Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/qOQNiW2e6VHxtIQ-7AybVqdHiUA.roa
File:                     qOQNiW2e6VHxtIQ-7AybVqdHiUA.roa (raw, json)
Hash identifier:          X9FjQBnG/omhDdqRcJuENB5gaV9SFO+GlH1W+uagdW4=
Subject key identifier:   A8:E4:0D:89:6D:9E:E9:51:F1:B4:84:3E:EC:0C:9B:56:A7:47:89:40
Certificate issuer:       /CN=c41c7221ede3af5ee92e3206af2f18bd010d5dd9
Certificate serial:       018CC50033DA08215603404FEF86BA2DC459
Authority key identifier: C4:1C:72:21:ED:E3:AF:5E:E9:2E:32:06:AF:2F:18:BD:01:0D:5D:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/qOQNiW2e6VHxtIQ-7AybVqdHiUA.roa
Signing time:             Mon 01 Jan 2024 12:29:33 +0000
ROA not before:           Mon 01 Jan 2024 12:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51305
IP address blocks:        128.127.93.0/24 maxlen: 24
                          2a00:10a0:b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:33:da:08:21:56:03:40:4f:ef:86:ba:2d:c4:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c41c7221ede3af5ee92e3206af2f18bd010d5dd9
        Validity
            Not Before: Jan  1 12:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8e40d896d9ee951f1b4843eec0c9b56a7478940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:bb:d7:da:6d:e1:a4:bd:62:ef:1d:42:da:5a:
                    e2:69:1d:0c:91:22:16:ca:a0:36:6a:c0:6f:89:1e:
                    dd:a8:00:53:f4:96:0c:e2:4d:03:c4:be:47:a6:0f:
                    7f:9b:99:b2:09:bf:1f:9b:d3:98:6f:b2:09:cd:f9:
                    aa:eb:95:60:66:fe:bd:ea:02:0d:b9:c4:de:6a:f4:
                    31:66:c0:5a:2f:fe:ab:04:c3:da:a0:f4:a7:33:fd:
                    a0:6d:dc:33:da:d2:11:a5:9c:bc:4b:14:71:11:29:
                    8f:36:e5:49:c7:77:58:21:6e:cc:47:41:ad:da:f7:
                    17:c1:c3:ba:5b:5c:72:a1:14:60:97:a4:0d:4e:1f:
                    86:b6:ac:27:d0:67:09:a6:86:95:4f:61:6c:9c:cc:
                    d2:08:09:14:76:50:9e:c1:14:c1:58:ec:51:63:90:
                    58:4b:29:b1:7b:e6:eb:db:8b:6d:87:62:10:95:6e:
                    1d:68:8d:fa:5f:56:7a:a0:9a:e3:b8:7d:1a:2b:ab:
                    66:6a:f9:23:13:6b:85:e0:f9:66:ef:9c:d3:66:0f:
                    e9:bd:57:95:27:2b:d8:3b:ea:0e:ab:dd:dc:d6:0a:
                    3b:b3:26:67:38:7f:56:98:69:ae:cf:33:a1:67:f3:
                    51:db:3f:21:16:63:a4:a8:08:19:ae:be:b9:71:26:
                    5a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E4:0D:89:6D:9E:E9:51:F1:B4:84:3E:EC:0C:9B:56:A7:47:89:40
            X509v3 Authority Key Identifier:
                keyid:C4:1C:72:21:ED:E3:AF:5E:E9:2E:32:06:AF:2F:18:BD:01:0D:5D:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/qOQNiW2e6VHxtIQ-7AybVqdHiUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.127.93.0/24
