Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/e1e2a7-fd96-4cf1-82c3-ba2b90d49547/1/QQ5deM3usgi8rZOVf7XTPW157dU.roa
File:                     QQ5deM3usgi8rZOVf7XTPW157dU.roa (raw, json)
Hash identifier:          HMGgimWsxIvbOuqGxZJJ8/Ct/QMrerMqtTkO+VCKB5s=
Subject key identifier:   41:0E:5D:78:CD:EE:B2:08:BC:AD:93:95:7F:B5:D3:3D:6D:79:ED:D5
Certificate issuer:       /CN=66bd82ba1881ad64f524e33ece12ada4b3b5d57f
Certificate serial:       018CC56EA3CFC66A6B0571547A0ABB29E04F
Authority key identifier: 66:BD:82:BA:18:81:AD:64:F5:24:E3:3E:CE:12:AD:A4:B3:B5:D5:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zr2CuhiBrWT1JOM-zhKtpLO11X8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/e1e2a7-fd96-4cf1-82c3-ba2b90d49547/1/QQ5deM3usgi8rZOVf7XTPW157dU.roa
Signing time:             Mon 01 Jan 2024 14:30:11 +0000
ROA not before:           Mon 01 Jan 2024 14:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        132.199.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/e1e2a7-fd96-4cf1-82c3-ba2b90d49547/1/Zr2CuhiBrWT1JOM-zhKtpLO11X8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/e1e2a7-fd96-4cf1-82c3-ba2b90d49547/1/Zr2CuhiBrWT1JOM-zhKtpLO11X8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zr2CuhiBrWT1JOM-zhKtpLO11X8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a3:cf:c6:6a:6b:05:71:54:7a:0a:bb:29:e0:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66bd82ba1881ad64f524e33ece12ada4b3b5d57f
        Validity
            Not Before: Jan  1 14:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=410e5d78cdeeb208bcad93957fb5d33d6d79edd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8f:70:80:b8:e5:13:45:7e:09:06:0c:e8:a4:
                    f6:d8:ef:96:f4:a2:82:5d:e6:9a:b4:6e:aa:d8:5a:
                    61:97:7d:9f:a2:0a:29:f0:a9:44:ef:24:67:8b:1c:
                    64:60:05:8d:26:f1:a5:3b:27:9b:df:ce:df:aa:71:
                    9f:97:e3:f5:8c:98:1f:c7:a6:c7:b5:ae:22:67:3d:
                    e6:cb:7a:44:7d:2b:44:8b:20:c7:6e:43:05:01:df:
                    1c:e0:62:c7:c6:93:c6:0d:04:2d:59:aa:6c:90:a2:
                    c1:3e:a9:cf:63:87:f9:e6:33:1d:ce:36:53:8d:a6:
                    9c:20:30:12:e8:ce:f1:37:1e:31:a1:12:69:5a:13:
                    5a:18:0a:ff:80:24:11:ab:b6:87:87:3b:ea:95:a7:
                    95:f2:3e:76:41:84:3f:a6:58:3b:81:59:fd:6e:b0:
                    80:48:f1:ad:27:01:c7:34:a0:3c:d4:18:a9:2f:19:
                    b9:28:22:04:c8:90:50:07:bb:11:3b:6c:89:54:05:
                    b8:86:33:93:3f:1c:07:74:92:b8:c3:48:61:0c:f8:
                    8f:c9:3c:25:cb:b1:f2:a1:3f:8c:fd:3c:a2:e1:a3:
                    fa:15:4d:50:b0:8d:4d:5b:af:46:49:6d:0f:71:9f:
                    40:70:50:24:27:52:b0:73:f6:12:2a:16:15:1c:99:
                    8b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:0E:5D:78:CD:EE:B2:08:BC:AD:93:95:7F:B5:D3:3D:6D:79:ED:D5
            X509v3 Authority Key Identifier:
                keyid:66:BD:82:BA:18:81:AD:64:F5:24:E3:3E:CE:12:AD:A4:B3:B5:D5:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zr2CuhiBrWT1JOM-zhKtpLO11X8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/e1e2a7-fd96-4cf1-82c3-ba2b90d49547/1/QQ5deM3usgi8rZOVf7XTPW157dU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/e1e2a7-fd96-4cf1-82c3-ba2b90d49547/1/Zr2CuhiBrWT1JOM-zhKtpLO11X8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.199.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         72:73:1d:39:b4:e5:a8:20:ea:e2:b2:a8:7e:93:27:a5:7b:10:
         90:6b:a6:18:3d:91:1f:f2:49:ee:bf:2b:91:fb:f4:03:ca:39:
         5b:34:63:49:ff:1c:f5:c5:da:4c:a5:54:19:30:24:9d:bb:97:
         70:a2:78:97:f5:fd:36:bb:c2:d7:3c:0e:ca:69:1e:0f:a7:1f:
         84:4d:96:34:b8:85:72:70:1b:ed:c0:37:79:a4:40:16:6d:c5:
         c1:d6:bb:fa:73:e1:fb:72:f1:66:c1:b2:7d:94:55:d5:aa:4a:
         fc:41:39:23:b0:cc:94:7d:6e:60:3f:43:c1:dc:61:20:97:02:
         73:12:ca:d3:b2:b9:28:d1:c2:2f:c4:c4:53:0a:14:a0:f0:5e:
         7b:68:ef:a4:88:85:16:37:3c:89:a5:11:1e:a0:0b:71:ee:81:
         bd:d8:a9:3c:95:88:9e:75:46:5e:23:b7:13:e9:c8:74:15:6e:
         95:c2:b0:e2:55:4d:68:87:a4:26:ee:2f:8e:ec:85:a5:2b:77:
         63:0e:37:48:f8:f5:f7:b4:19:24:ac:77:e4:77:09:bc:fc:6e:
         6a:ee:f6:cc:5c:e7:e9:bd:4f:6c:c9:13:6b:64:a0:0e:46:df:
         8c:4a:cb:5d:6f:ac:90:c0:ce:27:5d:ac:da:a3:5e:49:82:fd:
         25:33:9c:f2
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFbqPPxmprBXFUegq7KeBPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2YmQ4MmJhMTg4MWFkNjRmNTI0ZTMzZWNlMTJhZGE0YjNi
NWQ1N2YwHhcNMjQwMTAxMTQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTBlNWQ3OGNkZWViMjA4YmNhZDkzOTU3ZmI1ZDMzZDZkNzllZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj49wgLjlE0V+CQYM6KT22O+W9KKC
XeaatG6q2Fphl32fogop8KlE7yRnixxkYAWNJvGlOyeb387fqnGfl+P1jJgfx6bH
ta4iZz3my3pEfStEiyDHbkMFAd8c4GLHxpPGDQQtWapskKLBPqnPY4f55jMdzjZT
jaacIDAS6M7xNx4xoRJpWhNaGAr/gCQRq7aHhzvqlaeV8j52QYQ/plg7gVn9brCA
SPGtJwHHNKA81BipLxm5KCIEyJBQB7sRO2yJVAW4hjOTPxwHdJK4w0hhDPiPyTwl
y7HyoT+M/Tyi4aP6FU1QsI1NW69GSW0PcZ9AcFAkJ1Kwc/YSKhYVHJmLCQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFEEOXXjN7rIIvK2TlX+10z1tee3VMB8GA1UdIwQY
MBaAFGa9groYga1k9STjPs4SraSztdV/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnIyQ3VoaUJyV1QxSk9NLXpoS3RwTE8xMVg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9lMWUyYTctZmQ5Ni00Y2YxLTgyYzMt
YmEyYjkwZDQ5NTQ3LzEvUVE1ZGVNM3VzZ2k4clpPVmY3WFRQVzE1N2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9lMWUyYTctZmQ5Ni00Y2YxLTgyYzMtYmEyYjkwZDQ5NTQ3
LzEvWnIyQ3VoaUJyV1QxSk9NLXpoS3RwTE8xMVg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhMcwDQYJ
KoZIhvcNAQELBQADggEBAHJzHTm05agg6uKyqH6TJ6V7EJBrphg9kR/ySe6/K5H7
9APKOVs0Y0n/HPXF2kylVBkwJJ27l3CieJf1/Ta7wtc8DsppHg+nH4RNljS4hXJw
G+3AN3mkQBZtxcHWu/pz4fty8WbBsn2UVdWqSvxBOSOwzJR9bmA/Q8HcYSCXAnMS
ytOyuSjRwi/ExFMKFKDwXnto76SIhRY3PImlER6gC3Hugb3YqTyViJ51Rl4jtxPp
yHQVbpXCsOJVTWiHpCbuL47shaUrd2MON0j49fe0GSSsd+R3Cbz8bmru9sxc5+m9
T2zJE2tkoA5G34xKy11vrJDAziddrNqjXkmC/SUznPI=
-----END CERTIFICATE-----