Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/qr-3OPb4RsPOH8377nSPB-vpkwM.roa
File:                     qr-3OPb4RsPOH8377nSPB-vpkwM.roa (raw, json)
Hash identifier:          YMEUr7cXKPql0kW0pEtoN/w2pEvljTCiu0rnAfIVBW4=
Subject key identifier:   AA:BF:B7:38:F6:F8:46:C3:CE:1F:CD:FB:EE:74:8F:07:EB:E9:93:03
Certificate issuer:       /CN=60325c21d2fafe743398dc1e5574433280110469
Certificate serial:       018CC3B6718E72C73BEEF2882BAD3D601348
Authority key identifier: 60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/qr-3OPb4RsPOH8377nSPB-vpkwM.roa
Signing time:             Mon 01 Jan 2024 06:29:22 +0000
ROA not before:           Mon 01 Jan 2024 06:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47856
IP address blocks:        195.10.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:71:8e:72:c7:3b:ee:f2:88:2b:ad:3d:60:13:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60325c21d2fafe743398dc1e5574433280110469
        Validity
            Not Before: Jan  1 06:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aabfb738f6f846c3ce1fcdfbee748f07ebe99303
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:df:dc:95:9b:58:33:2b:93:15:b9:34:f6:1c:
                    24:f1:21:4c:80:fb:a8:5c:75:fc:af:67:5f:4f:5f:
                    72:8f:40:3d:52:66:dc:8a:3c:8b:c8:fe:94:da:79:
                    cd:c5:79:cc:7d:79:da:89:1e:5d:64:1c:e9:42:51:
                    3d:0b:c8:d3:f7:cf:bd:29:33:68:75:57:b5:25:d9:
                    d3:41:0b:cc:c2:10:c2:32:66:cd:4e:34:ae:35:b7:
                    a8:5b:b0:e8:f4:78:9f:f3:19:0d:c8:0a:75:e4:8d:
                    c5:02:3d:79:ef:8f:63:83:30:ad:42:50:3c:48:b1:
                    54:fe:26:4f:39:57:26:1d:f3:f2:bf:cc:c8:58:fe:
                    c9:36:e7:fa:89:46:cc:68:4f:e0:eb:71:2a:55:2e:
                    38:bc:4c:05:4a:db:52:fc:2d:3a:ed:4d:9d:49:44:
                    d1:d9:8b:13:11:2b:4d:8b:ba:df:2d:04:47:f9:66:
                    92:fb:77:8d:7e:8b:e0:c7:e6:84:a9:ce:d6:19:c6:
                    e6:6a:5d:91:dc:54:e1:78:08:35:30:95:fe:8c:3e:
                    9b:57:66:94:8f:43:4b:76:9b:a3:79:04:23:2f:f5:
                    5a:fe:3a:0a:49:e0:93:9f:d5:c7:4a:57:5a:5e:f9:
                    2e:0c:d9:12:0e:fa:13:eb:16:07:2d:02:10:57:3a:
                    7e:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:BF:B7:38:F6:F8:46:C3:CE:1F:CD:FB:EE:74:8F:07:EB:E9:93:03
            X509v3 Authority Key Identifier:
                keyid:60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/qr-3OPb4RsPOH8377nSPB-vpkwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:13:ca:04:51:d8:24:f2:8e:37:cb:66:4d:da:ef:e1:d3:44:
