Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/e42ba4-7a84-4226-afa7-09fb8fe72f4a/1/QE91P7FhBRPqqABVZQnH3EQFI4M.roa
File:                     QE91P7FhBRPqqABVZQnH3EQFI4M.roa (raw, json)
Hash identifier:          cJq1C6Ip/zMBt1IrgVNgw6MqMY5hZOSTQyE+rkx5VU8=
Subject key identifier:   40:4F:75:3F:B1:61:05:13:EA:A8:00:55:65:09:C7:DC:44:05:23:83
Certificate issuer:       /CN=795a18641a916b306074d1e11fd0b10e9dfdc430
Certificate serial:       018CC8DF8ED2C0FCDDEF15C28E75D5DC1D8E
Authority key identifier: 79:5A:18:64:1A:91:6B:30:60:74:D1:E1:1F:D0:B1:0E:9D:FD:C4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eVoYZBqRazBgdNHhH9CxDp39xDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/e42ba4-7a84-4226-afa7-09fb8fe72f4a/1/QE91P7FhBRPqqABVZQnH3EQFI4M.roa
Signing time:             Tue 02 Jan 2024 06:32:23 +0000
ROA not before:           Tue 02 Jan 2024 06:32:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59750
IP address blocks:        194.1.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/e42ba4-7a84-4226-afa7-09fb8fe72f4a/1/eVoYZBqRazBgdNHhH9CxDp39xDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/e42ba4-7a84-4226-afa7-09fb8fe72f4a/1/eVoYZBqRazBgdNHhH9CxDp39xDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eVoYZBqRazBgdNHhH9CxDp39xDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:8e:d2:c0:fc:dd:ef:15:c2:8e:75:d5:dc:1d:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=795a18641a916b306074d1e11fd0b10e9dfdc430
        Validity
            Not Before: Jan  2 06:32:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=404f753fb1610513eaa800556509c7dc44052383
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:8a:bf:b5:2b:af:a1:61:41:af:1a:8d:c9:03:
                    cd:ed:70:4a:eb:8b:59:4f:56:e2:e7:98:50:08:df:
                    2e:e2:a4:2b:13:e9:b3:fa:8b:77:1a:92:b9:48:10:
                    93:81:66:bc:2c:c4:12:78:05:3a:62:05:7d:79:04:
                    43:ac:08:e4:a9:36:b2:30:d9:d9:d0:28:7c:bc:9f:
                    de:cd:3d:3c:f3:19:17:69:6e:1b:a8:db:70:e3:ca:
                    8d:c7:57:7e:4d:e6:4a:bf:56:e4:50:ff:2c:45:2d:
                    b9:c6:ab:c7:8d:87:6f:04:e2:8c:3f:3a:ba:7e:a3:
                    c3:c7:ec:b3:18:d9:a0:e9:e1:21:0e:73:e4:30:f4:
                    82:f0:fd:34:8b:17:68:b6:b2:bf:66:8e:2a:d1:10:
                    eb:93:34:25:02:18:da:dd:d2:33:d4:7c:f5:74:fd:
                    cc:16:2e:17:be:07:c2:11:f9:73:b5:47:2d:6f:34:
                    b7:0e:6b:b4:20:bd:72:4e:ec:5a:00:2b:63:6d:0d:
                    8d:9b:af:30:74:d8:27:13:ff:c2:c3:92:1e:b1:62:
                    fa:ed:bd:92:48:c8:2c:43:25:8f:27:ca:df:7d:bf:
                    ba:e8:71:bc:14:79:99:b7:19:41:77:cf:8d:25:eb:
                    1b:45:dd:43:a3:13:0e:97:e5:9c:18:09:7a:f8:d0:
                    2c:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:4F:75:3F:B1:61:05:13:EA:A8:00:55:65:09:C7:DC:44:05:23:83
            X509v3 Authority Key Identifier:
