Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/2dbe04-43a8-4963-8e86-3fe8f896e551/1/qvGLp0H_EijjouOgk-b1feUfccA.roa
File:                     qvGLp0H_EijjouOgk-b1feUfccA.roa (raw, json)
Hash identifier:          qc5VuGVAcEkYd8huv58Weu0+ginrtq6C5VpR6nghSq0=
Subject key identifier:   AA:F1:8B:A7:41:FF:12:28:E3:A2:E3:A0:93:E6:F5:7D:E5:1F:71:C0
Certificate issuer:       /CN=9f29e8554020bdefa17c5561438fb4baf5831f52
Certificate serial:       018CC2DAECB11E0E13E8D5D4EA600D521C3F
Authority key identifier: 9F:29:E8:55:40:20:BD:EF:A1:7C:55:61:43:8F:B4:BA:F5:83:1F:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nynoVUAgve-hfFVhQ4-0uvWDH1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/2dbe04-43a8-4963-8e86-3fe8f896e551/1/qvGLp0H_EijjouOgk-b1feUfccA.roa
Signing time:             Mon 01 Jan 2024 02:29:36 +0000
ROA not before:           Mon 01 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55002
IP address blocks:        193.143.129.0/24 maxlen: 24
                          193.143.128.0/24 maxlen: 24
                          195.234.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/2dbe04-43a8-4963-8e86-3fe8f896e551/1/nynoVUAgve-hfFVhQ4-0uvWDH1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/2dbe04-43a8-4963-8e86-3fe8f896e551/1/nynoVUAgve-hfFVhQ4-0uvWDH1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nynoVUAgve-hfFVhQ4-0uvWDH1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ec:b1:1e:0e:13:e8:d5:d4:ea:60:0d:52:1c:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f29e8554020bdefa17c5561438fb4baf5831f52
        Validity
            Not Before: Jan  1 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aaf18ba741ff1228e3a2e3a093e6f57de51f71c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:54:37:52:f6:88:da:0a:6f:96:fd:0b:c7:a3:
                    63:32:d0:d5:73:26:5b:2c:f5:52:6f:7a:63:47:8c:
                    1e:55:df:de:11:a3:ce:c5:a8:18:ca:5e:60:9b:e1:
                    38:bc:23:df:c8:a5:fd:5b:63:a0:c3:76:8a:f6:25:
                    a9:8d:f6:3b:ae:06:ff:43:d2:c5:40:34:e5:e4:a2:
                    82:e0:25:34:dd:e0:1d:01:50:ad:ee:0d:40:5b:39:
                    d9:9e:ad:9b:4e:4f:2d:f6:b2:08:38:0a:cf:29:b6:
                    7e:18:f8:67:5c:d2:47:ba:b8:8b:77:02:ad:ba:73:
                    8c:d7:3b:f5:5f:bd:f1:48:2e:6c:91:f6:17:72:b1:
                    8b:b9:5c:87:d0:76:82:58:02:ec:b5:f5:f2:b0:91:
                    b5:a0:bc:1f:ed:a1:ea:d2:34:34:a3:96:7d:1d:0d:
                    22:fc:05:56:23:87:f7:58:23:bb:e5:7d:2b:48:50:
                    c3:19:93:e3:b9:4d:c8:1a:f6:48:f4:d3:b9:ae:44:
                    0f:ec:90:63:9c:8f:db:31:84:56:16:0d:2e:f6:4d:
                    76:54:06:15:98:66:44:64:68:84:6c:aa:0d:2c:3a:
                    a0:74:65:70:fc:2c:57:cd:66:2a:84:3c:22:dc:23:
                    f5:46:39:25:82:c0:10:86:f7:a2:4c:c3:02:b4:35:
                    02:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:F1:8B:A7:41:FF:12:28:E3:A2:E3:A0:93:E6:F5:7D:E5:1F:71:C0
            X509v3 Authority Key Identifier:
