Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/e9e849-0710-44e5-a982-fc274ad9210b/1/QD9glng8b3J5x8R7VSgKn0ytzd4.roa
File:                     QD9glng8b3J5x8R7VSgKn0ytzd4.roa (raw, json)
Hash identifier:          6BYDfzJyOpYN40/hF7EQToXY4dsi7Ofxf+VzTkzMEEQ=
Subject key identifier:   40:3F:60:96:78:3C:6F:72:79:C7:C4:7B:55:28:0A:9F:4C:AD:CD:DE
Certificate issuer:       /CN=5714d081f65f0c8b04f1d2fe73e090b07ab1ab58
Certificate serial:       018CC794D90260DE4E6CC205B55047082FAF
Authority key identifier: 57:14:D0:81:F6:5F:0C:8B:04:F1:D2:FE:73:E0:90:B0:7A:B1:AB:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VxTQgfZfDIsE8dL-c-CQsHqxq1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/e9e849-0710-44e5-a982-fc274ad9210b/1/QD9glng8b3J5x8R7VSgKn0ytzd4.roa
Signing time:             Tue 02 Jan 2024 00:31:09 +0000
ROA not before:           Tue 02 Jan 2024 00:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200657
IP address blocks:        194.99.108.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/e9e849-0710-44e5-a982-fc274ad9210b/1/VxTQgfZfDIsE8dL-c-CQsHqxq1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/e9e849-0710-44e5-a982-fc274ad9210b/1/VxTQgfZfDIsE8dL-c-CQsHqxq1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VxTQgfZfDIsE8dL-c-CQsHqxq1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:d9:02:60:de:4e:6c:c2:05:b5:50:47:08:2f:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5714d081f65f0c8b04f1d2fe73e090b07ab1ab58
        Validity
            Not Before: Jan  2 00:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=403f6096783c6f7279c7c47b55280a9f4cadcdde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:51:85:a4:b4:8d:77:38:c9:0c:dc:12:4e:6c:
                    01:13:dd:d6:20:ec:1c:8a:06:94:13:c9:f2:e5:7c:
                    c9:a8:39:de:66:4d:70:45:50:51:4c:ff:73:a3:e8:
                    0b:59:f1:ef:78:3a:12:e0:b8:78:16:f0:c0:27:8b:
                    af:6d:69:eb:4e:a8:58:df:0e:6e:74:6e:6c:67:30:
                    dc:93:4e:de:76:93:27:04:1e:1d:9f:4b:40:13:80:
                    54:5f:7f:4c:e9:dc:dd:64:14:02:35:59:34:ad:d6:
                    04:74:14:88:ce:1a:b6:14:04:1b:cb:1b:c0:31:c9:
                    c9:52:e9:1a:15:f6:0c:68:93:c0:eb:2e:98:13:c8:
                    d2:bc:63:45:2b:b4:b9:73:18:ae:62:5a:d4:73:83:
                    96:f9:a3:d4:3a:94:8f:82:34:a1:f7:9f:34:49:84:
                    ee:9b:19:bb:24:8a:1e:90:f0:bd:94:d9:7a:de:72:
                    67:aa:f7:34:29:71:3d:7d:fe:05:7c:8e:af:f4:5b:
                    bd:b0:df:89:6f:fa:cb:da:a3:9e:1c:7a:16:a6:e7:
                    e0:9b:df:a9:5b:d1:2f:f9:9f:ec:a1:d4:9a:c8:07:
                    b6:26:d7:52:1f:0e:82:b0:0b:16:83:76:c1:cc:9e:
                    1c:97:e6:31:0f:4e:6e:5f:5d:cd:12:e9:92:3f:21:
                    87:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:3F:60:96:78:3C:6F:72:79:C7:C4:7B:55:28:0A:9F:4C:AD:CD:DE
            X509v3 Authority Key Identifier:
