Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/cb8265-c632-4813-b858-def386743f32/1/qrPxUkptvxS0GntZroIh6emmsjw.roa
File:                     qrPxUkptvxS0GntZroIh6emmsjw.roa (raw, json)
Hash identifier:          tu8zaar/KGZMtXW0LmElarJNkglJ3Z42sUpRYLbpnOk=
Subject key identifier:   AA:B3:F1:52:4A:6D:BF:14:B4:1A:7B:59:AE:82:21:E9:E9:A6:B2:3C
Certificate issuer:       /CN=4e78b6d00614f5565d9d8af8247cc72ea9b8833d
Certificate serial:       018CC493196DE90EBDB01FCBF37B7E56605D
Authority key identifier: 4E:78:B6:D0:06:14:F5:56:5D:9D:8A:F8:24:7C:C7:2E:A9:B8:83:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tni20AYU9VZdnYr4JHzHLqm4gz0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/cb8265-c632-4813-b858-def386743f32/1/qrPxUkptvxS0GntZroIh6emmsjw.roa
Signing time:             Mon 01 Jan 2024 10:30:23 +0000
ROA not before:           Mon 01 Jan 2024 10:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208700
IP address blocks:        62.192.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/cb8265-c632-4813-b858-def386743f32/1/Tni20AYU9VZdnYr4JHzHLqm4gz0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/cb8265-c632-4813-b858-def386743f32/1/Tni20AYU9VZdnYr4JHzHLqm4gz0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tni20AYU9VZdnYr4JHzHLqm4gz0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:19:6d:e9:0e:bd:b0:1f:cb:f3:7b:7e:56:60:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e78b6d00614f5565d9d8af8247cc72ea9b8833d
        Validity
            Not Before: Jan  1 10:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aab3f1524a6dbf14b41a7b59ae8221e9e9a6b23c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:63:2b:a9:d0:93:85:de:5f:8d:36:43:51:35:
                    62:15:b5:f6:95:65:4b:12:ca:a3:7a:07:99:fa:83:
                    9e:93:7a:ec:52:bf:2c:3b:f5:d2:e4:5e:0e:9b:96:
                    dc:14:8a:88:cb:15:70:f7:15:7e:65:2d:f1:6d:0e:
                    0f:2a:f0:dd:fe:43:fb:8f:72:0e:f9:76:51:1a:fa:
                    f7:b9:fc:74:a5:92:60:49:9f:b4:40:dc:b9:e9:46:
                    49:f5:7c:4c:9f:85:31:6c:d3:d0:38:60:cb:50:93:
                    23:6d:63:ca:7f:fc:e9:bc:e6:c6:b7:dc:7a:f8:a3:
                    fb:d7:17:15:9f:b0:55:11:24:92:26:ae:73:00:39:
                    2b:09:28:83:ab:c5:02:fc:a9:06:eb:41:9e:f2:fc:
                    cd:e5:9a:e5:c3:82:ef:88:8e:ea:74:e0:1f:73:c3:
                    29:a9:2f:eb:4e:7b:d8:39:04:be:db:71:02:cd:55:
                    00:bc:de:e2:a4:03:31:a4:ba:4f:7b:78:48:f7:95:
                    2c:73:8b:b0:f0:70:70:3b:db:83:a6:e6:57:68:c5:
                    59:e1:99:8a:c1:11:57:47:87:d8:48:82:cd:18:4e:
                    5f:d0:d8:8e:69:20:c6:1b:c7:10:e7:b8:ad:66:da:
                    f3:3c:36:00:8d:38:84:6f:3c:47:9d:e6:dc:ee:ec:
                    dd:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:B3:F1:52:4A:6D:BF:14:B4:1A:7B:59:AE:82:21:E9:E9:A6:B2:3C
            X509v3 Authority Key Identifier:
                keyid:4E:78:B6:D0:06:14:F5:56:5D:9D:8A:F8:24:7C:C7:2E:A9:B8:83:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tni20AYU9VZdnYr4JHzHLqm4gz0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/cb8265-c632-4813-b858-def386743f32/1/qrPxUkptvxS0GntZroIh6emmsjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/cb8265-c632-4813-b858-def386743f32/1/Tni20AYU9VZdnYr4JHzHLqm4gz0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.192.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:8d:a8:61:25:04:18:ee:f8:c9:3b:b6:56:aa:80:fa:99:cf:
         c3:f0:f1:47:87:2c:09:76:00:31:49:64:ce:f6:cf:55:a8:05:
         78:d0:fe:32:ae:88:e6:d8:1c:a6:46:55:72:29:73:7f:e5:da:
         e5:46:fa:1f:37:42:f1:f6:28:4c:90:b5:cd:1d:38:88:2d:62:
         85:6a:2b:3d:e0:5d:5d:fb:d8:d0:55:e0:b1:9f:74:81:63:8c:
         8d:10:9c:07:ad:4c:d7:b9:b9:3f:45:b8:7d:82:63:cf:3a:39:
         53:11:0c:18:ed:35:fd:6e:82:05:78:1a:c1:c7:b8:1d:5f:f5:
         3a:0d:d3:45:39:50:2b:c7:6b:32:56:93:94:71:a3:74:a2:57:
         26:0e:39:6b:6c:bd:bd:02:86:7c:57:eb:21:f7:96:89:44:b2:
         8b:0e:15:aa:08:5b:a4:6c:1a:6d:f1:0f:23:01:29:a3:29:44:
         0b:c0:c2:f2:ad:f9:7e:08:13:15:67:8b:4f:06:d8:59:ca:cd:
         c0:8a:00:f7:64:d0:cd:4b:46:0d:fb:f0:04:14:5a:aa:f7:ad:
         48:e6:30:6a:a6:ed:1d:78:2b:d1:76:58:a9:f9:73:12:85:2a:
         ca:1a:94:e9:0d:e0:9f:60:71:bb:0d:2a:d9:2b:1c:00:5e:ff:
         fe:27:69:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkxlt6Q69sB/L83t+VmBdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNzhiNmQwMDYxNGY1NTY1ZDlkOGFmODI0N2NjNzJlYTli
ODgzM2QwHhcNMjQwMTAxMTAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWIzZjE1MjRhNmRiZjE0YjQxYTdiNTlhZTgyMjFlOWU5YTZiMjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2MrqdCThd5fjTZDUTViFbX2lWVL
EsqjegeZ+oOek3rsUr8sO/XS5F4Om5bcFIqIyxVw9xV+ZS3xbQ4PKvDd/kP7j3IO
+XZRGvr3ufx0pZJgSZ+0QNy56UZJ9XxMn4UxbNPQOGDLUJMjbWPKf/zpvObGt9x6
+KP71xcVn7BVESSSJq5zADkrCSiDq8UC/KkG60Ge8vzN5Zrlw4LviI7qdOAfc8Mp
qS/rTnvYOQS+23ECzVUAvN7ipAMxpLpPe3hI95Usc4uw8HBwO9uDpuZXaMVZ4ZmK
wRFXR4fYSILNGE5f0NiOaSDGG8cQ57itZtrzPDYAjTiEbzxHnebc7uzdlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqz8VJKbb8UtBp7Wa6CIenpprI8MB8GA1UdIwQY
MBaAFE54ttAGFPVWXZ2K+CR8xy6puIM9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVG5pMjBBWVU5VlpkbllyNEpIekhMcW00Z3owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9jYjgyNjUtYzYzMi00ODEzLWI4NTgt
ZGVmMzg2NzQzZjMyLzEvcXJQeFVrcHR2eFMwR250WnJvSWg2ZW1tc2p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9jYjgyNjUtYzYzMi00ODEzLWI4NTgtZGVmMzg2NzQzZjMy
LzEvVG5pMjBBWVU5VlpkbllyNEpIekhMcW00Z3owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPsCbMA0G
CSqGSIb3DQEBCwUAA4IBAQCbjahhJQQY7vjJO7ZWqoD6mc/D8PFHhywJdgAxSWTO
9s9VqAV40P4yrojm2BymRlVyKXN/5drlRvofN0Lx9ihMkLXNHTiILWKFais94F1d
+9jQVeCxn3SBY4yNEJwHrUzXubk/Rbh9gmPPOjlTEQwY7TX9boIFeBrBx7gdX/U6
DdNFOVArx2syVpOUcaN0olcmDjlrbL29AoZ8V+sh95aJRLKLDhWqCFukbBpt8Q8j
ASmjKUQLwMLyrfl+CBMVZ4tPBthZys3AigD3ZNDNS0YN+/AEFFqq961I5jBqpu0d
eCvRdlip+XMShSrKGpTpDeCfYHG7DSrZKxwAXv/+J2kf
-----END CERTIFICATE-----