Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/QQvO66JvzT_scbKS1dmJO1TR8BI.roa
File:                     QQvO66JvzT_scbKS1dmJO1TR8BI.roa (raw, json)
Hash identifier:          TRHmzOMX8GqLDVR9N0W4d1gUwgf2N+YcRHGpEySDsBY=
Subject key identifier:   41:0B:CE:EB:A2:6F:CD:3F:EC:71:B2:92:D5:D9:89:3B:54:D1:F0:12
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       0192D717D7F9B2D3D19BBBC8E3F3DEC5A55E
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/QQvO66JvzT_scbKS1dmJO1TR8BI.roa
Signing time:             Tue 29 Oct 2024 07:05:16 +0000
ROA not before:           Tue 29 Oct 2024 07:05:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216344
IP address blocks:        37.32.43.0/24 maxlen: 24
                          37.32.46.0/24 maxlen: 24
                          185.212.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d7:17:d7:f9:b2:d3:d1:9b:bb:c8:e3:f3:de:c5:a5:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Oct 29 07:05:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=410bceeba26fcd3fec71b292d5d9893b54d1f012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:49:c7:75:1b:9b:d2:4c:ed:64:b1:ba:8e:43:
                    b7:f8:aa:05:09:24:0c:30:4d:00:e9:c1:20:be:82:
                    9d:41:1b:69:52:9e:de:2b:d1:f4:92:52:27:84:7c:
                    94:e1:52:b9:c7:ae:d9:91:a4:e0:96:ff:8e:d1:e0:
                    5e:92:8b:d1:b4:43:23:55:e0:45:f1:7f:bf:ad:11:
                    b3:e5:7b:62:42:be:2c:ce:38:f3:a8:81:89:54:e3:
                    22:8d:e1:fa:7c:fc:6b:ba:47:44:5a:b5:eb:21:9a:
                    ca:8a:80:a1:82:bd:7c:c5:39:4b:67:c5:ab:38:64:
                    52:b4:72:28:76:17:33:94:3e:41:34:58:a6:38:7b:
                    f2:24:cb:0b:ce:84:79:eb:38:3a:b5:5b:7b:72:3b:
                    eb:d6:c8:a7:3d:4a:ba:2b:d3:0b:fe:25:37:59:bc:
                    88:79:89:fd:96:10:95:d1:89:8a:31:b9:14:92:de:
                    37:ac:31:28:3d:92:66:5c:4e:31:61:88:fe:8f:ce:
                    ef:ec:3c:5b:40:14:0a:ba:d8:70:1f:58:a1:e7:e2:
                    d6:09:e5:9c:59:21:2a:07:05:46:e2:ac:3d:9a:71:
                    c3:9b:76:aa:2c:6f:13:d0:9b:aa:57:ab:a9:97:6e:
                    9b:35:5f:ee:8d:12:00:d6:8a:d2:c3:b9:a2:1e:46:
                    4f:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:0B:CE:EB:A2:6F:CD:3F:EC:71:B2:92:D5:D9:89:3B:54:D1:F0:12
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/QQvO66JvzT_scbKS1dmJO1TR8BI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.43.0/24
                  37.32.46.0/24
                  185.212.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:a3:07:4f:95:cc:02:82:97:08:56:67:ba:3a:52:15:17:03:
         6b:5e:2d:bc:4b:08:c5:93:24:99:36:37:fa:0f:5f:c5:cf:f5:
         db:f4:b4:ae:be:93:6d:ec:60:ad:c5:fa:df:33:40:46:89:f9:
         fd:7b:fc:26:70:dc:5f:61:f1:80:2c:dc:0e:08:6a:16:28:36:
         3a:5e:28:bb:f4:64:da:92:b0:16:12:d9:14:73:36:37:54:39:
         6a:e3:77:03:a5:e1:17:99:57:ca:51:0c:41:ca:c6:0c:4a:09:
         cd:de:4a:bc:d3:4c:63:c8:a3:02:9b:63:de:06:ce:b5:59:f9:
         10:46:0f:36:20:dd:c2:76:46:9c:da:a6:df:29:ce:fb:11:95:
         17:f0:93:ce:8c:2c:bd:ca:b0:7b:7e:8b:3d:d7:ab:94:55:06:
         f3:3e:ec:0b:a2:df:7b:2f:0a:bc:ad:35:fa:00:e5:91:84:10:
         48:13:7a:5a:b1:bf:d2:78:1f:1f:67:48:cd:74:77:14:46:6e:
         15:c6:ff:e8:53:22:83:ab:93:a4:cf:08:30:ca:3a:f6:9e:6c:
         09:8e:9a:b0:a3:a7:4a:61:7d:02:93:e6:6d:4d:34:fb:70:7a:
         a1:93:e9:6d:fa:07:40:22:ed:09:0a:0e:6a:6f:ed:d5:e0:18:
         87:27:ec:ca
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZLXF9f5stPRm7vI4/PexaVeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjQxMDI5MDcwNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTBiY2VlYmEyNmZjZDNmZWM3MWIyOTJkNWQ5ODkzYjU0ZDFmMDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6EnHdRub0kztZLG6jkO3+KoFCSQM
ME0A6cEgvoKdQRtpUp7eK9H0klInhHyU4VK5x67ZkaTglv+O0eBekovRtEMjVeBF
8X+/rRGz5XtiQr4szjjzqIGJVOMijeH6fPxrukdEWrXrIZrKioChgr18xTlLZ8Wr
OGRStHIodhczlD5BNFimOHvyJMsLzoR56zg6tVt7cjvr1sinPUq6K9ML/iU3WbyI
eYn9lhCV0YmKMbkUkt43rDEoPZJmXE4xYYj+j87v7DxbQBQKuthwH1ih5+LWCeWc
WSEqBwVG4qw9mnHDm3aqLG8T0JuqV6upl26bNV/ujRIA1orSw7miHkZP3wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEELzuuib80/7HGyktXZiTtU0fASMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvUVF2TzY2SnZ6VF9zY2JLUzFkbUpPMVRSOEJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJSArAwQA
JSAuAwQAudQzMA0GCSqGSIb3DQEBCwUAA4IBAQCLowdPlcwCgpcIVme6OlIVFwNr
Xi28SwjFkySZNjf6D1/Fz/Xb9LSuvpNt7GCtxfrfM0BGifn9e/wmcNxfYfGALNwO
CGoWKDY6Xii79GTakrAWEtkUczY3VDlq43cDpeEXmVfKUQxBysYMSgnN3kq800xj
yKMCm2PeBs61WfkQRg82IN3Cdkac2qbfKc77EZUX8JPOjCy9yrB7fos916uUVQbz
PuwLot97Lwq8rTX6AOWRhBBIE3pasb/SeB8fZ0jNdHcURm4Vxv/oUyKDq5Okzwgw
yjr2nmwJjpqwo6dKYX0Ck+ZtTTT7cHqhk+lt+gdAIu0JCg5qb+3V4BiHJ+zK
-----END CERTIFICATE-----