Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/qG_hakUjSKCobX2NUHoLMY1QZ8s.roa
File:                     qG_hakUjSKCobX2NUHoLMY1QZ8s.roa (raw, json)
Hash identifier:          QwQhCRB5lzcJybg+SHlX4B8D3ZCd4pquy+32wTyHxnM=
Subject key identifier:   A8:6F:E1:6A:45:23:48:A0:A8:6D:7D:8D:50:7A:0B:31:8D:50:67:CB
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019253A70A8FEB5E184F31C038AFF834966A
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/qG_hakUjSKCobX2NUHoLMY1QZ8s.roa
Signing time:             Thu 03 Oct 2024 18:31:49 +0000
ROA not before:           Thu 03 Oct 2024 18:31:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        188.241.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:53:a7:0a:8f:eb:5e:18:4f:31:c0:38:af:f8:34:96:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Oct  3 18:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a86fe16a452348a0a86d7d8d507a0b318d5067cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:7a:7d:d1:d2:53:35:ab:db:20:a5:ad:d3:01:
                    d8:2a:8e:7d:62:8a:89:24:a1:7e:74:66:bd:7a:fa:
                    95:c8:91:9d:37:24:bd:a8:9f:61:fd:c1:8b:32:1b:
                    97:c3:b8:92:a6:4f:04:84:94:75:e2:2f:8f:d9:8e:
                    a7:9f:51:34:ea:43:aa:0d:f1:5b:cf:2b:a0:60:eb:
                    fe:5d:96:01:41:f4:75:24:c5:7e:b9:ed:3a:f7:39:
                    99:3c:b9:d8:60:f6:98:bc:62:af:10:e6:6b:20:c8:
                    0f:54:5e:fa:bc:c9:cd:44:da:42:d9:48:f0:07:18:
                    22:69:37:bf:d3:0f:24:de:e0:ad:63:85:63:02:a3:
                    d5:f9:60:03:61:09:5c:4b:b0:a1:b5:db:9b:91:f4:
                    60:fb:0b:e2:72:05:68:29:46:94:fc:3b:93:57:d6:
                    24:f9:77:b2:ee:e9:10:13:93:92:d1:de:15:77:70:
                    0f:24:b9:01:5c:a4:1f:98:60:d7:c0:e0:5b:59:3c:
                    4f:53:ae:13:eb:40:7e:92:6a:d6:f9:83:f3:1e:ed:
                    60:ab:c7:b6:47:1e:30:61:3b:52:22:2a:07:83:5b:
                    f5:58:37:cb:24:91:14:a2:74:72:ff:9b:8e:50:01:
                    43:ca:77:cc:b0:8e:5e:d0:a6:67:57:2a:00:01:4f:
                    b7:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:6F:E1:6A:45:23:48:A0:A8:6D:7D:8D:50:7A:0B:31:8D:50:67:CB
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/qG_hakUjSKCobX2NUHoLMY1QZ8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.241.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:b3:7a:f7:69:86:9f:5d:d3:29:e7:b4:64:25:ab:03:b0:0f:
         e2:10:8f:72:61:de:23:8b:46:8a:d1:7b:21:4c:28:f3:24:58:
         a9:7e:f2:6e:40:cf:f6:76:64:e2:91:ed:f6:e1:6b:66:51:b8:
         a5:28:ba:31:5b:bd:67:6b:6b:0a:65:13:19:f4:0d:7d:07:06:
         f3:b4:77:19:b5:6a:b6:08:42:a2:49:94:c9:cc:1f:76:15:ba:
         b8:a2:04:96:83:a4:2c:6d:6e:93:04:06:65:5a:67:af:70:39:
         33:39:71:9f:8f:f6:6f:a8:1d:10:5d:8a:50:c3:20:5d:22:25:
         8c:d4:a0:f4:be:33:e4:eb:71:47:a9:66:eb:20:2b:8b:1c:3b:
         5e:f9:aa:be:76:25:04:ad:3c:48:0f:b6:c5:e4:91:f0:0c:2e:
         62:10:0a:86:52:ef:89:ea:54:74:16:02:f4:fa:5f:4e:1a:6d:
         ca:55:96:73:da:cb:0a:92:9b:36:3c:85:b0:84:3a:fb:b4:6a:
         a8:4b:d3:60:61:52:13:08:1f:6d:eb:1a:9e:86:7c:f8:3c:63:
         5b:b8:bf:ed:af:b7:56:e6:f5:a4:c8:52:44:3a:a6:4e:13:8b:
         3f:3a:fb:d5:1f:75:f5:13:5c:fc:03:e0:f1:8e:9c:77:b9:0a:
         60:7d:6e:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJTpwqP614YTzHAOK/4NJZqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQxMDAzMTgzMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODZmZTE2YTQ1MjM0OGEwYTg2ZDdkOGQ1MDdhMGIzMThkNTA2N2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXp90dJTNavbIKWt0wHYKo59YoqJ
JKF+dGa9evqVyJGdNyS9qJ9h/cGLMhuXw7iSpk8EhJR14i+P2Y6nn1E06kOqDfFb
zyugYOv+XZYBQfR1JMV+ue069zmZPLnYYPaYvGKvEOZrIMgPVF76vMnNRNpC2Ujw
BxgiaTe/0w8k3uCtY4VjAqPV+WADYQlcS7ChtdubkfRg+wvicgVoKUaU/DuTV9Yk
+Xey7ukQE5OS0d4Vd3APJLkBXKQfmGDXwOBbWTxPU64T60B+kmrW+YPzHu1gq8e2
Rx4wYTtSIioHg1v1WDfLJJEUonRy/5uOUAFDynfMsI5e0KZnVyoAAU+3XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhv4WpFI0igqG19jVB6CzGNUGfLMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvcUdfaGFrVWpTS0NvYlgyTlVIb0xNWTFRWjhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPHAMA0G
CSqGSIb3DQEBCwUAA4IBAQBRs3r3aYafXdMp57RkJasDsA/iEI9yYd4ji0aK0Xsh
TCjzJFipfvJuQM/2dmTike324WtmUbilKLoxW71na2sKZRMZ9A19BwbztHcZtWq2
CEKiSZTJzB92Fbq4ogSWg6QsbW6TBAZlWmevcDkzOXGfj/ZvqB0QXYpQwyBdIiWM
1KD0vjPk63FHqWbrICuLHDte+aq+diUErTxID7bF5JHwDC5iEAqGUu+J6lR0FgL0
+l9OGm3KVZZz2ssKkps2PIWwhDr7tGqoS9NgYVITCB9t6xqehnz4PGNbuL/tr7dW
5vWkyFJEOqZOE4s/OvvVH3X1E1z8A+Dxjpx3uQpgfW4+
-----END CERTIFICATE-----