Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/cQrqr0C1Z-YpiH72k29CLlGMtz8.roa
File:                     cQrqr0C1Z-YpiH72k29CLlGMtz8.roa (raw, json)
Hash identifier:          4kel2/bKPsPvmI8Z5FZu8vl9bOIRd4CxPi9yV0WRojo=
Subject key identifier:   71:0A:EA:AF:40:B5:67:E6:29:88:7E:F6:93:6F:42:2E:51:8C:B7:3F
Certificate issuer:       /CN=f71d4a4374df222ac3235b9602206d96bf1dac82
Certificate serial:       018CC79552988C7C0360065B97E7CE61DFDA
Authority key identifier: F7:1D:4A:43:74:DF:22:2A:C3:23:5B:96:02:20:6D:96:BF:1D:AC:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9x1KQ3TfIirDI1uWAiBtlr8drII.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/cQrqr0C1Z-YpiH72k29CLlGMtz8.roa
Signing time:             Tue 02 Jan 2024 00:31:41 +0000
ROA not before:           Tue 02 Jan 2024 00:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207163
IP address blocks:        93.96.192.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/9x1KQ3TfIirDI1uWAiBtlr8drII.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/9x1KQ3TfIirDI1uWAiBtlr8drII.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9x1KQ3TfIirDI1uWAiBtlr8drII.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:52:98:8c:7c:03:60:06:5b:97:e7:ce:61:df:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f71d4a4374df222ac3235b9602206d96bf1dac82
        Validity
            Not Before: Jan  2 00:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=710aeaaf40b567e629887ef6936f422e518cb73f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e2:18:60:8f:f5:02:5e:0d:44:22:a5:14:53:
                    b6:df:ac:29:bb:c1:ee:58:cd:19:92:0b:73:69:3e:
                    73:60:16:57:b4:c5:d7:e1:45:56:1b:3a:a8:2b:60:
                    b7:7c:31:6c:e1:5f:c1:0d:66:ca:55:f5:09:72:69:
                    84:02:db:bf:1e:8b:7a:be:2c:d6:13:8d:6b:05:2d:
                    94:41:3e:46:3a:cf:65:86:44:d3:58:ff:48:4f:b0:
                    6d:f4:ff:84:a8:6a:80:b9:a9:4e:b4:25:54:9d:ac:
                    c2:58:b6:e2:f6:1d:f6:7e:9f:5a:6c:a9:f8:1e:e5:
                    7e:09:2a:9e:b8:96:9a:17:dd:08:1f:b2:6b:7e:00:
                    0e:d1:ed:7a:64:cc:ff:b4:81:b1:60:51:00:32:35:
                    c3:61:a5:14:cd:c5:12:d4:18:e3:6b:77:d0:d3:3b:
                    ea:d1:1c:50:f5:4c:6c:8d:a3:34:10:68:bc:a0:cd:
                    1e:82:aa:05:3a:6f:91:c3:c1:2a:e4:57:11:f7:45:
                    85:4d:32:ee:23:28:0b:b0:f4:62:ea:df:65:27:5e:
                    c8:43:ef:37:d1:36:00:c0:cf:31:7a:40:af:87:92:
                    cf:e5:b7:c5:7f:af:77:10:bd:69:6b:1c:e0:0e:e6:
                    46:44:e1:96:fd:6c:af:60:a8:da:f9:d5:87:9b:61:
                    72:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:0A:EA:AF:40:B5:67:E6:29:88:7E:F6:93:6F:42:2E:51:8C:B7:3F
            X509v3 Authority Key Identifier:
                keyid:F7:1D:4A:43:74:DF:22:2A:C3:23:5B:96:02:20:6D:96:BF:1D:AC:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9x1KQ3TfIirDI1uWAiBtlr8drII.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/cQrqr0C1Z-YpiH72k29CLlGMtz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/9x1KQ3TfIirDI1uWAiBtlr8drII.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.96.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         22:71:8f:02:d3:df:92:e3:9f:77:62:9f:c6:4e:c2:2b:9b:ed:
         f9:2a:14:a7:ca:ea:82:83:b7:3c:bf:d9:68:31:ca:90:5c:c8:
         d7:cc:75:58:44:32:ba:cb:d5:d6:06:8c:6d:0f:6d:46:e7:c4:
         27:d3:ad:6d:8c:2b:3e:a3:fc:de:8c:a5:b4:58:04:7d:ce:26:
         ce:65:5f:42:15:6c:2b:d2:17:14:a2:70:c2:e1:db:23:b9:6b:
         4f:f1:5c:a3:5b:31:66:05:a7:68:56:86:22:0e:56:c1:ee:2b:
         4c:4f:41:a3:77:e0:8a:99:5e:bd:84:f0:1e:e6:a1:31:aa:88:
         40:1d:74:6e:2c:42:17:7a:b9:4d:39:92:67:1a:de:e5:4b:50:
         bf:e7:b0:43:e5:dc:4a:91:03:a5:8e:b2:5d:ef:f7:76:31:b8:
         07:9a:31:33:e3:bf:e8:c2:f0:b7:ca:e3:b2:f1:70:26:5a:94:
         f1:91:b6:63:94:78:75:62:81:49:9f:d9:6a:67:95:81:f7:0f:
         bf:cd:c7:9b:a8:8a:af:af:86:78:18:60:a4:0b:2c:62:d1:52:
         ec:5f:86:c0:b8:f5:f5:0e:37:ec:64:fe:67:b8:a6:34:71:9d:
         1a:da:c8:c6:fc:ee:3e:c6:6d:38:b2:d4:cf:dc:49:ed:56:13:
         e5:0f:c4:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlVKYjHwDYAZbl+fOYd/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MWQ0YTQzNzRkZjIyMmFjMzIzNWI5NjAyMjA2ZDk2YmYx
ZGFjODIwHhcNMjQwMTAyMDAzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTBhZWFhZjQwYjU2N2U2Mjk4ODdlZjY5MzZmNDIyZTUxOGNiNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOIYYI/1Al4NRCKlFFO236wpu8Hu
WM0ZkgtzaT5zYBZXtMXX4UVWGzqoK2C3fDFs4V/BDWbKVfUJcmmEAtu/Hot6vizW
E41rBS2UQT5GOs9lhkTTWP9IT7Bt9P+EqGqAualOtCVUnazCWLbi9h32fp9abKn4
HuV+CSqeuJaaF90IH7JrfgAO0e16ZMz/tIGxYFEAMjXDYaUUzcUS1Bjja3fQ0zvq
0RxQ9UxsjaM0EGi8oM0egqoFOm+Rw8Eq5FcR90WFTTLuIygLsPRi6t9lJ17IQ+83
0TYAwM8xekCvh5LP5bfFf693EL1paxzgDuZGROGW/WyvYKja+dWHm2FyFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEK6q9AtWfmKYh+9pNvQi5RjLc/MB8GA1UdIwQY
MBaAFPcdSkN03yIqwyNblgIgbZa/HayCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXgxS1EzVGZJaXJESTF1V0FpQnRscjhkcklJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83NzM5ZGMtMTEzMi00ODM3LTliODUt
ZTlhYzJiMDAzMTZhLzEvY1FycXIwQzFaLVlwaUg3MmsyOUNMbEdNdHo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83NzM5ZGMtMTEzMi00ODM3LTliODUtZTlhYzJiMDAzMTZh
LzEvOXgxS1EzVGZJaXJESTF1V0FpQnRscjhkcklJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFXWDAMA0G
CSqGSIb3DQEBCwUAA4IBAQAicY8C09+S4593Yp/GTsIrm+35KhSnyuqCg7c8v9lo
McqQXMjXzHVYRDK6y9XWBoxtD21G58Qn061tjCs+o/zejKW0WAR9zibOZV9CFWwr
0hcUonDC4dsjuWtP8VyjWzFmBadoVoYiDlbB7itMT0Gjd+CKmV69hPAe5qExqohA
HXRuLEIXerlNOZJnGt7lS1C/57BD5dxKkQOljrJd7/d2MbgHmjEz47/owvC3yuOy
8XAmWpTxkbZjlHh1YoFJn9lqZ5WB9w+/zcebqIqvr4Z4GGCkCyxi0VLsX4bAuPX1
DjfsZP5nuKY0cZ0a2sjG/O4+xm04stTP3EntVhPlD8T4
-----END CERTIFICATE-----