Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/a4a87a-4f7d-40bd-b1f5-ff4a99783ab4/1/QzPyOXlhE1CdPj7d_rJIbmvgZ3k.roa
File:                     QzPyOXlhE1CdPj7d_rJIbmvgZ3k.roa (raw, json)
Hash identifier:          pVHtaQer06mal9hYZ9eiJ3sCmCS2YpUWHzdhvrZv7NI=
Subject key identifier:   43:33:F2:39:79:61:13:50:9D:3E:3E:DD:FE:B2:48:6E:6B:E0:67:79
Certificate issuer:       /CN=7ee3208e818dd74c0d6b43d927ea0d1893bed650
Certificate serial:       018CC9BCF19FE7362350B6A6931002EFCBD5
Authority key identifier: 7E:E3:20:8E:81:8D:D7:4C:0D:6B:43:D9:27:EA:0D:18:93:BE:D6:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fuMgjoGN10wNa0PZJ-oNGJO-1lA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/a4a87a-4f7d-40bd-b1f5-ff4a99783ab4/1/QzPyOXlhE1CdPj7d_rJIbmvgZ3k.roa
Signing time:             Tue 02 Jan 2024 10:34:12 +0000
ROA not before:           Tue 02 Jan 2024 10:34:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196906
IP address blocks:        193.105.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/a4a87a-4f7d-40bd-b1f5-ff4a99783ab4/1/fuMgjoGN10wNa0PZJ-oNGJO-1lA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/a4a87a-4f7d-40bd-b1f5-ff4a99783ab4/1/fuMgjoGN10wNa0PZJ-oNGJO-1lA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fuMgjoGN10wNa0PZJ-oNGJO-1lA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f1:9f:e7:36:23:50:b6:a6:93:10:02:ef:cb:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ee3208e818dd74c0d6b43d927ea0d1893bed650
        Validity
            Not Before: Jan  2 10:34:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4333f239796113509d3e3eddfeb2486e6be06779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ac:6c:b2:c7:36:1b:90:e1:71:87:f5:17:c5:
                    13:97:c8:e7:e5:f1:de:51:d5:80:40:2f:a5:02:03:
                    8e:9c:27:1b:1e:46:ba:f9:33:0c:32:e8:8f:47:39:
                    1a:23:53:70:bf:e5:55:f8:1c:f5:46:8f:c0:ea:20:
                    13:f1:a0:c3:4f:c7:2d:42:d9:1e:92:02:50:8b:8c:
                    18:c6:2b:e9:06:2e:13:7e:48:b2:45:e0:3e:37:4e:
                    9a:be:62:c7:7c:de:90:3a:9d:54:aa:cd:3f:df:cd:
                    47:b4:15:b8:26:58:3a:0e:08:27:1f:a4:0a:79:af:
                    f8:98:11:bb:90:29:b1:03:78:6d:f7:e7:92:0f:29:
                    0e:40:da:22:f2:6e:bb:4d:fb:58:ae:19:28:f0:96:
                    cf:b2:6a:49:3a:2b:c4:e5:9f:7f:fc:25:c6:1a:28:
                    a3:61:32:46:16:7e:c2:cf:26:f4:c2:08:9a:d8:5d:
                    6c:91:41:1d:85:d6:52:19:aa:63:49:3d:33:c6:6d:
                    0f:02:88:00:57:3b:75:18:6e:48:82:87:84:ee:87:
                    a4:b1:1f:c7:bb:40:b3:f8:52:35:08:3f:8c:f6:35:
                    51:11:6f:87:d1:6b:99:53:bf:e5:0c:ca:40:f6:65:
                    05:a0:68:bd:85:db:71:7b:66:80:8b:9f:d3:0e:5c:
                    07:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:33:F2:39:79:61:13:50:9D:3E:3E:DD:FE:B2:48:6E:6B:E0:67:79
            X509v3 Authority Key Identifier:
                keyid:7E:E3:20:8E:81:8D:D7:4C:0D:6B:43:D9:27:EA:0D:18:93:BE:D6:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fuMgjoGN10wNa0PZJ-oNGJO-1lA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/a4a87a-4f7d-40bd-b1f5-ff4a99783ab4/1/QzPyOXlhE1CdPj7d_rJIbmvgZ3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/a4a87a-4f7d-40bd-b1f5-ff4a99783ab4/1/fuMgjoGN10wNa0PZJ-oNGJO-1lA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:4d:d9:b2:b4:23:1e:75:0f:65:79:93:d7:63:4c:cc:05:0c:
         e1:29:59:27:92:f8:e7:09:48:af:99:7c:3f:96:92:b3:3f:97:
         f5:12:3b:d8:40:bc:6e:df:cf:2a:4d:a5:1b:5c:c3:2b:3c:4f:
         e9:3e:39:a3:97:35:1d:30:18:83:f7:fb:c1:47:50:cc:f0:2f:
         cf:18:66:9c:9d:f1:dc:4c:69:3c:94:bd:c7:3d:b6:85:23:3a:
         ec:9c:08:4e:f6:ce:7c:9a:bf:68:f2:cf:67:5d:e5:d3:72:3a:
         3b:de:f3:f6:6e:fe:ff:11:d5:f2:f2:1c:59:27:36:75:e1:cf:
         2e:39:79:04:88:53:48:48:c0:62:6f:2d:85:29:65:be:ec:d1:
         c3:87:cd:d7:58:0e:61:66:37:df:48:15:9c:ad:69:89:61:b3:
         3e:54:41:fe:7e:f8:29:6d:3f:fb:12:42:ff:32:92:4c:cf:09:
         f1:75:ab:1a:81:3e:45:d1:78:36:65:10:3f:a4:e2:32:a5:16:
         ff:64:92:04:c4:db:a0:e2:41:da:b7:b2:75:ac:e3:07:e1:dc:
         51:de:b8:c0:42:d9:eb:6c:b6:f3:32:65:31:90:b4:1d:45:db:
         4d:18:a1:d4:24:b7:d0:49:65:58:c8:8f:c8:73:39:bf:b0:a2:
         7f:d1:54:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvPGf5zYjULamkxAC78vVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZTMyMDhlODE4ZGQ3NGMwZDZiNDNkOTI3ZWEwZDE4OTNi
ZWQ2NTAwHhcNMjQwMTAyMTAzNDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzMzZjIzOTc5NjExMzUwOWQzZTNlZGRmZWIyNDg2ZTZiZTA2Nzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqxsssc2G5DhcYf1F8UTl8jn5fHe
UdWAQC+lAgOOnCcbHka6+TMMMuiPRzkaI1Nwv+VV+Bz1Ro/A6iAT8aDDT8ctQtke
kgJQi4wYxivpBi4TfkiyReA+N06avmLHfN6QOp1Uqs0/381HtBW4Jlg6DggnH6QK
ea/4mBG7kCmxA3ht9+eSDykOQNoi8m67TftYrhko8JbPsmpJOivE5Z9//CXGGiij
YTJGFn7Czyb0wgia2F1skUEdhdZSGapjST0zxm0PAogAVzt1GG5IgoeE7oeksR/H
u0Cz+FI1CD+M9jVREW+H0WuZU7/lDMpA9mUFoGi9hdtxe2aAi5/TDlwHeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMz8jl5YRNQnT4+3f6ySG5r4Gd5MB8GA1UdIwQY
MBaAFH7jII6BjddMDWtD2SfqDRiTvtZQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnVNZ2pvR04xMHdOYTBQWkotb05HSk8tMWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9hNGE4N2EtNGY3ZC00MGJkLWIxZjUt
ZmY0YTk5NzgzYWI0LzEvUXpQeU9YbGhFMUNkUGo3ZF9ySklibXZnWjNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9hNGE4N2EtNGY3ZC00MGJkLWIxZjUtZmY0YTk5NzgzYWI0
LzEvZnVNZ2pvR04xMHdOYTBQWkotb05HSk8tMWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWk+MA0G
CSqGSIb3DQEBCwUAA4IBAQAPTdmytCMedQ9leZPXY0zMBQzhKVknkvjnCUivmXw/
lpKzP5f1EjvYQLxu388qTaUbXMMrPE/pPjmjlzUdMBiD9/vBR1DM8C/PGGacnfHc
TGk8lL3HPbaFIzrsnAhO9s58mr9o8s9nXeXTcjo73vP2bv7/EdXy8hxZJzZ14c8u
OXkEiFNISMBiby2FKWW+7NHDh83XWA5hZjffSBWcrWmJYbM+VEH+fvgpbT/7EkL/
MpJMzwnxdasagT5F0Xg2ZRA/pOIypRb/ZJIExNug4kHat7J1rOMH4dxR3rjAQtnr
bLbzMmUxkLQdRdtNGKHUJLfQSWVYyI/Iczm/sKJ/0VSS
-----END CERTIFICATE-----