Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/1Q8A5EuGcU3tOHuCyi07W-I_rRM.roa
File:                     1Q8A5EuGcU3tOHuCyi07W-I_rRM.roa (raw, json)
Hash identifier:          Cz1clAtPJBsU2YI4vjxv/9ZTua8nSqJqLt3b0F7odAo=
Subject key identifier:   D5:0F:00:E4:4B:86:71:4D:ED:38:7B:82:CA:2D:3B:5B:E2:3F:AD:13
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       019230C5E645AA9E91356B00F0A046671B4C
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/1Q8A5EuGcU3tOHuCyi07W-I_rRM.roa
Signing time:             Thu 26 Sep 2024 23:58:48 +0000
ROA not before:           Thu 26 Sep 2024 23:58:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58212
IP address blocks:        217.147.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:30:c5:e6:45:aa:9e:91:35:6b:00:f0:a0:46:67:1b:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Sep 26 23:58:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d50f00e44b86714ded387b82ca2d3b5be23fad13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4f:e3:76:a3:51:7e:c6:11:f6:1c:4b:5d:1d:
                    86:f7:9b:94:d8:c9:8b:d9:af:ab:1e:b5:4f:40:e6:
                    66:3c:e1:d0:ba:c1:9e:4b:ec:b3:ff:05:c2:d7:3b:
                    43:08:7d:a6:a9:35:e3:2b:3b:e6:72:1e:1d:e3:10:
                    e7:2d:63:96:28:96:1b:9d:f0:67:44:4c:b7:5b:06:
                    ab:24:3b:6f:a2:ea:b5:dc:1e:3f:6a:55:79:d1:10:
                    c9:fa:ca:a2:93:4a:43:3b:66:c5:a6:5d:40:8f:fe:
                    91:b2:00:d3:ff:42:9a:69:c8:b7:5a:eb:b9:c4:25:
                    cf:a8:05:6e:54:f6:1f:f7:4a:b5:f8:80:cb:25:c8:
                    d3:e2:ae:c4:2d:24:ae:2f:87:1b:a1:fc:82:bf:f9:
                    e6:52:8d:f6:b8:ef:8c:d7:22:2d:58:27:2a:a3:25:
                    c8:55:05:8d:d4:97:73:96:c2:ef:70:9c:86:fe:4a:
                    be:6c:d0:58:76:fc:9b:09:02:d2:15:50:fb:44:b8:
                    f5:e4:7b:7f:ad:8d:49:c5:88:17:a5:55:38:69:bb:
                    da:21:28:43:90:fc:d9:77:cf:32:a1:b8:d2:1f:f3:
                    d0:b9:f0:1d:74:7b:51:a8:89:db:f5:63:10:13:5b:
                    1e:96:ac:87:dc:46:bc:e9:a4:d8:91:1b:e9:a7:b1:
                    97:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:0F:00:E4:4B:86:71:4D:ED:38:7B:82:CA:2D:3B:5B:E2:3F:AD:13
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/1Q8A5EuGcU3tOHuCyi07W-I_rRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:90:e0:10:48:d5:2f:49:45:5b:01:e6:03:f1:cf:a5:c4:ec:
         52:69:ed:51:06:4b:01:37:51:5d:e3:96:76:25:c9:7c:67:ca:
         64:10:60:41:7a:ec:b5:12:24:28:25:71:23:2b:1a:28:70:94:
         4d:c4:b6:22:d4:f0:d3:86:9f:88:a1:47:d1:27:ca:05:8e:4e:
         cb:37:f0:c0:8d:59:dc:e0:04:68:5d:4c:23:99:4f:4f:8b:40:
         2e:d2:65:4f:bc:5d:7d:2c:2e:2e:58:fb:42:5a:b3:7a:d2:09:
         27:a3:08:ab:21:b3:75:08:57:bb:95:4d:f3:07:d2:74:e8:bd:
         5c:21:9b:ff:2f:9a:f8:87:81:01:68:05:af:25:c0:d2:c2:bc:
         7b:b7:7b:07:ac:3b:2d:e3:f3:75:89:f9:6b:c3:57:c2:4d:67:
         7b:46:5e:25:37:58:c5:8e:10:d1:1b:95:34:08:71:2f:24:b8:
         57:c9:fd:70:5b:19:62:b7:a7:f1:bb:86:38:a1:4e:74:dc:cd:
         ad:13:64:55:c7:64:ab:51:d7:3e:e8:4d:66:1b:33:96:c8:f8:
         fa:69:17:ba:da:32:5d:93:a6:89:dd:17:4e:8f:34:de:0f:2b:
         1a:4b:71:de:76:12:95:27:80:61:0c:3a:71:2e:2c:d8:13:b8:
         b3:b0:c8:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIwxeZFqp6RNWsA8KBGZxtMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjQwOTI2MjM1ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTBmMDBlNDRiODY3MTRkZWQzODdiODJjYTJkM2I1YmUyM2ZhZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlk/jdqNRfsYR9hxLXR2G95uU2MmL
2a+rHrVPQOZmPOHQusGeS+yz/wXC1ztDCH2mqTXjKzvmch4d4xDnLWOWKJYbnfBn
REy3WwarJDtvouq13B4/alV50RDJ+sqik0pDO2bFpl1Aj/6RsgDT/0Kaaci3Wuu5
xCXPqAVuVPYf90q1+IDLJcjT4q7ELSSuL4cbofyCv/nmUo32uO+M1yItWCcqoyXI
VQWN1JdzlsLvcJyG/kq+bNBYdvybCQLSFVD7RLj15Ht/rY1JxYgXpVU4abvaIShD
kPzZd88yobjSH/PQufAddHtRqInb9WMQE1selqyH3Ea86aTYkRvpp7GXmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUPAORLhnFN7Th7gsotO1viP60TMB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvMVE4QTVFdUdjVTN0T0h1Q3lpMDdXLUlfclJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOoMA0G
CSqGSIb3DQEBCwUAA4IBAQBrkOAQSNUvSUVbAeYD8c+lxOxSae1RBksBN1Fd45Z2
Jcl8Z8pkEGBBeuy1EiQoJXEjKxoocJRNxLYi1PDThp+IoUfRJ8oFjk7LN/DAjVnc
4ARoXUwjmU9Pi0Au0mVPvF19LC4uWPtCWrN60gknowirIbN1CFe7lU3zB9J06L1c
IZv/L5r4h4EBaAWvJcDSwrx7t3sHrDst4/N1iflrw1fCTWd7Rl4lN1jFjhDRG5U0
CHEvJLhXyf1wWxlit6fxu4Y4oU503M2tE2RVx2SrUdc+6E1mGzOWyPj6aRe62jJd
k6aJ3RdOjzTeDysaS3HedhKVJ4BhDDpxLizYE7izsMj0
-----END CERTIFICATE-----