Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/d7d50f-9eb0-48d5-a5b9-3ab3b67c6217/1/WqciO0wM3a-hRegaXIDxCwj6DTs.roa
File:                     WqciO0wM3a-hRegaXIDxCwj6DTs.roa (raw, json)
Hash identifier:          2f8Ra2i6rR7L/ms00UoiBbWxLAAABSwSxae0lrnw7j0=
Subject key identifier:   5A:A7:22:3B:4C:0C:DD:AF:A1:45:E8:1A:5C:80:F1:0B:08:FA:0D:3B
Certificate issuer:       /CN=1c010aa8438a825a5542013f1b90d348ed8a00c6
Certificate serial:       018CC9BCDE107C3F218FFC3D7C94C8F20730
Authority key identifier: 1C:01:0A:A8:43:8A:82:5A:55:42:01:3F:1B:90:D3:48:ED:8A:00:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAEKqEOKglpVQgE_G5DTSO2KAMY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/d7d50f-9eb0-48d5-a5b9-3ab3b67c6217/1/WqciO0wM3a-hRegaXIDxCwj6DTs.roa
Signing time:             Tue 02 Jan 2024 10:34:07 +0000
ROA not before:           Tue 02 Jan 2024 10:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        193.246.62.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/d7d50f-9eb0-48d5-a5b9-3ab3b67c6217/1/HAEKqEOKglpVQgE_G5DTSO2KAMY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/d7d50f-9eb0-48d5-a5b9-3ab3b67c6217/1/HAEKqEOKglpVQgE_G5DTSO2KAMY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAEKqEOKglpVQgE_G5DTSO2KAMY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 07:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:de:10:7c:3f:21:8f:fc:3d:7c:94:c8:f2:07:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c010aa8438a825a5542013f1b90d348ed8a00c6
        Validity
            Not Before: Jan  2 10:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5aa7223b4c0cddafa145e81a5c80f10b08fa0d3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:fb:16:8f:e3:16:28:14:65:02:63:15:fd:10:
                    6f:52:23:40:19:92:11:17:28:3e:d1:5c:b7:11:b1:
                    52:6e:74:95:7e:34:7c:91:7a:b9:2b:ff:63:b5:93:
                    a2:ae:08:0a:1d:4e:05:37:9a:ab:45:57:c9:3f:2f:
                    02:7c:16:18:7f:3c:a4:d7:b3:d8:de:78:e1:b6:fd:
                    49:26:d2:53:12:ae:b2:9e:fb:5b:ed:3a:74:93:27:
                    09:7d:ac:ad:0e:cc:db:71:17:d5:3f:d3:d7:58:42:
                    5c:a9:62:38:18:d0:67:02:f9:86:08:b0:7f:6e:78:
                    b2:50:10:94:a2:56:cb:d0:68:9e:64:5b:d7:04:ed:
                    bf:bb:ed:05:ee:9f:5f:3b:47:3c:75:ef:df:07:52:
                    13:38:d3:ec:58:5e:9f:03:25:eb:05:06:f9:1c:8c:
                    31:2d:7f:e3:dc:6a:72:a1:60:08:f5:99:04:0b:6f:
                    b8:ea:71:c4:fd:c5:e7:4f:8c:af:0b:3a:fc:21:86:
                    b8:0f:4a:2a:4a:d8:e2:75:3f:2a:85:e9:b5:e3:30:
                    a7:c0:ed:86:b4:ef:d4:a2:c4:e1:15:c3:9f:f6:16:
                    9b:d8:d3:dc:e9:2f:93:aa:22:ac:54:d7:17:3d:17:
                    01:cf:92:3c:d1:1c:cc:cf:6b:08:49:98:9e:6b:f2:
                    96:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:A7:22:3B:4C:0C:DD:AF:A1:45:E8:1A:5C:80:F1:0B:08:FA:0D:3B
            X509v3 Authority Key Identifier:
                keyid:1C:01:0A:A8:43:8A:82:5A:55:42:01:3F:1B:90:D3:48:ED:8A:00:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAEKqEOKglpVQgE_G5DTSO2KAMY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/d7d50f-9eb0-48d5-a5b9-3ab3b67c6217/1/WqciO0wM3a-hRegaXIDxCwj6DTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/d7d50f-9eb0-48d5-a5b9-3ab3b67c6217/1/HAEKqEOKglpVQgE_G5DTSO2KAMY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.246.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:f5:15:f3:5f:4d:7f:f1:1d:bb:19:55:69:77:56:2b:69:84:
         05:f6:4f:6d:51:9f:72:7c:1e:18:d4:14:e8:79:f2:f7:06:ac:
         33:77:59:34:fd:88:6c:30:a1:d7:27:47:9a:5e:bb:58:69:3f:
         49:c7:f8:6d:ff:1d:b6:ee:89:5a:2b:c1:4d:ed:25:c4:1b:0d:
         bb:4d:ab:43:98:28:4e:81:e8:bc:ca:a0:be:f4:49:57:cb:54:
         80:6f:2a:7b:9e:94:aa:54:6e:fd:74:4f:37:f4:6b:67:30:17:
         70:c3:eb:d6:21:81:9b:64:a0:31:7f:f2:0f:f9:31:11:90:2c:
         32:f8:0a:78:5e:07:ff:e3:a7:e4:8d:36:4a:e0:37:20:25:43:
         b9:a8:e1:ce:6b:d0:40:9c:88:53:99:df:b9:de:18:2c:5c:f3:
         2f:4b:8b:50:46:37:09:95:cf:e1:90:30:ba:dc:d0:da:31:70:
         92:86:2a:96:8d:db:54:83:a5:4a:9c:74:41:51:9a:e4:7c:23:
         fc:a9:6a:b1:e5:6d:0d:6f:d8:ab:45:e6:26:3a:a6:2d:c4:31:
         ac:f0:5b:0e:93:81:2d:d0:0e:41:11:31:55:8a:a6:c5:37:db:
         10:a5:01:2e:32:6c:87:0d:47:a5:eb:69:7c:ae:06:a8:fc:2d:
         1d:6d:87:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvN4QfD8hj/w9fJTI8gcwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDEwYWE4NDM4YTgyNWE1NTQyMDEzZjFiOTBkMzQ4ZWQ4
YTAwYzYwHhcNMjQwMTAyMTAzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWE3MjIzYjRjMGNkZGFmYTE0NWU4MWE1YzgwZjEwYjA4ZmEwZDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfsWj+MWKBRlAmMV/RBvUiNAGZIR
Fyg+0Vy3EbFSbnSVfjR8kXq5K/9jtZOirggKHU4FN5qrRVfJPy8CfBYYfzyk17PY
3njhtv1JJtJTEq6ynvtb7Tp0kycJfaytDszbcRfVP9PXWEJcqWI4GNBnAvmGCLB/
bniyUBCUolbL0GieZFvXBO2/u+0F7p9fO0c8de/fB1ITONPsWF6fAyXrBQb5HIwx
LX/j3GpyoWAI9ZkEC2+46nHE/cXnT4yvCzr8IYa4D0oqStjidT8qhem14zCnwO2G
tO/UosThFcOf9hab2NPc6S+TqiKsVNcXPRcBz5I80RzMz2sISZiea/KWzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqnIjtMDN2voUXoGlyA8QsI+g07MB8GA1UdIwQY
MBaAFBwBCqhDioJaVUIBPxuQ00jtigDGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFFS3FFT0tnbHBWUWdFX0c1RFRTTzJLQU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9kN2Q1MGYtOWViMC00OGQ1LWE1Yjkt
M2FiM2I2N2M2MjE3LzEvV3FjaU8wd00zYS1oUmVnYVhJRHhDd2o2RFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9kN2Q1MGYtOWViMC00OGQ1LWE1YjktM2FiM2I2N2M2MjE3
LzEvSEFFS3FFT0tnbHBWUWdFX0c1RFRTTzJLQU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwfY+MA0G
CSqGSIb3DQEBCwUAA4IBAQBr9RXzX01/8R27GVVpd1YraYQF9k9tUZ9yfB4Y1BTo
efL3Bqwzd1k0/YhsMKHXJ0eaXrtYaT9Jx/ht/x227olaK8FN7SXEGw27TatDmChO
gei8yqC+9ElXy1SAbyp7npSqVG79dE839GtnMBdww+vWIYGbZKAxf/IP+TERkCwy
+Ap4Xgf/46fkjTZK4DcgJUO5qOHOa9BAnIhTmd+53hgsXPMvS4tQRjcJlc/hkDC6
3NDaMXCShiqWjdtUg6VKnHRBUZrkfCP8qWqx5W0Nb9irReYmOqYtxDGs8FsOk4Et
0A5BETFViqbFN9sQpQEuMmyHDUel62l8rgao/C0dbYcp
-----END CERTIFICATE-----