Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/QgGv7Ch7EKBE8lNTALvWYX1A56Y.roa
File:                     QgGv7Ch7EKBE8lNTALvWYX1A56Y.roa (raw, json)
Hash identifier:          mhC7wzxX6GaFVpi+gMWcu6RUbRh9aSH80A+jyQabUwA=
Subject key identifier:   42:01:AF:EC:28:7B:10:A0:44:F2:53:53:00:BB:D6:61:7D:40:E7:A6
Certificate issuer:       /CN=f7d32e75294187d46e8eae0f8fe72b5fd7abf886
Certificate serial:       0192C9CCD50BD9B929193DBD75C6A48CA7A8
Authority key identifier: F7:D3:2E:75:29:41:87:D4:6E:8E:AE:0F:8F:E7:2B:5F:D7:AB:F8:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/99MudSlBh9Rujq4Pj-crX9er-IY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/QgGv7Ch7EKBE8lNTALvWYX1A56Y.roa
Signing time:             Sat 26 Oct 2024 17:08:17 +0000
ROA not before:           Sat 26 Oct 2024 17:08:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215424
IP address blocks:        45.14.76.0/22 maxlen: 24
                          195.95.153.0/24 maxlen: 24
                          2a03:5e60::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/99MudSlBh9Rujq4Pj-crX9er-IY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/99MudSlBh9Rujq4Pj-crX9er-IY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/99MudSlBh9Rujq4Pj-crX9er-IY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c9:cc:d5:0b:d9:b9:29:19:3d:bd:75:c6:a4:8c:a7:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7d32e75294187d46e8eae0f8fe72b5fd7abf886
        Validity
            Not Before: Oct 26 17:08:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4201afec287b10a044f2535300bbd6617d40e7a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:09:0f:d6:a3:da:1c:06:69:8e:5d:33:17:fa:
                    16:aa:5d:97:b3:2d:f2:16:53:12:aa:c4:2b:63:d6:
                    c3:ab:4b:12:48:58:ab:de:b8:e5:49:28:5d:d6:37:
                    47:31:6d:46:50:eb:53:2c:3a:10:30:0f:27:ad:8d:
                    e5:86:20:1e:b8:20:7f:6b:d3:22:80:a8:ce:2e:8c:
                    a2:83:66:9b:5b:55:21:c0:43:bd:0c:75:ec:43:bc:
                    3e:c5:53:db:8b:55:bd:5a:17:61:0b:ea:6c:67:8c:
                    73:6e:d1:8c:36:e6:0f:90:c6:22:b8:a1:f4:bf:9c:
                    fe:9a:64:ac:9e:6e:bd:9f:58:60:91:0f:75:ff:77:
                    5c:8c:13:35:07:72:df:ef:66:98:81:57:ce:c1:79:
                    2b:f9:66:0f:5a:f3:78:cb:32:ba:73:9f:66:67:ae:
                    3f:3f:04:16:ac:ba:a6:27:1a:e6:9b:fb:bc:db:ac:
                    e0:2d:b5:c0:f9:1d:ff:d1:52:95:c7:51:b9:5d:8e:
                    d1:d6:e2:79:35:e1:67:7f:80:cd:ec:ef:aa:9b:2b:
                    d8:4c:25:c5:3f:04:fe:df:8d:e6:b8:8a:3d:49:05:
                    35:68:87:75:2f:4a:73:5a:b9:e9:4a:23:81:3e:47:
                    a9:42:8e:94:be:50:79:f2:27:24:4d:7b:97:12:56:
                    63:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:01:AF:EC:28:7B:10:A0:44:F2:53:53:00:BB:D6:61:7D:40:E7:A6
            X509v3 Authority Key Identifier:
                keyid:F7:D3:2E:75:29:41:87:D4:6E:8E:AE:0F:8F:E7:2B:5F:D7:AB:F8:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/99MudSlBh9Rujq4Pj-crX9er-IY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/QgGv7Ch7EKBE8lNTALvWYX1A56Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/99MudSlBh9Rujq4Pj-crX9er-IY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.76.0/22
                  195.95.153.0/24
                IPv6:
                  2a03:5e60::/32

    Signature Algorithm: sha256WithRSAEncryption
         6c:16:2f:71:a0:a7:4c:4f:61:bf:46:d9:31:b2:6e:70:0f:27:
         f4:27:a6:ae:ec:f0:1a:0f:f5:5e:25:a0:0f:d3:8d:02:0e:fa:
         25:0e:e8:1a:80:12:51:e4:e0:e9:7c:f5:57:ef:b5:d7:1c:6e:
         22:a0:c0:2e:8f:2e:3f:f8:ac:49:27:ec:68:0f:bb:e3:b6:62:
         e1:91:92:64:60:9a:ed:57:4b:b3:d5:3f:eb:2d:82:13:d1:f4:
         68:9e:d5:96:b9:cb:5a:82:fe:f3:01:9d:33:e7:10:ae:7d:86:
         4e:b4:91:a8:2e:7b:51:22:ba:77:e9:b4:c2:e1:bc:ce:28:62:
         29:4e:47:a2:bf:a4:10:a2:64:28:30:f5:42:65:eb:65:87:78:
         71:9c:77:d9:99:62:07:f8:48:fe:97:80:4c:d1:3b:6c:f8:9f:
         49:a3:dd:59:b2:31:e8:1e:bb:bd:dc:0e:d3:46:d6:3d:29:9f:
         2d:02:e7:af:b7:ab:f3:df:22:53:6d:6f:ed:30:a8:27:df:b8:
         4e:77:6f:8e:86:33:22:48:5a:9c:fd:bb:01:f7:77:f6:25:1b:
         71:fc:57:8b:2b:6e:de:29:4f:af:14:07:12:82:cf:9e:dc:87:
         e4:f5:1d:8b:a3:f1:a2:d9:1b:33:aa:58:60:a8:ae:1b:15:66:
         80:f2:e9:0d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZLJzNUL2bkpGT29dcakjKeoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ZDMyZTc1Mjk0MTg3ZDQ2ZThlYWUwZjhmZTcyYjVmZDdh
YmY4ODYwHhcNMjQxMDI2MTcwODE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjAxYWZlYzI4N2IxMGEwNDRmMjUzNTMwMGJiZDY2MTdkNDBlN2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3gkP1qPaHAZpjl0zF/oWql2Xsy3y
FlMSqsQrY9bDq0sSSFir3rjlSShd1jdHMW1GUOtTLDoQMA8nrY3lhiAeuCB/a9Mi
gKjOLoyig2abW1UhwEO9DHXsQ7w+xVPbi1W9WhdhC+psZ4xzbtGMNuYPkMYiuKH0
v5z+mmSsnm69n1hgkQ91/3dcjBM1B3Lf72aYgVfOwXkr+WYPWvN4yzK6c59mZ64/
PwQWrLqmJxrmm/u826zgLbXA+R3/0VKVx1G5XY7R1uJ5NeFnf4DN7O+qmyvYTCXF
PwT+343muIo9SQU1aId1L0pzWrnpSiOBPkepQo6UvlB58ickTXuXElZj3QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEIBr+woexCgRPJTUwC71mF9QOemMB8GA1UdIwQY
MBaAFPfTLnUpQYfUbo6uD4/nK1/Xq/iGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTlNdWRTbEJoOVJ1anE0UGotY3JYOWVyLUlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9kMGNjNDEtYzhmMS00YTQ0LTkxZjAt
ZDFhNDU5OWNiMGU1LzEvUWdHdjdDaDdFS0JFOGxOVEFMdldZWDFBNTZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9kMGNjNDEtYzhmMS00YTQ0LTkxZjAtZDFhNDU5OWNiMGU1
LzEvOTlNdWRTbEJoOVJ1anE0UGotY3JYOWVyLUlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLQ5MAwQA
w1+ZMA0EAgACMAcDBQAqA15gMA0GCSqGSIb3DQEBCwUAA4IBAQBsFi9xoKdMT2G/
Rtkxsm5wDyf0J6au7PAaD/VeJaAP040CDvolDugagBJR5ODpfPVX77XXHG4ioMAu
jy4/+KxJJ+xoD7vjtmLhkZJkYJrtV0uz1T/rLYIT0fRontWWuctagv7zAZ0z5xCu
fYZOtJGoLntRIrp36bTC4bzOKGIpTkeiv6QQomQoMPVCZetlh3hxnHfZmWIH+Ej+
l4BM0Tts+J9Jo91ZsjHoHru93A7TRtY9KZ8tAuevt6vz3yJTbW/tMKgn37hOd2+O
hjMiSFqc/bsB93f2JRtx/FeLK27eKU+vFAcSgs+e3Ifk9R2Lo/Gi2RszqlhgqK4b
FWaA8ukN
-----END CERTIFICATE-----