                keyid:9F:29:E8:55:40:20:BD:EF:A1:7C:55:61:43:8F:B4:BA:F5:83:1F:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nynoVUAgve-hfFVhQ4-0uvWDH1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/2dbe04-43a8-4963-8e86-3fe8f896e551/1/qvGLp0H_EijjouOgk-b1feUfccA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/2dbe04-43a8-4963-8e86-3fe8f896e551/1/nynoVUAgve-hfFVhQ4-0uvWDH1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.143.128.0/23
                  195.234.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:b8:96:69:9a:72:a0:90:a0:15:84:e8:34:1a:6a:72:88:5b:
         d1:20:00:14:12:9f:fd:e5:fb:dd:37:a9:6c:c9:d7:83:55:0f:
         bd:f0:b7:fb:6a:16:09:be:4e:27:b9:d6:88:00:6c:4c:3f:30:
         3d:a4:ff:78:67:d4:9d:9f:72:12:71:22:8a:54:c6:98:43:b1:
         dd:fc:46:df:d4:82:02:72:4e:0e:fa:07:ad:e3:30:e7:57:a4:
         11:20:98:98:85:2c:23:ce:78:16:62:ff:7e:a0:aa:06:2a:48:
         30:ba:66:f0:7d:01:78:c0:52:90:ca:c4:cf:46:45:38:2f:49:
         75:8f:1f:c0:e3:ab:d8:a6:2b:42:95:5a:a7:68:9c:a5:3a:be:
         10:63:a8:ec:eb:4d:77:0c:93:b6:b8:1d:b3:4b:11:4b:f8:19:
         46:6d:a3:42:9b:a4:dd:34:91:0f:b3:d9:93:c6:67:99:4a:23:
         3d:88:c4:fb:f7:7a:e0:81:e6:ee:ff:9b:0d:7e:39:bd:74:29:
         8f:71:10:b9:1a:cc:2a:8f:dd:d0:4d:25:92:4a:60:57:25:1b:
         9e:d2:86:c3:53:68:e5:c2:ff:63:68:70:a5:a0:43:31:85:08:
         83:42:b7:2f:1a:d0:85:a2:79:14:f7:47:a2:5e:a7:2c:a8:9e:
         8e:76:ef:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2uyxHg4T6NXU6mANUhw/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMjllODU1NDAyMGJkZWZhMTdjNTU2MTQzOGZiNGJhZjU4
MzFmNTIwHhcNMjQwMTAxMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWYxOGJhNzQxZmYxMjI4ZTNhMmUzYTA5M2U2ZjU3ZGU1MWY3MWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVQ3UvaI2gpvlv0Lx6NjMtDVcyZb
LPVSb3pjR4weVd/eEaPOxagYyl5gm+E4vCPfyKX9W2Ogw3aK9iWpjfY7rgb/Q9LF
QDTl5KKC4CU03eAdAVCt7g1AWznZnq2bTk8t9rIIOArPKbZ+GPhnXNJHuriLdwKt
unOM1zv1X73xSC5skfYXcrGLuVyH0HaCWALstfXysJG1oLwf7aHq0jQ0o5Z9HQ0i
/AVWI4f3WCO75X0rSFDDGZPjuU3IGvZI9NO5rkQP7JBjnI/bMYRWFg0u9k12VAYV
mGZEZGiEbKoNLDqgdGVw/CxXzWYqhDwi3CP1RjklgsAQhveiTMMCtDUCgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKrxi6dB/xIo46LjoJPm9X3lH3HAMB8GA1UdIwQY
MBaAFJ8p6FVAIL3voXxVYUOPtLr1gx9SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnlub1ZVQWd2ZS1oZkZWaFE0LTB1dldESDFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8yZGJlMDQtNDNhOC00OTYzLThlODYt
M2ZlOGY4OTZlNTUxLzEvcXZHTHAwSF9FaWpqb3VPZ2stYjFmZVVmY2NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8yZGJlMDQtNDNhOC00OTYzLThlODYtM2ZlOGY4OTZlNTUx
LzEvbnlub1ZVQWd2ZS1oZkZWaFE0LTB1dldESDFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwY+AAwQA
w+qHMA0GCSqGSIb3DQEBCwUAA4IBAQAZuJZpmnKgkKAVhOg0GmpyiFvRIAAUEp/9
5fvdN6lsydeDVQ+98Lf7ahYJvk4nudaIAGxMPzA9pP94Z9Sdn3IScSKKVMaYQ7Hd
/Ebf1IICck4O+get4zDnV6QRIJiYhSwjzngWYv9+oKoGKkgwumbwfQF4wFKQysTP
RkU4L0l1jx/A46vYpitClVqnaJylOr4QY6js6013DJO2uB2zSxFL+BlGbaNCm6Td
NJEPs9mTxmeZSiM9iMT793rggebu/5sNfjm9dCmPcRC5Gswqj93QTSWSSmBXJRue
0obDU2jlwv9jaHCloEMxhQiDQrcvGtCFonkU90eiXqcsqJ6Odu8o
-----END CERTIFICATE-----