                IPv6:
                  2a00:10a0:b::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:8f:e5:1e:7e:5d:a1:d4:f0:a1:d5:66:eb:00:2a:70:46:e3:
         6e:83:64:21:14:a0:ac:1d:5a:2d:64:d8:b0:4d:f1:e8:76:a7:
         dc:65:a7:b5:da:b9:81:3f:da:98:50:cf:fc:af:20:3e:14:13:
         6a:13:76:37:88:38:62:52:2b:45:14:22:71:3f:4e:0b:d5:11:
         f4:18:ca:22:96:d3:9f:32:f2:45:57:b3:9a:8e:1f:7a:38:b1:
         ef:95:f4:16:90:e7:78:8e:de:f1:97:39:10:31:68:25:1a:8a:
         a5:e4:19:f4:26:dc:ca:05:15:51:07:ed:19:83:95:f8:ff:9b:
         5d:c1:54:e1:3b:2e:55:6e:6d:cd:a5:b0:19:c0:f0:e8:ec:bd:
         fb:32:d7:b3:c8:91:08:ae:82:80:cf:c2:97:70:71:b6:12:0f:
         eb:97:22:f7:a9:44:74:45:33:04:44:8e:1b:80:e0:7f:37:11:
         77:ad:48:a1:01:b8:e8:1b:e3:c1:71:87:4b:5f:8f:14:1b:4c:
         49:f0:83:7c:56:52:79:d8:f2:55:18:5f:5a:8f:4d:99:39:9e:
         61:0c:f3:e9:14:6f:46:a6:48:d2:db:8b:bc:e0:6f:d6:47:29:
         83:fa:27:e9:24:be:72:9a:14:95:45:c2:2b:0e:ec:92:d8:bc:
         e7:7c:48:90
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFADPaCCFWA0BP74a6LcRZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MWM3MjIxZWRlM2FmNWVlOTJlMzIwNmFmMmYxOGJkMDEw
ZDVkZDkwHhcNMjQwMTAxMTIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGU0MGQ4OTZkOWVlOTUxZjFiNDg0M2VlYzBjOWI1NmE3NDc4OTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6bvX2m3hpL1i7x1C2lriaR0MkSIW
yqA2asBviR7dqABT9JYM4k0DxL5Hpg9/m5myCb8fm9OYb7IJzfmq65VgZv696gIN
ucTeavQxZsBaL/6rBMPaoPSnM/2gbdwz2tIRpZy8SxRxESmPNuVJx3dYIW7MR0Gt
2vcXwcO6W1xyoRRgl6QNTh+Gtqwn0GcJpoaVT2FsnMzSCAkUdlCewRTBWOxRY5BY
Symxe+br24tth2IQlW4daI36X1Z6oJrjuH0aK6tmavkjE2uF4Plm75zTZg/pvVeV
JyvYO+oOq93c1go7syZnOH9WmGmuzzOhZ/NR2z8hFmOkqAgZrr65cSZa+wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKjkDYltnulR8bSEPuwMm1anR4lAMB8GA1UdIwQY
MBaAFMQcciHt469e6S4yBq8vGL0BDV3ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEJ4eUllM2pyMTdwTGpJR3J5OFl2UUVOWGRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9lOTliMzUtOGNmNi00OTM0LWE1OTEt
OTkzMGYyMTk0YTBlLzEvcU9RTmlXMmU2Vkh4dElRLTdBeWJWcWRIaVVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9lOTliMzUtOGNmNi00OTM0LWE1OTEtOTkzMGYyMTk0YTBl
LzEveEJ4eUllM2pyMTdwTGpJR3J5OFl2UUVOWGRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAgH9dMA8E
AgACMAkDBwAqABCgAAswDQYJKoZIhvcNAQELBQADggEBAGyP5R5+XaHU8KHVZusA
KnBG426DZCEUoKwdWi1k2LBN8eh2p9xlp7XauYE/2phQz/yvID4UE2oTdjeIOGJS
K0UUInE/TgvVEfQYyiKW058y8kVXs5qOH3o4se+V9BaQ53iO3vGXORAxaCUaiqXk
GfQm3MoFFVEH7RmDlfj/m13BVOE7LlVubc2lsBnA8Ojsvfsy17PIkQiugoDPwpdw
cbYSD+uXIvepRHRFMwREjhuA4H83EXetSKEBuOgb48Fxh0tfjxQbTEnwg3xWUnnY
8lUYX1qPTZk5nmEM8+kUb0amSNLbi7zgb9ZHKYP6J+kkvnKaFJVFwisO7JLYvOd8
SJA=
-----END CERTIFICATE-----