Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/49924d-7699-4af4-aff9-22aa4f3a7615/1/qzPII3rg1km9b4kQmaDFcgapwXc.roa
File:                     qzPII3rg1km9b4kQmaDFcgapwXc.roa (raw, json)
Hash identifier:          tlXFKCkmT823FBDvWHCljmMAPrdqaCiqpoXI/fxU0AA=
Subject key identifier:   AB:33:C8:23:7A:E0:D6:49:BD:6F:89:10:99:A0:C5:72:06:A9:C1:77
Certificate issuer:       /CN=46055e82002cc0bd7b9987e5d7365420eafd4970
Certificate serial:       018CC8714E8D66AD1C62E29C48C9A2A21CC4
Authority key identifier: 46:05:5E:82:00:2C:C0:BD:7B:99:87:E5:D7:36:54:20:EA:FD:49:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RgVeggAswL17mYfl1zZUIOr9SXA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/49924d-7699-4af4-aff9-22aa4f3a7615/1/qzPII3rg1km9b4kQmaDFcgapwXc.roa
Signing time:             Tue 02 Jan 2024 04:31:58 +0000
ROA not before:           Tue 02 Jan 2024 04:31:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12735
IP address blocks:        193.160.144.0/24 maxlen: 24
                          2a0c:bec0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/49924d-7699-4af4-aff9-22aa4f3a7615/1/RgVeggAswL17mYfl1zZUIOr9SXA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/49924d-7699-4af4-aff9-22aa4f3a7615/1/RgVeggAswL17mYfl1zZUIOr9SXA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RgVeggAswL17mYfl1zZUIOr9SXA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:4e:8d:66:ad:1c:62:e2:9c:48:c9:a2:a2:1c:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46055e82002cc0bd7b9987e5d7365420eafd4970
        Validity
            Not Before: Jan  2 04:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab33c8237ae0d649bd6f891099a0c57206a9c177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:94:91:0c:50:06:2f:f0:34:0f:1b:88:c8:23:
                    bb:c0:55:b5:86:47:14:a3:19:9a:26:6a:ac:07:2e:
                    18:f7:47:06:f3:b3:5e:5d:4e:cc:4f:d9:13:e7:27:
                    cb:2d:12:15:7e:9a:13:d3:da:1b:31:5e:d1:ca:09:
                    1b:43:3b:f6:e6:3a:6f:f0:9c:ca:f6:d0:84:a5:2b:
                    fd:9a:8a:47:f8:20:ad:1e:38:09:84:c9:7b:d3:07:
                    92:a1:8b:a6:49:17:85:5e:5c:e7:d6:3f:91:19:38:
                    d5:53:e1:a8:65:f1:3a:5f:a9:f3:95:3c:98:3d:fb:
                    bc:d7:25:44:bf:c1:1e:97:b0:a7:92:b9:e4:51:a7:
                    22:f3:0e:13:6e:7d:82:15:0d:59:d5:2f:b5:f4:29:
                    23:af:d5:39:07:51:4c:d9:56:3a:ec:44:a6:bc:4c:
                    5a:4e:fe:cf:28:85:d7:f3:e3:38:ee:3d:62:0d:b3:
                    87:eb:bc:c3:52:a4:8c:b4:1d:75:4e:d6:19:d5:f9:
                    bf:56:ce:7f:bf:f3:67:78:bc:62:6a:65:5a:02:4e:
                    a6:b9:f7:68:49:61:8a:d4:b4:8c:ee:8f:4c:1f:a9:
                    61:6a:d2:ad:35:b2:54:e2:55:bb:d5:ba:14:3f:10:
                    0d:7b:5f:12:ba:f9:b4:9a:1b:f0:a3:f1:bc:79:2d:
                    8e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:33:C8:23:7A:E0:D6:49:BD:6F:89:10:99:A0:C5:72:06:A9:C1:77
            X509v3 Authority Key Identifier:
