Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Qyp1oonTVNrKjIr7AW1uklq854g.roa
File:                     Qyp1oonTVNrKjIr7AW1uklq854g.roa (raw, json)
Hash identifier:          xBiNM0sjXgcvhuIRJrvMaMqUAp5PPYe1xTs5eGsjuyE=
Subject key identifier:   43:2A:75:A2:89:D3:54:DA:CA:8C:8A:FB:01:6D:6E:92:5A:BC:E7:88
Certificate issuer:       /CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Certificate serial:       0191E6DCB1702C292E3EE7C45FD146472418
Authority key identifier: 46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Qyp1oonTVNrKjIr7AW1uklq854g.roa
Signing time:             Thu 12 Sep 2024 15:31:48 +0000
ROA not before:           Thu 12 Sep 2024 15:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201512
IP address blocks:        176.101.92.0/24 maxlen: 24
                          2a03:720:40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e6:dc:b1:70:2c:29:2e:3e:e7:c4:5f:d1:46:47:24:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
        Validity
            Not Before: Sep 12 15:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=432a75a289d354daca8c8afb016d6e925abce788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ae:da:ba:22:f2:61:23:0e:6e:42:fb:8f:0f:
                    fc:16:fe:7f:d1:e5:65:29:74:92:80:2d:16:35:86:
                    30:ba:21:f9:4b:fc:f3:4e:4a:88:40:52:d0:f3:85:
                    bb:ae:e2:f2:57:bf:10:e7:df:50:14:bf:3c:01:f5:
                    0b:57:10:1d:85:6f:8d:16:0a:c6:d5:f4:90:41:36:
                    2f:e5:bd:b6:c9:c7:d0:29:f2:7f:54:91:57:64:05:
                    3a:a2:9b:0b:0d:aa:94:9e:c1:4b:8d:50:40:77:56:
                    79:d5:04:35:1d:87:f4:17:bc:fb:c8:0e:34:e9:01:
                    61:58:d1:68:54:8e:cf:14:65:47:34:fe:1e:4c:54:
                    07:63:60:cf:11:0f:ba:37:59:e8:30:4a:26:b2:45:
                    be:89:74:a6:52:19:8d:a6:7e:6b:c6:8d:54:78:1c:
                    49:8d:91:b6:cf:e8:97:80:f3:2e:9b:77:ab:70:7a:
                    24:4f:54:78:6f:69:ca:04:c4:6d:a1:29:9f:d2:c4:
                    a5:81:7f:0e:d3:0f:b7:9b:4f:5d:1e:05:f1:91:c9:
                    86:8a:03:ff:1f:49:50:36:1c:06:e1:74:f6:7c:57:
                    66:07:0b:ce:f6:a7:c5:82:65:f8:88:b3:b6:a4:02:
                    a3:ab:e9:a0:16:b7:5f:15:44:16:49:1d:50:fa:3c:
                    42:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:2A:75:A2:89:D3:54:DA:CA:8C:8A:FB:01:6D:6E:92:5A:BC:E7:88
            X509v3 Authority Key Identifier:
                keyid:46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Qyp1oonTVNrKjIr7AW1uklq854g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.101.92.0/24
                IPv6:
                  2a03:720:40::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:7e:ac:65:0d:52:8d:a3:10:ee:3e:f0:75:b6:d9:10:62:eb:
         6f:6e:5e:fb:fc:c3:7d:5e:12:35:6e:a6:02:5d:5f:26:57:1f:
         96:64:87:aa:53:f1:30:9a:de:f8:79:00:ce:2f:ef:16:ac:0e:
         c3:b8:c3:fd:17:99:f5:94:1c:e2:a7:56:bb:98:79:fc:c3:2c:
         bd:9b:5e:b6:f9:7f:6c:8d:a2:15:52:b4:89:9f:c8:22:df:7b:
         2d:be:21:50:c0:ad:ce:c9:df:e9:43:67:89:aa:8a:27:b9:96:
         27:0e:5c:30:b1:ab:65:9b:3d:8f:3a:87:74:58:fd:c8:cf:5b:
         15:dc:fa:11:91:99:b1:08:80:48:1a:97:11:cc:fc:0e:bf:3c:
         5a:3f:35:6e:9e:53:b4:42:07:42:4e:bd:f6:cd:8d:40:6e:8f:
         75:a6:c9:ed:68:19:7d:0e:80:86:41:0c:e1:59:b6:1c:03:81:
         06:4b:e6:4a:01:57:d8:4f:2d:d0:0b:99:b2:b1:e8:0d:4d:e6:
         bb:33:6f:66:22:cd:6e:c9:c0:e0:cd:72:ae:7c:ed:25:90:28:
         87:45:27:ce:da:81:ee:28:33:71:a9:0d:7b:59:cf:d3:ed:92:
         96:d2:67:d4:49:22:eb:20:6a:bf:98:62:c7:11:5d:b5:d4:27:
         fc:f4:09:89
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZHm3LFwLCkuPufEX9FGRyQYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YmEzZjgwMDM5YjllNzg0Y2ZiMjRiZjJjN2RkYjI0ZTE5
MDBhNzYwHhcNMjQwOTEyMTUzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzJhNzVhMjg5ZDM1NGRhY2E4YzhhZmIwMTZkNmU5MjVhYmNlNzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqq7auiLyYSMObkL7jw/8Fv5/0eVl
KXSSgC0WNYYwuiH5S/zzTkqIQFLQ84W7ruLyV78Q599QFL88AfULVxAdhW+NFgrG
1fSQQTYv5b22ycfQKfJ/VJFXZAU6opsLDaqUnsFLjVBAd1Z51QQ1HYf0F7z7yA40
6QFhWNFoVI7PFGVHNP4eTFQHY2DPEQ+6N1noMEomskW+iXSmUhmNpn5rxo1UeBxJ
jZG2z+iXgPMum3ercHokT1R4b2nKBMRtoSmf0sSlgX8O0w+3m09dHgXxkcmGigP/
H0lQNhwG4XT2fFdmBwvO9qfFgmX4iLO2pAKjq+mgFrdfFUQWSR1Q+jxCUwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEMqdaKJ01TayoyK+wFtbpJavOeIMB8GA1UdIwQY
MBaAFEa6P4ADm554TPskvyx92yThkAp2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWIt
ODlhY2UzODIyMGZiLzEvUXlwMW9vblRWTnJLaklyN0FXMXVrbHE4NTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWItODlhY2UzODIyMGZi
LzEvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAsGVcMA8E
AgACMAkDBwAqAwcgAEAwDQYJKoZIhvcNAQELBQADggEBADN+rGUNUo2jEO4+8HW2
2RBi629uXvv8w31eEjVupgJdXyZXH5Zkh6pT8TCa3vh5AM4v7xasDsO4w/0XmfWU
HOKnVruYefzDLL2bXrb5f2yNohVStImfyCLfey2+IVDArc7J3+lDZ4mqiie5licO
XDCxq2WbPY86h3RY/cjPWxXc+hGRmbEIgEgalxHM/A6/PFo/NW6eU7RCB0JOvfbN
jUBuj3Wmye1oGX0OgIZBDOFZthwDgQZL5koBV9hPLdALmbKx6A1N5rszb2YizW7J
wODNcq587SWQKIdFJ87age4oM3GpDXtZz9PtkpbSZ9RJIusgar+YYscRXbXUJ/z0
CYk=
-----END CERTIFICATE-----