Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/QLJLiMD4dsYDwqRLiZCMzis8BI8.roa
File:                     QLJLiMD4dsYDwqRLiZCMzis8BI8.roa (raw, json)
Hash identifier:          tzy5BKl50QHL/m6DkK4Vl/m/tyROJBMe956etl87vKU=
Subject key identifier:   40:B2:4B:88:C0:F8:76:C6:03:C2:A4:4B:89:90:8C:CE:2B:3C:04:8F
Certificate issuer:       /CN=21698c1cdc66dc285d0f807629c46261a88b2de7
Certificate serial:       018CC6B92A282DE7838B1559D1689D06CCF8
Authority key identifier: 21:69:8C:1C:DC:66:DC:28:5D:0F:80:76:29:C4:62:61:A8:8B:2D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/QLJLiMD4dsYDwqRLiZCMzis8BI8.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206941
IP address blocks:        193.164.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2a:28:2d:e7:83:8b:15:59:d1:68:9d:06:cc:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21698c1cdc66dc285d0f807629c46261a88b2de7
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40b24b88c0f876c603c2a44b89908cce2b3c048f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:51:17:73:e2:b8:9e:5d:48:54:9a:4a:08:e2:
                    b6:b3:fa:79:bf:a2:b2:07:62:a1:db:58:9a:bb:19:
                    05:6c:65:65:10:6e:0e:a6:3f:de:99:e1:6b:44:16:
                    63:7b:2a:6e:18:7d:c7:fc:3f:bf:61:85:c2:00:d0:
                    b2:39:70:20:ac:3f:1d:9a:17:ea:38:ce:08:ac:32:
                    3d:d7:eb:51:7a:b2:19:81:fb:99:4d:43:0a:4d:f6:
                    03:3a:bd:24:4f:fa:4c:d1:b5:72:2e:75:94:3f:1f:
                    22:e7:f1:5e:d7:bb:3b:59:e5:32:7f:38:2e:3d:1d:
                    ed:70:36:b9:96:a3:b9:1c:c6:49:1d:a9:45:aa:f2:
                    8b:71:c5:2c:80:4f:e2:01:ee:ad:24:dd:89:d7:0a:
                    1d:45:d6:71:24:4a:70:1a:25:fe:2c:a7:b5:20:fb:
                    38:6b:85:87:b0:d1:2f:54:96:0c:82:5d:a1:89:4c:
                    ee:ab:31:34:5f:35:b2:e8:bb:9c:5f:41:00:90:d1:
                    6b:dd:b1:97:0b:89:8d:0a:46:5f:e5:99:b1:ba:7b:
                    18:62:6e:71:78:b2:22:76:2f:0f:c0:fe:71:f2:4f:
                    a7:30:f7:04:0d:6c:bd:9c:a6:ce:94:f2:90:02:8d:
                    ba:30:d9:6b:8d:d2:13:d0:8d:3f:3c:7b:2d:da:93:
                    e6:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:B2:4B:88:C0:F8:76:C6:03:C2:A4:4B:89:90:8C:CE:2B:3C:04:8F
            X509v3 Authority Key Identifier:
                keyid:21:69:8C:1C:DC:66:DC:28:5D:0F:80:76:29:C4:62:61:A8:8B:2D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/QLJLiMD4dsYDwqRLiZCMzis8BI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:98:f5:62:b1:63:eb:99:ee:0b:70:10:f1:fc:ae:2c:91:81:
         c0:a3:5f:e0:e5:3a:3d:08:fe:1a:c6:b2:40:7e:b9:a9:cd:91:
         53:28:4d:9f:f4:55:b8:85:ee:83:4a:de:fb:7d:ec:c2:63:14:
         4e:8f:8a:76:50:51:ae:96:72:75:54:2c:57:e4:ab:4e:4e:cf:
         45:3a:66:80:7e:86:52:54:4b:39:61:93:50:45:b1:93:1f:78:
         81:77:c9:2a:ea:d0:c9:99:df:d4:dc:07:b2:89:f6:11:97:fc:
         1c:25:3f:58:41:ae:20:57:ee:02:5a:57:ef:d0:0d:ed:e1:fd:
         59:18:cb:4c:51:68:4e:68:c9:61:cb:fe:f3:8b:5b:a1:19:9d:
         de:18:a7:39:60:61:70:bd:bb:fa:1e:17:ad:50:91:f0:3f:cf:
         fb:0c:b1:d7:91:b1:8e:1c:6e:5a:99:78:eb:5b:0c:80:3d:7a:
         8e:29:1f:2a:25:0f:3f:0c:1c:d3:67:7c:84:a5:94:93:0d:19:
         bc:f1:a1:e1:9a:b7:bb:bf:eb:86:70:92:97:d2:b0:e5:66:0c:
         53:a2:6c:c9:ab:29:f7:f0:b0:8b:6c:38:cd:44:7f:df:bd:71:
         d9:24:b0:a5:cf:f2:63:09:d5:ee:ff:5f:53:89:97:47:e5:9f:
         58:37:df:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSooLeeDixVZ0WidBsz4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjk4YzFjZGM2NmRjMjg1ZDBmODA3NjI5YzQ2MjYxYTg4
YjJkZTcwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGIyNGI4OGMwZjg3NmM2MDNjMmE0NGI4OTkwOGNjZTJiM2MwNDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVEXc+K4nl1IVJpKCOK2s/p5v6Ky
B2Kh21iauxkFbGVlEG4Opj/emeFrRBZjeypuGH3H/D+/YYXCANCyOXAgrD8dmhfq
OM4IrDI91+tRerIZgfuZTUMKTfYDOr0kT/pM0bVyLnWUPx8i5/Fe17s7WeUyfzgu
PR3tcDa5lqO5HMZJHalFqvKLccUsgE/iAe6tJN2J1wodRdZxJEpwGiX+LKe1IPs4
a4WHsNEvVJYMgl2hiUzuqzE0XzWy6LucX0EAkNFr3bGXC4mNCkZf5ZmxunsYYm5x
eLIidi8PwP5x8k+nMPcEDWy9nKbOlPKQAo26MNlrjdIT0I0/PHst2pPm2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECyS4jA+HbGA8KkS4mQjM4rPASPMB8GA1UdIwQY
MBaAFCFpjBzcZtwoXQ+AdinEYmGoiy3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdtTUhOeG0zQ2hkRDRCMktjUmlZYWlMTGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8xMWRjNzEtODE3MC00NWI1LThjNWIt
NGQ3MzczMGY3ZDMyLzEvUUxKTGlNRDRkc1lEd3FSTGlaQ016aXM4Qkk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8xMWRjNzEtODE3MC00NWI1LThjNWItNGQ3MzczMGY3ZDMy
LzEvSVdtTUhOeG0zQ2hkRDRCMktjUmlZYWlMTGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaRaMA0G
CSqGSIb3DQEBCwUAA4IBAQBHmPVisWPrme4LcBDx/K4skYHAo1/g5To9CP4axrJA
frmpzZFTKE2f9FW4he6DSt77fezCYxROj4p2UFGulnJ1VCxX5KtOTs9FOmaAfoZS
VEs5YZNQRbGTH3iBd8kq6tDJmd/U3AeyifYRl/wcJT9YQa4gV+4CWlfv0A3t4f1Z
GMtMUWhOaMlhy/7zi1uhGZ3eGKc5YGFwvbv6HhetUJHwP8/7DLHXkbGOHG5amXjr
WwyAPXqOKR8qJQ8/DBzTZ3yEpZSTDRm88aHhmre7v+uGcJKX0rDlZgxTomzJqyn3
8LCLbDjNRH/fvXHZJLClz/JjCdXu/19TiZdH5Z9YN99J
-----END CERTIFICATE-----