Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/7253f0-d825-4dab-801f-9b509e5931f9/1/QTobJZVsJpwC9mtay3CdjRkaXZ8.roa
File:                     QTobJZVsJpwC9mtay3CdjRkaXZ8.roa (raw, json)
Hash identifier:          El9ogu+oynjAbY2wrpKdDusBDwOguR7djzgPxtCnaqw=
Subject key identifier:   41:3A:1B:25:95:6C:26:9C:02:F6:6B:5A:CB:70:9D:8D:19:1A:5D:9F
Certificate issuer:       /CN=44f610f872cf31b7c3224cd2c1669c9968350b7a
Certificate serial:       018CC9BC20F1AE4E1BD898B0B243A0B924C2
Authority key identifier: 44:F6:10:F8:72:CF:31:B7:C3:22:4C:D2:C1:66:9C:99:68:35:0B:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPYQ-HLPMbfDIkzSwWacmWg1C3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/7253f0-d825-4dab-801f-9b509e5931f9/1/QTobJZVsJpwC9mtay3CdjRkaXZ8.roa
Signing time:             Tue 02 Jan 2024 10:33:18 +0000
ROA not before:           Tue 02 Jan 2024 10:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12508
IP address blocks:        212.89.224.0/19 maxlen: 32
                          2a09:6c0::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/7253f0-d825-4dab-801f-9b509e5931f9/1/RPYQ-HLPMbfDIkzSwWacmWg1C3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/7253f0-d825-4dab-801f-9b509e5931f9/1/RPYQ-HLPMbfDIkzSwWacmWg1C3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPYQ-HLPMbfDIkzSwWacmWg1C3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:20:f1:ae:4e:1b:d8:98:b0:b2:43:a0:b9:24:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44f610f872cf31b7c3224cd2c1669c9968350b7a
        Validity
            Not Before: Jan  2 10:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=413a1b25956c269c02f66b5acb709d8d191a5d9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d2:97:b2:67:62:2b:ad:22:c7:d8:16:16:89:
                    5a:07:1e:09:12:58:9d:dd:d0:08:22:ee:01:be:5f:
                    c3:08:97:12:d7:0a:27:e2:37:3e:81:09:78:7d:70:
                    a9:66:a6:df:57:3b:2b:a2:0c:d0:3a:8f:dd:29:73:
                    b1:72:d1:49:cc:77:e9:6e:08:62:bf:48:45:9c:9c:
                    ac:58:0c:28:e9:e7:36:d0:25:57:ad:36:79:5a:15:
                    b5:a0:bc:b2:39:e7:84:61:f1:95:26:5d:0f:16:cd:
                    65:34:53:23:82:49:be:1e:48:b8:22:83:4a:d2:78:
                    19:27:4e:73:75:0c:d0:09:e3:e2:1a:e5:c0:d7:79:
                    46:35:a3:c3:84:7e:ce:fb:e8:ac:0e:fa:64:41:5d:
                    d6:b8:4f:de:83:e1:27:a4:ca:6b:f1:9e:01:54:07:
                    c9:d4:65:2f:6f:47:92:b4:ee:d4:e2:58:75:a8:ce:
                    f9:ac:8d:d2:e4:c0:1c:f4:9e:60:0d:99:62:a3:71:
                    ef:f8:96:dc:34:ae:46:dc:d4:96:2e:03:2f:90:a4:
                    2c:4b:62:ad:38:b1:1f:df:89:d4:11:47:ab:02:a6:
                    e0:c5:35:16:d3:3f:db:01:52:ec:03:39:1b:d9:c6:
                    22:ff:29:53:f1:fd:cd:c4:e2:31:bc:26:76:b6:27:
                    3d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:3A:1B:25:95:6C:26:9C:02:F6:6B:5A:CB:70:9D:8D:19:1A:5D:9F
            X509v3 Authority Key Identifier:
                keyid:44:F6:10:F8:72:CF:31:B7:C3:22:4C:D2:C1:66:9C:99:68:35:0B:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPYQ-HLPMbfDIkzSwWacmWg1C3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7253f0-d825-4dab-801f-9b509e5931f9/1/QTobJZVsJpwC9mtay3CdjRkaXZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7253f0-d825-4dab-801f-9b509e5931f9/1/RPYQ-HLPMbfDIkzSwWacmWg1C3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.89.224.0/19
                IPv6:
                  2a09:6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:dd:31:c2:0f:33:65:fa:8b:18:38:5a:c9:fe:f5:12:84:39:
         bf:83:e8:92:d2:35:2c:d7:87:0a:2d:e2:4b:f3:f9:03:3e:37:
         f6:11:19:d5:0f:b7:8c:b9:cf:8c:1c:1f:23:eb:e9:ca:9e:44:
         f1:f7:94:7c:31:fb:b3:b6:07:41:68:25:21:fe:c0:a4:5a:a5:
         71:18:96:25:b0:71:d2:11:eb:31:a0:a6:1a:38:a2:bc:02:01:
         fa:e1:96:d2:58:f5:eb:dd:4f:aa:42:34:cb:0b:41:05:ed:df:
         b6:c4:e0:87:b4:81:0e:33:2f:72:0e:dc:22:f9:1b:e1:8f:5c:
         97:80:e5:bc:90:f5:b4:6e:75:7b:72:7f:d9:fa:81:d4:c6:c7:
         c3:a7:63:17:de:b6:37:ef:48:29:eb:1f:96:68:2a:af:63:b0:
         5a:66:64:45:a8:85:0b:e0:a3:ce:dc:c3:52:2c:e1:ee:20:13:
         35:79:23:3c:14:16:73:e3:fc:35:b4:c8:73:83:25:c9:7e:54:
         73:25:8c:4e:2b:b1:0b:9a:b7:f0:64:61:17:59:42:f9:d8:af:
         53:30:ee:52:9b:0d:80:8f:83:4a:61:d1:bb:27:dc:e3:8a:f7:
         f2:b3:75:0e:5a:44:8f:b5:5c:0e:3a:70:b4:99:6d:d1:0a:2c:
         b1:e8:d7:3e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvCDxrk4b2JiwskOguSTCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZjYxMGY4NzJjZjMxYjdjMzIyNGNkMmMxNjY5Yzk5Njgz
NTBiN2EwHhcNMjQwMTAyMTAzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTNhMWIyNTk1NmMyNjljMDJmNjZiNWFjYjcwOWQ4ZDE5MWE1ZDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdKXsmdiK60ix9gWFolaBx4JElid
3dAIIu4Bvl/DCJcS1won4jc+gQl4fXCpZqbfVzsrogzQOo/dKXOxctFJzHfpbghi
v0hFnJysWAwo6ec20CVXrTZ5WhW1oLyyOeeEYfGVJl0PFs1lNFMjgkm+Hki4IoNK
0ngZJ05zdQzQCePiGuXA13lGNaPDhH7O++isDvpkQV3WuE/eg+EnpMpr8Z4BVAfJ
1GUvb0eStO7U4lh1qM75rI3S5MAc9J5gDZlio3Hv+JbcNK5G3NSWLgMvkKQsS2Kt
OLEf34nUEUerAqbgxTUW0z/bAVLsAzkb2cYi/ylT8f3NxOIxvCZ2tic9SQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEE6GyWVbCacAvZrWstwnY0ZGl2fMB8GA1UdIwQY
MBaAFET2EPhyzzG3wyJM0sFmnJloNQt6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlBZUS1ITFBNYmZESWt6U3dXYWNtV2cxQzNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS83MjUzZjAtZDgyNS00ZGFiLTgwMWYt
OWI1MDllNTkzMWY5LzEvUVRvYkpaVnNKcHdDOW10YXkzQ2RqUmthWFo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS83MjUzZjAtZDgyNS00ZGFiLTgwMWYtOWI1MDllNTkzMWY5
LzEvUlBZUS1ITFBNYmZESWt6U3dXYWNtV2cxQzNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1FngMA0E
AgACMAcDBQMqCQbAMA0GCSqGSIb3DQEBCwUAA4IBAQBf3THCDzNl+osYOFrJ/vUS
hDm/g+iS0jUs14cKLeJL8/kDPjf2ERnVD7eMuc+MHB8j6+nKnkTx95R8MfuztgdB
aCUh/sCkWqVxGJYlsHHSEesxoKYaOKK8AgH64ZbSWPXr3U+qQjTLC0EF7d+2xOCH
tIEOMy9yDtwi+Rvhj1yXgOW8kPW0bnV7cn/Z+oHUxsfDp2MX3rY370gp6x+WaCqv
Y7BaZmRFqIUL4KPO3MNSLOHuIBM1eSM8FBZz4/w1tMhzgyXJflRzJYxOK7ELmrfw
ZGEXWUL52K9TMO5Smw2Aj4NKYdG7J9zjivfys3UOWkSPtVwOOnC0mW3RCiyx6Nc+
-----END CERTIFICATE-----