Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/QIxE4l_2YUwEBIQmacEYR4sUTC0.roa
File:                     QIxE4l_2YUwEBIQmacEYR4sUTC0.roa (raw, json)
Hash identifier:          27OruYbPLTAwFpPL9OyqaMKt8q14gAIkSdZKm7cus68=
Subject key identifier:   40:8C:44:E2:5F:F6:61:4C:04:04:84:26:69:C1:18:47:8B:14:4C:2D
Certificate issuer:       /CN=1f46f57735a4e63dbef848ee0d9d199e215f8304
Certificate serial:       018CC793FC37D687E5C2748D6B1C4B95967D
Authority key identifier: 1F:46:F5:77:35:A4:E6:3D:BE:F8:48:EE:0D:9D:19:9E:21:5F:83:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/QIxE4l_2YUwEBIQmacEYR4sUTC0.roa
Signing time:             Tue 02 Jan 2024 00:30:13 +0000
ROA not before:           Tue 02 Jan 2024 00:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12337
IP address blocks:        193.47.99.0/24 maxlen: 24
                          2001:67c:192c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:fc:37:d6:87:e5:c2:74:8d:6b:1c:4b:95:96:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f46f57735a4e63dbef848ee0d9d199e215f8304
        Validity
            Not Before: Jan  2 00:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=408c44e25ff6614c0404842669c118478b144c2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:41:e3:24:0f:5c:bf:1b:a5:cb:33:e6:79:0c:
                    05:6d:16:b5:06:df:37:21:1c:77:89:ab:55:39:4a:
                    c7:b3:6b:fb:0b:71:38:02:1f:ee:7f:fa:ce:a3:ea:
                    40:40:10:6a:ab:91:b5:e7:dd:af:23:eb:78:f6:36:
                    2e:ba:81:54:51:9b:2e:c1:5b:d1:2c:e6:79:45:c8:
                    83:83:f5:3b:65:44:f3:0a:af:04:87:ad:81:ff:44:
                    d8:80:19:69:7f:3e:98:3e:77:f4:87:24:a0:e3:0c:
                    e3:a5:e7:c5:ea:04:44:18:28:9d:51:40:88:96:da:
                    29:d9:ba:90:40:f1:f5:77:d7:58:55:2f:71:e8:4b:
                    61:09:af:c8:fe:2a:5d:70:3b:40:69:aa:43:a3:82:
                    77:b0:40:5e:91:e1:32:45:f5:e0:e8:d1:2a:da:e8:
                    32:fa:cd:81:dd:0d:1d:d2:36:7b:e5:27:ee:06:e7:
                    5a:6b:d5:79:94:19:81:61:79:85:f2:68:79:8b:2c:
                    74:fa:9e:79:d2:e6:26:54:cb:78:6b:2e:ad:63:5e:
                    d6:f7:c0:9d:8a:7e:4f:7e:37:c9:68:44:2a:85:bb:
                    ee:c1:8a:d5:a0:d6:9e:39:5a:c1:ef:0e:03:29:14:
                    8a:e5:f3:26:3d:88:7d:79:4c:37:f2:88:83:c8:35:
                    18:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:8C:44:E2:5F:F6:61:4C:04:04:84:26:69:C1:18:47:8B:14:4C:2D
            X509v3 Authority Key Identifier:
                keyid:1F:46:F5:77:35:A4:E6:3D:BE:F8:48:EE:0D:9D:19:9E:21:5F:83:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/QIxE4l_2YUwEBIQmacEYR4sUTC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.99.0/24
