Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/96a524-2e1b-4e9e-b2d8-a9c3122984c5/1/qTCMMowUHLb3IupB7kA5hBLvT1o.roa
File:                     qTCMMowUHLb3IupB7kA5hBLvT1o.roa (raw, json)
Hash identifier:          8xYgLQ6fUnTOTSC4Yx2CrwsTaK+sGBFSfTtczRlrUzQ=
Subject key identifier:   A9:30:8C:32:8C:14:1C:B6:F7:22:EA:41:EE:40:39:84:12:EF:4F:5A
Certificate issuer:       /CN=cc4d48708da5054959e618a582e28c155fef113f
Certificate serial:       018DF3DB26DB81F1A5091F56D03E2930A727
Authority key identifier: CC:4D:48:70:8D:A5:05:49:59:E6:18:A5:82:E2:8C:15:5F:EF:11:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zE1IcI2lBUlZ5hilguKMFV_vET8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/96a524-2e1b-4e9e-b2d8-a9c3122984c5/1/qTCMMowUHLb3IupB7kA5hBLvT1o.roa
Signing time:             Thu 29 Feb 2024 07:54:02 +0000
ROA not before:           Thu 29 Feb 2024 07:54:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198927
IP address blocks:        91.239.180.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/96a524-2e1b-4e9e-b2d8-a9c3122984c5/1/zE1IcI2lBUlZ5hilguKMFV_vET8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/96a524-2e1b-4e9e-b2d8-a9c3122984c5/1/zE1IcI2lBUlZ5hilguKMFV_vET8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zE1IcI2lBUlZ5hilguKMFV_vET8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f3:db:26:db:81:f1:a5:09:1f:56:d0:3e:29:30:a7:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc4d48708da5054959e618a582e28c155fef113f
        Validity
            Not Before: Feb 29 07:54:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9308c328c141cb6f722ea41ee40398412ef4f5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:c8:79:0b:1d:3d:e7:5b:c2:65:29:ce:86:b3:
                    a3:b7:84:df:59:84:a9:ec:46:49:73:00:62:d1:9b:
                    15:14:7e:b8:c9:e9:e4:30:5f:cc:e5:c6:a2:56:73:
                    9e:2d:c0:c7:fc:a0:19:20:a0:e2:30:4c:b4:b2:13:
                    e1:13:c9:3a:91:65:bf:92:01:cc:56:a7:0a:61:d6:
                    e9:a3:52:b6:ec:7e:2b:3b:6d:85:8d:22:dc:43:33:
                    fd:f4:04:de:3e:38:5b:75:d9:35:4a:cd:0c:e3:9d:
                    79:38:2c:97:cc:81:e8:97:73:5d:6e:1a:e0:69:83:
                    50:65:54:00:4a:54:7b:4c:7c:fe:39:08:bc:a1:2d:
                    65:59:18:a0:19:4c:b3:c4:aa:9e:eb:fb:84:59:31:
                    56:3d:c2:9a:6a:0d:8a:3b:04:09:c0:86:f2:3b:9e:
                    c5:b2:ed:05:40:89:35:f0:71:11:18:f9:49:f5:95:
                    4c:eb:fd:55:a8:2c:35:7a:a0:dc:0f:b3:33:79:2a:
                    73:90:f5:ed:16:0b:04:6c:93:65:f6:24:6d:90:4d:
                    18:3f:1f:04:c4:61:7f:ae:f4:a9:64:a2:f3:9f:9f:
                    6b:01:7b:78:71:54:0d:b9:72:76:04:5f:a5:58:c9:
                    f3:81:db:8a:c4:52:cc:05:08:b4:9c:90:fb:9e:0c:
                    62:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:30:8C:32:8C:14:1C:B6:F7:22:EA:41:EE:40:39:84:12:EF:4F:5A
            X509v3 Authority Key Identifier:
                keyid:CC:4D:48:70:8D:A5:05:49:59:E6:18:A5:82:E2:8C:15:5F:EF:11:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zE1IcI2lBUlZ5hilguKMFV_vET8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/96a524-2e1b-4e9e-b2d8-a9c3122984c5/1/qTCMMowUHLb3IupB7kA5hBLvT1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/96a524-2e1b-4e9e-b2d8-a9c3122984c5/1/zE1IcI2lBUlZ5hilguKMFV_vET8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:e3:dc:6b:37:59:89:9c:92:02:9f:e5:ec:e6:f4:a8:00:52:
         7b:2d:c0:35:b2:6c:90:ca:74:40:43:7a:8f:14:78:63:24:af:
         10:52:38:45:8a:9f:4b:b3:b0:af:71:3e:76:5e:5d:d1:5e:d5:
         76:90:32:97:82:bb:63:68:1b:cb:6d:81:10:c0:aa:0a:cf:b1:
         9f:de:f1:f5:ad:e8:29:71:be:d9:5d:4f:2c:13:55:94:e3:b8:
         fb:c3:f9:61:3a:35:7f:5f:b3:31:33:42:ae:ae:04:d2:f7:14:
         66:16:61:ca:16:2d:92:b4:07:e7:1f:66:42:b5:b9:f3:06:4f:
         a8:81:d4:66:f2:2e:af:f8:91:1c:f7:bd:ca:be:5d:bb:b0:9e:
         e6:88:eb:87:3d:f9:e6:3e:d0:e7:9f:79:b8:8e:29:25:7c:b7:
         10:5f:de:44:c8:a3:3f:0a:93:ac:53:61:92:e7:4f:5a:9d:aa:
         cc:83:40:0e:41:c9:0a:60:87:1e:85:32:d7:e0:1e:89:02:85:
         66:60:68:e8:eb:7c:b8:50:97:1d:b5:ca:07:46:e3:01:e8:c0:
         f4:20:4b:e7:9e:f4:42:b7:8f:5a:e7:c4:24:4c:bf:ef:50:16:
         cb:d3:b7:aa:df:c8:7d:93:d0:88:23:c7:51:ea:e2:6d:12:82:
         b3:d4:00:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3z2ybbgfGlCR9W0D4pMKcnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNGQ0ODcwOGRhNTA1NDk1OWU2MThhNTgyZTI4YzE1NWZl
ZjExM2YwHhcNMjQwMjI5MDc1NDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTMwOGMzMjhjMTQxY2I2ZjcyMmVhNDFlZTQwMzk4NDEyZWY0ZjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgsh5Cx0951vCZSnOhrOjt4TfWYSp
7EZJcwBi0ZsVFH64yenkMF/M5caiVnOeLcDH/KAZIKDiMEy0shPhE8k6kWW/kgHM
VqcKYdbpo1K27H4rO22FjSLcQzP99ATePjhbddk1Ss0M4515OCyXzIHol3Ndbhrg
aYNQZVQASlR7THz+OQi8oS1lWRigGUyzxKqe6/uEWTFWPcKaag2KOwQJwIbyO57F
su0FQIk18HERGPlJ9ZVM6/1VqCw1eqDcD7MzeSpzkPXtFgsEbJNl9iRtkE0YPx8E
xGF/rvSpZKLzn59rAXt4cVQNuXJ2BF+lWMnzgduKxFLMBQi0nJD7ngxiEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkwjDKMFBy29yLqQe5AOYQS709aMB8GA1UdIwQY
MBaAFMxNSHCNpQVJWeYYpYLijBVf7xE/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekUxSWNJMmxCVWxaNWhpbGd1S01GVl92RVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NmE1MjQtMmUxYi00ZTllLWIyZDgt
YTljMzEyMjk4NGM1LzEvcVRDTU1vd1VITGIzSXVwQjdrQTVoQkx2VDFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NmE1MjQtMmUxYi00ZTllLWIyZDgtYTljMzEyMjk4NGM1
LzEvekUxSWNJMmxCVWxaNWhpbGd1S01GVl92RVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW++0MA0G
CSqGSIb3DQEBCwUAA4IBAQBa49xrN1mJnJICn+Xs5vSoAFJ7LcA1smyQynRAQ3qP
FHhjJK8QUjhFip9Ls7CvcT52Xl3RXtV2kDKXgrtjaBvLbYEQwKoKz7Gf3vH1regp
cb7ZXU8sE1WU47j7w/lhOjV/X7MxM0KurgTS9xRmFmHKFi2StAfnH2ZCtbnzBk+o
gdRm8i6v+JEc973Kvl27sJ7miOuHPfnmPtDnn3m4jiklfLcQX95EyKM/CpOsU2GS
509anarMg0AOQckKYIcehTLX4B6JAoVmYGjo63y4UJcdtcoHRuMB6MD0IEvnnvRC
t49a58QkTL/vUBbL07eq38h9k9CII8dR6uJtEoKz1ADf
-----END CERTIFICATE-----