Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/aa7e53-490f-4177-8b11-0b3e7ebe4ac2/1/qooFeYPW9NIpsBzDxpayc9VB83U.roa
File:                     qooFeYPW9NIpsBzDxpayc9VB83U.roa (raw, json)
Hash identifier:          WG3L5FGGgqZiuy85O6Yu+7FL0841/FK5aJB3KolcH/w=
Subject key identifier:   AA:8A:05:79:83:D6:F4:D2:29:B0:1C:C3:C6:96:B2:73:D5:41:F3:75
Certificate issuer:       /CN=66ba8d64e901b39b501ed3693ec27430713886e3
Certificate serial:       018CFDE398F63DB8BF8C0764B0EA9C18F89E
Authority key identifier: 66:BA:8D:64:E9:01:B3:9B:50:1E:D3:69:3E:C2:74:30:71:38:86:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZrqNZOkBs5tQHtNpPsJ0MHE4huM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/aa7e53-490f-4177-8b11-0b3e7ebe4ac2/1/qooFeYPW9NIpsBzDxpayc9VB83U.roa
Signing time:             Fri 12 Jan 2024 13:36:40 +0000
ROA not before:           Fri 12 Jan 2024 13:36:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210861
IP address blocks:        93.190.126.0/24 maxlen: 24
                          2a11:7980:ff::/48 maxlen: 48
                          2a11:7980::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/aa7e53-490f-4177-8b11-0b3e7ebe4ac2/1/ZrqNZOkBs5tQHtNpPsJ0MHE4huM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/aa7e53-490f-4177-8b11-0b3e7ebe4ac2/1/ZrqNZOkBs5tQHtNpPsJ0MHE4huM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZrqNZOkBs5tQHtNpPsJ0MHE4huM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fd:e3:98:f6:3d:b8:bf:8c:07:64:b0:ea:9c:18:f8:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66ba8d64e901b39b501ed3693ec27430713886e3
        Validity
            Not Before: Jan 12 13:36:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa8a057983d6f4d229b01cc3c696b273d541f375
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5e:77:1b:43:93:e4:f3:b9:19:af:97:f5:2a:
                    c4:25:b0:4a:c3:4c:51:32:0b:4d:ca:d2:18:f7:c2:
                    f6:c5:4e:35:14:14:7d:49:90:05:0f:3a:34:3c:7d:
                    ae:41:9d:b1:fc:7f:16:35:49:e3:a7:d6:a0:04:a2:
                    92:5a:cd:e9:c4:3d:39:32:c0:f7:8e:e1:de:47:d7:
                    0b:ad:be:8d:cd:b8:12:65:41:6c:f9:4c:4d:de:a1:
                    a1:8f:e4:5e:a6:76:f9:57:09:80:3e:b3:dc:44:60:
                    93:c9:40:b3:e7:c2:d6:ba:33:e5:ab:01:50:4b:3b:
                    16:46:ed:5f:37:2e:8a:76:e2:64:f1:68:5c:dc:3b:
                    03:4a:f1:00:da:86:35:d4:4d:a6:1b:2d:44:60:4f:
                    a9:68:c0:35:79:06:7d:55:a6:fa:32:c5:19:a0:b3:
                    8e:d7:28:c5:fd:78:2d:0e:3b:03:a5:69:98:3e:e5:
                    02:17:01:20:0b:96:ed:5e:d3:d7:c4:2b:44:d2:aa:
                    86:11:38:ad:e2:f4:46:62:da:ea:e3:23:b7:11:72:
                    f2:63:d2:44:5d:97:f2:42:d2:e4:fb:2c:4d:34:0e:
                    24:44:40:75:54:66:0f:2f:bd:e5:6f:66:6a:98:cb:
                    c1:39:81:03:41:53:42:88:b7:5c:9a:91:c9:ad:de:
                    8e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:8A:05:79:83:D6:F4:D2:29:B0:1C:C3:C6:96:B2:73:D5:41:F3:75
            X509v3 Authority Key Identifier:
