Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/54b678-b2fe-449d-b326-dcae70f1c93b/1/QhFo0H31BxIAa_8rDeup_scAlOA.roa
File:                     QhFo0H31BxIAa_8rDeup_scAlOA.roa (raw, json)
Hash identifier:          yNMn6QEEEKLbySltnMFuHyN3r9Vl8UfHz171k6Pa2tI=
Subject key identifier:   42:11:68:D0:7D:F5:07:12:00:6B:FF:2B:0D:EB:A9:FE:C7:00:94:E0
Certificate issuer:       /CN=8261a42bf2264cb5ebcec6e190d02a6d553b6233
Certificate serial:       019142793313F993A8C32CAAF5D6D527CDE5
Authority key identifier: 82:61:A4:2B:F2:26:4C:B5:EB:CE:C6:E1:90:D0:2A:6D:55:3B:62:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmGkK_ImTLXrzsbhkNAqbVU7YjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/54b678-b2fe-449d-b326-dcae70f1c93b/1/QhFo0H31BxIAa_8rDeup_scAlOA.roa
Signing time:             Sun 11 Aug 2024 17:25:24 +0000
ROA not before:           Sun 11 Aug 2024 17:25:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49703
IP address blocks:        193.24.116.0/24 maxlen: 24
                          2a13:f700::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/54b678-b2fe-449d-b326-dcae70f1c93b/1/gmGkK_ImTLXrzsbhkNAqbVU7YjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/54b678-b2fe-449d-b326-dcae70f1c93b/1/gmGkK_ImTLXrzsbhkNAqbVU7YjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmGkK_ImTLXrzsbhkNAqbVU7YjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:42:79:33:13:f9:93:a8:c3:2c:aa:f5:d6:d5:27:cd:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8261a42bf2264cb5ebcec6e190d02a6d553b6233
        Validity
            Not Before: Aug 11 17:25:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=421168d07df50712006bff2b0deba9fec70094e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:49:14:59:7c:84:06:c0:fa:74:f2:7e:24:ee:
                    88:be:85:6f:8f:7f:31:c0:12:56:44:4e:27:c2:ed:
                    1c:f9:b4:48:7c:93:ec:f3:60:0b:14:ee:8c:56:72:
                    23:dd:1b:04:86:81:c1:4a:fc:9d:ee:4a:58:92:2d:
                    6e:18:0c:cd:34:30:7a:6c:db:53:c0:31:ef:7b:de:
                    67:9e:ef:cf:bc:5a:86:d2:20:e7:55:58:3e:81:c0:
                    af:3e:2f:f7:f7:ef:1a:8c:48:ec:e2:ac:97:b1:a6:
                    65:3b:3e:90:61:3e:e3:e2:71:59:15:e4:46:61:25:
                    29:36:0f:cc:6b:12:07:0c:0a:17:5c:10:33:6d:08:
                    8d:82:9f:91:0d:0b:ce:9e:91:1d:e2:91:84:d0:4f:
                    79:4c:32:dc:ca:67:f7:ee:57:75:bc:2f:82:79:80:
                    11:e5:a5:e3:eb:af:6f:7d:5c:59:23:08:2f:51:b8:
                    a8:c5:10:d5:0c:39:39:1e:24:96:59:8a:0c:6b:31:
                    8d:40:0a:c8:f4:64:f1:dd:bd:cf:43:38:bf:f5:79:
                    87:8e:32:4a:c8:69:64:32:e2:05:3a:48:2a:74:5d:
                    d0:24:98:88:9d:1a:52:16:b9:51:cd:9a:d4:bd:06:
                    82:05:6d:be:6d:89:47:5a:e3:39:ca:54:bc:67:ed:
                    8e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:11:68:D0:7D:F5:07:12:00:6B:FF:2B:0D:EB:A9:FE:C7:00:94:E0
            X509v3 Authority Key Identifier:
