Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/QCkf3M4lHNH7MTSwXRZ-I8n7FTQ.roa
File:                     QCkf3M4lHNH7MTSwXRZ-I8n7FTQ.roa (raw, json)
Hash identifier:          To6jW0qrOb8eLLmteqWyuX27g/uP83E0Yg8riuU7tn4=
Subject key identifier:   40:29:1F:DC:CE:25:1C:D1:FB:31:34:B0:5D:16:7E:23:C9:FB:15:34
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AF52FE94CFE9A67B2493C993AD67E
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/QCkf3M4lHNH7MTSwXRZ-I8n7FTQ.roa
Signing time:             Mon 01 Jan 2024 18:30:50 +0000
ROA not before:           Mon 01 Jan 2024 18:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205001
IP address blocks:        80.96.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f5:2f:e9:4c:fe:9a:67:b2:49:3c:99:3a:d6:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40291fdcce251cd1fb3134b05d167e23c9fb1534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:54:a2:28:58:0f:d8:bb:26:22:3f:27:0a:49:
                    88:79:4f:64:b2:2d:89:4f:ca:81:08:3d:43:ef:22:
                    03:71:33:a8:59:cd:80:79:6a:1c:e0:70:0d:d9:02:
                    e2:5a:0d:9a:1f:dc:8f:bb:ff:00:36:e1:6f:f1:22:
                    53:df:a8:76:7c:89:6f:43:94:2b:3e:82:38:50:5b:
                    21:c6:e5:73:c7:f4:77:bd:0a:ab:90:e2:2a:f4:76:
                    38:a4:00:eb:d7:7a:3a:8b:79:d4:ac:30:7b:f0:4a:
                    19:7f:9e:a1:0b:65:25:60:ab:4c:2c:9e:07:cf:8c:
                    18:b1:d1:a3:f4:9d:3e:0f:ab:81:e3:64:9c:3d:bc:
                    39:c1:e7:e7:ee:3d:88:98:25:03:1b:42:33:89:c0:
                    22:b5:e6:3c:70:83:0a:74:96:4f:83:2c:ae:c4:4b:
                    e1:98:74:cb:94:f6:45:be:ae:ab:4e:35:c2:3e:dc:
                    96:03:79:06:2d:e3:60:02:3f:94:4a:7a:4a:ac:38:
                    ca:27:84:2c:5f:3c:64:07:7b:0b:b0:5f:62:70:58:
                    fb:2e:a4:48:ad:50:ef:ac:d8:f2:57:c9:83:75:49:
                    c7:a4:02:2e:72:42:26:14:79:b1:fb:2e:e7:69:cc:
                    bd:a6:95:50:ff:62:da:3f:96:01:1d:11:a6:bf:80:
                    4f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:29:1F:DC:CE:25:1C:D1:FB:31:34:B0:5D:16:7E:23:C9:FB:15:34
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/QCkf3M4lHNH7MTSwXRZ-I8n7FTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:34:0e:80:58:08:01:fc:9d:c8:5a:80:d9:d2:3d:11:66:6b:
         ed:a3:81:4e:46:a3:57:a3:fe:7e:44:24:c1:4e:a5:cd:b1:9c:
         33:d9:25:ac:4f:21:6a:a5:92:c7:e5:74:d5:b5:d4:f4:6a:c4:
         82:6f:81:44:d4:fb:ca:88:3f:a0:0c:55:c8:bf:94:60:5b:47:
         24:13:ce:98:17:cd:d4:55:04:97:a2:28:99:97:9e:f2:95:a0:
         06:8c:6d:2f:e8:ed:ff:a0:d8:ba:8a:d4:9d:97:18:9a:40:86:
         b0:0d:fa:6b:8b:63:5d:a5:99:cc:b2:2e:81:94:6d:de:cb:02:
         31:80:d2:31:e9:b8:a5:ad:36:18:f6:b1:62:61:d9:85:8c:24:
         ea:3e:9d:51:b8:58:2d:1b:0a:ef:44:6f:f8:b7:7d:d9:d3:43:
         fa:cb:42:b5:a8:66:cc:4d:b8:2b:fa:92:45:0d:9a:6c:5a:e3:
         e6:f8:5d:5f:bf:4f:16:82:60:3e:02:e7:1d:b1:13:80:47:3a:
         33:68:94:da:3d:20:3d:fa:ca:fd:79:a0:d1:7b:7b:75:c5:cf:
         4f:7c:5b:3a:49:59:83:e3:a7:22:8e:72:96:cc:d9:8c:c4:06:
         fe:62:90:1b:0e:61:fa:ed:6a:65:41:c0:eb:7c:f2:ea:b9:7e:
         5a:d8:06:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvUv6Uz+mmeySTyZOtZ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDI5MWZkY2NlMjUxY2QxZmIzMTM0YjA1ZDE2N2UyM2M5ZmIxNTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1SiKFgP2LsmIj8nCkmIeU9ksi2J
T8qBCD1D7yIDcTOoWc2AeWoc4HAN2QLiWg2aH9yPu/8ANuFv8SJT36h2fIlvQ5Qr
PoI4UFshxuVzx/R3vQqrkOIq9HY4pADr13o6i3nUrDB78EoZf56hC2UlYKtMLJ4H
z4wYsdGj9J0+D6uB42ScPbw5wefn7j2ImCUDG0IzicAiteY8cIMKdJZPgyyuxEvh
mHTLlPZFvq6rTjXCPtyWA3kGLeNgAj+USnpKrDjKJ4QsXzxkB3sLsF9icFj7LqRI
rVDvrNjyV8mDdUnHpAIuckImFHmx+y7nacy9ppVQ/2LaP5YBHRGmv4BPmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEApH9zOJRzR+zE0sF0WfiPJ+xU0MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvUUNrZjNNNGxITkg3TVRTd1hSWi1JOG43RlRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUGApMA0G
CSqGSIb3DQEBCwUAA4IBAQCCNA6AWAgB/J3IWoDZ0j0RZmvto4FORqNXo/5+RCTB
TqXNsZwz2SWsTyFqpZLH5XTVtdT0asSCb4FE1PvKiD+gDFXIv5RgW0ckE86YF83U
VQSXoiiZl57ylaAGjG0v6O3/oNi6itSdlxiaQIawDfpri2NdpZnMsi6BlG3eywIx
gNIx6bilrTYY9rFiYdmFjCTqPp1RuFgtGwrvRG/4t33Z00P6y0K1qGbMTbgr+pJF
DZpsWuPm+F1fv08WgmA+AucdsROARzozaJTaPSA9+sr9eaDRe3t1xc9PfFs6SVmD
46cijnKWzNmMxAb+YpAbDmH67WplQcDrfPLquX5a2Abw
-----END CERTIFICATE-----