Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/a8f553-f52c-4949-97e2-822d159a97af/1/QfC0dTPaHTJs2kX8a-EtEofPdDU.roa
File:                     QfC0dTPaHTJs2kX8a-EtEofPdDU.roa (raw, json)
Hash identifier:          b3j+HNk7mqt9ZS5pDr3rVOF/uCBmWsQWxb0OzHj4JLY=
Subject key identifier:   41:F0:B4:75:33:DA:1D:32:6C:DA:45:FC:6B:E1:2D:12:87:CF:74:35
Certificate issuer:       /CN=266547208206ad54474c69fccbedc24aa56a62c2
Certificate serial:       018CCA29CB2DD4AC546716696943EE42F34C
Authority key identifier: 26:65:47:20:82:06:AD:54:47:4C:69:FC:CB:ED:C2:4A:A5:6A:62:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmVHIIIGrVRHTGn8y-3CSqVqYsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/a8f553-f52c-4949-97e2-822d159a97af/1/QfC0dTPaHTJs2kX8a-EtEofPdDU.roa
Signing time:             Tue 02 Jan 2024 12:33:05 +0000
ROA not before:           Tue 02 Jan 2024 12:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12301
IP address blocks:        91.196.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/a8f553-f52c-4949-97e2-822d159a97af/1/JmVHIIIGrVRHTGn8y-3CSqVqYsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/a8f553-f52c-4949-97e2-822d159a97af/1/JmVHIIIGrVRHTGn8y-3CSqVqYsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmVHIIIGrVRHTGn8y-3CSqVqYsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:cb:2d:d4:ac:54:67:16:69:69:43:ee:42:f3:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=266547208206ad54474c69fccbedc24aa56a62c2
        Validity
            Not Before: Jan  2 12:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41f0b47533da1d326cda45fc6be12d1287cf7435
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:21:c7:ca:8f:6a:da:11:11:c8:ec:9a:9a:05:
                    9d:28:5d:99:18:ea:e9:30:49:51:d9:08:b1:a5:1f:
                    a0:f8:9f:83:43:b6:fc:a5:74:28:08:af:5b:09:8a:
                    23:c6:38:14:47:2f:93:ff:3c:d6:5d:70:72:34:aa:
                    20:0f:15:ee:6f:1e:e9:88:02:2f:fd:3f:ce:11:a1:
                    9e:be:d1:3d:44:b9:de:12:09:99:dc:bf:42:14:3f:
                    a9:e5:9a:6c:b1:ce:a0:d2:56:47:23:34:7b:a3:ad:
                    f3:69:4d:4d:20:68:ef:6c:b0:2c:7e:3a:56:b6:0c:
                    b3:9b:5a:4f:3e:78:96:01:b0:77:93:64:f0:8f:67:
                    02:c7:cf:91:6c:47:f8:d6:be:af:0c:2a:13:39:01:
                    68:5a:f4:bb:a1:66:08:6c:ca:a9:93:0e:d1:b1:e1:
                    ef:ba:ae:7f:fa:c0:06:20:8c:ef:7a:34:80:cb:77:
                    ab:07:a8:07:79:cb:40:72:f7:af:fd:fe:43:ff:22:
                    a6:8a:3e:d2:57:37:8b:95:3f:f1:4d:41:73:73:71:
                    d9:08:6e:7a:9f:03:a5:e5:cf:b0:fd:92:6c:89:2a:
                    2e:02:05:ce:5d:cf:65:64:0b:6f:f3:03:bc:14:a9:
                    95:fb:fe:5d:31:91:6e:2b:af:17:dc:c3:be:dc:bd:
                    22:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F0:B4:75:33:DA:1D:32:6C:DA:45:FC:6B:E1:2D:12:87:CF:74:35
            X509v3 Authority Key Identifier:
                keyid:26:65:47:20:82:06:AD:54:47:4C:69:FC:CB:ED:C2:4A:A5:6A:62:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmVHIIIGrVRHTGn8y-3CSqVqYsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/a8f553-f52c-4949-97e2-822d159a97af/1/QfC0dTPaHTJs2kX8a-EtEofPdDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/a8f553-f52c-4949-97e2-822d159a97af/1/JmVHIIIGrVRHTGn8y-3CSqVqYsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:52:a4:b7:06:8b:47:12:95:d8:17:e8:18:45:15:82:53:ea:
         df:c0:ae:e7:39:d2:c5:68:80:08:3f:0b:63:f7:9a:11:12:57:
         93:b4:f3:0d:a3:01:90:7c:bd:c0:f2:f9:0b:8a:8f:59:da:00:
         e7:0e:6e:63:18:75:a7:5d:64:01:15:92:78:7d:18:ff:77:ae:
         c6:be:41:37:d4:dd:67:38:8b:41:1e:bd:b1:8e:2f:c6:72:e6:
         39:50:8b:20:b1:d1:d7:f9:b6:57:cb:13:5b:c7:b0:90:81:c1:
         19:f6:44:03:34:0b:10:61:5c:2f:ec:73:2a:a8:fc:8d:05:4b:
         61:19:20:5e:97:f6:05:d3:f1:4b:b8:91:fe:d9:7e:63:79:1b:
         6e:fc:7f:20:06:56:36:1d:a0:f2:79:a2:85:89:e4:97:0a:e0:
         e2:39:b3:6d:08:96:04:04:c1:28:4c:f2:26:2b:11:7f:4f:8f:
         c8:62:37:31:1c:cd:43:cb:5a:cd:8a:8e:8e:bb:6f:bc:59:68:
         c8:c4:ef:77:46:b6:8e:9b:39:45:26:6f:2e:95:46:f6:31:e1:
         5d:28:fe:35:9a:93:4a:98:10:f4:ff:09:a7:19:05:bf:61:60:
         ba:b2:5f:a5:b8:d3:82:44:27:71:7b:63:20:87:6b:fc:34:52:
         9e:cf:b0:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKcst1KxUZxZpaUPuQvNMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjU0NzIwODIwNmFkNTQ0NzRjNjlmY2NiZWRjMjRhYTU2
YTYyYzIwHhcNMjQwMTAyMTIzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWYwYjQ3NTMzZGExZDMyNmNkYTQ1ZmM2YmUxMmQxMjg3Y2Y3NDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyHHyo9q2hERyOyamgWdKF2ZGOrp
MElR2QixpR+g+J+DQ7b8pXQoCK9bCYojxjgURy+T/zzWXXByNKogDxXubx7piAIv
/T/OEaGevtE9RLneEgmZ3L9CFD+p5Zpssc6g0lZHIzR7o63zaU1NIGjvbLAsfjpW
tgyzm1pPPniWAbB3k2Twj2cCx8+RbEf41r6vDCoTOQFoWvS7oWYIbMqpkw7RseHv
uq5/+sAGIIzvejSAy3erB6gHectAcvev/f5D/yKmij7SVzeLlT/xTUFzc3HZCG56
nwOl5c+w/ZJsiSouAgXOXc9lZAtv8wO8FKmV+/5dMZFuK68X3MO+3L0ihQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHwtHUz2h0ybNpF/GvhLRKHz3Q1MB8GA1UdIwQY
MBaAFCZlRyCCBq1UR0xp/MvtwkqlamLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1WSElJSUdyVlJIVEduOHktM0NTcVZxWXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9hOGY1NTMtZjUyYy00OTQ5LTk3ZTIt
ODIyZDE1OWE5N2FmLzEvUWZDMGRUUGFIVEpzMmtYOGEtRXRFb2ZQZERVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9hOGY1NTMtZjUyYy00OTQ5LTk3ZTItODIyZDE1OWE5N2Fm
LzEvSm1WSElJSUdyVlJIVEduOHktM0NTcVZxWXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8RwMA0G
CSqGSIb3DQEBCwUAA4IBAQBBUqS3BotHEpXYF+gYRRWCU+rfwK7nOdLFaIAIPwtj
95oREleTtPMNowGQfL3A8vkLio9Z2gDnDm5jGHWnXWQBFZJ4fRj/d67GvkE31N1n
OItBHr2xji/GcuY5UIsgsdHX+bZXyxNbx7CQgcEZ9kQDNAsQYVwv7HMqqPyNBUth
GSBel/YF0/FLuJH+2X5jeRtu/H8gBlY2HaDyeaKFieSXCuDiObNtCJYEBMEoTPIm
KxF/T4/IYjcxHM1Dy1rNio6Ou2+8WWjIxO93RraOmzlFJm8ulUb2MeFdKP41mpNK
mBD0/wmnGQW/YWC6sl+luNOCRCdxe2Mgh2v8NFKez7CY
-----END CERTIFICATE-----