                keyid:57:14:D0:81:F6:5F:0C:8B:04:F1:D2:FE:73:E0:90:B0:7A:B1:AB:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VxTQgfZfDIsE8dL-c-CQsHqxq1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/e9e849-0710-44e5-a982-fc274ad9210b/1/QD9glng8b3J5x8R7VSgKn0ytzd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/e9e849-0710-44e5-a982-fc274ad9210b/1/VxTQgfZfDIsE8dL-c-CQsHqxq1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:bc:60:62:93:5e:cb:1a:56:d5:d9:a1:44:3f:d6:46:e8:32:
         41:99:b7:14:ce:51:ce:4c:9e:5f:f2:b5:6c:4e:c2:40:5b:77:
         74:c9:72:f7:8c:d2:03:17:2e:6d:5c:fb:99:95:6c:5c:25:84:
         61:20:3c:ed:35:85:08:ab:c9:b2:3a:3c:97:ef:2f:a7:60:f7:
         c8:1c:ec:52:30:94:b8:c1:01:0a:11:d2:a7:ce:e8:24:87:f6:
         dc:9e:d5:22:d4:c3:c1:28:ac:f3:6a:fd:a7:ea:c1:8e:1c:51:
         0c:f9:33:4a:f3:17:f6:ba:4a:de:2d:b0:f3:1f:9f:32:59:98:
         12:9b:6d:86:b1:04:00:63:30:f8:8b:60:cb:4d:93:53:63:0c:
         44:44:32:eb:3f:01:f1:95:92:ba:5b:b1:a5:ac:fe:61:00:81:
         c9:46:39:76:67:77:04:57:a2:1b:57:08:0b:12:7e:20:86:e1:
         21:9a:d9:18:71:0c:58:f4:1d:85:6f:ce:f3:c5:23:9b:c2:aa:
         f0:b8:a7:1b:41:e9:f2:75:04:51:52:73:2f:d1:7d:f8:70:28:
         19:7c:62:99:08:37:79:6f:4d:55:ff:7d:16:7a:58:49:a0:9e:
         8f:00:ee:7f:38:b7:bc:78:0d:ce:c3:b4:40:a1:e5:2a:e2:60:
         f9:6f:c5:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlNkCYN5ObMIFtVBHCC+vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTRkMDgxZjY1ZjBjOGIwNGYxZDJmZTczZTA5MGIwN2Fi
MWFiNTgwHhcNMjQwMTAyMDAzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDNmNjA5Njc4M2M2ZjcyNzljN2M0N2I1NTI4MGE5ZjRjYWRjZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklGFpLSNdzjJDNwSTmwBE93WIOwc
igaUE8ny5XzJqDneZk1wRVBRTP9zo+gLWfHveDoS4Lh4FvDAJ4uvbWnrTqhY3w5u
dG5sZzDck07edpMnBB4dn0tAE4BUX39M6dzdZBQCNVk0rdYEdBSIzhq2FAQbyxvA
McnJUukaFfYMaJPA6y6YE8jSvGNFK7S5cxiuYlrUc4OW+aPUOpSPgjSh9580SYTu
mxm7JIoekPC9lNl63nJnqvc0KXE9ff4FfI6v9Fu9sN+Jb/rL2qOeHHoWpufgm9+p
W9Ev+Z/sodSayAe2JtdSHw6CsAsWg3bBzJ4cl+YxD05uX13NEumSPyGHGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEA/YJZ4PG9yecfEe1UoCp9Mrc3eMB8GA1UdIwQY
MBaAFFcU0IH2XwyLBPHS/nPgkLB6satYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhUUWdmWmZESXNFOGRMLWMtQ1FzSHF4cTFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9lOWU4NDktMDcxMC00NGU1LWE5ODIt
ZmMyNzRhZDkyMTBiLzEvUUQ5Z2xuZzhiM0o1eDhSN1ZTZ0tuMHl0emQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9lOWU4NDktMDcxMC00NGU1LWE5ODItZmMyNzRhZDkyMTBi
LzEvVnhUUWdmWmZESXNFOGRMLWMtQ1FzSHF4cTFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmNsMA0G
CSqGSIb3DQEBCwUAA4IBAQCbvGBik17LGlbV2aFEP9ZG6DJBmbcUzlHOTJ5f8rVs
TsJAW3d0yXL3jNIDFy5tXPuZlWxcJYRhIDztNYUIq8myOjyX7y+nYPfIHOxSMJS4
wQEKEdKnzugkh/bcntUi1MPBKKzzav2n6sGOHFEM+TNK8xf2ukreLbDzH58yWZgS
m22GsQQAYzD4i2DLTZNTYwxERDLrPwHxlZK6W7GlrP5hAIHJRjl2Z3cEV6IbVwgL
En4ghuEhmtkYcQxY9B2Fb87zxSObwqrwuKcbQenydQRRUnMv0X34cCgZfGKZCDd5
b01V/30WelhJoJ6PAO5/OLe8eA3Ow7RAoeUq4mD5b8Xq
-----END CERTIFICATE-----