                keyid:82:61:A4:2B:F2:26:4C:B5:EB:CE:C6:E1:90:D0:2A:6D:55:3B:62:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmGkK_ImTLXrzsbhkNAqbVU7YjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/54b678-b2fe-449d-b326-dcae70f1c93b/1/QhFo0H31BxIAa_8rDeup_scAlOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/54b678-b2fe-449d-b326-dcae70f1c93b/1/gmGkK_ImTLXrzsbhkNAqbVU7YjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.116.0/24
                IPv6:
                  2a13:f700::/29

    Signature Algorithm: sha256WithRSAEncryption
         16:58:bf:9c:ba:26:4f:73:92:15:37:71:5c:90:98:ff:df:c6:
         59:f5:ee:59:67:cd:ac:5b:de:22:1a:9b:bd:c9:72:29:2e:9b:
         45:e6:ad:30:25:b0:53:52:83:14:df:fc:37:f7:0c:25:83:00:
         ba:60:bf:2a:02:34:9d:0f:3e:f9:5c:ad:87:93:81:0e:0b:5e:
         47:2c:93:bf:11:e3:d5:4a:c7:c2:c5:f9:4c:80:ac:54:03:4d:
         9c:ac:da:ff:35:cd:42:e1:83:db:fc:4b:48:73:51:b9:c9:00:
         a2:23:79:41:1b:a2:6d:b7:8c:ae:e8:60:55:df:c4:e6:de:6b:
         40:87:96:33:f3:e9:0d:77:1a:37:3d:f0:6e:a3:3e:3b:03:a6:
         bb:21:a7:43:8a:50:8c:10:f2:47:01:06:08:a3:be:82:f2:de:
         a7:f6:37:46:5f:3b:9d:9c:50:d1:e9:91:7d:c9:15:8f:4c:55:
         e8:49:d8:b5:63:23:6e:0a:05:7d:94:da:ac:d3:e0:81:df:94:
         5c:20:1b:f7:2a:d0:3e:df:60:7f:a1:06:28:03:48:8b:1b:74:
         82:6e:8d:b9:8f:ee:9d:1f:9a:4c:c8:58:eb:53:3f:d0:9d:05:
         1a:4b:da:ee:e9:cd:82:a1:48:cc:12:3a:a0:11:b3:8a:dc:2b:
         59:d7:f7:34
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZFCeTMT+ZOowyyq9dbVJ83lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjFhNDJiZjIyNjRjYjVlYmNlYzZlMTkwZDAyYTZkNTUz
YjYyMzMwHhcNMjQwODExMTcyNTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjExNjhkMDdkZjUwNzEyMDA2YmZmMmIwZGViYTlmZWM3MDA5NGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kkUWXyEBsD6dPJ+JO6IvoVvj38x
wBJWRE4nwu0c+bRIfJPs82ALFO6MVnIj3RsEhoHBSvyd7kpYki1uGAzNNDB6bNtT
wDHve95nnu/PvFqG0iDnVVg+gcCvPi/39+8ajEjs4qyXsaZlOz6QYT7j4nFZFeRG
YSUpNg/MaxIHDAoXXBAzbQiNgp+RDQvOnpEd4pGE0E95TDLcymf37ld1vC+CeYAR
5aXj669vfVxZIwgvUbioxRDVDDk5HiSWWYoMazGNQArI9GTx3b3PQzi/9XmHjjJK
yGlkMuIFOkgqdF3QJJiInRpSFrlRzZrUvQaCBW2+bYlHWuM5ylS8Z+2O3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEIRaNB99QcSAGv/Kw3rqf7HAJTgMB8GA1UdIwQY
MBaAFIJhpCvyJky1687G4ZDQKm1VO2IzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21Ha0tfSW1UTFhyenNiaGtOQXFiVlU3WWpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS81NGI2NzgtYjJmZS00NDlkLWIzMjYt
ZGNhZTcwZjFjOTNiLzEvUWhGbzBIMzFCeElBYV84ckRldXBfc2NBbE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS81NGI2NzgtYjJmZS00NDlkLWIzMjYtZGNhZTcwZjFjOTNi
LzEvZ21Ha0tfSW1UTFhyenNiaGtOQXFiVlU3WWpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwRh0MA0E
AgACMAcDBQMqE/cAMA0GCSqGSIb3DQEBCwUAA4IBAQAWWL+cuiZPc5IVN3FckJj/
38ZZ9e5ZZ82sW94iGpu9yXIpLptF5q0wJbBTUoMU3/w39wwlgwC6YL8qAjSdDz75
XK2Hk4EOC15HLJO/EePVSsfCxflMgKxUA02crNr/Nc1C4YPb/EtIc1G5yQCiI3lB
G6Jtt4yu6GBV38Tm3mtAh5Yz8+kNdxo3PfBuoz47A6a7IadDilCMEPJHAQYIo76C
8t6n9jdGXzudnFDR6ZF9yRWPTFXoSdi1YyNuCgV9lNqs0+CB35RcIBv3KtA+32B/
oQYoA0iLG3SCbo25j+6dH5pMyFjrUz/QnQUaS9ru6c2CoUjMEjqgEbOK3CtZ1/c0
-----END CERTIFICATE-----