Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/QqDsJ5yAh0fCbayQI5MehUANNg8.roa
File:                     QqDsJ5yAh0fCbayQI5MehUANNg8.roa (raw, json)
Hash identifier:          xExBu+EGT+EH68Pts0IGq6FMjTo+HDx7CoM7pL/1ttE=
Subject key identifier:   42:A0:EC:27:9C:80:87:47:C2:6D:AC:90:23:93:1E:85:40:0D:36:0F
Certificate issuer:       /CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
Certificate serial:       01911229F32AB9DB0AC66B827644CA52BF4E
Authority key identifier: F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/QqDsJ5yAh0fCbayQI5MehUANNg8.roa
Signing time:             Fri 02 Aug 2024 08:17:04 +0000
ROA not before:           Fri 02 Aug 2024 08:17:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202
IP address blocks:        195.66.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:12:29:f3:2a:b9:db:0a:c6:6b:82:76:44:ca:52:bf:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
        Validity
            Not Before: Aug  2 08:17:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42a0ec279c808747c26dac9023931e85400d360f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:7c:f7:af:25:f1:3a:40:35:f8:0d:ee:8b:8f:
                    49:c2:30:45:80:c5:16:7b:55:d4:88:ad:f0:65:6f:
                    b7:8c:fe:72:07:78:34:c1:c2:e6:c4:2d:aa:7b:23:
                    39:d4:3e:c5:11:c5:8a:ec:dc:46:bf:93:89:f5:a8:
                    a1:7e:de:ef:78:bd:65:27:7c:d7:e9:a7:92:54:e2:
                    54:5b:e7:48:cf:8a:af:46:9e:4e:c8:c2:68:bb:98:
                    9c:ae:6e:22:5a:b6:f3:15:e2:52:75:24:78:e4:0d:
                    ab:81:41:17:4d:4c:c3:e2:5b:e2:96:ee:74:b8:f6:
                    6a:e0:10:76:00:ad:9c:9c:68:2e:cb:72:06:52:6e:
                    cb:5b:06:ae:48:4a:10:c7:e5:07:5e:a3:ae:66:b7:
                    52:3a:ff:c7:a7:05:a5:ea:22:62:62:e6:db:77:cb:
                    c0:c9:5b:15:fb:81:9a:73:da:46:e1:61:cc:ff:ea:
                    c3:34:d3:7f:7e:ea:78:73:46:b3:1b:14:ea:6d:b6:
                    ce:fe:04:2d:1d:df:c8:96:95:82:29:dd:ca:83:4f:
                    d2:86:c3:89:37:2a:13:0c:9e:ae:82:22:6b:c1:d4:
                    77:86:e0:f6:eb:e2:15:64:47:e9:dd:d1:95:db:e5:
                    38:94:eb:70:e8:2d:1f:96:61:60:3f:10:c6:25:6d:
                    76:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:A0:EC:27:9C:80:87:47:C2:6D:AC:90:23:93:1E:85:40:0D:36:0F
            X509v3 Authority Key Identifier:
                keyid:F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/QqDsJ5yAh0fCbayQI5MehUANNg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:43:12:c0:5d:80:a1:b3:6b:30:91:ff:2c:3a:5d:50:e0:3c:
         7e:8d:6d:65:2a:87:52:d8:d5:a5:d2:26:c3:f0:d3:d6:2c:e5:
         2c:50:b2:df:e8:fd:94:ba:8c:8c:4c:2f:e4:77:e4:6d:4a:a5:
         05:4d:b0:cb:dd:64:e3:47:69:ed:5c:d5:67:a9:fc:64:b6:ab:
         58:df:ce:24:cf:99:d0:37:85:9f:54:f2:26:7d:2a:1d:e0:08:
         47:e8:91:f3:f8:9e:a1:75:3e:53:d0:73:d1:ba:8f:be:63:99:
         56:db:ad:84:1d:0f:37:a1:9b:91:2a:24:2c:20:b4:d9:a3:12:
         21:c1:5b:d7:f8:36:26:89:79:01:d5:68:57:d5:f6:47:3d:c6:
         32:82:db:36:a5:f4:82:a8:34:70:b2:ea:0e:b4:57:ef:ff:60:
         9c:ac:7d:5a:61:6a:5b:2f:ae:80:74:fb:42:80:04:ce:2b:da:
         dc:91:77:6d:0c:d8:a5:0a:73:3e:8b:19:06:89:e7:0f:57:d8:
         f8:ea:05:12:a2:a5:cd:26:59:d6:e2:d3:8a:4c:22:9a:d1:a4:
         02:4c:64:18:9a:13:8b:6d:00:6e:2c:6e:7c:73:ad:fc:35:94:
         c1:5c:34:16:ee:10:d9:c7:3b:21:02:5c:26:e5:2e:4f:67:f3:
         b5:51:71:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZESKfMqudsKxmuCdkTKUr9OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxOTkxOGVkMjE5ZTdkM2Q5MjI3MzdlY2RjNzMxZjBjYTYw
YTY4YjgwHhcNMjQwODAyMDgxNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmEwZWMyNzljODA4NzQ3YzI2ZGFjOTAyMzkzMWU4NTQwMGQzNjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3nz3ryXxOkA1+A3ui49JwjBFgMUW
e1XUiK3wZW+3jP5yB3g0wcLmxC2qeyM51D7FEcWK7NxGv5OJ9aihft7veL1lJ3zX
6aeSVOJUW+dIz4qvRp5OyMJou5icrm4iWrbzFeJSdSR45A2rgUEXTUzD4lvilu50
uPZq4BB2AK2cnGguy3IGUm7LWwauSEoQx+UHXqOuZrdSOv/HpwWl6iJiYubbd8vA
yVsV+4Gac9pG4WHM/+rDNNN/fup4c0azGxTqbbbO/gQtHd/IlpWCKd3Kg0/ShsOJ
NyoTDJ6ugiJrwdR3huD26+IVZEfp3dGV2+U4lOtw6C0flmFgPxDGJW12CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEKg7CecgIdHwm2skCOTHoVADTYPMB8GA1UdIwQY
MBaAFPGZGO0hnn09kic37NxzHwymCmi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzIt
MzEzZWZlYjBiMTlkLzEvUXFEc0o1eUFoMGZDYmF5UUk1TWVoVUFOTmc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzItMzEzZWZlYjBiMTlk
LzEvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JrMA0G
CSqGSIb3DQEBCwUAA4IBAQASQxLAXYChs2swkf8sOl1Q4Dx+jW1lKodS2NWl0ibD
8NPWLOUsULLf6P2UuoyMTC/kd+RtSqUFTbDL3WTjR2ntXNVnqfxktqtY384kz5nQ
N4WfVPImfSod4AhH6JHz+J6hdT5T0HPRuo++Y5lW262EHQ83oZuRKiQsILTZoxIh
wVvX+DYmiXkB1WhX1fZHPcYygts2pfSCqDRwsuoOtFfv/2CcrH1aYWpbL66AdPtC
gATOK9rckXdtDNilCnM+ixkGiecPV9j46gUSoqXNJlnW4tOKTCKa0aQCTGQYmhOL
bQBuLG58c638NZTBXDQW7hDZxzshAlwm5S5PZ/O1UXED
-----END CERTIFICATE-----