                keyid:79:5A:18:64:1A:91:6B:30:60:74:D1:E1:1F:D0:B1:0E:9D:FD:C4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eVoYZBqRazBgdNHhH9CxDp39xDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/e42ba4-7a84-4226-afa7-09fb8fe72f4a/1/QE91P7FhBRPqqABVZQnH3EQFI4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/e42ba4-7a84-4226-afa7-09fb8fe72f4a/1/eVoYZBqRazBgdNHhH9CxDp39xDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:55:9f:6c:70:de:10:18:9a:c2:4b:82:b0:b2:70:92:9f:cc:
         14:78:2c:33:ec:f0:1e:6b:c6:c0:9e:7a:7c:b0:b5:5d:1d:34:
         4d:e0:d0:f1:e2:f3:c3:98:70:fa:27:de:6f:12:a9:20:9a:f1:
         a6:56:f4:01:df:b4:af:ca:b1:03:45:8f:9f:f5:66:78:12:73:
         e8:43:1d:73:63:cc:8c:72:ce:30:1c:c7:51:94:98:77:53:02:
         c9:7c:60:19:de:3e:cd:46:27:32:29:4f:8b:90:eb:a6:a0:44:
         78:b8:d2:e3:66:0d:b6:40:5e:fd:6f:62:a0:36:ae:9d:d8:ef:
         3a:4b:20:13:41:1b:7a:a9:bd:4b:95:87:0f:c4:37:24:64:66:
         3b:5d:70:86:23:50:4c:f8:24:05:30:8c:86:b7:af:95:de:53:
         c8:57:ac:c2:71:76:be:56:cd:9c:dc:dd:fb:04:99:1a:74:c3:
         c6:25:84:24:b4:ab:b7:21:bd:8b:fe:69:8c:6a:51:85:fc:70:
         0d:86:4b:0b:91:a4:09:83:d0:c7:4b:1a:7e:1b:c1:87:7d:e1:
         48:f3:0b:29:b7:b4:d2:50:58:26:28:c8:02:ae:ea:c3:c6:c4:
         c1:72:4f:3d:d8:66:16:6a:df:3b:f7:64:3e:95:ea:e1:70:71:
         6b:19:83:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI347SwPzd7xXCjnXV3B2OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NWExODY0MWE5MTZiMzA2MDc0ZDFlMTFmZDBiMTBlOWRm
ZGM0MzAwHhcNMjQwMTAyMDYzMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDRmNzUzZmIxNjEwNTEzZWFhODAwNTU2NTA5YzdkYzQ0MDUyMzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhoq/tSuvoWFBrxqNyQPN7XBK64tZ
T1bi55hQCN8u4qQrE+mz+ot3GpK5SBCTgWa8LMQSeAU6YgV9eQRDrAjkqTayMNnZ
0Ch8vJ/ezT088xkXaW4bqNtw48qNx1d+TeZKv1bkUP8sRS25xqvHjYdvBOKMPzq6
fqPDx+yzGNmg6eEhDnPkMPSC8P00ixdotrK/Zo4q0RDrkzQlAhja3dIz1Hz1dP3M
Fi4XvgfCEflztUctbzS3Dmu0IL1yTuxaACtjbQ2Nm68wdNgnE//Cw5IesWL67b2S
SMgsQyWPJ8rffb+66HG8FHmZtxlBd8+NJesbRd1DoxMOl+WcGAl6+NAslwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEBPdT+xYQUT6qgAVWUJx9xEBSODMB8GA1UdIwQY
MBaAFHlaGGQakWswYHTR4R/QsQ6d/cQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVZvWVpCcVJhekJnZE5IaEg5Q3hEcDM5eERBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9lNDJiYTQtN2E4NC00MjI2LWFmYTct
MDlmYjhmZTcyZjRhLzEvUUU5MVA3RmhCUlBxcUFCVlpRbkgzRVFGSTRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9lNDJiYTQtN2E4NC00MjI2LWFmYTctMDlmYjhmZTcyZjRh
LzEvZVZvWVpCcVJhekJnZE5IaEg5Q3hEcDM5eERBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgH3MA0G
CSqGSIb3DQEBCwUAA4IBAQAeVZ9scN4QGJrCS4KwsnCSn8wUeCwz7PAea8bAnnp8
sLVdHTRN4NDx4vPDmHD6J95vEqkgmvGmVvQB37SvyrEDRY+f9WZ4EnPoQx1zY8yM
cs4wHMdRlJh3UwLJfGAZ3j7NRicyKU+LkOumoER4uNLjZg22QF79b2KgNq6d2O86
SyATQRt6qb1LlYcPxDckZGY7XXCGI1BM+CQFMIyGt6+V3lPIV6zCcXa+Vs2c3N37
BJkadMPGJYQktKu3Ib2L/mmMalGF/HANhksLkaQJg9DHSxp+G8GHfeFI8wspt7TS
UFgmKMgCrurDxsTBck892GYWat8792Q+lerhcHFrGYON
-----END CERTIFICATE-----