Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/791a4e-1be9-4976-bd95-6561c849057f/1/QWkB2_UQyJvO86KG0WRqGUOR9Zg.roa
File:                     QWkB2_UQyJvO86KG0WRqGUOR9Zg.roa (raw, json)
Hash identifier:          y7Mh1q5x0lSCJqWuycXD8NEe5/UvaEB94c1LMjcGsAA=
Subject key identifier:   41:69:01:DB:F5:10:C8:9B:CE:F3:A2:86:D1:64:6A:19:43:91:F5:98
Certificate issuer:       /CN=779d815db3226b7a848961262ad74ffc15557fa1
Certificate serial:       018CC26D6F176113F0909F1250146FDF891C
Authority key identifier: 77:9D:81:5D:B3:22:6B:7A:84:89:61:26:2A:D7:4F:FC:15:55:7F:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d52BXbMia3qEiWEmKtdP_BVVf6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/791a4e-1be9-4976-bd95-6561c849057f/1/QWkB2_UQyJvO86KG0WRqGUOR9Zg.roa
Signing time:             Mon 01 Jan 2024 00:30:00 +0000
ROA not before:           Mon 01 Jan 2024 00:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51210
IP address blocks:        178.217.240.0/21 maxlen: 21
                          2001:67c:48::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/791a4e-1be9-4976-bd95-6561c849057f/1/d52BXbMia3qEiWEmKtdP_BVVf6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/791a4e-1be9-4976-bd95-6561c849057f/1/d52BXbMia3qEiWEmKtdP_BVVf6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d52BXbMia3qEiWEmKtdP_BVVf6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6f:17:61:13:f0:90:9f:12:50:14:6f:df:89:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=779d815db3226b7a848961262ad74ffc15557fa1
        Validity
            Not Before: Jan  1 00:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=416901dbf510c89bcef3a286d1646a194391f598
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:d5:0a:d6:25:87:f7:3b:b0:81:90:5b:9b:81:
                    2e:17:a2:2b:61:e0:2a:c8:c4:d4:51:ac:0e:2c:d3:
                    1d:bb:f5:80:96:2a:cb:8f:b7:58:1a:40:03:0c:a3:
                    3e:f9:f6:e3:c7:2d:f9:d7:cd:2b:7f:51:26:c3:db:
                    0c:dd:7b:a0:db:44:29:5c:9d:fa:55:eb:c2:e4:6c:
                    65:db:e5:7e:32:8c:dc:e8:fd:a8:cf:81:a5:75:56:
                    e2:9e:64:48:62:0c:02:35:60:73:50:68:a7:44:a2:
                    6c:13:bb:c6:9b:55:ae:37:6d:b9:c1:64:5e:7f:12:
                    3d:b6:c2:56:9a:8b:77:35:e4:61:ec:57:3d:ce:bc:
                    1f:e0:38:3e:68:ac:d3:5e:c5:21:50:29:35:0a:f0:
                    bd:39:2e:57:3d:35:73:01:3d:fe:d7:01:4c:c1:c7:
                    61:85:eb:a5:57:21:50:c6:2a:b5:0b:fa:1c:b1:b3:
                    30:8b:c7:d6:cb:79:8e:b2:ad:89:60:c8:55:dc:1e:
                    7a:f7:fd:f2:af:09:55:8e:86:c8:46:87:cb:66:d4:
                    7d:4d:7a:41:42:f8:32:68:6d:aa:87:c6:90:65:15:
                    86:23:0c:90:83:4b:cc:8d:0b:96:39:8a:46:e4:d9:
                    05:64:e0:16:6c:d6:f9:34:e7:a8:a9:e6:42:c6:0b:
                    da:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:69:01:DB:F5:10:C8:9B:CE:F3:A2:86:D1:64:6A:19:43:91:F5:98
            X509v3 Authority Key Identifier:
                keyid:77:9D:81:5D:B3:22:6B:7A:84:89:61:26:2A:D7:4F:FC:15:55:7F:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d52BXbMia3qEiWEmKtdP_BVVf6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/791a4e-1be9-4976-bd95-6561c849057f/1/QWkB2_UQyJvO86KG0WRqGUOR9Zg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/791a4e-1be9-4976-bd95-6561c849057f/1/d52BXbMia3qEiWEmKtdP_BVVf6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.217.240.0/21
                IPv6:
                  2001:67c:48::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:30:0d:41:e1:2a:73:f0:45:15:6e:45:3a:ff:b8:72:d7:65:
         d0:75:3a:29:4e:c3:4a:1a:47:c0:da:c8:fb:49:ca:a7:f1:d1:
         b6:89:6a:80:9a:10:74:85:f5:38:ac:b1:ab:8d:77:5e:04:b3:
         fc:56:40:01:1f:02:e7:4c:bb:3a:41:11:a6:e8:d1:d0:1c:b1:
         86:f7:ee:25:45:4e:3c:ca:12:c5:e8:14:ad:a2:d8:c1:86:80:
         56:75:90:f2:32:3d:9c:db:31:54:57:b5:ae:69:8d:bb:38:84:
         06:4c:e2:37:c4:1b:c6:1e:ec:77:73:01:d3:66:b2:3d:85:e7:
         f0:7c:0e:ae:d5:94:22:99:95:de:75:37:c0:45:41:e9:ed:3c:
         a5:12:e2:32:7c:e2:df:3c:32:5b:50:e4:cd:ad:52:ca:19:9a:
         9c:c9:36:8c:be:66:27:9e:79:b5:a8:d2:6e:13:1f:b1:83:cf:
         11:dd:00:f9:c8:a7:3b:70:0d:7e:33:e5:bb:f0:a7:f9:3b:66:
         fe:f0:57:b4:ca:71:b5:05:dd:c5:a8:8c:a8:29:b3:df:4d:f0:
         40:ef:1f:13:3b:33:4f:ea:2b:06:a2:68:d0:8c:42:67:bc:eb:
         64:22:97:ee:40:b8:32:a9:ed:72:56:79:29:af:d5:f9:e2:98:
         6b:86:27:ef
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbW8XYRPwkJ8SUBRv34kcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3OWQ4MTVkYjMyMjZiN2E4NDg5NjEyNjJhZDc0ZmZjMTU1
NTdmYTEwHhcNMjQwMTAxMDAzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTY5MDFkYmY1MTBjODliY2VmM2EyODZkMTY0NmExOTQzOTFmNTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8dUK1iWH9zuwgZBbm4EuF6IrYeAq
yMTUUawOLNMdu/WAlirLj7dYGkADDKM++fbjxy35180rf1Emw9sM3Xug20QpXJ36
VevC5Gxl2+V+Mozc6P2oz4GldVbinmRIYgwCNWBzUGinRKJsE7vGm1WuN225wWRe
fxI9tsJWmot3NeRh7Fc9zrwf4Dg+aKzTXsUhUCk1CvC9OS5XPTVzAT3+1wFMwcdh
heulVyFQxiq1C/ocsbMwi8fWy3mOsq2JYMhV3B569/3yrwlVjobIRofLZtR9TXpB
QvgyaG2qh8aQZRWGIwyQg0vMjQuWOYpG5NkFZOAWbNb5NOeoqeZCxgvaTwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEFpAdv1EMibzvOihtFkahlDkfWYMB8GA1UdIwQY
MBaAFHedgV2zImt6hIlhJirXT/wVVX+hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDUyQlhiTWlhM3FFaVdFbUt0ZFBfQlZWZjZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy83OTFhNGUtMWJlOS00OTc2LWJkOTUt
NjU2MWM4NDkwNTdmLzEvUVdrQjJfVVF5SnZPODZLRzBXUnFHVU9SOVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy83OTFhNGUtMWJlOS00OTc2LWJkOTUtNjU2MWM4NDkwNTdm
LzEvZDUyQlhiTWlhM3FFaVdFbUt0ZFBfQlZWZjZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDstnwMA8E
AgACMAkDBwAgAQZ8AEgwDQYJKoZIhvcNAQELBQADggEBAFAwDUHhKnPwRRVuRTr/
uHLXZdB1OilOw0oaR8DayPtJyqfx0baJaoCaEHSF9TissauNd14Es/xWQAEfAudM
uzpBEabo0dAcsYb37iVFTjzKEsXoFK2i2MGGgFZ1kPIyPZzbMVRXta5pjbs4hAZM
4jfEG8Ye7HdzAdNmsj2F5/B8Dq7VlCKZld51N8BFQentPKUS4jJ84t88MltQ5M2t
UsoZmpzJNoy+ZieeebWo0m4TH7GDzxHdAPnIpztwDX4z5bvwp/k7Zv7wV7TKcbUF
3cWojKgps99N8EDvHxM7M0/qKwaiaNCMQme862Qil+5AuDKp7XJWeSmv1fnimGuG
J+8=
-----END CERTIFICATE-----