Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/QCjQHnJlP1zRh7OoIVA5knSW_E8.roa
File:                     QCjQHnJlP1zRh7OoIVA5knSW_E8.roa (raw, json)
Hash identifier:          ybf/dVHJg32po5QEL+1MVo8Ayn19tDEBqQ3xA6g3ri4=
Subject key identifier:   40:28:D0:1E:72:65:3F:5C:D1:87:B3:A8:21:50:39:92:74:96:FC:4F
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018D64EAA739AFF93CB35A0E5FB1D419C102
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/QCjQHnJlP1zRh7OoIVA5knSW_E8.roa
Signing time:             Thu 01 Feb 2024 13:45:16 +0000
ROA not before:           Thu 01 Feb 2024 13:45:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49055
IP address blocks:        147.45.208.0/22 maxlen: 24
                          147.45.212.0/22 maxlen: 24
                          147.45.216.0/22 maxlen: 22
                          147.45.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:64:ea:a7:39:af:f9:3c:b3:5a:0e:5f:b1:d4:19:c1:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Feb  1 13:45:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4028d01e72653f5cd187b3a8215039927496fc4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:77:d3:ff:08:a3:53:be:d1:f6:0d:ed:88:4e:
                    08:48:61:e9:27:23:d4:86:00:db:28:9d:07:1e:69:
                    48:c8:26:47:bf:47:20:91:19:30:fc:32:6e:15:62:
                    22:2a:b9:a8:31:63:8f:18:82:43:47:19:50:11:ed:
                    ec:9b:69:c0:40:8c:cc:4b:c6:87:ae:f9:c5:4e:00:
                    3a:37:01:e5:73:f1:b7:c0:a4:7f:f9:00:3c:4b:28:
                    c5:25:31:41:4d:8d:ec:78:a2:6e:2a:37:7a:72:93:
                    1a:19:d8:97:40:1f:49:62:d3:0e:dc:5a:ea:8a:22:
                    99:9a:46:5f:a8:6d:98:97:91:3d:fb:37:07:a4:8d:
                    66:1a:ff:91:53:13:d9:76:44:cd:f4:4f:b8:7e:9b:
                    0a:51:0f:35:76:fc:be:a3:95:af:0b:38:67:8e:43:
                    b6:85:7c:11:20:ab:8d:5f:56:13:2f:4c:ef:af:eb:
                    eb:ae:d5:74:21:7c:e8:e6:04:74:c4:da:46:e5:34:
                    2e:41:e0:d0:b8:78:62:4f:29:d5:4d:7d:50:d2:4b:
                    03:eb:1b:76:8c:20:75:59:67:27:e1:f6:b6:46:4a:
                    ba:33:e0:9a:b6:f3:af:7c:7f:dc:d9:78:be:33:c0:
                    c3:08:7c:30:d0:f8:f2:0d:56:da:92:69:38:1b:2a:
                    12:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:28:D0:1E:72:65:3F:5C:D1:87:B3:A8:21:50:39:92:74:96:FC:4F
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/QCjQHnJlP1zRh7OoIVA5knSW_E8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         60:fb:1d:1b:16:39:07:1f:07:f4:76:66:fd:91:8d:2e:86:cb:
         de:a6:29:e0:c9:14:38:e5:e9:d2:75:81:13:f9:60:8d:3f:ab:
         75:ea:2e:5b:47:0e:ff:5b:b4:f4:79:bf:fc:92:ae:40:ba:16:
         89:0f:2f:ea:a6:44:d6:0e:16:04:8b:4f:09:6d:72:5d:ed:f2:
         2e:d5:a1:32:dd:7c:1b:2a:6f:a5:0f:2d:a1:07:9c:76:cd:e6:
         02:4c:17:60:ab:c7:bc:c6:c9:b0:86:a8:2c:aa:ba:36:44:50:
         eb:43:71:e0:ea:cb:11:f8:67:dc:86:f1:82:9a:13:b1:40:01:
         2a:82:05:70:62:cd:6c:30:3e:b3:9d:0b:e3:7e:1b:0e:f9:a4:
         60:7c:87:53:9c:9a:e3:e2:0c:8e:5e:f5:1a:58:22:82:53:b1:
         b3:c9:ac:a9:4c:92:e7:ab:d4:ee:d3:08:60:5e:be:df:6c:ee:
         f1:f1:f9:ce:82:8a:b0:53:c0:66:36:02:41:bf:b2:52:27:53:
         44:4b:fb:9c:dd:8c:d5:bc:b8:1d:1e:5f:88:c4:c2:cb:88:4a:
         da:43:c3:13:86:cd:fc:1e:1d:47:d0:af:de:3a:2a:41:bc:2d:
         e5:fb:e2:42:9a:ff:47:d6:c8:73:c5:43:0c:53:95:9b:51:6b:
         b0:1a:5a:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1k6qc5r/k8s1oOX7HUGcECMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMjAxMTM0NTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDI4ZDAxZTcyNjUzZjVjZDE4N2IzYTgyMTUwMzk5Mjc0OTZmYzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3nfT/wijU77R9g3tiE4ISGHpJyPU
hgDbKJ0HHmlIyCZHv0cgkRkw/DJuFWIiKrmoMWOPGIJDRxlQEe3sm2nAQIzMS8aH
rvnFTgA6NwHlc/G3wKR/+QA8SyjFJTFBTY3seKJuKjd6cpMaGdiXQB9JYtMO3Frq
iiKZmkZfqG2Yl5E9+zcHpI1mGv+RUxPZdkTN9E+4fpsKUQ81dvy+o5WvCzhnjkO2
hXwRIKuNX1YTL0zvr+vrrtV0IXzo5gR0xNpG5TQuQeDQuHhiTynVTX1Q0ksD6xt2
jCB1WWcn4fa2Rkq6M+CatvOvfH/c2Xi+M8DDCHww0PjyDVbakmk4GyoS9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAo0B5yZT9c0YezqCFQOZJ0lvxPMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvUUNqUUhuSmxQMXpSaDdPb0lWQTVrblNXX0U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEky3QMA0G
CSqGSIb3DQEBCwUAA4IBAQBg+x0bFjkHHwf0dmb9kY0uhsvepingyRQ45enSdYET
+WCNP6t16i5bRw7/W7T0eb/8kq5AuhaJDy/qpkTWDhYEi08JbXJd7fIu1aEy3Xwb
Km+lDy2hB5x2zeYCTBdgq8e8xsmwhqgsqro2RFDrQ3Hg6ssR+GfchvGCmhOxQAEq
ggVwYs1sMD6znQvjfhsO+aRgfIdTnJrj4gyOXvUaWCKCU7GzyaypTJLnq9Tu0whg
Xr7fbO7x8fnOgoqwU8BmNgJBv7JSJ1NES/uc3YzVvLgdHl+IxMLLiEraQ8MThs38
Hh1H0K/eOipBvC3l++JCmv9H1shzxUMMU5WbUWuwGlpF
-----END CERTIFICATE-----