Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/cQzV18BJVNOsGQg6NM_rfO5tTgo.roa
File:                     cQzV18BJVNOsGQg6NM_rfO5tTgo.roa (raw, json)
Hash identifier:          k/gZB7VdkxxVucTRiR2T5OhIO3AFSIoFmB1+gruiZVQ=
Subject key identifier:   71:0C:D5:D7:C0:49:54:D3:AC:19:08:3A:34:CF:EB:7C:EE:6D:4E:0A
Certificate issuer:       /CN=ca96218c20efd8fe53fca9990b725dd7963c885c
Certificate serial:       018CC9BBA73A071EC972A9D42056C5080995
Authority key identifier: CA:96:21:8C:20:EF:D8:FE:53:FC:A9:99:0B:72:5D:D7:96:3C:88:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/cQzV18BJVNOsGQg6NM_rfO5tTgo.roa
Signing time:             Tue 02 Jan 2024 10:32:47 +0000
ROA not before:           Tue 02 Jan 2024 10:32:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43116
IP address blocks:        213.144.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:a7:3a:07:1e:c9:72:a9:d4:20:56:c5:08:09:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca96218c20efd8fe53fca9990b725dd7963c885c
        Validity
            Not Before: Jan  2 10:32:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=710cd5d7c04954d3ac19083a34cfeb7cee6d4e0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:34:bf:12:31:fd:c3:03:1d:32:1c:83:60:02:
                    71:7f:e8:7a:98:37:8f:90:84:f7:9b:d3:da:f4:8c:
                    e6:4c:87:86:dc:8c:13:bc:04:4e:05:bd:62:74:57:
                    ec:0c:cb:c3:18:98:42:38:36:96:e6:1a:b8:15:5e:
                    08:c4:9a:d8:e9:0f:c4:57:a5:9e:1a:bf:4c:dc:ee:
                    31:2b:26:6b:51:a6:b2:69:1b:62:21:92:4b:72:ac:
                    c7:cc:cc:19:b3:83:69:1a:cb:46:01:f0:aa:41:36:
                    80:00:2a:58:28:97:16:98:6a:8a:5e:c3:e8:d5:33:
                    bb:90:5f:29:af:b1:0c:af:8c:63:aa:7b:8c:4d:7a:
                    76:b3:f1:d1:ad:10:29:17:be:21:d7:e9:e5:9d:77:
                    1b:ce:bf:97:e3:02:38:a1:af:63:22:12:72:d0:ca:
                    9b:1b:14:bb:40:65:b7:8d:f1:d7:e7:ed:5b:e1:17:
                    66:ae:e9:77:c1:70:a2:70:00:6a:21:86:b6:b0:6f:
                    d4:46:e4:3c:3f:f2:46:bd:d8:1d:b8:75:eb:50:16:
                    cc:1e:d1:32:57:1f:6e:3a:ab:aa:24:eb:f4:97:c7:
                    c1:0c:bd:6f:8e:05:3c:83:86:09:cf:f0:80:3c:78:
                    40:91:1c:e2:cf:97:62:6a:fa:29:20:32:fd:49:43:
                    8c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:0C:D5:D7:C0:49:54:D3:AC:19:08:3A:34:CF:EB:7C:EE:6D:4E:0A
            X509v3 Authority Key Identifier:
                keyid:CA:96:21:8C:20:EF:D8:FE:53:FC:A9:99:0B:72:5D:D7:96:3C:88:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/cQzV18BJVNOsGQg6NM_rfO5tTgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.144.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:c4:99:9b:ad:5b:9c:57:18:f6:11:91:08:f1:7b:5b:da:6f:
         45:28:a7:9f:21:63:13:d3:ed:5c:aa:78:8f:af:10:35:f2:0b:
         a8:d2:16:41:a0:5b:6e:c4:cd:40:fd:d1:5b:73:3e:74:51:27:
         f8:c3:dc:1e:2a:d0:13:29:f5:cc:8e:c6:4f:14:ff:b4:f6:34:
         1a:54:e1:68:f1:7e:dc:25:b4:29:16:07:d9:c0:fb:24:5b:00:
         b7:f8:74:19:a3:dc:ba:1f:8e:ea:11:11:1e:85:7e:e0:f0:09:
         64:a0:e2:7c:ed:0a:bf:e7:89:11:02:10:3d:67:b3:10:df:90:
         a9:65:d4:04:9b:19:7f:e5:86:67:0c:ce:20:2c:d6:03:23:13:
         14:fd:09:07:f4:58:c6:78:f8:b5:49:b3:13:2b:c5:8a:02:46:
         93:98:2d:97:91:46:02:c6:e7:5c:1e:29:ae:e7:5c:04:72:8f:
         a9:1c:1e:b1:aa:d0:c7:6e:1e:56:b5:cd:0f:92:30:62:21:6b:
         65:8d:c8:42:8e:19:b0:9e:c8:d9:61:3c:7d:97:a4:7e:7b:4b:
         ac:c9:ac:73:54:61:51:86:f0:fe:70:07:55:2d:d3:50:db:1c:
         ac:34:e5:1a:0b:8f:7c:28:75:30:02:49:c2:b8:a4:b8:60:dd:
         82:2f:b9:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu6c6Bx7JcqnUIFbFCAmVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOTYyMThjMjBlZmQ4ZmU1M2ZjYTk5OTBiNzI1ZGQ3OTYz
Yzg4NWMwHhcNMjQwMTAyMTAzMjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTBjZDVkN2MwNDk1NGQzYWMxOTA4M2EzNGNmZWI3Y2VlNmQ0ZTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7jS/EjH9wwMdMhyDYAJxf+h6mDeP
kIT3m9Pa9IzmTIeG3IwTvAROBb1idFfsDMvDGJhCODaW5hq4FV4IxJrY6Q/EV6We
Gr9M3O4xKyZrUaayaRtiIZJLcqzHzMwZs4NpGstGAfCqQTaAACpYKJcWmGqKXsPo
1TO7kF8pr7EMr4xjqnuMTXp2s/HRrRApF74h1+nlnXcbzr+X4wI4oa9jIhJy0Mqb
GxS7QGW3jfHX5+1b4Rdmrul3wXCicABqIYa2sG/URuQ8P/JGvdgduHXrUBbMHtEy
Vx9uOquqJOv0l8fBDL1vjgU8g4YJz/CAPHhAkRziz5diavopIDL9SUOMBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEM1dfASVTTrBkIOjTP63zubU4KMB8GA1UdIwQY
MBaAFMqWIYwg79j+U/ypmQtyXdeWPIhcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXBZaGpDRHYyUDVUX0ttWkMzSmQxNVk4aUZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85NzU1ZDUtN2YwYi00MjdmLWFmZTAt
ZDcxMmQ0NzM4MDQ2LzEvY1F6VjE4QkpWTk9zR1FnNk5NX3JmTzV0VGdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85NzU1ZDUtN2YwYi00MjdmLWFmZTAtZDcxMmQ0NzM4MDQ2
LzEveXBZaGpDRHYyUDVUX0ttWkMzSmQxNVk4aUZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZBmMA0G
CSqGSIb3DQEBCwUAA4IBAQA7xJmbrVucVxj2EZEI8Xtb2m9FKKefIWMT0+1cqniP
rxA18guo0hZBoFtuxM1A/dFbcz50USf4w9weKtATKfXMjsZPFP+09jQaVOFo8X7c
JbQpFgfZwPskWwC3+HQZo9y6H47qEREehX7g8AlkoOJ87Qq/54kRAhA9Z7MQ35Cp
ZdQEmxl/5YZnDM4gLNYDIxMU/QkH9FjGePi1SbMTK8WKAkaTmC2XkUYCxudcHimu
51wEco+pHB6xqtDHbh5Wtc0PkjBiIWtljchCjhmwnsjZYTx9l6R+e0usyaxzVGFR
hvD+cAdVLdNQ2xysNOUaC498KHUwAknCuKS4YN2CL7lB
-----END CERTIFICATE-----