                keyid:46:05:5E:82:00:2C:C0:BD:7B:99:87:E5:D7:36:54:20:EA:FD:49:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RgVeggAswL17mYfl1zZUIOr9SXA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/49924d-7699-4af4-aff9-22aa4f3a7615/1/qzPII3rg1km9b4kQmaDFcgapwXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/49924d-7699-4af4-aff9-22aa4f3a7615/1/RgVeggAswL17mYfl1zZUIOr9SXA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.144.0/24
                IPv6:
                  2a0c:bec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:65:54:c4:ee:89:f0:58:65:66:f8:a5:e7:ce:85:5a:92:32:
         ca:d4:9c:7f:d9:dc:eb:51:99:89:fc:d2:e9:67:9c:bd:fe:3c:
         76:65:e5:b1:79:d5:ce:e0:ef:06:91:93:bc:cb:01:72:c6:0e:
         84:67:28:95:04:80:f8:59:ef:b7:46:72:37:51:cf:cc:b6:50:
         c9:91:bc:5f:da:dc:1b:29:ac:1c:dd:36:91:be:ef:3f:c1:35:
         65:b5:d1:7e:0f:3f:43:99:41:fd:10:77:27:0f:63:11:04:2e:
         ba:14:a2:1a:34:ab:41:85:72:3b:0f:78:e3:f4:75:7d:09:3a:
         a1:a8:a7:52:7e:ed:02:e8:68:2a:37:85:e8:82:8f:2c:f8:1f:
         b8:79:9d:5c:84:d1:2b:67:3e:d6:c8:66:28:03:a9:95:54:5b:
         85:78:35:24:37:f2:02:3a:a4:11:03:78:8f:6c:43:a1:30:19:
         37:3c:f4:d5:f9:b8:e5:b1:83:13:fb:0d:f2:2c:61:d9:b2:e5:
         4f:98:ed:4c:ae:30:72:de:48:4a:1d:50:cc:71:13:09:db:61:
         c2:e2:b6:49:07:93:b6:2e:08:7d:0e:da:8e:f4:51:68:34:53:
         f7:27:4c:72:1b:f8:d0:2a:0b:d3:d7:8e:e0:5c:ab:b6:9e:20:
         9f:aa:19:e2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcU6NZq0cYuKcSMmiohzEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MDU1ZTgyMDAyY2MwYmQ3Yjk5ODdlNWQ3MzY1NDIwZWFm
ZDQ5NzAwHhcNMjQwMTAyMDQzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjMzYzgyMzdhZTBkNjQ5YmQ2Zjg5MTA5OWEwYzU3MjA2YTljMTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZSRDFAGL/A0DxuIyCO7wFW1hkcU
oxmaJmqsBy4Y90cG87NeXU7MT9kT5yfLLRIVfpoT09obMV7RygkbQzv25jpv8JzK
9tCEpSv9mopH+CCtHjgJhMl70weSoYumSReFXlzn1j+RGTjVU+GoZfE6X6nzlTyY
Pfu81yVEv8Eel7CnkrnkUaci8w4Tbn2CFQ1Z1S+19Ckjr9U5B1FM2VY67ESmvExa
Tv7PKIXX8+M47j1iDbOH67zDUqSMtB11TtYZ1fm/Vs5/v/NneLxiamVaAk6mufdo
SWGK1LSM7o9MH6lhatKtNbJU4lW71boUPxANe18Suvm0mhvwo/G8eS2OKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKszyCN64NZJvW+JEJmgxXIGqcF3MB8GA1UdIwQY
MBaAFEYFXoIALMC9e5mH5dc2VCDq/UlwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmdWZWdnQXN3TDE3bVlmbDF6WlVJT3I5U1hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy80OTkyNGQtNzY5OS00YWY0LWFmZjkt
MjJhYTRmM2E3NjE1LzEvcXpQSUkzcmcxa205YjRrUW1hREZjZ2Fwd1hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy80OTkyNGQtNzY5OS00YWY0LWFmZjktMjJhYTRmM2E3NjE1
LzEvUmdWZWdnQXN3TDE3bVlmbDF6WlVJT3I5U1hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaCQMA0E
AgACMAcDBQMqDL7AMA0GCSqGSIb3DQEBCwUAA4IBAQCJZVTE7onwWGVm+KXnzoVa
kjLK1Jx/2dzrUZmJ/NLpZ5y9/jx2ZeWxedXO4O8GkZO8ywFyxg6EZyiVBID4We+3
RnI3Uc/MtlDJkbxf2twbKawc3TaRvu8/wTVltdF+Dz9DmUH9EHcnD2MRBC66FKIa
NKtBhXI7D3jj9HV9CTqhqKdSfu0C6GgqN4Xogo8s+B+4eZ1chNErZz7WyGYoA6mV
VFuFeDUkN/ICOqQRA3iPbEOhMBk3PPTV+bjlsYMT+w3yLGHZsuVPmO1MrjBy3khK
HVDMcRMJ22HC4rZJB5O2Lgh9DtqO9FFoNFP3J0xyG/jQKgvT147gXKu2niCfqhni
-----END CERTIFICATE-----