Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/QaqnnXLj0xHGIfEkQ62q9mObNTY.roa
File:                     QaqnnXLj0xHGIfEkQ62q9mObNTY.roa (raw, json)
Hash identifier:          7apIP23pNDXzPH16w+oz+IzdjDm264ZjdyJHBIFKFt0=
Subject key identifier:   41:AA:A7:9D:72:E3:D3:11:C6:21:F1:24:43:AD:AA:F6:63:9B:35:36
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC42C8099629C657D281018F3EFF89
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/QaqnnXLj0xHGIfEkQ62q9mObNTY.roa
Signing time:             Mon 01 Jan 2024 16:29:55 +0000
ROA not before:           Mon 01 Jan 2024 16:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41717
IP address blocks:        193.232.178.0/24 maxlen: 24
                          194.226.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:42:c8:09:96:29:c6:57:d2:81:01:8f:3e:ff:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41aaa79d72e3d311c621f12443adaaf6639b3536
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7c:c9:a2:02:d3:3f:17:0b:3d:72:bc:dd:c2:
                    5d:87:91:25:28:1e:2d:3b:8a:2a:25:45:c5:57:ff:
                    b8:f8:5f:b7:74:44:ee:4c:c8:59:a8:07:96:38:de:
                    57:ec:b4:85:54:70:2b:01:3c:59:ee:00:7a:04:e1:
                    9c:a3:fa:68:d9:b9:a8:60:f2:25:13:f5:bb:6d:8e:
                    f3:3b:eb:9a:15:8b:b0:1b:fc:fe:71:25:e0:6d:2e:
                    41:59:7e:4a:69:8d:8d:ac:73:2c:8e:e2:a6:91:88:
                    c4:7e:ef:1f:4e:b2:a3:8f:0f:ad:f4:e8:3e:52:95:
                    b5:41:5b:d5:c5:67:d0:77:3c:38:3b:50:d0:54:94:
                    e4:ff:58:65:9d:e1:53:90:e4:7f:9d:f3:24:19:6a:
                    60:99:ef:ee:1f:24:00:b6:05:9d:00:0e:64:78:e7:
                    06:80:af:f9:7b:99:59:52:38:19:02:60:00:b9:b1:
                    e5:60:b4:7d:c5:ce:d4:e5:d1:6e:85:41:b7:5e:39:
                    08:a8:05:37:1f:c1:fb:fd:86:ff:28:0c:8f:f4:1e:
                    67:e8:47:25:b7:65:c0:01:82:3c:67:b1:fc:6f:53:
                    5a:35:9e:b1:41:98:25:24:ec:49:45:24:30:b8:39:
                    64:64:95:af:5a:e9:08:2d:bb:bb:e3:f8:eb:9c:04:
                    34:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:AA:A7:9D:72:E3:D3:11:C6:21:F1:24:43:AD:AA:F6:63:9B:35:36
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/QaqnnXLj0xHGIfEkQ62q9mObNTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.178.0/24
                  194.226.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:9e:78:d6:18:e7:5b:06:d8:e1:da:8d:7d:40:cb:49:08:d6:
         29:3b:3f:b3:14:31:ae:a8:47:0d:e9:6b:58:3e:84:3a:75:38:
         e9:21:04:43:87:78:a4:42:dd:bb:35:a5:9d:79:5d:41:4a:47:
         fd:97:13:d9:eb:06:f2:50:0d:7f:aa:3e:b6:ec:1e:a0:26:3e:
         ed:c1:26:bc:60:23:18:aa:ea:aa:97:67:bb:7a:ef:bf:05:70:
         aa:ca:b0:9d:62:dd:45:3d:ba:d9:e2:5f:90:62:8c:0f:e8:b5:
         7b:42:5f:27:55:b0:cd:c2:81:5c:a9:dd:db:fd:6d:c3:34:0f:
         a9:96:6d:9e:87:16:bb:c9:b7:6e:a3:f7:b6:fc:26:48:57:1d:
         df:d4:e9:2d:b7:b8:be:67:4a:79:16:72:0d:0d:67:7d:db:19:
         42:ee:fd:a4:a7:d7:8d:52:7f:88:62:44:f5:2d:8b:34:f9:e9:
         86:06:86:91:c1:a5:df:b5:0f:f7:22:8b:8e:8f:e4:83:7a:13:
         6e:34:31:04:a0:6d:b3:0b:a6:fd:ce:46:11:c6:17:74:32:42:
         e4:8f:db:55:7c:a0:57:c7:d2:71:cf:58:c7:f2:d7:96:74:c7:
         48:ab:09:55:62:a1:a9:0d:39:cc:a6:65:2f:19:02:5c:7f:66:
         e0:85:ee:0d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3ELICZYpxlfSgQGPPv+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWFhYTc5ZDcyZTNkMzExYzYyMWYxMjQ0M2FkYWFmNjYzOWIzNTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnzJogLTPxcLPXK83cJdh5ElKB4t
O4oqJUXFV/+4+F+3dETuTMhZqAeWON5X7LSFVHArATxZ7gB6BOGco/po2bmoYPIl
E/W7bY7zO+uaFYuwG/z+cSXgbS5BWX5KaY2NrHMsjuKmkYjEfu8fTrKjjw+t9Og+
UpW1QVvVxWfQdzw4O1DQVJTk/1hlneFTkOR/nfMkGWpgme/uHyQAtgWdAA5keOcG
gK/5e5lZUjgZAmAAubHlYLR9xc7U5dFuhUG3XjkIqAU3H8H7/Yb/KAyP9B5n6Ecl
t2XAAYI8Z7H8b1NaNZ6xQZglJOxJRSQwuDlkZJWvWukILbu74/jrnAQ0twIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEGqp51y49MRxiHxJEOtqvZjmzU2MB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvUWFxbm5YTGoweEhHSWZFa1E2MnE5bU9iTlRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAweiyAwQA
wuKpMA0GCSqGSIb3DQEBCwUAA4IBAQBrnnjWGOdbBtjh2o19QMtJCNYpOz+zFDGu
qEcN6WtYPoQ6dTjpIQRDh3ikQt27NaWdeV1BSkf9lxPZ6wbyUA1/qj627B6gJj7t
wSa8YCMYquqql2e7eu+/BXCqyrCdYt1FPbrZ4l+QYowP6LV7Ql8nVbDNwoFcqd3b
/W3DNA+plm2ehxa7ybduo/e2/CZIVx3f1Oktt7i+Z0p5FnINDWd92xlC7v2kp9eN
Un+IYkT1LYs0+emGBoaRwaXftQ/3IouOj+SDehNuNDEEoG2zC6b9zkYRxhd0MkLk
j9tVfKBXx9Jxz1jH8teWdMdIqwlVYqGpDTnMpmUvGQJcf2bghe4N
-----END CERTIFICATE-----