                keyid:66:BA:8D:64:E9:01:B3:9B:50:1E:D3:69:3E:C2:74:30:71:38:86:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZrqNZOkBs5tQHtNpPsJ0MHE4huM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/aa7e53-490f-4177-8b11-0b3e7ebe4ac2/1/qooFeYPW9NIpsBzDxpayc9VB83U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/aa7e53-490f-4177-8b11-0b3e7ebe4ac2/1/ZrqNZOkBs5tQHtNpPsJ0MHE4huM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.126.0/24
                IPv6:
                  2a11:7980::/40

    Signature Algorithm: sha256WithRSAEncryption
         10:65:10:51:b7:30:3b:23:d0:1e:9b:8b:bc:18:35:71:fb:0e:
         d2:30:ec:eb:58:8d:dc:62:6d:59:05:a8:ba:23:13:12:bf:e6:
         4f:2c:51:9d:b9:3f:3f:f1:35:3d:99:fc:f2:df:81:3f:6b:02:
         b2:ea:90:75:dc:32:57:3c:6f:c5:ba:59:d6:90:1f:22:7b:68:
         29:ec:92:a1:d3:be:cc:a6:73:06:fd:d9:b0:59:53:65:f7:d7:
         88:a4:23:18:c5:10:5e:9b:a4:6e:40:72:d6:60:e3:3a:63:8f:
         3e:96:9e:9f:ed:3a:a8:9d:54:45:aa:9b:5b:12:10:a8:bb:93:
         8d:24:99:78:a5:24:5e:50:25:48:f5:ff:3e:46:c0:f2:e2:2d:
         c5:ce:6a:d7:b9:c4:a0:21:f8:4f:c4:50:9b:da:1a:62:e2:f8:
         61:28:6f:5c:ac:d7:8e:a3:16:a1:da:42:75:24:85:95:9d:58:
         8e:43:34:7e:47:7b:c2:73:74:12:5a:96:2b:51:9f:c3:64:4a:
         6f:55:76:80:c5:61:1b:95:0f:ac:f5:7e:d7:83:7b:9d:cd:2a:
         67:af:9d:6f:46:c7:d7:64:59:c1:8e:b9:4e:23:54:07:5e:87:
         14:07:2d:82:c9:7f:e0:bf:e8:fe:e3:bc:fb:3a:df:7a:b6:f6:
         b1:91:b2:1b
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYz945j2Pbi/jAdksOqcGPieMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2YmE4ZDY0ZTkwMWIzOWI1MDFlZDM2OTNlYzI3NDMwNzEz
ODg2ZTMwHhcNMjQwMTEyMTMzNjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYThhMDU3OTgzZDZmNGQyMjliMDFjYzNjNjk2YjI3M2Q1NDFmMzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlF53G0OT5PO5Ga+X9SrEJbBKw0xR
MgtNytIY98L2xU41FBR9SZAFDzo0PH2uQZ2x/H8WNUnjp9agBKKSWs3pxD05MsD3
juHeR9cLrb6NzbgSZUFs+UxN3qGhj+Repnb5VwmAPrPcRGCTyUCz58LWujPlqwFQ
SzsWRu1fNy6KduJk8Whc3DsDSvEA2oY11E2mGy1EYE+paMA1eQZ9Vab6MsUZoLOO
1yjF/XgtDjsDpWmYPuUCFwEgC5btXtPXxCtE0qqGETit4vRGYtrq4yO3EXLyY9JE
XZfyQtLk+yxNNA4kREB1VGYPL73lb2ZqmMvBOYEDQVNCiLdcmpHJrd6O2wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFKqKBXmD1vTSKbAcw8aWsnPVQfN1MB8GA1UdIwQY
MBaAFGa6jWTpAbObUB7TaT7CdDBxOIbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnJxTlpPa0JzNXRRSHROcFBzSjBNSEU0aHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9hYTdlNTMtNDkwZi00MTc3LThiMTEt
MGIzZTdlYmU0YWMyLzEvcW9vRmVZUFc5Tklwc0J6RHhwYXljOVZCODNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9hYTdlNTMtNDkwZi00MTc3LThiMTEtMGIzZTdlYmU0YWMy
LzEvWnJxTlpPa0JzNXRRSHROcFBzSjBNSEU0aHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAXb5+MA4E
AgACMAgDBgAqEXmAADANBgkqhkiG9w0BAQsFAAOCAQEAEGUQUbcwOyPQHpuLvBg1
cfsO0jDs61iN3GJtWQWouiMTEr/mTyxRnbk/P/E1PZn88t+BP2sCsuqQddwyVzxv
xbpZ1pAfIntoKeySodO+zKZzBv3ZsFlTZffXiKQjGMUQXpukbkBy1mDjOmOPPpae
n+06qJ1URaqbWxIQqLuTjSSZeKUkXlAlSPX/PkbA8uItxc5q17nEoCH4T8RQm9oa
YuL4YShvXKzXjqMWodpCdSSFlZ1YjkM0fkd7wnN0ElqWK1Gfw2RKb1V2gMVhG5UP
rPV+14N7nc0qZ6+db0bH12RZwY65TiNUB16HFActgsl/4L/o/uO8+zrferb2sZGy
Gw==
-----END CERTIFICATE-----