                IPv6:
                  2001:67c:192c::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:f9:fa:f2:bb:2a:91:59:9e:70:60:88:a7:59:5f:64:74:bb:
         68:b7:f9:b7:aa:d1:8d:00:2f:82:b9:54:74:5f:95:cd:2b:36:
         5f:9c:07:ea:61:a5:f3:15:ff:39:45:59:e6:46:cb:c4:14:b9:
         2a:6e:f7:66:2a:db:1d:bf:ce:db:b9:52:67:32:81:01:b1:e4:
         01:48:e4:d2:f7:fd:8f:87:29:5c:b2:83:48:e4:2d:b8:cf:64:
         9f:27:72:2f:2f:69:b4:bf:eb:4e:85:f8:75:5f:ae:8a:8e:0a:
         99:04:02:1f:33:bc:08:17:dc:22:2f:d0:04:b4:48:3d:f3:2a:
         a0:fd:f1:20:83:60:ca:9f:ef:9a:c0:a7:76:9b:a4:b5:20:8d:
         c2:66:00:8c:75:15:55:15:86:ab:46:93:9f:79:88:ff:08:75:
         e6:19:e6:e8:9a:04:8d:a0:11:67:79:b6:31:27:8f:bb:64:01:
         39:29:54:4b:5c:7f:b1:dc:2e:54:e0:26:af:0c:7e:19:d8:34:
         19:a0:6b:7e:22:74:06:e3:c6:a0:55:3b:b6:4a:2e:60:5b:db:
         e8:5a:64:ec:6e:84:23:52:b9:14:91:66:2d:d7:2e:10:1d:a6:
         28:b2:f1:69:da:a4:3f:be:24:ea:97:09:10:51:42:87:33:98:
         e6:0d:83:f8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHk/w31oflwnSNaxxLlZZ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDZmNTc3MzVhNGU2M2RiZWY4NDhlZTBkOWQxOTllMjE1
ZjgzMDQwHhcNMjQwMTAyMDAzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDhjNDRlMjVmZjY2MTRjMDQwNDg0MjY2OWMxMTg0NzhiMTQ0YzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEHjJA9cvxulyzPmeQwFbRa1Bt83
IRx3iatVOUrHs2v7C3E4Ah/uf/rOo+pAQBBqq5G1592vI+t49jYuuoFUUZsuwVvR
LOZ5RciDg/U7ZUTzCq8Eh62B/0TYgBlpfz6YPnf0hySg4wzjpefF6gREGCidUUCI
ltop2bqQQPH1d9dYVS9x6EthCa/I/ipdcDtAaapDo4J3sEBekeEyRfXg6NEq2ugy
+s2B3Q0d0jZ75SfuBudaa9V5lBmBYXmF8mh5iyx0+p550uYmVMt4ay6tY17W98Cd
in5PfjfJaEQqhbvuwYrVoNaeOVrB7w4DKRSK5fMmPYh9eUw38oiDyDUYLwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFECMROJf9mFMBASEJmnBGEeLFEwtMB8GA1UdIwQY
MBaAFB9G9Xc1pOY9vvhI7g2dGZ4hX4MEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBiMWR6V2s1ajItLUVqdURaMFpuaUZmZ3dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8xMDcyNjYtYWI1MS00NjJiLTlmYzIt
YTdjOTg5OGVlY2JjLzEvUUl4RTRsXzJZVXdFQklRbWFjRVlSNHNVVEMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8xMDcyNjYtYWI1MS00NjJiLTlmYzItYTdjOTg5OGVlY2Jj
LzEvSDBiMWR6V2s1ajItLUVqdURaMFpuaUZmZ3dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwS9jMA8E
AgACMAkDBwAgAQZ8GSwwDQYJKoZIhvcNAQELBQADggEBAGf5+vK7KpFZnnBgiKdZ
X2R0u2i3+beq0Y0AL4K5VHRflc0rNl+cB+phpfMV/zlFWeZGy8QUuSpu92Yq2x2/
ztu5UmcygQGx5AFI5NL3/Y+HKVyyg0jkLbjPZJ8nci8vabS/606F+HVfroqOCpkE
Ah8zvAgX3CIv0AS0SD3zKqD98SCDYMqf75rAp3abpLUgjcJmAIx1FVUVhqtGk595
iP8IdeYZ5uiaBI2gEWd5tjEnj7tkATkpVEtcf7HcLlTgJq8MfhnYNBmga34idAbj
xqBVO7ZKLmBb2+haZOxuhCNSuRSRZi3XLhAdpiiy8WnapD++JOqXCRBRQoczmOYN
g/g=
-----END CERTIFICATE-----