Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qrplbK8ufxPRfKo_kwcsvLG5-p4.roa
File:                     qrplbK8ufxPRfKo_kwcsvLG5-p4.roa (raw, json)
Hash identifier:          a9ayu9Wf9sbrbMKxqqd4GM3zKugZzfSXJT454H1RuHc=
Subject key identifier:   AA:BA:65:6C:AF:2E:7F:13:D1:7C:AA:3F:93:07:2C:BC:B1:B9:FA:9E
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       01930D11A9EB1322C234A9AD78023B0AA16F
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qrplbK8ufxPRfKo_kwcsvLG5-p4.roa
Signing time:             Fri 08 Nov 2024 18:38:01 +0000
ROA not before:           Fri 08 Nov 2024 18:38:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205220
IP address blocks:        185.176.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0d:11:a9:eb:13:22:c2:34:a9:ad:78:02:3b:0a:a1:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Nov  8 18:38:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aaba656caf2e7f13d17caa3f93072cbcb1b9fa9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:3a:36:33:ba:a0:b7:63:a5:ac:ef:d8:ba:17:
                    93:c3:21:4d:ce:2f:c9:ee:41:88:71:a9:9b:68:0a:
                    4b:72:c0:3a:25:ba:57:6b:0d:a6:56:fd:b2:63:c4:
                    7d:b0:50:41:78:46:18:9b:84:a6:eb:ad:eb:d9:ec:
                    03:cc:cf:a4:c0:89:cc:b9:5f:c6:4f:ee:02:67:1b:
                    60:1c:99:f8:c5:b2:2d:96:1e:cf:9a:36:a7:68:9f:
                    2b:ed:f6:11:a7:97:32:da:2c:07:c5:a7:0c:a1:de:
                    49:95:06:2d:72:c2:84:f4:9c:80:0b:91:a8:9a:da:
                    d0:a0:f0:5f:e1:b7:ef:da:28:04:81:97:50:fc:ce:
                    58:d9:03:9f:2b:64:93:db:15:ee:4b:7f:9c:5f:6a:
                    5e:8d:87:58:37:f1:ed:57:c4:88:77:af:94:83:7e:
                    09:c7:63:9b:56:46:a1:8f:2c:13:9a:fe:98:00:96:
                    70:fc:5f:04:2f:fd:c2:59:d6:b7:eb:c3:49:34:60:
                    70:e0:bf:7f:51:45:b7:30:12:61:07:91:0b:ef:31:
                    99:84:7f:11:82:d0:de:cb:f9:d5:50:6f:71:12:4b:
                    c0:6a:6b:13:94:56:87:a2:14:a1:a1:25:f3:b6:06:
                    cd:e0:24:83:56:6a:0e:e7:1c:b9:a9:31:12:ee:26:
                    21:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:BA:65:6C:AF:2E:7F:13:D1:7C:AA:3F:93:07:2C:BC:B1:B9:FA:9E
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qrplbK8ufxPRfKo_kwcsvLG5-p4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:79:f1:58:93:38:3b:70:33:d1:5f:96:69:ef:3b:63:d6:9b:
         84:e8:17:0d:92:20:90:57:86:08:86:61:30:c7:0a:b4:26:2b:
         3c:5c:e0:ab:5f:b9:1c:f9:e9:d7:1c:4c:f0:3b:da:d1:ff:34:
         57:48:4d:c4:21:28:81:da:42:9a:b7:2e:d0:bc:84:a3:92:69:
         c1:dc:be:57:8f:1d:8d:0e:5f:61:19:8d:bd:c9:41:06:ab:1c:
         a3:14:c3:9f:43:c2:f9:ba:a7:56:09:24:3b:d1:7f:bc:a6:af:
         19:10:21:d4:77:c5:7e:e8:4d:31:66:72:c1:1d:ed:3b:81:77:
         4d:84:f4:bc:26:be:10:c8:5c:41:e1:5b:73:2a:fc:fc:72:91:
         ba:e6:12:61:1f:cf:66:7b:f6:0b:5a:74:84:e8:87:74:83:a4:
         cd:85:dd:63:cf:b0:f7:92:90:23:7c:1d:f1:50:43:dc:ef:62:
         c6:e5:80:07:73:6e:a3:74:8b:8d:40:26:23:0e:fe:37:8f:7b:
         c7:2c:fe:5f:ad:71:2b:84:ea:bd:f4:b6:02:11:02:f3:99:16:
         7d:32:ae:af:e9:ef:72:40:25:4b:7a:83:7a:bb:34:ff:c1:ce:
         35:56:19:f7:5e:69:f0:61:34:88:29:79:0f:e4:d8:68:63:45:
         96:2c:50:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMNEanrEyLCNKmteAI7CqFvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjQxMTA4MTgzODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWJhNjU2Y2FmMmU3ZjEzZDE3Y2FhM2Y5MzA3MmNiY2IxYjlmYTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zo2M7qgt2OlrO/YuheTwyFNzi/J
7kGIcambaApLcsA6JbpXaw2mVv2yY8R9sFBBeEYYm4Sm663r2ewDzM+kwInMuV/G
T+4CZxtgHJn4xbItlh7PmjanaJ8r7fYRp5cy2iwHxacMod5JlQYtcsKE9JyAC5Go
mtrQoPBf4bfv2igEgZdQ/M5Y2QOfK2ST2xXuS3+cX2pejYdYN/HtV8SId6+Ug34J
x2ObVkahjywTmv6YAJZw/F8EL/3CWda368NJNGBw4L9/UUW3MBJhB5EL7zGZhH8R
gtDey/nVUG9xEkvAamsTlFaHohShoSXztgbN4CSDVmoO5xy5qTES7iYhrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKq6ZWyvLn8T0XyqP5MHLLyxufqeMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcXJwbGJLOHVmeFBSZktvX2t3Y3N2TEc1LXA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubBcMA0G
CSqGSIb3DQEBCwUAA4IBAQC7efFYkzg7cDPRX5Zp7ztj1puE6BcNkiCQV4YIhmEw
xwq0Jis8XOCrX7kc+enXHEzwO9rR/zRXSE3EISiB2kKaty7QvISjkmnB3L5Xjx2N
Dl9hGY29yUEGqxyjFMOfQ8L5uqdWCSQ70X+8pq8ZECHUd8V+6E0xZnLBHe07gXdN
hPS8Jr4QyFxB4VtzKvz8cpG65hJhH89me/YLWnSE6Id0g6TNhd1jz7D3kpAjfB3x
UEPc72LG5YAHc26jdIuNQCYjDv43j3vHLP5frXErhOq99LYCEQLzmRZ9Mq6v6e9y
QCVLeoN6uzT/wc41Vhn3XmnwYTSIKXkP5NhoY0WWLFAb
-----END CERTIFICATE-----