Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/f8651b-c12b-42d4-afda-232f4703491f/1/Qjn9tUU0WMkGrBf2CBampV7Fj90.roa
File:                     Qjn9tUU0WMkGrBf2CBampV7Fj90.roa (raw, json)
Hash identifier:          nLkMU6T9mgB9Pqm/W8NlsX47vyx8+jMGtFzGW17FtDs=
Subject key identifier:   42:39:FD:B5:45:34:58:C9:06:AC:17:F6:08:16:A6:A5:5E:C5:8F:DD
Certificate issuer:       /CN=6c949d2bd64ee17ef5d47f963e3d5d7a982b12af
Certificate serial:       018CC6B920BA794E0421B62D7C1993FAAFE5
Authority key identifier: 6C:94:9D:2B:D6:4E:E1:7E:F5:D4:7F:96:3E:3D:5D:7A:98:2B:12:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bJSdK9ZO4X711H-WPj1depgrEq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/f8651b-c12b-42d4-afda-232f4703491f/1/Qjn9tUU0WMkGrBf2CBampV7Fj90.roa
Signing time:             Mon 01 Jan 2024 20:31:10 +0000
ROA not before:           Mon 01 Jan 2024 20:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34272
IP address blocks:        193.110.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/f8651b-c12b-42d4-afda-232f4703491f/1/bJSdK9ZO4X711H-WPj1depgrEq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/f8651b-c12b-42d4-afda-232f4703491f/1/bJSdK9ZO4X711H-WPj1depgrEq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bJSdK9ZO4X711H-WPj1depgrEq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:20:ba:79:4e:04:21:b6:2d:7c:19:93:fa:af:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c949d2bd64ee17ef5d47f963e3d5d7a982b12af
        Validity
            Not Before: Jan  1 20:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4239fdb5453458c906ac17f60816a6a55ec58fdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c2:db:b7:08:c0:66:c6:94:c2:dc:aa:b7:c8:
                    e6:6e:5d:4f:8d:e3:a8:b6:d6:92:8c:db:9d:2d:b6:
                    7b:7e:a1:e8:c2:34:39:b4:e6:66:a6:0e:dc:31:bc:
                    87:67:be:03:ef:c4:55:9a:39:08:1f:1f:66:83:bd:
                    1d:f1:a1:8b:d7:69:37:06:a1:c1:fa:f8:70:bd:db:
                    4c:c5:61:19:0d:08:c7:fe:1c:5e:c6:49:1a:64:a1:
                    85:a2:e1:03:36:60:ce:54:b7:b1:f1:04:81:ae:99:
                    33:f3:e5:67:15:67:53:66:31:9a:10:15:93:59:09:
                    7a:95:e7:7c:28:af:8d:86:a2:d0:58:76:e3:2f:fe:
                    f6:47:69:e0:46:02:b5:d7:31:1f:70:16:d6:4c:8c:
                    94:06:bf:c2:0d:eb:63:d5:92:ac:de:a2:ae:2e:61:
                    7b:e4:92:ed:56:b5:82:fa:41:46:3f:13:30:05:ed:
                    6c:86:fa:de:e3:17:a1:f1:cc:b2:5a:b3:bc:4e:bb:
                    5a:be:b2:e0:af:43:a9:6f:9f:21:47:ee:4a:3e:33:
                    26:f5:a8:f4:7c:57:6c:91:70:97:7c:9a:85:14:82:
                    82:d4:46:4e:dc:f7:f7:31:c5:84:49:5e:8d:de:22:
                    5b:dd:8b:32:c5:d3:6f:8d:d2:5e:97:69:a0:cc:cf:
                    bf:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:39:FD:B5:45:34:58:C9:06:AC:17:F6:08:16:A6:A5:5E:C5:8F:DD
            X509v3 Authority Key Identifier:
                keyid:6C:94:9D:2B:D6:4E:E1:7E:F5:D4:7F:96:3E:3D:5D:7A:98:2B:12:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bJSdK9ZO4X711H-WPj1depgrEq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/f8651b-c12b-42d4-afda-232f4703491f/1/Qjn9tUU0WMkGrBf2CBampV7Fj90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/f8651b-c12b-42d4-afda-232f4703491f/1/bJSdK9ZO4X711H-WPj1depgrEq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:b2:f4:65:be:59:30:c8:1a:55:c1:0c:07:55:79:c8:17:a5:
         00:25:e6:5f:aa:cd:cd:d2:dd:bf:fb:23:19:fc:da:22:22:2a:
         03:3b:3a:5c:5d:47:a6:aa:3e:40:de:3c:6e:b0:c4:48:72:85:
         2e:7e:a8:a8:a7:a5:7a:ba:a2:d9:6d:3a:2e:65:15:bb:44:74:
         77:99:23:f5:e5:8d:b5:e9:77:29:6b:22:62:bb:d4:32:39:9b:
         f2:68:8a:ec:8c:33:52:79:a5:05:c4:38:13:4e:26:90:82:0a:
         37:77:72:f7:5a:b3:e1:3b:96:2c:1a:54:37:c2:87:6d:ca:a9:
         40:46:4f:80:48:6b:70:1e:da:94:c1:7c:04:7f:6b:3c:b9:c3:
         02:ae:50:13:8c:30:0b:2c:94:b9:3c:18:8b:20:8c:11:49:cc:
         c2:e3:95:f2:67:73:e0:96:e9:52:18:91:af:31:6e:11:23:c8:
         cc:3e:4e:ad:a4:a4:dc:be:a0:1a:1b:19:d9:d2:ee:36:ba:bc:
         d7:52:14:43:dc:b7:03:34:64:60:34:7b:68:29:25:90:28:bd:
         35:e7:90:5d:89:29:db:13:75:2c:b0:b8:06:f7:d7:b5:e1:16:
         48:48:ed:1b:e6:df:4f:06:39:2d:66:cf:cb:a8:52:4d:eb:7d:
         33:1e:f8:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSC6eU4EIbYtfBmT+q/lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOTQ5ZDJiZDY0ZWUxN2VmNWQ0N2Y5NjNlM2Q1ZDdhOTgy
YjEyYWYwHhcNMjQwMTAxMjAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjM5ZmRiNTQ1MzQ1OGM5MDZhYzE3ZjYwODE2YTZhNTVlYzU4ZmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcLbtwjAZsaUwtyqt8jmbl1PjeOo
ttaSjNudLbZ7fqHowjQ5tOZmpg7cMbyHZ74D78RVmjkIHx9mg70d8aGL12k3BqHB
+vhwvdtMxWEZDQjH/hxexkkaZKGFouEDNmDOVLex8QSBrpkz8+VnFWdTZjGaEBWT
WQl6led8KK+NhqLQWHbjL/72R2ngRgK11zEfcBbWTIyUBr/CDetj1ZKs3qKuLmF7
5JLtVrWC+kFGPxMwBe1shvre4xeh8cyyWrO8TrtavrLgr0Opb58hR+5KPjMm9aj0
fFdskXCXfJqFFIKC1EZO3Pf3McWESV6N3iJb3YsyxdNvjdJel2mgzM+/+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEI5/bVFNFjJBqwX9ggWpqVexY/dMB8GA1UdIwQY
MBaAFGyUnSvWTuF+9dR/lj49XXqYKxKvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkpTZEs5Wk80WDcxMUgtV1BqMWRlcGdyRXE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9mODY1MWItYzEyYi00MmQ0LWFmZGEt
MjMyZjQ3MDM0OTFmLzEvUWpuOXRVVTBXTWtHckJmMkNCYW1wVjdGajkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9mODY1MWItYzEyYi00MmQ0LWFmZGEtMjMyZjQ3MDM0OTFm
LzEvYkpTZEs5Wk80WDcxMUgtV1BqMWRlcGdyRXE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW6EMA0G
CSqGSIb3DQEBCwUAA4IBAQCTsvRlvlkwyBpVwQwHVXnIF6UAJeZfqs3N0t2/+yMZ
/NoiIioDOzpcXUemqj5A3jxusMRIcoUufqiop6V6uqLZbTouZRW7RHR3mSP15Y21
6XcpayJiu9QyOZvyaIrsjDNSeaUFxDgTTiaQggo3d3L3WrPhO5YsGlQ3wodtyqlA
Rk+ASGtwHtqUwXwEf2s8ucMCrlATjDALLJS5PBiLIIwRSczC45XyZ3PglulSGJGv
MW4RI8jMPk6tpKTcvqAaGxnZ0u42urzXUhRD3LcDNGRgNHtoKSWQKL0155BdiSnb
E3UssLgG99e14RZISO0b5t9PBjktZs/LqFJN630zHvhu
-----END CERTIFICATE-----