Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/101c05-a91c-4fbd-bd07-f950420b9e06/1/WqqfD4xq94XtwCq8WLSZRrGNpMQ.roa
File:                     WqqfD4xq94XtwCq8WLSZRrGNpMQ.roa (raw, json)
Hash identifier:          8PXtJ1GJhVIylBGiwFQtTlMmVeYEE+VwC5XRXuy/iMI=
Subject key identifier:   5A:AA:9F:0F:8C:6A:F7:85:ED:C0:2A:BC:58:B4:99:46:B1:8D:A4:C4
Certificate issuer:       /CN=df6412c5ddf128ec714afaea483e87b1bc74d41f
Certificate serial:       018F2E47B61C2F00839DB8B525BA51143AFE
Authority key identifier: DF:64:12:C5:DD:F1:28:EC:71:4A:FA:EA:48:3E:87:B1:BC:74:D4:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/32QSxd3xKOxxSvrqSD6Hsbx01B8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/101c05-a91c-4fbd-bd07-f950420b9e06/1/WqqfD4xq94XtwCq8WLSZRrGNpMQ.roa
Signing time:             Tue 30 Apr 2024 09:13:22 +0000
ROA not before:           Tue 30 Apr 2024 09:13:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51849
IP address blocks:        194.107.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/101c05-a91c-4fbd-bd07-f950420b9e06/1/32QSxd3xKOxxSvrqSD6Hsbx01B8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/101c05-a91c-4fbd-bd07-f950420b9e06/1/32QSxd3xKOxxSvrqSD6Hsbx01B8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/32QSxd3xKOxxSvrqSD6Hsbx01B8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2e:47:b6:1c:2f:00:83:9d:b8:b5:25:ba:51:14:3a:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6412c5ddf128ec714afaea483e87b1bc74d41f
        Validity
            Not Before: Apr 30 09:13:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5aaa9f0f8c6af785edc02abc58b49946b18da4c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:02:00:ad:c3:ed:5b:43:b7:9d:07:f8:85:8e:
                    f4:1a:96:2f:33:c8:11:4b:b1:20:ce:34:35:05:22:
                    5f:3b:b6:4f:d1:65:64:40:85:1f:7e:c9:68:52:bb:
                    ca:63:e4:78:68:de:80:28:5f:23:9f:91:71:3e:fe:
                    e2:cc:95:e3:1b:c7:f0:61:53:9c:89:26:04:08:69:
                    da:f9:a6:64:51:91:91:17:76:2d:60:94:47:63:40:
                    68:93:ed:20:a2:be:99:12:6e:0d:2d:d6:24:27:c3:
                    ba:99:cf:c0:58:e0:eb:f4:15:61:bf:b4:78:51:5f:
                    8e:83:b3:43:c2:97:ab:3e:7e:06:34:a7:ab:30:ab:
                    fc:01:e3:6d:d9:83:d4:25:75:14:ac:73:df:8f:8a:
                    50:36:05:0c:fb:ae:e4:89:c0:50:39:4a:67:72:e8:
                    51:25:44:eb:5f:96:82:82:91:8c:36:cb:6b:88:84:
                    e2:87:e1:ca:26:66:23:fa:aa:8c:1a:78:89:06:c2:
                    1c:bd:46:e9:05:07:22:26:8e:a7:ab:01:2b:29:15:
                    c0:a4:31:7a:ce:68:93:58:8d:8e:44:5c:a7:96:04:
                    f5:3c:af:78:bb:f4:38:70:97:9b:57:85:20:17:6c:
                    87:27:77:40:7f:98:e3:2a:d6:50:ba:89:d4:f6:e1:
                    29:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:AA:9F:0F:8C:6A:F7:85:ED:C0:2A:BC:58:B4:99:46:B1:8D:A4:C4
            X509v3 Authority Key Identifier:
                keyid:DF:64:12:C5:DD:F1:28:EC:71:4A:FA:EA:48:3E:87:B1:BC:74:D4:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/32QSxd3xKOxxSvrqSD6Hsbx01B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/101c05-a91c-4fbd-bd07-f950420b9e06/1/WqqfD4xq94XtwCq8WLSZRrGNpMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/101c05-a91c-4fbd-bd07-f950420b9e06/1/32QSxd3xKOxxSvrqSD6Hsbx01B8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.107.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:f3:93:67:e2:3b:c0:c1:30:a2:ac:93:cc:83:8c:79:90:91:
         7d:5a:b9:9d:d5:0e:55:27:95:f5:b3:36:86:2c:f0:fa:3f:23:
         7a:ad:29:de:7f:2a:7f:00:00:9a:63:ae:9a:00:f9:75:94:4d:
         e6:78:3f:e5:2c:ec:40:f0:4c:50:4a:eb:50:9e:13:33:0a:77:
         e6:ba:8d:9e:7c:46:60:a3:cc:63:65:4e:6f:6f:9e:50:06:b2:
         0b:e2:4a:8e:1a:b6:f4:b2:ec:d3:1c:8e:ab:fd:67:8b:96:22:
         f4:7f:09:36:8b:2b:65:ab:01:14:15:30:cf:f2:41:e6:f8:ce:
         03:78:58:45:7e:d6:52:b2:76:92:7d:fe:b7:a3:8e:7a:52:74:
         34:64:49:86:d5:2d:fb:1f:99:5d:01:2b:98:99:1a:05:3b:4b:
         67:a1:19:fb:40:62:9a:60:c2:d1:cf:a2:cc:bc:16:e1:3c:93:
         eb:c6:b5:af:73:8d:6d:1f:bf:89:5d:af:78:8a:e7:13:34:38:
         dc:c8:33:1c:a0:87:c1:55:1a:63:cd:cb:0e:0a:b8:26:c1:0b:
         8d:62:3a:e1:18:c0:9a:00:01:53:f7:b3:62:99:0d:b7:b5:68:
         a1:75:dc:79:a8:7c:53:95:d2:a3:fd:0d:9b:66:f7:2b:ef:94:
         5e:2a:5e:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8uR7YcLwCDnbi1JbpRFDr+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmNjQxMmM1ZGRmMTI4ZWM3MTRhZmFlYTQ4M2U4N2IxYmM3
NGQ0MWYwHhcNMjQwNDMwMDkxMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWFhOWYwZjhjNmFmNzg1ZWRjMDJhYmM1OGI0OTk0NmIxOGRhNGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwIArcPtW0O3nQf4hY70GpYvM8gR
S7EgzjQ1BSJfO7ZP0WVkQIUffsloUrvKY+R4aN6AKF8jn5FxPv7izJXjG8fwYVOc
iSYECGna+aZkUZGRF3YtYJRHY0Bok+0gor6ZEm4NLdYkJ8O6mc/AWODr9BVhv7R4
UV+Og7NDwperPn4GNKerMKv8AeNt2YPUJXUUrHPfj4pQNgUM+67kicBQOUpncuhR
JUTrX5aCgpGMNstriITih+HKJmYj+qqMGniJBsIcvUbpBQciJo6nqwErKRXApDF6
zmiTWI2ORFynlgT1PK94u/Q4cJebV4UgF2yHJ3dAf5jjKtZQuonU9uEpfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqqnw+MaveF7cAqvFi0mUaxjaTEMB8GA1UdIwQY
MBaAFN9kEsXd8SjscUr66kg+h7G8dNQfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzJRU3hkM3hLT3h4U3ZycVNENkhzYngwMUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8xMDFjMDUtYTkxYy00ZmJkLWJkMDct
Zjk1MDQyMGI5ZTA2LzEvV3FxZkQ0eHE5NFh0d0NxOFdMU1pSckdOcE1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8xMDFjMDUtYTkxYy00ZmJkLWJkMDctZjk1MDQyMGI5ZTA2
LzEvMzJRU3hkM3hLT3h4U3ZycVNENkhzYngwMUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmt5MA0G
CSqGSIb3DQEBCwUAA4IBAQA085Nn4jvAwTCirJPMg4x5kJF9Wrmd1Q5VJ5X1szaG
LPD6PyN6rSnefyp/AACaY66aAPl1lE3meD/lLOxA8ExQSutQnhMzCnfmuo2efEZg
o8xjZU5vb55QBrIL4kqOGrb0suzTHI6r/WeLliL0fwk2iytlqwEUFTDP8kHm+M4D
eFhFftZSsnaSff63o456UnQ0ZEmG1S37H5ldASuYmRoFO0tnoRn7QGKaYMLRz6LM
vBbhPJPrxrWvc41tH7+JXa94iucTNDjcyDMcoIfBVRpjzcsOCrgmwQuNYjrhGMCa
AAFT97NimQ23tWihddx5qHxTldKj/Q2bZvcr75ReKl7r
-----END CERTIFICATE-----