8:cd:e8:17:a9:35:1e:e4:2e:
         60:9d:9d:09:d8:dc:a3:e2:72:5d:bd:57:6c:fb:f1:e9:34:88:
         08:ab:f3:89:94:3d:f6:4c:c8:76:f8:d8:64:a9:ba:7c:dc:58:
         04:98:98:0c:fe:92:d2:91:18:29:46:bc:c5:d8:43:7f:3b:5e:
         16:4f:ec:ef
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzF3Ef/Dm+6JdYbZd7zsubVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGY2MzdkYWVhMWNiNjdlYTE4ZWYyNDI3MzExMmE2OTg3M2U3NTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnT2xfTk9QzZ7XvT1p9mhZaozmuYo
Gkt6vCyLvrEJtgFM/ijumzwmv5d2suHjewZUxvVrxc1nMb6Va1HMZokeNt+34zf7
Ju9NKU0wAoFdncraaDndfqnDROcdfrIer2pDvx3UN96EiIILro55ljoQwGh5W4Pt
6mJpptehXm/mRNLuMMp3qe6rsonVM0ahdWIQ2z3jWM1zwK94PoYtttyidK7of4h2
33nvrZtpFwWOrBYf4+x3dtDd3uD0LRchq0Y94QPryXNdnZrhK/Ug3JucvTnY5YNS
/iPNdVgYmp+5ljQWhb3QXceUukLZ/VwXEfxRjnvZR3gYzMOJ4G570kk2CwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFED2N9rqHLZ+oY7yQnMRKmmHPnUwMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvUVBZMzJ1b2N0bjZoanZKQ2N4RXFhWWMtZFRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAweikAwQA
wlV0AwQA1MA+MA0GCSqGSIb3DQEBCwUAA4IBAQBjIlq4odCjOg6EaXHj7ZGvhnxX
euSn7z4QhXUXRd7w5WcRqZB4hVcV4br02njE4vvGXW0bU/DDyd0O/QwZiLm1NLCT
Ftv9hIA5jRHVSe8sPRFmKzp5aW2IziFfz3+u80gPGGzGyvU3lK5aU4fXM2Xm4c0d
nFiyfd0k27EUV/m1t1qbEEyumP0zK7DPz/WEQ1qvLAR+bkWNOx88+S/3iE8ZINJ7
IzKIVqSJ2MXHuH0cKOcRtJYqgn4GlFfp20jozegXqTUe5C5gnZ0J2Nyj4nJdvVds
+/HpNIgIq/OJlD32TMh2+Nhkqbp83FgEmJgM/pLSkRgpRrzF2EN/O14WT+zv
-----END CERTIFICATE-----