Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/6ca980-2ce1-4b7c-8321-e5d9a6e48746/1/qQfqPmvwMb8lXAOinWFml__ZEqA.roa
File:                     qQfqPmvwMb8lXAOinWFml__ZEqA.roa (raw, json)
Hash identifier:          ZF2Ed+3AlZx31pdfIz7tzjUv8o6P1u5TWuRwlRBbUjE=
Subject key identifier:   A9:07:EA:3E:6B:F0:31:BF:25:5C:03:A2:9D:61:66:97:FF:D9:12:A0
Certificate issuer:       /CN=0a22ad609729f8ef1112adbc158f511215b0f39e
Certificate serial:       018FA155732C033E6CD7B01A2EA371611D79
Authority key identifier: 0A:22:AD:60:97:29:F8:EF:11:12:AD:BC:15:8F:51:12:15:B0:F3:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CiKtYJcp-O8REq28FY9REhWw854.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/6ca980-2ce1-4b7c-8321-e5d9a6e48746/1/qQfqPmvwMb8lXAOinWFml__ZEqA.roa
Signing time:             Wed 22 May 2024 17:24:42 +0000
ROA not before:           Wed 22 May 2024 17:24:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214872
IP address blocks:        193.104.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/6ca980-2ce1-4b7c-8321-e5d9a6e48746/1/CiKtYJcp-O8REq28FY9REhWw854.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/6ca980-2ce1-4b7c-8321-e5d9a6e48746/1/CiKtYJcp-O8REq28FY9REhWw854.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CiKtYJcp-O8REq28FY9REhWw854.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a1:55:73:2c:03:3e:6c:d7:b0:1a:2e:a3:71:61:1d:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a22ad609729f8ef1112adbc158f511215b0f39e
        Validity
            Not Before: May 22 17:24:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a907ea3e6bf031bf255c03a29d616697ffd912a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:e0:d6:1e:ba:f6:50:7d:a8:6d:78:5c:59:f6:
                    73:47:ac:b2:15:0b:c4:57:cd:89:22:f5:f8:90:05:
                    6a:fb:48:22:b7:aa:40:6d:e2:fa:e1:8d:50:53:e3:
                    ae:93:94:21:15:59:ad:7e:e9:a5:b2:d4:70:be:4b:
                    a4:b0:e1:4b:85:b8:b1:40:61:b6:39:c6:71:0c:dd:
                    20:49:57:b2:86:6a:c0:a6:83:f7:54:e4:e9:78:ca:
                    ce:73:4b:e3:98:5a:90:9f:12:26:f9:93:dd:b5:5e:
                    99:b4:a8:58:6b:13:4c:02:3a:ca:9b:77:3c:03:7a:
                    6f:98:38:1b:84:b6:c7:e8:9c:a4:64:13:d5:d7:68:
                    51:df:da:f0:45:8a:6c:53:19:89:f2:ab:60:eb:5f:
                    3e:a3:d0:ae:6d:5c:aa:95:91:a9:d4:fd:a6:1f:17:
                    af:5f:55:af:5f:12:ef:68:7e:d1:99:32:1c:a2:60:
                    da:58:a3:fb:ad:82:6d:37:47:70:a3:44:7d:ae:3c:
                    72:ac:a3:4a:fc:1e:4e:bd:77:fd:17:37:35:43:3b:
                    f7:62:91:f9:15:c2:c5:30:a6:5b:b1:68:f2:25:51:
                    64:74:af:7e:25:2e:b9:93:94:74:32:ec:58:df:5b:
                    4c:c2:4b:5c:48:79:11:cb:b6:ee:c7:62:dc:8d:38:
                    20:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:07:EA:3E:6B:F0:31:BF:25:5C:03:A2:9D:61:66:97:FF:D9:12:A0
            X509v3 Authority Key Identifier:
                keyid:0A:22:AD:60:97:29:F8:EF:11:12:AD:BC:15:8F:51:12:15:B0:F3:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CiKtYJcp-O8REq28FY9REhWw854.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/6ca980-2ce1-4b7c-8321-e5d9a6e48746/1/qQfqPmvwMb8lXAOinWFml__ZEqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/6ca980-2ce1-4b7c-8321-e5d9a6e48746/1/CiKtYJcp-O8REq28FY9REhWw854.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:76:01:bb:69:1d:cf:3f:3c:3e:65:a8:c5:f0:a2:37:f1:2f:
         30:75:ba:00:40:16:bd:5c:a0:bc:39:e1:f1:e2:5e:ca:28:98:
         b3:09:98:0d:dc:d4:6d:a0:93:5b:9a:1f:aa:5e:89:ee:a5:6a:
         58:f5:b9:9c:92:8d:4a:7f:e4:a0:ab:04:9b:4f:85:1d:af:e2:
         bf:ae:17:ca:65:e7:f7:22:c9:62:cd:18:67:57:88:9d:83:36:
         a6:81:49:eb:82:9e:23:bf:da:79:42:e7:8c:e5:da:65:51:fb:
         25:86:97:3f:e4:26:14:48:a0:fa:f0:6a:cd:80:c2:8f:91:e7:
         82:8d:16:be:cd:12:e1:e5:e4:06:51:d7:60:d1:eb:ac:13:cd:
         89:9a:51:64:df:f6:6f:d1:f4:e7:16:28:21:32:e9:6f:a1:78:
         a4:94:99:0f:da:31:f1:57:7f:a6:31:bf:ed:6e:97:86:b9:03:
         5d:36:b4:e1:98:39:bf:b9:9b:38:ee:12:c2:8a:f5:55:c2:56:
         0e:36:7b:a5:ce:4e:01:74:84:ce:21:45:e5:09:fa:16:b4:8b:
         ac:c0:80:ea:e7:aa:4c:a7:20:52:61:84:c1:21:07:98:bf:f5:
         0a:b9:50:80:21:7b:bc:02:c0:71:76:c8:59:48:d1:19:29:fc:
         cf:71:71:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+hVXMsAz5s17AaLqNxYR15MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMjJhZDYwOTcyOWY4ZWYxMTEyYWRiYzE1OGY1MTEyMTVi
MGYzOWUwHhcNMjQwNTIyMTcyNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTA3ZWEzZTZiZjAzMWJmMjU1YzAzYTI5ZDYxNjY5N2ZmZDkxMmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ODWHrr2UH2obXhcWfZzR6yyFQvE
V82JIvX4kAVq+0git6pAbeL64Y1QU+Ouk5QhFVmtfumlstRwvkuksOFLhbixQGG2
OcZxDN0gSVeyhmrApoP3VOTpeMrOc0vjmFqQnxIm+ZPdtV6ZtKhYaxNMAjrKm3c8
A3pvmDgbhLbH6JykZBPV12hR39rwRYpsUxmJ8qtg618+o9CubVyqlZGp1P2mHxev
X1WvXxLvaH7RmTIcomDaWKP7rYJtN0dwo0R9rjxyrKNK/B5OvXf9Fzc1Qzv3YpH5
FcLFMKZbsWjyJVFkdK9+JS65k5R0MuxY31tMwktcSHkRy7bux2LcjTggrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkH6j5r8DG/JVwDop1hZpf/2RKgMB8GA1UdIwQY
MBaAFAoirWCXKfjvERKtvBWPURIVsPOeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2lLdFlKY3AtTzhSRXEyOEZZOVJFaFd3ODU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS82Y2E5ODAtMmNlMS00YjdjLTgzMjEt
ZTVkOWE2ZTQ4NzQ2LzEvcVFmcVBtdndNYjhsWEFPaW5XRm1sX19aRXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS82Y2E5ODAtMmNlMS00YjdjLTgzMjEtZTVkOWE2ZTQ4NzQ2
LzEvQ2lLdFlKY3AtTzhSRXEyOEZZOVJFaFd3ODU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWgLMA0G
CSqGSIb3DQEBCwUAA4IBAQBedgG7aR3PPzw+ZajF8KI38S8wdboAQBa9XKC8OeHx
4l7KKJizCZgN3NRtoJNbmh+qXonupWpY9bmcko1Kf+SgqwSbT4Udr+K/rhfKZef3
IslizRhnV4idgzamgUnrgp4jv9p5QueM5dplUfslhpc/5CYUSKD68GrNgMKPkeeC
jRa+zRLh5eQGUddg0eusE82JmlFk3/Zv0fTnFighMulvoXiklJkP2jHxV3+mMb/t
bpeGuQNdNrThmDm/uZs47hLCivVVwlYONnulzk4BdITOIUXlCfoWtIuswIDq56pM
pyBSYYTBIQeYv/UKuVCAIXu8AsBxdshZSNEZKfzPcXEk
-----END CERTIFICATE-----