         70:49:74:2e:0c:31:ed:72:f2:b5:67:bf:6f:0d:01:8f:f2:49:
         3a:47:6d:e8:ef:1f:0a:2f:b2:54:43:af:d7:62:18:18:fd:56:
         15:ed:94:e2:13:23:d2:e7:9f:8e:42:23:3f:03:db:9d:bf:5b:
         93:65:9a:fa:e7:d6:b4:7c:0b:c2:6c:b5:cc:f4:3e:41:04:99:
         3d:8d:04:a1:d1:cc:07:6d:be:7e:ff:62:92:6c:51:fd:52:d7:
         8a:62:5c:70:e0:cc:d4:6c:cc:d0:14:31:ee:38:31:4f:08:44:
         40:3c:79:32:cf:46:a6:5d:d5:6c:73:0f:c5:ec:00:c7:bd:a3:
         59:36:b6:f0:01:ae:95:bb:e7:fc:41:66:ad:bb:31:fa:19:c2:
         9b:ca:d3:db:96:4b:2a:03:3a:de:14:1a:55:46:49:41:9b:ec:
         0a:0d:59:80:fc:2a:38:6b:73:0e:c7:4e:b8:5b:6e:0f:de:cd:
         d9:80:8e:71:4d:d5:48:53:21:b7:6a:ff:da:30:42:e6:88:9a:
         32:34:ad:cb:40:25:0a:45:6a:ed:75:7c:2b:86:5c:46:cb:e9:
         8a:65:45:52:43:9f:12:00:4e:55:93:70:bd:7a:77:80:1a:34:
         0c:ba:b7:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnGOcsc77vKIK609YBNIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMzI1YzIxZDJmYWZlNzQzMzk4ZGMxZTU1NzQ0MzMyODAx
MTA0NjkwHhcNMjQwMTAxMDYyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWJmYjczOGY2Zjg0NmMzY2UxZmNkZmJlZTc0OGYwN2ViZTk5MzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgd/clZtYMyuTFbk09hwk8SFMgPuo
XHX8r2dfT19yj0A9UmbcijyLyP6U2nnNxXnMfXnaiR5dZBzpQlE9C8jT98+9KTNo
dVe1JdnTQQvMwhDCMmbNTjSuNbeoW7Do9Hif8xkNyAp15I3FAj15749jgzCtQlA8
SLFU/iZPOVcmHfPyv8zIWP7JNuf6iUbMaE/g63EqVS44vEwFSttS/C067U2dSUTR
2YsTEStNi7rfLQRH+WaS+3eNfovgx+aEqc7WGcbmal2R3FTheAg1MJX+jD6bV2aU
j0NLdpujeQQjL/Va/joKSeCTn9XHSldaXvkuDNkSDvoT6xYHLQIQVzp+0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKq/tzj2+EbDzh/N++50jwfr6ZMDMB8GA1UdIwQY
MBaAFGAyXCHS+v50M5jcHlV0QzKAEQRpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWURKY0lkTDZfblF6bU53ZVZYUkRNb0FSQkdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mMjc3MGItZGExOS00NzkwLWE0OTQt
YzU4ZTk1Y2Q0Mjc3LzEvcXItM09QYjRSc1BPSDgzNzduU1BCLXZwa3dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mMjc3MGItZGExOS00NzkwLWE0OTQtYzU4ZTk1Y2Q0Mjc3
LzEvWURKY0lkTDZfblF6bU53ZVZYUkRNb0FSQkdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrZMA0G
CSqGSIb3DQEBCwUAA4IBAQAIE8oEUdgk8o43y2ZN2u/h00RwSXQuDDHtcvK1Z79v
DQGP8kk6R23o7x8KL7JUQ6/XYhgY/VYV7ZTiEyPS55+OQiM/A9udv1uTZZr659a0
fAvCbLXM9D5BBJk9jQSh0cwHbb5+/2KSbFH9UteKYlxw4MzUbMzQFDHuODFPCERA
PHkyz0amXdVscw/F7ADHvaNZNrbwAa6Vu+f8QWatuzH6GcKbytPblksqAzreFBpV
RklBm+wKDVmA/Co4a3MOx064W24P3s3ZgI5xTdVIUyG3av/aMELmiJoyNK3LQCUK
RWrtdXwrhlxGy+mKZUVSQ58SAE5Vk3C9eneAGjQMureC
-----END CERTIFICATE-----