Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/QqhOJbfGenuz499uz-NQad_VE3w.roa
File:                     QqhOJbfGenuz499uz-NQad_VE3w.roa (raw, json)
Hash identifier:          ZCb6gvkEKHIIKinysK85i6bSBPMTiYy1mmkoVuDadoE=
Subject key identifier:   42:A8:4E:25:B7:C6:7A:7B:B3:E3:DF:6E:CF:E3:50:69:DF:D5:13:7C
Certificate issuer:       /CN=2c3b0ae5b7f781122c709a2650adf9729187e1e1
Certificate serial:       018CC725A73EA78650C30413AD48C2A334BF
Authority key identifier: 2C:3B:0A:E5:B7:F7:81:12:2C:70:9A:26:50:AD:F9:72:91:87:E1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDsK5bf3gRIscJomUK35cpGH4eE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/QqhOJbfGenuz499uz-NQad_VE3w.roa
Signing time:             Mon 01 Jan 2024 22:29:42 +0000
ROA not before:           Mon 01 Jan 2024 22:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25006
IP address blocks:        193.127.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/LDsK5bf3gRIscJomUK35cpGH4eE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/LDsK5bf3gRIscJomUK35cpGH4eE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDsK5bf3gRIscJomUK35cpGH4eE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:a7:3e:a7:86:50:c3:04:13:ad:48:c2:a3:34:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3b0ae5b7f781122c709a2650adf9729187e1e1
        Validity
            Not Before: Jan  1 22:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42a84e25b7c67a7bb3e3df6ecfe35069dfd5137c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:eb:c2:6d:33:a2:d2:56:62:05:37:4c:53:7e:
                    94:38:1a:8f:da:3b:b9:4b:59:47:20:8d:df:e1:47:
                    5a:18:57:a7:1c:b8:55:da:d4:43:c9:dc:56:f5:de:
                    72:64:5c:3c:ba:47:c1:59:cf:a3:e1:f0:4e:25:19:
                    09:e1:e5:7d:4f:67:20:b7:84:a1:44:bd:67:15:34:
                    fe:d6:90:90:a8:74:4a:d8:df:ac:60:53:65:1d:c3:
                    db:c1:c0:42:ef:59:c2:ba:01:57:68:79:43:90:b8:
                    50:a2:ef:61:67:5c:e2:b1:82:16:02:9b:dc:6e:66:
                    f8:e4:3c:c3:45:53:56:cc:72:10:52:d7:b2:f3:69:
                    ab:ad:7b:55:b6:14:91:78:fe:27:30:23:a2:db:6a:
                    4e:19:f9:31:e4:bf:e0:9d:e6:2a:e4:3c:2e:54:4a:
                    83:99:07:43:95:35:fc:eb:b8:a7:de:2d:e7:d1:d7:
                    a5:e8:fa:36:a0:19:85:d9:87:ff:13:74:9f:78:cc:
                    6b:d8:ff:5d:87:97:34:f3:d6:73:63:a5:c6:d2:f0:
                    8a:2b:7e:69:9d:f8:42:c1:a8:cf:e6:98:c9:88:4e:
                    5f:cb:95:51:b9:9e:1c:76:58:64:92:dd:58:24:bc:
                    c3:da:40:06:fa:80:7c:b1:35:0c:8d:40:d2:2a:a6:
                    fe:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:A8:4E:25:B7:C6:7A:7B:B3:E3:DF:6E:CF:E3:50:69:DF:D5:13:7C
            X509v3 Authority Key Identifier:
                keyid:2C:3B:0A:E5:B7:F7:81:12:2C:70:9A:26:50:AD:F9:72:91:87:E1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDsK5bf3gRIscJomUK35cpGH4eE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/QqhOJbfGenuz499uz-NQad_VE3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/LDsK5bf3gRIscJomUK35cpGH4eE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.127.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:3a:33:9f:4f:73:4d:c1:49:1c:27:b0:ed:f8:cc:3a:03:39:
         56:9d:e6:67:b4:29:43:ee:fd:1a:18:64:47:b3:b1:cf:69:52:
         95:c9:ac:54:7c:b7:7b:d4:27:7a:3e:ba:d6:51:c2:49:6a:43:
         95:c3:f9:15:1d:e3:4c:47:79:12:3f:f2:b0:ea:cd:14:4f:59:
         87:a2:37:ea:9f:a2:95:48:cf:2c:bd:48:b2:4a:2b:50:77:22:
         b8:ba:20:42:e3:84:a1:da:b3:f0:38:13:bc:f0:e1:2b:e5:b3:
         0e:f6:e3:f6:cb:4d:59:6a:4d:69:34:b7:03:9b:e7:6b:5e:b3:
         56:27:2f:8a:59:a6:59:fd:57:01:29:70:a9:4b:9c:48:f6:0d:
         ed:eb:d9:6a:de:45:11:24:34:bb:d2:54:75:ec:93:93:9f:fe:
         3f:34:07:e5:be:6d:74:2f:17:ef:1b:5a:11:bc:a8:ad:0f:6d:
         c9:12:90:07:38:d3:70:11:57:fe:fc:dd:8e:a3:10:91:df:5c:
         58:5a:8d:c2:81:05:7d:bb:72:5a:bc:3c:af:07:8d:30:8c:81:
         87:95:38:96:67:db:c1:65:8f:22:f3:28:a0:9e:1e:46:94:64:
         81:a8:eb:b8:dd:48:34:d5:8f:41:3d:85:da:0e:40:f2:d4:0a:
         f2:11:12:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJac+p4ZQwwQTrUjCozS/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjM2IwYWU1YjdmNzgxMTIyYzcwOWEyNjUwYWRmOTcyOTE4
N2UxZTEwHhcNMjQwMTAxMjIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmE4NGUyNWI3YzY3YTdiYjNlM2RmNmVjZmUzNTA2OWRmZDUxMzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOvCbTOi0lZiBTdMU36UOBqP2ju5
S1lHII3f4UdaGFenHLhV2tRDydxW9d5yZFw8ukfBWc+j4fBOJRkJ4eV9T2cgt4Sh
RL1nFTT+1pCQqHRK2N+sYFNlHcPbwcBC71nCugFXaHlDkLhQou9hZ1zisYIWApvc
bmb45DzDRVNWzHIQUtey82mrrXtVthSReP4nMCOi22pOGfkx5L/gneYq5DwuVEqD
mQdDlTX867in3i3n0del6Po2oBmF2Yf/E3SfeMxr2P9dh5c089ZzY6XG0vCKK35p
nfhCwajP5pjJiE5fy5VRuZ4cdlhkkt1YJLzD2kAG+oB8sTUMjUDSKqb+wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEKoTiW3xnp7s+Pfbs/jUGnf1RN8MB8GA1UdIwQY
MBaAFCw7CuW394ESLHCaJlCt+XKRh+HhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERzSzViZjNnUklzY0pvbVVLMzVjcEdINGVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi81M2UyNmItZTdlZS00NzNlLWE1NGEt
ZmZjY2EzZTFmMTdmLzEvUXFoT0piZkdlbnV6NDk5dXotTlFhZF9WRTN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi81M2UyNmItZTdlZS00NzNlLWE1NGEtZmZjY2EzZTFmMTdm
LzEvTERzSzViZjNnUklzY0pvbVVLMzVjcEdINGVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwX/2MA0G
CSqGSIb3DQEBCwUAA4IBAQA4OjOfT3NNwUkcJ7Dt+Mw6AzlWneZntClD7v0aGGRH
s7HPaVKVyaxUfLd71Cd6PrrWUcJJakOVw/kVHeNMR3kSP/Kw6s0UT1mHojfqn6KV
SM8svUiySitQdyK4uiBC44Sh2rPwOBO88OEr5bMO9uP2y01Zak1pNLcDm+drXrNW
Jy+KWaZZ/VcBKXCpS5xI9g3t69lq3kURJDS70lR17JOTn/4/NAflvm10LxfvG1oR
vKitD23JEpAHONNwEVf+/N2OoxCR31xYWo3CgQV9u3JavDyvB40wjIGHlTiWZ9vB
ZY8i8yignh5GlGSBqOu43Ug01Y9BPYXaDkDy1AryERKG
-----END CERTIFICATE-----