Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3a98e2-8ae8-4723-8959-ce2d8e3fc804/1/QKCpBgruuyz3i6ikVFdg6qQ3F0Y.roa
File:                     QKCpBgruuyz3i6ikVFdg6qQ3F0Y.roa (raw, json)
Hash identifier:          G88p/gWLQ6tFindRbDEI4oT0jR5gYy6dY2FWfseB5AQ=
Subject key identifier:   40:A0:A9:06:0A:EE:BB:2C:F7:8B:A8:A4:54:57:60:EA:A4:37:17:46
Certificate issuer:       /CN=8812e924fcacb862cf3b64f56e767bc326f27fca
Certificate serial:       019424B3B5AE70DAAF1038404B402B9165D5
Authority key identifier: 88:12:E9:24:FC:AC:B8:62:CF:3B:64:F5:6E:76:7B:C3:26:F2:7F:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBLpJPysuGLPO2T1bnZ7wybyf8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3a98e2-8ae8-4723-8959-ce2d8e3fc804/1/QKCpBgruuyz3i6ikVFdg6qQ3F0Y.roa
Signing time:             Thu 02 Jan 2025 01:49:04 +0000
ROA not before:           Thu 02 Jan 2025 01:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50771
IP address blocks:        178.218.16.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3a98e2-8ae8-4723-8959-ce2d8e3fc804/1/iBLpJPysuGLPO2T1bnZ7wybyf8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3a98e2-8ae8-4723-8959-ce2d8e3fc804/1/iBLpJPysuGLPO2T1bnZ7wybyf8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iBLpJPysuGLPO2T1bnZ7wybyf8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b5:ae:70:da:af:10:38:40:4b:40:2b:91:65:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8812e924fcacb862cf3b64f56e767bc326f27fca
        Validity
            Not Before: Jan  2 01:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40a0a9060aeebb2cf78ba8a4545760eaa4371746
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:b1:30:ad:47:83:94:5e:7a:53:f3:77:e9:90:
                    aa:08:41:18:94:81:61:75:c2:2a:58:2c:9a:7a:36:
                    df:fb:38:bc:83:0c:17:aa:ab:c0:06:6d:b7:db:2e:
                    92:da:4d:cc:57:2e:e0:04:86:db:d7:12:39:40:cc:
                    df:40:bc:62:e6:21:d3:18:52:2b:6e:a5:c1:d2:88:
                    c0:69:6b:9d:12:33:01:b5:54:8c:6b:75:e5:0b:75:
                    f3:9a:de:9b:97:e4:73:83:c4:4e:25:66:33:93:39:
                    10:81:64:5e:5e:c4:22:dc:8b:68:aa:c1:c5:4c:fc:
                    7f:cf:34:b9:f8:f7:13:21:16:c9:05:a2:b3:d7:74:
                    6c:3d:4a:16:19:f6:78:2c:7d:23:ce:27:68:0e:4a:
                    38:0d:dc:ce:e6:cf:45:5f:08:71:5e:55:c3:77:b0:
                    b2:38:b0:46:42:3e:4e:ef:d9:e0:00:83:c1:f8:d7:
                    c0:2e:68:e1:a0:37:21:ec:b4:ec:2f:04:ab:ec:3a:
                    55:75:ec:fb:8f:44:7e:b8:53:c2:9b:48:7d:cb:ab:
                    c6:37:db:51:5c:ad:83:e8:7a:37:f3:5e:3c:de:37:
                    6e:3c:7e:6d:f9:4a:20:6f:36:5f:8b:1f:91:8f:8c:
                    52:10:06:7a:b1:7d:1a:91:9f:1c:f8:a6:86:77:10:
                    42:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:A0:A9:06:0A:EE:BB:2C:F7:8B:A8:A4:54:57:60:EA:A4:37:17:46
            X509v3 Authority Key Identifier:
                keyid:88:12:E9:24:FC:AC:B8:62:CF:3B:64:F5:6E:76:7B:C3:26:F2:7F:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBLpJPysuGLPO2T1bnZ7wybyf8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3a98e2-8ae8-4723-8959-ce2d8e3fc804/1/QKCpBgruuyz3i6ikVFdg6qQ3F0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3a98e2-8ae8-4723-8959-ce2d8e3fc804/1/iBLpJPysuGLPO2T1bnZ7wybyf8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.218.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         06:cf:19:01:fb:48:66:33:64:4a:29:58:e6:cb:0f:fc:cc:6c:
         01:16:c4:28:33:88:c6:8e:26:b5:bf:dd:b5:5e:cd:5f:e8:aa:
         8b:2c:12:64:85:ec:41:81:17:e6:69:19:55:ce:67:0b:07:7c:
         a7:f8:cf:75:45:38:d3:f3:fa:28:f4:47:f1:f7:03:0b:66:63:
         9c:98:5a:9f:ff:00:2e:fd:f2:27:ef:19:c1:2a:aa:72:87:00:
         d6:58:75:59:04:c4:a3:a7:a7:ed:33:83:24:02:45:3c:f2:14:
         0f:4a:37:78:f2:3c:60:b8:fa:3a:6d:dd:da:66:b3:a8:82:68:
         e0:e7:5e:f0:cc:e5:c0:cc:f5:56:01:34:28:aa:87:48:70:98:
         d0:2b:82:67:7e:dc:a9:1f:2c:cb:7a:9a:fc:88:99:62:4b:d4:
         d1:cb:47:72:a3:b4:d8:62:62:ca:32:28:5f:fd:73:a2:3c:83:
         16:b0:8d:24:a0:4b:08:d0:5f:fd:f6:1f:61:22:2c:40:55:e8:
         4d:fb:53:f0:b0:b1:82:3e:8f:4d:e8:bc:54:e5:c4:ea:90:95:
         c3:ac:7a:37:59:eb:c2:c1:81:e3:dd:5a:6a:44:54:51:02:75:
         a8:a0:81:08:08:13:e3:79:89:3d:41:cb:32:25:3b:da:27:1d:
         fd:ca:f1:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks7WucNqvEDhAS0ArkWXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTJlOTI0ZmNhY2I4NjJjZjNiNjRmNTZlNzY3YmMzMjZm
MjdmY2EwHhcNMjUwMTAyMDE0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGEwYTkwNjBhZWViYjJjZjc4YmE4YTQ1NDU3NjBlYWE0MzcxNzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8rEwrUeDlF56U/N36ZCqCEEYlIFh
dcIqWCyaejbf+zi8gwwXqqvABm232y6S2k3MVy7gBIbb1xI5QMzfQLxi5iHTGFIr
bqXB0ojAaWudEjMBtVSMa3XlC3Xzmt6bl+Rzg8ROJWYzkzkQgWReXsQi3ItoqsHF
TPx/zzS5+PcTIRbJBaKz13RsPUoWGfZ4LH0jzidoDko4DdzO5s9FXwhxXlXDd7Cy
OLBGQj5O79ngAIPB+NfALmjhoDch7LTsLwSr7DpVdez7j0R+uFPCm0h9y6vGN9tR
XK2D6Ho381483jduPH5t+UogbzZfix+Rj4xSEAZ6sX0akZ8c+KaGdxBCnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECgqQYK7rss94uopFRXYOqkNxdGMB8GA1UdIwQY
MBaAFIgS6ST8rLhizztk9W52e8Mm8n/KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJMcEpQeXN1R0xQTzJUMWJuWjd3eWJ5ZjhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zYTk4ZTItOGFlOC00NzIzLTg5NTkt
Y2UyZDhlM2ZjODA0LzEvUUtDcEJncnV1eXozaTZpa1ZGZGc2cVEzRjBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zYTk4ZTItOGFlOC00NzIzLTg5NTktY2UyZDhlM2ZjODA0
LzEvaUJMcEpQeXN1R0xQTzJUMWJuWjd3eWJ5ZjhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEstoQMA0G
CSqGSIb3DQEBCwUAA4IBAQAGzxkB+0hmM2RKKVjmyw/8zGwBFsQoM4jGjia1v921
Xs1f6KqLLBJkhexBgRfmaRlVzmcLB3yn+M91RTjT8/oo9Efx9wMLZmOcmFqf/wAu
/fIn7xnBKqpyhwDWWHVZBMSjp6ftM4MkAkU88hQPSjd48jxguPo6bd3aZrOogmjg
517wzOXAzPVWATQoqodIcJjQK4JnftypHyzLepr8iJliS9TRy0dyo7TYYmLKMihf
/XOiPIMWsI0koEsI0F/99h9hIixAVehN+1PwsLGCPo9N6LxU5cTqkJXDrHo3WevC
wYHj3VpqRFRRAnWooIEICBPjeYk9QcsyJTvaJx39yvEd
-----END CERTIFICATE-----