Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/qQxI7kizj_w3FubCO0r2nHE8GsU.roa
File:                     qQxI7kizj_w3FubCO0r2nHE8GsU.roa (raw, json)
Hash identifier:          a5zD4D+SCAj72762p3u5BoWuUJtM1FDuHZXHQABQY8w=
Subject key identifier:   A9:0C:48:EE:48:B3:8F:FC:37:16:E6:C2:3B:4A:F6:9C:71:3C:1A:C5
Certificate issuer:       /CN=47aa878f76b50947cbd7deca04ac832e287b514d
Certificate serial:       018CC6B829CD49A4DC197E3D6DD30073BF5B
Authority key identifier: 47:AA:87:8F:76:B5:09:47:CB:D7:DE:CA:04:AC:83:2E:28:7B:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/qQxI7kizj_w3FubCO0r2nHE8GsU.roa
Signing time:             Mon 01 Jan 2024 20:30:07 +0000
ROA not before:           Mon 01 Jan 2024 20:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207188
IP address blocks:        194.61.102.0/23 maxlen: 24
                          2a03:98c7::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:29:cd:49:a4:dc:19:7e:3d:6d:d3:00:73:bf:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47aa878f76b50947cbd7deca04ac832e287b514d
        Validity
            Not Before: Jan  1 20:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a90c48ee48b38ffc3716e6c23b4af69c713c1ac5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:bc:04:0e:df:68:ea:11:41:b2:8c:ba:33:6c:
                    80:d2:79:38:63:42:2f:17:e1:17:d0:5c:88:fe:9a:
                    6a:b2:a1:ab:c0:4d:4e:77:9c:7d:51:88:6e:6a:df:
                    1d:10:3b:02:76:f6:27:d5:7a:14:fc:9c:04:e0:9e:
                    3f:12:6a:c5:b2:cc:25:d3:29:6f:e5:3b:ae:38:e7:
                    b3:3a:d9:ed:b0:2b:3a:34:78:4f:c1:31:e1:7c:6f:
                    a6:51:fc:72:89:2f:b0:e5:0c:71:81:5c:40:f3:d4:
                    4d:3e:c1:5b:68:4e:5a:f5:d4:ea:81:3a:3f:00:6d:
                    42:f8:85:43:9f:c3:01:56:d1:91:96:4f:ba:3b:d3:
                    7e:d7:7e:f5:76:e2:cb:23:87:79:4e:1c:6e:7f:9f:
                    ff:a3:fc:10:34:6a:b3:bd:96:22:08:ed:77:8c:0f:
                    ed:3f:1f:74:40:81:e7:f6:6d:49:aa:ce:5a:7a:4d:
                    3f:12:b0:0f:99:43:b7:16:48:cf:d0:77:e5:1b:5d:
                    89:12:22:89:8d:ab:0b:c7:e3:95:d1:04:75:83:9d:
                    f2:b8:46:62:cd:ca:a0:1b:be:a2:7b:5a:c4:17:67:
                    84:84:19:61:cc:34:69:c3:8f:6d:cb:d5:b8:f2:02:
                    9b:f1:45:11:6b:40:8e:09:51:d8:74:69:9d:9f:0f:
                    8a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:0C:48:EE:48:B3:8F:FC:37:16:E6:C2:3B:4A:F6:9C:71:3C:1A:C5
            X509v3 Authority Key Identifier:
                keyid:47:AA:87:8F:76:B5:09:47:CB:D7:DE:CA:04:AC:83:2E:28:7B:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/qQxI7kizj_w3FubCO0r2nHE8GsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.102.0/23
