Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qncpecZoRMtYMYwlKFtKdUWeJKs.roa
File:                     qncpecZoRMtYMYwlKFtKdUWeJKs.roa (raw, json)
Hash identifier:          4m3NnV07Q8EKZ7AkMA366YcnWQbINgOp9ClEMvXHOK8=
Subject key identifier:   AA:77:29:79:C6:68:44:CB:58:31:8C:25:28:5B:4A:75:45:9E:24:AB
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0190EA15E24FD21A0DFA96F84EB5022883AA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qncpecZoRMtYMYwlKFtKdUWeJKs.roa
Signing time:             Thu 25 Jul 2024 13:30:21 +0000
ROA not before:           Thu 25 Jul 2024 13:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47674
IP address blocks:        45.84.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ea:15:e2:4f:d2:1a:0d:fa:96:f8:4e:b5:02:28:83:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 25 13:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa772979c66844cb58318c25285b4a75459e24ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:27:ac:6f:33:a8:c7:c5:b7:5d:cf:5a:b6:5f:
                    63:d4:37:01:3b:34:9e:b0:11:d3:be:9d:c6:06:6f:
                    73:dc:d4:43:d5:4c:7a:f3:a9:47:4d:5d:c9:6f:1d:
                    6d:6a:b1:37:1e:f5:d1:02:63:63:14:f8:03:fd:1a:
                    e7:a1:b2:09:3f:3a:da:75:33:7d:46:c1:f6:88:ec:
                    52:0d:7b:13:0f:59:e3:6a:11:14:8c:0d:76:57:ef:
                    53:4c:35:73:ee:3d:6d:ae:35:3e:2d:ea:d8:90:d1:
                    88:76:1a:69:c5:89:58:40:0c:42:dd:a0:23:1b:89:
                    c6:cc:4b:9c:95:19:11:52:98:80:dd:f0:7f:6d:8b:
                    d7:14:d3:10:fa:a0:b0:8c:cf:da:e0:80:e0:c2:46:
                    15:03:1f:b6:de:f1:a9:c3:44:e5:4f:dc:21:da:37:
                    6d:61:2b:04:8d:e8:be:12:29:ee:73:06:7b:a4:d6:
                    0b:40:18:2e:9a:90:7f:30:e9:7d:94:46:a1:7f:b3:
                    36:82:15:af:29:14:9a:2b:47:71:e4:26:7e:82:27:
                    ec:22:9c:aa:b6:05:1c:18:aa:54:e4:76:25:a7:a2:
                    bb:9c:38:7e:82:7c:70:41:28:4a:a4:c8:26:63:04:
                    55:41:f7:e0:01:a9:51:56:53:53:af:d4:af:8d:d5:
                    b7:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:77:29:79:C6:68:44:CB:58:31:8C:25:28:5B:4A:75:45:9E:24:AB
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qncpecZoRMtYMYwlKFtKdUWeJKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:38:0d:c8:22:89:26:6f:a8:0b:bf:ca:f0:16:d2:b1:d2:41:
         be:ce:7a:86:32:96:c4:27:3d:03:2c:60:2d:11:12:7b:fd:cc:
         23:a2:cf:43:b1:53:5e:26:ae:d6:23:e3:9c:cc:32:e6:50:be:
         45:2a:96:e5:16:d4:2d:63:d2:ff:58:80:0b:6f:7c:6a:b9:e2:
         31:e7:56:c8:9e:a1:c7:ce:59:7f:b8:1b:e1:c8:73:d7:ea:bb:
         74:08:bf:0a:6c:7f:81:4d:2c:b5:d5:1e:a8:73:94:57:e8:11:
         dd:14:ef:13:f1:67:0f:ad:a0:f7:d2:29:29:42:e1:d0:1b:1e:
         5b:77:98:72:68:d8:da:b0:24:2b:8c:76:47:0c:d2:5d:65:90:
         49:a3:10:5c:60:1f:53:01:bc:b9:ef:e0:29:f4:9e:68:55:b0:
         da:2c:96:0f:83:8e:a5:a8:0b:fd:86:f9:0b:71:0c:35:62:9d:
         7e:4c:e3:a7:8b:17:fd:47:bb:0f:c3:24:df:27:00:77:50:13:
         4f:eb:ee:a4:43:7b:9e:a3:40:ab:18:10:e2:6c:b7:a4:9d:75:
         bb:95:f8:03:6e:3f:09:af:b7:d6:59:b5:98:27:45:34:dd:25:
         e8:33:08:9b:ef:0e:cd:f6:24:b7:c4:0a:2b:ec:c5:2a:ae:41:
         b2:21:55:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDqFeJP0hoN+pb4TrUCKIOqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNzI1MTMzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTc3Mjk3OWM2Njg0NGNiNTgzMThjMjUyODViNGE3NTQ1OWUyNGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiesbzOox8W3Xc9atl9j1DcBOzSe
sBHTvp3GBm9z3NRD1Ux686lHTV3Jbx1tarE3HvXRAmNjFPgD/RrnobIJPzradTN9
RsH2iOxSDXsTD1njahEUjA12V+9TTDVz7j1trjU+LerYkNGIdhppxYlYQAxC3aAj
G4nGzEuclRkRUpiA3fB/bYvXFNMQ+qCwjM/a4IDgwkYVAx+23vGpw0TlT9wh2jdt
YSsEjei+EinucwZ7pNYLQBgumpB/MOl9lEahf7M2ghWvKRSaK0dx5CZ+gifsIpyq
tgUcGKpU5HYlp6K7nDh+gnxwQShKpMgmYwRVQffgAalRVlNTr9SvjdW39wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKp3KXnGaETLWDGMJShbSnVFniSrMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcW5jcGVjWm9STXRZTVl3bEtGdEtkVVdlSktzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVTeMA0G
CSqGSIb3DQEBCwUAA4IBAQCnOA3IIokmb6gLv8rwFtKx0kG+znqGMpbEJz0DLGAt
ERJ7/cwjos9DsVNeJq7WI+OczDLmUL5FKpblFtQtY9L/WIALb3xqueIx51bInqHH
zll/uBvhyHPX6rt0CL8KbH+BTSy11R6oc5RX6BHdFO8T8WcPraD30ikpQuHQGx5b
d5hyaNjasCQrjHZHDNJdZZBJoxBcYB9TAby57+Ap9J5oVbDaLJYPg46lqAv9hvkL
cQw1Yp1+TOOnixf9R7sPwyTfJwB3UBNP6+6kQ3ueo0CrGBDibLeknXW7lfgDbj8J
r7fWWbWYJ0U03SXoMwib7w7N9iS3xAor7MUqrkGyIVXs
-----END CERTIFICATE-----