Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/QnZJL3qYLI_FGPipdj1588Iq4N0.roa
File:                     QnZJL3qYLI_FGPipdj1588Iq4N0.roa (raw, json)
Hash identifier:          iJivv3xvorWtOq7mfmZu1ALTNz1OB2IiX50lACoMH2A=
Subject key identifier:   42:76:49:2F:7A:98:2C:8F:C5:18:F8:A9:76:3D:79:F3:C2:2A:E0:DD
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       018CC86FBE76ECCC08EADEF4916E6C4E3CF2
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/QnZJL3qYLI_FGPipdj1588Iq4N0.roa
Signing time:             Tue 02 Jan 2024 04:30:15 +0000
ROA not before:           Tue 02 Jan 2024 04:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32181
IP address blocks:        93.120.100.0/22 maxlen: 24
                          93.120.104.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:be:76:ec:cc:08:ea:de:f4:91:6e:6c:4e:3c:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  2 04:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4276492f7a982c8fc518f8a9763d79f3c22ae0dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:5b:41:00:a4:c0:b5:9f:52:10:ca:5a:cd:6b:
                    1d:1b:91:66:1b:cd:63:49:35:b6:78:39:b6:be:42:
                    e9:e9:94:d8:42:00:ab:67:1a:04:e2:35:17:c8:e6:
                    08:6f:eb:4f:13:fa:9b:de:7e:e0:ad:d2:cd:17:a4:
                    60:cc:e3:5c:0d:bf:ad:16:56:76:99:09:6d:ee:25:
                    18:b8:60:c5:c3:81:2f:d1:a2:b0:ac:52:e6:9f:a8:
                    c7:bc:ba:2d:a6:37:82:22:01:21:f8:67:b1:9d:6f:
                    fe:a5:a8:83:dd:ca:ec:31:cf:9b:81:51:d2:45:e7:
                    ce:8c:47:c0:a9:e6:0c:a0:bf:10:17:3a:65:65:07:
                    a2:eb:57:30:3e:ec:20:8a:48:d6:dc:bb:84:2a:29:
                    22:7a:2a:58:4e:ef:1f:df:df:dd:ab:8b:4e:a7:b8:
                    ed:c6:a2:09:7d:27:38:5b:7b:56:40:37:55:06:47:
                    67:31:4c:2a:a8:5e:bf:25:ff:9c:24:c8:49:96:90:
                    1d:1f:aa:46:22:2c:63:cb:59:4e:d2:da:65:95:e8:
                    6f:68:65:04:54:db:a8:04:cc:5c:f9:bf:aa:47:8e:
                    a5:c8:78:f2:f0:07:8c:95:83:44:fe:5d:75:60:0b:
                    ee:52:c9:ee:8c:67:24:af:0d:38:fb:1d:e7:8c:1c:
                    76:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:76:49:2F:7A:98:2C:8F:C5:18:F8:A9:76:3D:79:F3:C2:2A:E0:DD
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/QnZJL3qYLI_FGPipdj1588Iq4N0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.120.100.0-93.120.111.255

    Signature Algorithm: sha256WithRSAEncryption
         4b:13:0e:02:4b:ce:d7:db:a3:73:50:11:31:73:e5:c5:f0:70:
         88:83:4b:59:35:ae:02:22:c8:24:da:9e:1c:5e:71:98:57:8e:
         5a:b6:70:14:6d:b3:9b:ee:fb:18:67:06:cb:78:5f:65:75:be:
         13:6d:0e:2b:88:9c:3e:5d:d1:8d:a0:a5:6a:81:55:df:fb:d2:
         26:0a:47:c4:42:6f:36:71:5e:c3:84:9e:ae:fd:37:58:c7:b9:
         e3:c7:74:d8:d8:7e:15:56:7f:92:f0:30:f3:c8:8a:93:fc:50:
         19:04:a7:07:dd:91:e7:c3:a1:23:51:e6:e7:c2:86:ed:aa:7e:
         47:12:a4:2b:2d:e5:78:92:90:c8:32:19:6f:ae:1a:b8:08:a7:
         c9:89:87:f6:08:08:b8:d0:d6:3f:29:74:b5:2d:d8:ac:c3:39:
         5b:8d:5d:ea:76:c3:60:7b:e9:05:15:8f:ec:6a:77:9b:0d:46:
         1f:27:1f:60:a8:ea:b1:89:48:9e:12:92:55:44:b1:96:e2:9e:
         cd:54:71:dc:3a:0d:c9:aa:bc:8b:03:31:de:09:74:75:14:77:
         87:cb:9a:2c:8e:56:7f:b1:11:d3:83:f2:2b:9a:73:d3:e0:50:
         96:85:39:00:47:04:f7:ea:64:da:ac:3e:e6:07:24:20:43:83:
         06:29:9d:23
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIb7527MwI6t70kW5sTjzyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjQwMTAyMDQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjc2NDkyZjdhOTgyYzhmYzUxOGY4YTk3NjNkNzlmM2MyMmFlMGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVtBAKTAtZ9SEMpazWsdG5FmG81j
STW2eDm2vkLp6ZTYQgCrZxoE4jUXyOYIb+tPE/qb3n7grdLNF6RgzONcDb+tFlZ2
mQlt7iUYuGDFw4Ev0aKwrFLmn6jHvLotpjeCIgEh+GexnW/+paiD3crsMc+bgVHS
RefOjEfAqeYMoL8QFzplZQei61cwPuwgikjW3LuEKikieipYTu8f39/dq4tOp7jt
xqIJfSc4W3tWQDdVBkdnMUwqqF6/Jf+cJMhJlpAdH6pGIixjy1lO0tpllehvaGUE
VNuoBMxc+b+qR46lyHjy8AeMlYNE/l11YAvuUsnujGckrw04+x3njBx2VwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEJ2SS96mCyPxRj4qXY9efPCKuDdMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvUW5aSkwzcVlMSV9GR1BpcGRqMTU4OElxNE4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJdeGQD
BARdeGAwDQYJKoZIhvcNAQELBQADggEBAEsTDgJLztfbo3NQETFz5cXwcIiDS1k1
rgIiyCTanhxecZhXjlq2cBRts5vu+xhnBst4X2V1vhNtDiuInD5d0Y2gpWqBVd/7
0iYKR8RCbzZxXsOEnq79N1jHuePHdNjYfhVWf5LwMPPIipP8UBkEpwfdkefDoSNR
5ufChu2qfkcSpCst5XiSkMgyGW+uGrgIp8mJh/YICLjQ1j8pdLUt2KzDOVuNXep2
w2B76QUVj+xqd5sNRh8nH2Co6rGJSJ4SklVEsZbins1Ucdw6DcmqvIsDMd4JdHUU
d4fLmiyOVn+xEdOD8iuac9PgUJaFOQBHBPfqZNqsPuYHJCBDgwYpnSM=
-----END CERTIFICATE-----