Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/qwlSxtg4NYCE6t4YqCVQOXVgQyM.roa
File:                     qwlSxtg4NYCE6t4YqCVQOXVgQyM.roa (raw, json)
Hash identifier:          Gy6OgymR1Psb7gVauOJqAMNP96Bmu7EkYfBG/5js3f0=
Subject key identifier:   AB:09:52:C6:D8:38:35:80:84:EA:DE:18:A8:25:50:39:75:60:43:23
Certificate issuer:       /CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
Certificate serial:       018F3CFEB994EB6895DDC5C252615C3576CC
Authority key identifier: AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/qwlSxtg4NYCE6t4YqCVQOXVgQyM.roa
Signing time:             Fri 03 May 2024 05:47:57 +0000
ROA not before:           Fri 03 May 2024 05:47:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212496
IP address blocks:        77.73.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3c:fe:b9:94:eb:68:95:dd:c5:c2:52:61:5c:35:76:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
        Validity
            Not Before: May  3 05:47:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab0952c6d838358084eade18a825503975604323
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:da:ab:9c:84:22:e6:e5:cd:d5:f0:60:82:ac:
                    0c:ee:e8:6a:14:c4:f8:80:ee:cc:16:4d:53:c3:f9:
                    85:d5:55:66:5b:7c:27:f2:28:bf:d1:b2:6c:94:16:
                    c3:08:f3:ea:5e:43:14:28:53:63:56:cf:c7:e3:2e:
                    0c:0b:ba:b2:81:83:52:17:e4:30:a1:3f:a2:1e:2a:
                    d0:85:9d:d9:0a:4b:dc:53:e5:c3:97:e9:bf:24:9a:
                    65:f9:6d:20:9f:1b:65:2d:4e:56:4f:53:29:99:56:
                    36:17:69:0a:0a:33:6f:8c:d2:5e:3b:07:df:00:97:
                    25:49:b4:43:d7:6f:db:e1:92:1d:3d:a7:9f:6d:68:
                    c4:07:ee:c0:b9:fa:a3:a0:34:2c:af:43:30:c8:e4:
                    f4:7b:ac:21:f0:d5:6d:38:0a:1c:47:3c:cb:24:96:
                    28:e7:85:05:03:45:65:12:42:55:3f:e9:78:cc:33:
                    64:66:79:06:cf:82:4b:b9:5c:47:a9:4c:ac:2c:21:
                    20:ab:d6:62:f9:e7:96:ad:d0:2b:61:16:a6:1a:ac:
                    45:d9:dc:98:d1:9f:0e:16:38:17:35:92:f6:d2:7c:
                    71:67:ac:42:bb:15:bf:2d:dc:da:57:bf:05:bf:20:
                    91:cb:5f:3e:70:d5:10:0c:92:5f:5a:45:ce:8d:1c:
                    9c:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:09:52:C6:D8:38:35:80:84:EA:DE:18:A8:25:50:39:75:60:43:23
            X509v3 Authority Key Identifier:
                keyid:AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/qwlSxtg4NYCE6t4YqCVQOXVgQyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:b7:ed:35:2b:5c:aa:41:ed:03:c6:96:f0:c2:8d:e1:96:ba:
         5d:0c:1a:f5:1e:69:e8:f1:70:cd:09:ce:62:9a:b4:60:6f:2a:
         f8:c5:0f:33:e7:b8:bc:09:0f:22:05:4f:3f:63:9b:d6:5a:93:
         bf:4a:37:fe:d4:a0:e6:52:0d:8c:f2:e0:b3:0b:5b:2f:5d:45:
         86:a3:83:44:a4:0e:39:4c:8c:48:91:dd:6f:2b:7e:c8:e4:41:
         45:4c:5e:77:97:d2:23:0e:1f:3b:9c:4f:95:67:76:fd:41:91:
         9b:57:46:b8:47:7f:7e:64:06:21:d0:9d:77:19:e7:50:d1:bd:
         43:78:7b:49:d3:a5:ba:e1:a5:e3:d4:ff:77:2b:6b:84:e3:2e:
         5d:89:27:30:cc:84:4b:0d:97:a0:e2:05:d9:6b:51:b2:8d:1f:
         cc:96:29:d4:d7:6b:c4:59:0b:b3:f9:ee:04:63:12:43:58:46:
         14:29:8c:11:af:8c:66:91:10:5c:62:b6:24:5a:a3:fc:ba:7e:
         b2:c0:7b:db:99:8a:a8:43:3b:3f:54:6b:79:4d:2d:8f:23:3c:
         b6:4e:f5:b4:bd:6f:e3:4b:58:5b:38:40:72:c9:98:19:9a:1d:
         e3:fb:8f:1e:cf:c2:3e:c4:26:f1:93:f7:2b:1d:9a:a3:33:3c:
         d8:31:89:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY88/rmU62iV3cXCUmFcNXbMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZmExM2YxYWUwNTM5MTYyODBlYzY4ZWUxYjA5NzZmOWVi
ZDNlYTgwHhcNMjQwNTAzMDU0NzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjA5NTJjNmQ4MzgzNTgwODRlYWRlMThhODI1NTAzOTc1NjA0MzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0tqrnIQi5uXN1fBggqwM7uhqFMT4
gO7MFk1Tw/mF1VVmW3wn8ii/0bJslBbDCPPqXkMUKFNjVs/H4y4MC7qygYNSF+Qw
oT+iHirQhZ3ZCkvcU+XDl+m/JJpl+W0gnxtlLU5WT1MpmVY2F2kKCjNvjNJeOwff
AJclSbRD12/b4ZIdPaefbWjEB+7AufqjoDQsr0MwyOT0e6wh8NVtOAocRzzLJJYo
54UFA0VlEkJVP+l4zDNkZnkGz4JLuVxHqUysLCEgq9Zi+eeWrdArYRamGqxF2dyY
0Z8OFjgXNZL20nxxZ6xCuxW/LdzaV78FvyCRy18+cNUQDJJfWkXOjRycRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsJUsbYODWAhOreGKglUDl1YEMjMB8GA1UdIwQY
MBaAFK/6E/GuBTkWKA7GjuGwl2+evT6oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAt
NDc4YzJjOGNiMmEwLzEvcXdsU3h0ZzROWUNFNnQ0WXFDVlFPWFZnUXlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAtNDc4YzJjOGNiMmEw
LzEvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUmGMA0G
CSqGSIb3DQEBCwUAA4IBAQCTt+01K1yqQe0Dxpbwwo3hlrpdDBr1Hmno8XDNCc5i
mrRgbyr4xQ8z57i8CQ8iBU8/Y5vWWpO/Sjf+1KDmUg2M8uCzC1svXUWGo4NEpA45
TIxIkd1vK37I5EFFTF53l9IjDh87nE+VZ3b9QZGbV0a4R39+ZAYh0J13GedQ0b1D
eHtJ06W64aXj1P93K2uE4y5diScwzIRLDZeg4gXZa1GyjR/MlinU12vEWQuz+e4E
YxJDWEYUKYwRr4xmkRBcYrYkWqP8un6ywHvbmYqoQzs/VGt5TS2PIzy2TvW0vW/j
S1hbOEByyZgZmh3j+48ez8I+xCbxk/crHZqjMzzYMYkO
-----END CERTIFICATE-----