Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/QZzDVunUsVx1XzvO_4ydN0TW5XE.roa
File:                     QZzDVunUsVx1XzvO_4ydN0TW5XE.roa (raw, json)
Hash identifier:          pp416bTJbRs2Ap3euetgJWvawSng5qSSjiUAQUCDzUM=
Subject key identifier:   41:9C:C3:56:E9:D4:B1:5C:75:5F:3B:CE:FF:8C:9D:37:44:D6:E5:71
Certificate issuer:       /CN=12d72718d155ac0e7d327f6384a2e4c95416d760
Certificate serial:       018CC348E24E8A66DB94A624945E79D475EF
Authority key identifier: 12:D7:27:18:D1:55:AC:0E:7D:32:7F:63:84:A2:E4:C9:54:16:D7:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EtcnGNFVrA59Mn9jhKLkyVQW12A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/QZzDVunUsVx1XzvO_4ydN0TW5XE.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51088
IP address blocks:        192.166.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/EtcnGNFVrA59Mn9jhKLkyVQW12A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/EtcnGNFVrA59Mn9jhKLkyVQW12A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EtcnGNFVrA59Mn9jhKLkyVQW12A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e2:4e:8a:66:db:94:a6:24:94:5e:79:d4:75:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12d72718d155ac0e7d327f6384a2e4c95416d760
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=419cc356e9d4b15c755f3bceff8c9d3744d6e571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3f:29:cb:a1:de:4b:67:ef:97:5c:ae:4a:12:
                    48:1f:e5:0c:93:59:ec:76:1d:67:ea:09:4c:85:2e:
                    76:f5:c9:d6:ab:00:18:97:7c:0b:9b:94:bf:20:62:
                    dd:19:2b:92:95:74:04:7d:77:f8:79:c8:79:e1:08:
                    c9:66:1a:8f:13:b8:27:ac:2f:65:75:df:3a:3e:79:
                    27:6a:79:af:be:81:0e:a4:fe:66:f9:80:1a:9a:ac:
                    20:b3:99:f1:ca:c2:5a:d5:2b:a0:73:94:02:90:b2:
                    0c:f8:75:2f:c6:99:f1:b4:23:e3:65:96:b9:bf:1c:
                    5b:8e:22:12:84:3a:fa:69:9e:40:7d:a2:8d:b9:33:
                    c2:00:36:d5:e3:f0:75:47:7a:67:c2:0d:68:b4:b2:
                    6e:ba:bd:1c:ef:c1:9f:d1:03:d6:76:97:2a:31:97:
                    6b:dd:71:cc:ce:7b:83:70:a3:25:af:f6:de:75:20:
                    ed:51:13:44:f0:40:f2:ca:e1:6c:d0:9e:30:9e:e0:
                    64:ef:86:cc:58:64:69:7f:7d:e0:88:a3:6b:5b:d4:
                    99:2f:74:f9:6b:cf:33:b4:16:be:98:c3:55:62:30:
                    56:d2:47:16:4f:b2:57:ef:b4:20:0f:a7:9b:2c:6c:
                    b9:92:ef:8a:3f:d3:a4:e3:bc:1b:7c:13:4d:48:10:
                    69:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:9C:C3:56:E9:D4:B1:5C:75:5F:3B:CE:FF:8C:9D:37:44:D6:E5:71
            X509v3 Authority Key Identifier:
                keyid:12:D7:27:18:D1:55:AC:0E:7D:32:7F:63:84:A2:E4:C9:54:16:D7:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EtcnGNFVrA59Mn9jhKLkyVQW12A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/QZzDVunUsVx1XzvO_4ydN0TW5XE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/EtcnGNFVrA59Mn9jhKLkyVQW12A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:54:0e:04:24:87:18:d3:82:8b:9a:12:ba:2e:b7:73:f7:13:
         d9:c6:81:0b:ca:af:d8:f4:fb:78:7b:ea:c6:ca:ab:ba:79:60:
         c2:ee:56:c2:b7:5d:36:ab:c3:92:b3:f2:df:2c:77:ef:2f:a6:
         d8:7d:1c:bd:0e:e7:13:09:a9:6d:38:37:39:f9:da:ab:f5:a8:
         4e:2a:ba:62:6e:c3:d3:44:3c:13:8e:a7:c5:5a:ca:03:88:c0:
         f5:e3:40:03:c8:d3:75:80:e1:de:56:94:49:ca:60:de:f0:f5:
         8a:b9:89:3f:c0:af:22:54:57:e7:ce:63:c4:7e:cc:a3:bd:56:
         82:80:94:44:46:08:3f:10:c0:f2:84:3d:7a:b8:df:df:c4:4b:
         10:0c:73:5a:84:48:98:d6:88:6b:43:02:b5:d1:35:05:1c:a2:
         03:3a:6d:83:eb:c7:6e:22:4d:36:89:fb:96:5b:a9:b6:80:e1:
         5b:e3:d2:5c:a8:f0:13:37:54:e2:9e:5d:8a:1e:8d:9e:78:e4:
         35:32:06:15:d0:1d:0c:82:a3:94:8e:00:a1:96:9e:c8:f4:ae:
         fc:00:1d:99:d5:19:aa:3e:1c:63:c0:6a:7c:c5:8c:bc:2c:4c:
         e7:86:c7:41:b1:64:09:7b:9f:72:af:5c:ca:b5:78:ec:1d:ca:
         64:9c:f7:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOJOimbblKYklF551HXvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZDcyNzE4ZDE1NWFjMGU3ZDMyN2Y2Mzg0YTJlNGM5NTQx
NmQ3NjAwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTljYzM1NmU5ZDRiMTVjNzU1ZjNiY2VmZjhjOWQzNzQ0ZDZlNTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwT8py6HeS2fvl1yuShJIH+UMk1ns
dh1n6glMhS529cnWqwAYl3wLm5S/IGLdGSuSlXQEfXf4ech54QjJZhqPE7gnrC9l
dd86PnknanmvvoEOpP5m+YAamqwgs5nxysJa1Sugc5QCkLIM+HUvxpnxtCPjZZa5
vxxbjiIShDr6aZ5AfaKNuTPCADbV4/B1R3pnwg1otLJuur0c78Gf0QPWdpcqMZdr
3XHMznuDcKMlr/bedSDtURNE8EDyyuFs0J4wnuBk74bMWGRpf33giKNrW9SZL3T5
a88ztBa+mMNVYjBW0kcWT7JX77QgD6ebLGy5ku+KP9Ok47wbfBNNSBBprwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGcw1bp1LFcdV87zv+MnTdE1uVxMB8GA1UdIwQY
MBaAFBLXJxjRVawOfTJ/Y4Si5MlUFtdgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXRjbkdORlZyQTU5TW45amhLTGt5VlFXMTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS83NGY1YjItYzdlMi00YTdlLWI2YzQt
NTg3NjVmMTkzZmVjLzEvUVp6RFZ1blVzVngxWHp2T180eWROMFRXNVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS83NGY1YjItYzdlMi00YTdlLWI2YzQtNTg3NjVmMTkzZmVj
LzEvRXRjbkdORlZyQTU5TW45amhLTGt5VlFXMTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwKZgMA0G
CSqGSIb3DQEBCwUAA4IBAQB0VA4EJIcY04KLmhK6Lrdz9xPZxoELyq/Y9Pt4e+rG
yqu6eWDC7lbCt102q8OSs/LfLHfvL6bYfRy9DucTCaltODc5+dqr9ahOKrpibsPT
RDwTjqfFWsoDiMD140ADyNN1gOHeVpRJymDe8PWKuYk/wK8iVFfnzmPEfsyjvVaC
gJRERgg/EMDyhD16uN/fxEsQDHNahEiY1ohrQwK10TUFHKIDOm2D68duIk02ifuW
W6m2gOFb49JcqPATN1Tinl2KHo2eeOQ1MgYV0B0MgqOUjgChlp7I9K78AB2Z1Rmq
PhxjwGp8xYy8LEznhsdBsWQJe59yr1zKtXjsHcpknPeJ
-----END CERTIFICATE-----