Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/QWb3MFmyW_4vyV38WujsgWT-yMw.roa
File:                     QWb3MFmyW_4vyV38WujsgWT-yMw.roa (raw, json)
Hash identifier:          McXzbbSbbi6Z0YlgBtzpbULQT/blKLAbUJ8PFz87TJs=
Subject key identifier:   41:66:F7:30:59:B2:5B:FE:2F:C9:5D:FC:5A:E8:EC:81:64:FE:C8:CC
Certificate issuer:       /CN=cc215f58159ec576a2022776ea64f61c5bb00194
Certificate serial:       018CC56EF50785A93C5FC19539927CFE0912
Authority key identifier: CC:21:5F:58:15:9E:C5:76:A2:02:27:76:EA:64:F6:1C:5B:B0:01:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/QWb3MFmyW_4vyV38WujsgWT-yMw.roa
Signing time:             Mon 01 Jan 2024 14:30:32 +0000
ROA not before:           Mon 01 Jan 2024 14:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49950
IP address blocks:        212.122.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f5:07:85:a9:3c:5f:c1:95:39:92:7c:fe:09:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc215f58159ec576a2022776ea64f61c5bb00194
        Validity
            Not Before: Jan  1 14:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4166f73059b25bfe2fc95dfc5ae8ec8164fec8cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:56:fb:b8:fc:dc:c7:b6:c3:13:a2:29:bd:ea:
                    89:1d:9d:fc:55:d9:a8:18:98:f2:5d:ce:e5:f4:61:
                    d6:4c:83:f1:0e:e7:13:d3:f0:63:e0:aa:f7:90:60:
                    45:bb:84:41:2d:1e:01:fe:b1:f0:55:59:fd:85:67:
                    c9:6c:ee:d5:2a:a8:4f:60:c3:bc:3d:f6:7e:c4:8d:
                    de:eb:6b:49:3f:0c:e2:86:85:36:be:21:c0:e2:07:
                    00:fc:a0:47:9b:97:3c:89:5d:16:0c:b7:9f:f7:a2:
                    c5:49:5b:40:66:69:6e:f8:ab:65:b4:0c:c1:2a:b7:
                    41:ea:dd:da:b4:12:06:17:4e:3a:ed:4c:c8:e3:66:
                    a4:d3:39:b8:f8:a0:fb:f5:e6:34:92:7f:ae:b3:86:
                    cd:65:66:1a:01:c1:f7:47:29:40:ab:c8:8b:02:a6:
                    e6:44:09:3b:7b:55:88:cc:1f:f8:4f:fa:6b:d2:07:
                    78:8b:41:49:23:f8:ea:76:c2:9a:d1:81:73:d6:8e:
                    9b:bb:c9:20:7b:a9:02:ea:8c:07:2e:5d:42:bb:34:
                    19:2d:d2:7d:ed:5f:27:e8:cf:8f:8e:8c:1a:ed:4b:
                    d3:7d:0d:50:df:d0:2e:37:4d:e1:7a:9f:83:96:18:
                    68:61:1a:fc:f9:22:b0:bf:6b:49:4b:1a:19:19:fa:
                    11:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:66:F7:30:59:B2:5B:FE:2F:C9:5D:FC:5A:E8:EC:81:64:FE:C8:CC
            X509v3 Authority Key Identifier:
                keyid:CC:21:5F:58:15:9E:C5:76:A2:02:27:76:EA:64:F6:1C:5B:B0:01:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/QWb3MFmyW_4vyV38WujsgWT-yMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.122.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:e0:23:20:4a:09:d8:6e:4d:10:7a:a9:d6:ce:d4:17:12:aa:
         58:65:03:67:a2:4d:a6:f3:76:63:a6:db:a0:a0:16:df:01:1d:
         b5:9a:1c:0a:fe:ee:71:a7:d8:11:5c:ae:9a:15:c5:e0:e9:84:
         0d:0b:7c:b8:cd:93:32:3b:d8:ad:4c:0b:bd:73:c8:64:1b:d9:
         a6:72:8a:3e:a9:33:97:32:c4:50:57:93:d3:d2:f9:f8:6d:31:
         4c:98:3e:88:d3:9e:2c:31:a4:44:7d:0b:cf:8b:88:46:63:7d:
         0d:ad:32:0f:4f:53:47:54:a1:ed:39:68:bc:86:b2:be:98:93:
         a2:02:5d:91:48:e4:74:8b:df:82:80:89:0a:ce:1d:11:4d:b0:
         47:60:7a:db:16:5e:2f:91:95:06:b7:5f:e2:c6:c5:8e:9e:75:
         84:c4:37:ec:39:7e:eb:6c:ab:3e:70:dc:12:88:ce:2b:84:cf:
         9f:91:26:cb:24:41:24:ad:02:2c:58:7c:f1:52:0e:d8:b0:76:
         b9:9d:4b:a8:29:40:0f:57:eb:be:30:e5:7d:e5:1b:fb:fe:cc:
         08:27:36:37:fd:b7:93:fb:3c:9a:07:97:1a:d5:2e:40:ca:54:
         23:2a:de:b6:29:de:02:da:38:91:33:8c:24:53:85:75:17:46:
         cc:40:0d:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvUHhak8X8GVOZJ8/gkSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMjE1ZjU4MTU5ZWM1NzZhMjAyMjc3NmVhNjRmNjFjNWJi
MDAxOTQwHhcNMjQwMTAxMTQzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTY2ZjczMDU5YjI1YmZlMmZjOTVkZmM1YWU4ZWM4MTY0ZmVjOGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1b7uPzcx7bDE6IpveqJHZ38Vdmo
GJjyXc7l9GHWTIPxDucT0/Bj4Kr3kGBFu4RBLR4B/rHwVVn9hWfJbO7VKqhPYMO8
PfZ+xI3e62tJPwzihoU2viHA4gcA/KBHm5c8iV0WDLef96LFSVtAZmlu+KtltAzB
KrdB6t3atBIGF0467UzI42ak0zm4+KD79eY0kn+us4bNZWYaAcH3RylAq8iLAqbm
RAk7e1WIzB/4T/pr0gd4i0FJI/jqdsKa0YFz1o6bu8kge6kC6owHLl1CuzQZLdJ9
7V8n6M+Pjowa7UvTfQ1Q39AuN03hep+DlhhoYRr8+SKwv2tJSxoZGfoRIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFm9zBZslv+L8ld/Fro7IFk/sjMMB8GA1UdIwQY
MBaAFMwhX1gVnsV2ogIndupk9hxbsAGUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekNGZldCV2V4WGFpQWlkMjZtVDJIRnV3QVpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9lYmM3NDgtNjgyNi00MTQwLWE4ZTAt
ODQzZWVlZTBhMjYwLzEvUVdiM01GbXlXXzR2eVYzOFd1anNnV1QteU13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9lYmM3NDgtNjgyNi00MTQwLWE4ZTAtODQzZWVlZTBhMjYw
LzEvekNGZldCV2V4WGFpQWlkMjZtVDJIRnV3QVpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HqmMA0G
CSqGSIb3DQEBCwUAA4IBAQCP4CMgSgnYbk0QeqnWztQXEqpYZQNnok2m83Zjptug
oBbfAR21mhwK/u5xp9gRXK6aFcXg6YQNC3y4zZMyO9itTAu9c8hkG9mmcoo+qTOX
MsRQV5PT0vn4bTFMmD6I054sMaREfQvPi4hGY30NrTIPT1NHVKHtOWi8hrK+mJOi
Al2RSOR0i9+CgIkKzh0RTbBHYHrbFl4vkZUGt1/ixsWOnnWExDfsOX7rbKs+cNwS
iM4rhM+fkSbLJEEkrQIsWHzxUg7YsHa5nUuoKUAPV+u+MOV95Rv7/swIJzY3/beT
+zyaB5ca1S5AylQjKt62Kd4C2jiRM4wkU4V1F0bMQA1P
-----END CERTIFICATE-----