Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7cc7a7-aef1-408a-a1c6-df1cce4e6950/1/QkmEhitdtqPFCpqV4KfFjowy0JI.roa
File:                     QkmEhitdtqPFCpqV4KfFjowy0JI.roa (raw, json)
Hash identifier:          ZPuy6BYt07xFgRYX+TUuoC9WsBtSQ7WFaywp1eNKKb0=
Subject key identifier:   42:49:84:86:2B:5D:B6:A3:C5:0A:9A:95:E0:A7:C5:8E:8C:32:D0:92
Certificate issuer:       /CN=2b2244c8a3eb4a3c6d776d046ce92abf01c6c22f
Certificate serial:       018CC80185D31AEFDBF9D86EA1FF39A1AF9F
Authority key identifier: 2B:22:44:C8:A3:EB:4A:3C:6D:77:6D:04:6C:E9:2A:BF:01:C6:C2:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KyJEyKPrSjxtd20EbOkqvwHGwi8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7cc7a7-aef1-408a-a1c6-df1cce4e6950/1/QkmEhitdtqPFCpqV4KfFjowy0JI.roa
Signing time:             Tue 02 Jan 2024 02:29:52 +0000
ROA not before:           Tue 02 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196879
IP address blocks:        193.106.108.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7cc7a7-aef1-408a-a1c6-df1cce4e6950/1/KyJEyKPrSjxtd20EbOkqvwHGwi8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7cc7a7-aef1-408a-a1c6-df1cce4e6950/1/KyJEyKPrSjxtd20EbOkqvwHGwi8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KyJEyKPrSjxtd20EbOkqvwHGwi8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:85:d3:1a:ef:db:f9:d8:6e:a1:ff:39:a1:af:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b2244c8a3eb4a3c6d776d046ce92abf01c6c22f
        Validity
            Not Before: Jan  2 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=424984862b5db6a3c50a9a95e0a7c58e8c32d092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1a:b6:96:b9:d8:3c:eb:03:44:5d:d5:d9:ef:
                    ff:a7:93:49:b7:f9:b3:38:80:4d:21:5d:a4:37:8c:
                    64:5b:63:1a:dc:a8:0e:eb:70:bd:cb:2b:ee:bb:74:
                    48:45:fe:12:ad:b1:61:08:40:39:da:e8:cb:77:05:
                    31:9d:b3:fc:96:fc:51:92:5f:10:59:1a:ea:68:3f:
                    2d:6f:27:a6:27:b1:0f:e0:46:c5:95:13:18:7e:79:
                    82:e0:e2:c6:df:1c:bd:4a:70:cb:e7:40:52:e6:b8:
                    9c:f1:66:01:4a:23:3f:b2:c0:4c:47:37:26:71:42:
                    8d:d3:bf:0c:b3:8e:1d:ba:9b:b5:61:1f:3f:86:3d:
                    a5:14:f4:c6:dc:3b:af:98:59:41:50:ff:d7:70:d2:
                    ab:45:d0:a4:c5:44:98:fc:fd:ca:bf:46:dd:c7:70:
                    6b:37:28:77:2c:ad:79:48:e5:4d:a6:ba:1f:ae:2f:
                    e4:72:11:2b:f2:c8:a2:85:a2:6b:11:db:98:f6:19:
                    30:6f:94:66:ef:04:f3:dc:5a:fb:c4:16:7d:bc:41:
                    ef:42:46:16:45:c4:5b:d3:81:2c:7b:12:f2:a9:6a:
                    a5:38:2e:b3:fe:80:a1:e2:de:75:93:35:f3:0f:5a:
                    ab:f5:01:9a:db:6b:01:70:22:e9:2b:86:df:3b:42:
                    2a:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:49:84:86:2B:5D:B6:A3:C5:0A:9A:95:E0:A7:C5:8E:8C:32:D0:92
            X509v3 Authority Key Identifier:
                keyid:2B:22:44:C8:A3:EB:4A:3C:6D:77:6D:04:6C:E9:2A:BF:01:C6:C2:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KyJEyKPrSjxtd20EbOkqvwHGwi8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7cc7a7-aef1-408a-a1c6-df1cce4e6950/1/QkmEhitdtqPFCpqV4KfFjowy0JI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7cc7a7-aef1-408a-a1c6-df1cce4e6950/1/KyJEyKPrSjxtd20EbOkqvwHGwi8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:fc:7b:22:51:e6:29:57:ab:22:3d:3f:97:d3:13:e4:1e:8f:
         a3:bf:99:ac:8d:44:e2:be:41:64:b2:7a:fb:a4:e4:43:a3:b3:
         0a:a8:cd:de:e2:3e:83:28:4c:a7:11:56:61:ce:ce:d3:a8:e3:
         0f:89:8a:1b:a0:93:b2:7e:3f:ec:f9:a9:42:b1:58:b4:00:c4:
         c7:2e:c5:39:b0:7c:b2:d9:ee:b3:67:d7:c2:1a:05:f5:b5:3e:
         95:85:d7:82:51:7b:7d:be:c2:5b:d1:ad:20:6e:45:f9:1c:c3:
         80:69:42:24:48:32:b8:3d:83:be:06:3b:3d:4a:7e:ef:c4:9b:
         ff:6a:1b:fb:ab:7e:28:33:d4:8f:8e:7c:58:9c:53:79:ea:37:
         d4:7a:7e:26:b9:a0:d7:2d:ea:52:76:87:44:f7:83:09:35:3f:
         d2:e5:a2:47:c7:39:4f:4d:8f:25:35:04:22:2d:34:39:d4:3b:
         c0:dd:25:a0:1f:da:df:d0:08:30:7c:43:09:8c:98:de:5d:f8:
         6a:df:e9:d7:a2:69:1a:ca:a1:19:4a:14:22:4e:4e:5e:44:15:
         18:7e:66:7b:37:5a:b5:9a:b4:3b:36:66:fd:a8:93:04:66:8a:
         39:ef:42:d6:13:d0:af:8e:de:f8:89:b4:5d:5c:e6:ab:22:a8:
         33:52:c3:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAYXTGu/b+dhuof85oa+fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMjI0NGM4YTNlYjRhM2M2ZDc3NmQwNDZjZTkyYWJmMDFj
NmMyMmYwHhcNMjQwMTAyMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjQ5ODQ4NjJiNWRiNmEzYzUwYTlhOTVlMGE3YzU4ZThjMzJkMDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRq2lrnYPOsDRF3V2e//p5NJt/mz
OIBNIV2kN4xkW2Ma3KgO63C9yyvuu3RIRf4SrbFhCEA52ujLdwUxnbP8lvxRkl8Q
WRrqaD8tbyemJ7EP4EbFlRMYfnmC4OLG3xy9SnDL50BS5ric8WYBSiM/ssBMRzcm
cUKN078Ms44dupu1YR8/hj2lFPTG3DuvmFlBUP/XcNKrRdCkxUSY/P3Kv0bdx3Br
Nyh3LK15SOVNprofri/kchEr8siihaJrEduY9hkwb5Rm7wTz3Fr7xBZ9vEHvQkYW
RcRb04EsexLyqWqlOC6z/oCh4t51kzXzD1qr9QGa22sBcCLpK4bfO0Iq5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJJhIYrXbajxQqaleCnxY6MMtCSMB8GA1UdIwQY
MBaAFCsiRMij60o8bXdtBGzpKr8BxsIvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3lKRXlLUHJTanh0ZDIwRWJPa3F2d0hHd2k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83Y2M3YTctYWVmMS00MDhhLWExYzYt
ZGYxY2NlNGU2OTUwLzEvUWttRWhpdGR0cVBGQ3BxVjRLZkZqb3d5MEpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83Y2M3YTctYWVmMS00MDhhLWExYzYtZGYxY2NlNGU2OTUw
LzEvS3lKRXlLUHJTanh0ZDIwRWJPa3F2d0hHd2k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWpsMA0G
CSqGSIb3DQEBCwUAA4IBAQAF/HsiUeYpV6siPT+X0xPkHo+jv5msjUTivkFksnr7
pORDo7MKqM3e4j6DKEynEVZhzs7TqOMPiYoboJOyfj/s+alCsVi0AMTHLsU5sHyy
2e6zZ9fCGgX1tT6VhdeCUXt9vsJb0a0gbkX5HMOAaUIkSDK4PYO+Bjs9Sn7vxJv/
ahv7q34oM9SPjnxYnFN56jfUen4muaDXLepSdodE94MJNT/S5aJHxzlPTY8lNQQi
LTQ51DvA3SWgH9rf0AgwfEMJjJjeXfhq3+nXomkayqEZShQiTk5eRBUYfmZ7N1q1
mrQ7Nmb9qJMEZoo570LWE9Cvjt74ibRdXOarIqgzUsNu
-----END CERTIFICATE-----