Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/1bac01-212c-4f4c-8d3a-65257b1fec6d/1/QTzhbL5211tUA7KlANsY4hu2oCk.roa
File:                     QTzhbL5211tUA7KlANsY4hu2oCk.roa (raw, json)
Hash identifier:          S+abKBSnGdIPSbcYjJzKpSW0f3lLlR7AY9g+r1EoBJs=
Subject key identifier:   41:3C:E1:6C:BE:76:D7:5B:54:03:B2:A5:00:DB:18:E2:1B:B6:A0:29
Certificate issuer:       /CN=93077a997c95bd01a64d408afcf554d88b4db5e5
Certificate serial:       018ECEF8AA92B44557A0F6BFF18E6D7D641C
Authority key identifier: 93:07:7A:99:7C:95:BD:01:A6:4D:40:8A:FC:F5:54:D8:8B:4D:B5:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kwd6mXyVvQGmTUCK_PVU2ItNteU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/1bac01-212c-4f4c-8d3a-65257b1fec6d/1/QTzhbL5211tUA7KlANsY4hu2oCk.roa
Signing time:             Thu 11 Apr 2024 21:03:06 +0000
ROA not before:           Thu 11 Apr 2024 21:03:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21100
IP address blocks:        193.161.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/1bac01-212c-4f4c-8d3a-65257b1fec6d/1/kwd6mXyVvQGmTUCK_PVU2ItNteU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/1bac01-212c-4f4c-8d3a-65257b1fec6d/1/kwd6mXyVvQGmTUCK_PVU2ItNteU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kwd6mXyVvQGmTUCK_PVU2ItNteU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ce:f8:aa:92:b4:45:57:a0:f6:bf:f1:8e:6d:7d:64:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93077a997c95bd01a64d408afcf554d88b4db5e5
        Validity
            Not Before: Apr 11 21:03:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=413ce16cbe76d75b5403b2a500db18e21bb6a029
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:66:d1:3f:d1:3f:54:74:18:6d:56:b4:ec:fa:
                    de:d3:1d:ba:7d:d6:d5:af:28:01:b4:83:cb:37:01:
                    8d:9e:09:d9:8e:5a:c0:1e:fc:f2:27:31:b3:57:bd:
                    d5:2a:3f:55:60:54:75:46:14:47:05:08:9d:f1:97:
                    d3:13:f6:a2:e8:0c:0f:f2:40:1e:32:99:bc:7c:75:
                    a3:3f:29:55:21:a6:45:53:62:77:36:e0:51:d7:ba:
                    43:d1:f6:7c:12:08:96:e0:87:29:4c:51:2f:9b:37:
                    82:d2:e6:5f:cb:ab:80:57:30:51:cf:68:36:82:d5:
                    26:7c:b8:21:a3:93:3b:ab:d7:83:aa:75:82:d3:10:
                    52:03:7d:a4:bc:13:1d:23:81:6c:9a:eb:91:ab:05:
                    dd:eb:cd:17:d1:9a:e1:a6:cd:29:19:39:ef:dc:46:
                    f2:39:72:e9:38:9d:5b:9a:f9:95:fd:0d:3b:8b:fd:
                    23:73:9d:b1:6e:9c:fc:5e:40:49:98:86:2e:d2:55:
                    ca:41:e6:03:79:7a:03:29:e0:44:83:ec:c5:8d:6d:
                    00:c4:f2:c0:7d:c4:de:e8:99:41:2e:e3:ad:2c:19:
                    fb:00:44:6c:53:1b:6f:37:5b:43:60:05:b5:6a:d4:
                    12:87:45:23:96:f4:47:0c:bf:0e:ad:1a:9d:c1:a1:
                    2c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:3C:E1:6C:BE:76:D7:5B:54:03:B2:A5:00:DB:18:E2:1B:B6:A0:29
            X509v3 Authority Key Identifier:
                keyid:93:07:7A:99:7C:95:BD:01:A6:4D:40:8A:FC:F5:54:D8:8B:4D:B5:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kwd6mXyVvQGmTUCK_PVU2ItNteU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/1bac01-212c-4f4c-8d3a-65257b1fec6d/1/QTzhbL5211tUA7KlANsY4hu2oCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/1bac01-212c-4f4c-8d3a-65257b1fec6d/1/kwd6mXyVvQGmTUCK_PVU2ItNteU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:7c:c6:e4:56:39:ff:9d:ea:31:d6:bc:cc:b7:b2:f6:01:c9:
         fd:55:97:64:7c:2a:96:b8:ef:01:8a:52:a2:9d:94:e5:66:17:
         dc:5b:cb:4c:a4:7c:6d:61:6f:43:e8:e8:35:14:64:43:6d:c6:
         f2:18:70:7f:16:08:60:cc:cc:d5:4c:f5:5d:e7:50:3d:45:a7:
         c6:93:a7:5e:7b:bf:d0:17:97:4b:cb:d4:4d:11:62:7a:da:d9:
         8d:51:59:a3:8c:75:1e:f0:12:60:72:4e:2c:6c:ea:bf:a7:33:
         30:c7:59:27:c0:af:68:3f:66:13:8c:3f:23:c1:90:56:09:7e:
         35:c0:cb:d0:90:d2:c2:d1:39:c1:1e:c4:fa:85:47:c2:95:07:
         81:bb:c8:21:43:15:09:3e:bd:4b:2b:86:36:b0:a3:f6:02:0f:
         6f:57:28:07:b3:5a:e1:bd:86:5f:62:2b:86:8f:2d:fa:8b:f2:
         c9:d5:85:8e:2e:92:76:44:28:15:3a:f8:8d:18:14:d4:87:13:
         a3:d1:ed:24:b4:54:4a:c9:89:ed:81:e9:ce:e5:7d:fd:34:7b:
         78:ea:1a:02:a9:01:01:a5:eb:ee:30:f3:01:4d:f3:fc:7d:12:
         3b:45:b6:53:4c:a1:50:7e:68:49:74:5e:06:d3:5c:fb:ec:1e:
         df:c3:37:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7O+KqStEVXoPa/8Y5tfWQcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMDc3YTk5N2M5NWJkMDFhNjRkNDA4YWZjZjU1NGQ4OGI0
ZGI1ZTUwHhcNMjQwNDExMjEwMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTNjZTE2Y2JlNzZkNzViNTQwM2IyYTUwMGRiMThlMjFiYjZhMDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGbRP9E/VHQYbVa07Pre0x26fdbV
rygBtIPLNwGNngnZjlrAHvzyJzGzV73VKj9VYFR1RhRHBQid8ZfTE/ai6AwP8kAe
Mpm8fHWjPylVIaZFU2J3NuBR17pD0fZ8EgiW4IcpTFEvmzeC0uZfy6uAVzBRz2g2
gtUmfLgho5M7q9eDqnWC0xBSA32kvBMdI4FsmuuRqwXd680X0Zrhps0pGTnv3Eby
OXLpOJ1bmvmV/Q07i/0jc52xbpz8XkBJmIYu0lXKQeYDeXoDKeBEg+zFjW0AxPLA
fcTe6JlBLuOtLBn7AERsUxtvN1tDYAW1atQSh0UjlvRHDL8OrRqdwaEsSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEE84Wy+dtdbVAOypQDbGOIbtqApMB8GA1UdIwQY
MBaAFJMHepl8lb0Bpk1Aivz1VNiLTbXlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3dkNm1YeVZ2UUdtVFVDS19QVlUySXROdGVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8xYmFjMDEtMjEyYy00ZjRjLThkM2Et
NjUyNTdiMWZlYzZkLzEvUVR6aGJMNTIxMXRVQTdLbEFOc1k0aHUyb0NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8xYmFjMDEtMjEyYy00ZjRjLThkM2EtNjUyNTdiMWZlYzZk
LzEva3dkNm1YeVZ2UUdtVFVDS19QVlUySXROdGVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaHKMA0G
CSqGSIb3DQEBCwUAA4IBAQA+fMbkVjn/neox1rzMt7L2Acn9VZdkfCqWuO8BilKi
nZTlZhfcW8tMpHxtYW9D6Og1FGRDbcbyGHB/FghgzMzVTPVd51A9RafGk6dee7/Q
F5dLy9RNEWJ62tmNUVmjjHUe8BJgck4sbOq/pzMwx1knwK9oP2YTjD8jwZBWCX41
wMvQkNLC0TnBHsT6hUfClQeBu8ghQxUJPr1LK4Y2sKP2Ag9vVygHs1rhvYZfYiuG
jy36i/LJ1YWOLpJ2RCgVOviNGBTUhxOj0e0ktFRKyYntgenO5X39NHt46hoCqQEB
pevuMPMBTfP8fRI7RbZTTKFQfmhJdF4G01z77B7fwzcH
-----END CERTIFICATE-----