                IPv6:
                  2a03:98c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:e5:ac:62:3f:95:6e:0f:b4:25:97:4f:85:2c:7c:29:90:c1:
         f2:0c:d7:92:11:16:88:5f:94:3e:d1:55:94:8b:0f:6a:9b:be:
         2b:86:a1:89:f7:7e:87:b6:ca:07:e3:b2:19:80:07:22:18:02:
         87:db:ee:a1:78:fb:1b:5f:9a:45:07:e6:2d:0d:7a:3f:43:8e:
         84:7f:db:ce:30:da:3c:cd:e7:e4:61:7a:ca:38:a5:26:e4:d9:
         f6:3c:14:ad:2c:bb:3c:8d:ff:3a:6d:69:ae:3b:bf:96:2a:e3:
         01:c7:f5:a2:d5:61:fc:39:09:f7:f6:47:67:07:bb:d5:ef:82:
         9c:94:aa:a2:12:a5:f4:33:39:04:ee:30:6c:16:c1:5c:72:cf:
         92:9d:28:7c:26:b0:34:57:68:35:30:ef:8d:20:b4:c5:53:86:
         57:1c:ef:bc:a3:1c:da:9f:82:58:99:74:e6:3a:29:3c:b3:d0:
         2f:32:71:81:d8:ec:4e:4f:20:38:ad:f4:13:c0:ae:79:c0:fd:
         a1:ca:db:97:2c:93:4d:7c:08:09:0f:fc:06:28:f9:5f:1d:d4:
         34:f6:45:e2:0e:ad:24:00:33:b6:38:8d:ba:ff:48:bf:89:da:
         7a:f9:6e:72:d3:22:76:10:57:df:24:fe:3d:20:7c:fd:b8:c9:
         71:e9:65:0e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuCnNSaTcGX49bdMAc79bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YWE4NzhmNzZiNTA5NDdjYmQ3ZGVjYTA0YWM4MzJlMjg3
YjUxNGQwHhcNMjQwMTAxMjAzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTBjNDhlZTQ4YjM4ZmZjMzcxNmU2YzIzYjRhZjY5YzcxM2MxYWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLwEDt9o6hFBsoy6M2yA0nk4Y0Iv
F+EX0FyI/ppqsqGrwE1Od5x9UYhuat8dEDsCdvYn1XoU/JwE4J4/EmrFsswl0ylv
5TuuOOezOtntsCs6NHhPwTHhfG+mUfxyiS+w5QxxgVxA89RNPsFbaE5a9dTqgTo/
AG1C+IVDn8MBVtGRlk+6O9N+1371duLLI4d5Thxuf5//o/wQNGqzvZYiCO13jA/t
Px90QIHn9m1Jqs5aek0/ErAPmUO3FkjP0HflG12JEiKJjasLx+OV0QR1g53yuEZi
zcqgG76ie1rEF2eEhBlhzDRpw49ty9W48gKb8UURa0COCVHYdGmdnw+KUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKkMSO5Is4/8NxbmwjtK9pxxPBrFMB8GA1UdIwQY
MBaAFEeqh492tQlHy9feygSsgy4oe1FNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjZxSGozYTFDVWZMMTk3S0JLeURMaWg3VVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jMWFiMjYtMjhiMC00NjM3LWI1MWIt
Mzk5MmM1NGUxODdiLzEvcVF4STdraXpqX3czRnViQ08wcjJuSEU4R3NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jMWFiMjYtMjhiMC00NjM3LWI1MWItMzk5MmM1NGUxODdi
LzEvUjZxSGozYTFDVWZMMTk3S0JLeURMaWg3VVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwj1mMA0E
AgACMAcDBQAqA5jHMA0GCSqGSIb3DQEBCwUAA4IBAQBn5axiP5VuD7Qll0+FLHwp
kMHyDNeSERaIX5Q+0VWUiw9qm74rhqGJ936HtsoH47IZgAciGAKH2+6hePsbX5pF
B+YtDXo/Q46Ef9vOMNo8zefkYXrKOKUm5Nn2PBStLLs8jf86bWmuO7+WKuMBx/Wi
1WH8OQn39kdnB7vV74KclKqiEqX0MzkE7jBsFsFccs+SnSh8JrA0V2g1MO+NILTF
U4ZXHO+8oxzan4JYmXTmOik8s9AvMnGB2OxOTyA4rfQTwK55wP2hytuXLJNNfAgJ
D/wGKPlfHdQ09kXiDq0kADO2OI26/0i/idp6+W5y0yJ2EFffJP49IHz9uMlx6WUO
-----END CERTIFICATE-----