Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/QCR3XI9TovoQjg1rbKWY49M12Dw.roa
File:                     QCR3XI9TovoQjg1rbKWY49M12Dw.roa (raw, json)
Hash identifier:          gKRsH0jabmKIUTg0riK48T2N0Jeksd1+DENgOUscTwU=
Subject key identifier:   40:24:77:5C:8F:53:A2:FA:10:8E:0D:6B:6C:A5:98:E3:D3:35:D8:3C
Certificate issuer:       /CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Certificate serial:       018F8544B9BAD490D6487CA98D3AA8847568
Authority key identifier: C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/QCR3XI9TovoQjg1rbKWY49M12Dw.roa
Signing time:             Fri 17 May 2024 06:37:04 +0000
ROA not before:           Fri 17 May 2024 06:37:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49203
IP address blocks:        91.212.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Oct 2024 06:23:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:85:44:b9:ba:d4:90:d6:48:7c:a9:8d:3a:a8:84:75:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c04db7623241d7e6678fc25751fa4e0b6665186b
        Validity
            Not Before: May 17 06:37:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4024775c8f53a2fa108e0d6b6ca598e3d335d83c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e7:64:f7:cb:fc:f3:3b:b8:a7:1d:8c:75:ea:
                    4e:2a:52:c7:a2:a3:f6:65:ac:b0:9e:75:d5:50:14:
                    ee:9a:b2:f5:be:ec:24:d5:e2:61:47:70:5a:e2:e4:
                    23:3b:10:26:e6:1f:e9:a0:7b:a3:58:9b:a9:35:68:
                    33:38:37:37:ca:f8:bb:f3:b6:d5:56:08:d6:6a:9f:
                    c8:79:8b:13:74:37:0c:b4:79:34:7c:cd:39:fc:c1:
                    71:d4:6d:fd:0f:e0:d2:ff:b6:42:61:a3:4e:ef:79:
                    f8:c1:fe:60:da:df:a9:28:d2:88:bd:1c:4e:f0:95:
                    bd:ee:af:2d:8b:5f:a9:a2:ff:38:ce:85:94:02:47:
                    ee:02:86:57:dd:e6:14:c4:c6:38:48:ab:36:1e:af:
                    00:a0:e7:d8:09:ef:b8:ac:e2:b5:72:bb:80:8a:63:
                    a6:7d:61:0b:c0:cd:82:09:6a:16:f7:6a:4a:e7:c2:
                    aa:0b:50:09:a6:3f:93:b9:ac:5a:24:3e:77:b8:e8:
                    32:a2:00:c8:ca:6c:bc:fb:5b:88:d4:05:d6:a7:bc:
                    cd:f0:6c:79:6d:58:92:2c:71:64:1f:c0:b7:d0:f3:
                    52:30:80:f3:c0:d5:13:ec:13:eb:a1:92:06:ee:91:
                    84:63:1d:54:2a:ed:2f:e1:cc:f6:76:fe:fe:51:ba:
                    f4:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:24:77:5C:8F:53:A2:FA:10:8E:0D:6B:6C:A5:98:E3:D3:35:D8:3C
            X509v3 Authority Key Identifier:
                keyid:C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/QCR3XI9TovoQjg1rbKWY49M12Dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:40:b5:71:c0:ff:ab:80:e8:76:14:6d:02:ab:a8:4d:06:26:
         0c:d7:b6:6c:c6:5f:d0:89:51:af:6b:b4:e3:1d:36:b6:08:ef:
         df:30:5e:fb:f1:9f:44:d9:45:78:a4:b3:5e:aa:0e:3e:38:f4:
         9f:de:4d:62:59:5f:ab:2d:58:91:00:d8:a6:f8:e5:8f:b1:95:
         b1:f1:eb:4c:52:48:04:aa:d5:7d:1a:12:60:2b:69:2b:ad:0d:
         45:45:5f:10:af:46:d9:b0:b3:14:49:51:e9:e9:55:50:a2:64:
         6d:b0:21:8e:d7:30:13:96:37:00:a8:a6:11:de:8a:19:26:18:
         12:80:51:87:a0:16:d3:dc:06:60:c2:eb:36:03:14:c2:58:34:
         6e:3b:fc:a2:81:83:96:e9:9f:47:ff:bd:50:14:19:ee:06:bf:
         08:2e:62:01:58:95:1f:3b:0b:fd:de:50:6d:f2:f9:62:73:16:
         bb:e8:6b:9f:62:a7:2d:7e:92:c1:29:35:d7:a4:a2:ae:56:4b:
         76:7d:d2:52:4c:b2:8e:1c:f0:be:c0:03:59:6e:c2:78:95:c3:
         44:d9:07:d3:e8:ae:25:7f:38:32:3c:40:60:29:6e:63:7c:92:
         d6:7c:b3:49:4c:da:f2:05:5d:62:b8:03:c8:de:74:fd:a4:b0:
         d6:a9:16:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+FRLm61JDWSHypjTqohHVoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNGRiNzYyMzI0MWQ3ZTY2NzhmYzI1NzUxZmE0ZTBiNjY2
NTE4NmIwHhcNMjQwNTE3MDYzNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDI0Nzc1YzhmNTNhMmZhMTA4ZTBkNmI2Y2E1OThlM2QzMzVkODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnedk98v88zu4px2MdepOKlLHoqP2
ZaywnnXVUBTumrL1vuwk1eJhR3Ba4uQjOxAm5h/poHujWJupNWgzODc3yvi787bV
VgjWap/IeYsTdDcMtHk0fM05/MFx1G39D+DS/7ZCYaNO73n4wf5g2t+pKNKIvRxO
8JW97q8ti1+pov84zoWUAkfuAoZX3eYUxMY4SKs2Hq8AoOfYCe+4rOK1cruAimOm
fWELwM2CCWoW92pK58KqC1AJpj+TuaxaJD53uOgyogDIymy8+1uI1AXWp7zN8Gx5
bViSLHFkH8C30PNSMIDzwNUT7BProZIG7pGEYx1UKu0v4cz2dv7+Ubr03QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAkd1yPU6L6EI4Na2ylmOPTNdg8MB8GA1UdIwQY
MBaAFMBNt2IyQdfmZ4/CV1H6TgtmZRhrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMt
MDQyM2YyNjNmMmNiLzEvUUNSM1hJOVRvdm9RamcxcmJLV1k0OU0xMkR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMtMDQyM2YyNjNmMmNi
LzEvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9RKMA0G
CSqGSIb3DQEBCwUAA4IBAQBGQLVxwP+rgOh2FG0Cq6hNBiYM17Zsxl/QiVGva7Tj
HTa2CO/fMF778Z9E2UV4pLNeqg4+OPSf3k1iWV+rLViRANim+OWPsZWx8etMUkgE
qtV9GhJgK2krrQ1FRV8Qr0bZsLMUSVHp6VVQomRtsCGO1zATljcAqKYR3ooZJhgS
gFGHoBbT3AZgwus2AxTCWDRuO/yigYOW6Z9H/71QFBnuBr8ILmIBWJUfOwv93lBt
8vlicxa76GufYqctfpLBKTXXpKKuVkt2fdJSTLKOHPC+wANZbsJ4lcNE2QfT6K4l
fzgyPEBgKW5jfJLWfLNJTNryBV1iuAPI3nT9pLDWqRbN
-----END CERTIFICATE-----