Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/wq9scvxt_PU-AjdgGQLVQ5gcsJg.roa
File:                     wq9scvxt_PU-AjdgGQLVQ5gcsJg.roa (raw, json)
Hash identifier:          MvzI9I7SA2/uwJU3UWNAx/pduL3gthWqPd05cNR2sFo=
Subject key identifier:   C2:AF:6C:72:FC:6D:FC:F5:3E:02:37:60:19:02:D5:43:98:1C:B0:98
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DE89E45A52C6ECECD05465F895C1B
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/wq9scvxt_PU-AjdgGQLVQ5gcsJg.roa
Signing time:             Mon 01 Jan 2024 14:29:23 +0000
ROA not before:           Mon 01 Jan 2024 14:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44915
IP address blocks:        188.164.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e8:9e:45:a5:2c:6e:ce:cd:05:46:5f:89:5c:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2af6c72fc6dfcf53e0237601902d543981cb098
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:8a:36:f8:17:30:a8:30:db:68:e6:ce:d9:87:
                    c2:34:8e:69:9d:df:0f:c9:cd:3a:2b:29:4d:07:b8:
                    c3:c1:b3:07:ce:90:7b:38:4b:4c:ef:61:c1:ad:ff:
                    73:fc:cc:79:85:17:7b:ed:a9:28:85:91:98:93:94:
                    4e:e9:87:7e:4b:fa:93:d9:8b:c0:eb:a6:d9:a7:eb:
                    3a:c0:08:46:61:26:94:4e:3e:24:ed:10:cf:34:62:
                    62:05:12:f0:b4:0e:61:e7:43:d4:64:2a:a4:43:7c:
                    95:cb:28:8c:8f:6a:61:23:15:5f:60:64:c3:69:8f:
                    51:b8:f8:bb:2f:b5:ed:7a:1b:5e:d0:58:d1:f5:ab:
                    ef:3f:e6:7f:3d:28:fa:cc:23:2c:43:0a:84:ca:bc:
                    3b:46:25:58:dd:b2:37:cf:0d:f5:07:1b:a3:4f:2f:
                    04:4a:a5:cf:c4:67:11:c0:5e:1e:5c:02:fc:06:57:
                    46:98:17:f6:1d:2e:e2:ed:da:7a:a9:a4:60:c9:e1:
                    23:0b:36:00:c7:1d:85:52:e0:17:40:4b:95:24:78:
                    1d:b0:ae:41:55:a6:c2:6c:2f:91:aa:cb:6d:8d:e6:
                    e4:7f:5f:da:f8:45:21:95:00:68:77:e5:4f:1a:48:
                    c7:2c:af:e5:71:6f:35:fc:6d:3e:5f:d6:9c:d3:8a:
                    1b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:AF:6C:72:FC:6D:FC:F5:3E:02:37:60:19:02:D5:43:98:1C:B0:98
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/wq9scvxt_PU-AjdgGQLVQ5gcsJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.164.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:da:60:63:50:80:b7:47:c9:c3:05:e9:b1:05:ae:d5:86:cc:
         4a:f0:80:e3:c7:81:96:b5:c3:b0:d3:bb:8b:8c:ed:0d:30:8b:
         2d:59:ae:13:59:c9:38:00:8e:7c:54:fe:24:0e:20:6a:f3:24:
         21:7e:2e:07:76:3c:96:da:8c:29:bb:4f:4d:f2:09:fc:06:16:
         5b:2c:d1:37:a5:1e:8c:3b:bd:83:bf:0d:91:2d:1b:65:cb:0c:
         17:66:a4:7e:ee:73:ac:11:86:47:aa:ee:2b:82:87:62:60:1d:
         7a:f0:3f:d0:bd:ae:7a:8d:e9:24:98:f2:a8:1d:ab:60:22:44:
         2d:de:a6:31:c5:e2:71:29:30:8d:91:d7:38:39:fe:49:3f:17:
         2c:f9:b1:a7:eb:ba:11:71:c0:1f:8a:f9:c8:6e:ae:cb:ed:ef:
         9b:e4:15:20:c8:4d:1d:b2:31:99:c6:6d:a9:99:9f:91:8d:e0:
         53:2f:90:14:90:20:3d:b4:d5:24:89:2d:3d:78:ee:0e:88:b5:
         13:ec:0d:86:14:0b:e3:b8:4f:51:f0:e8:77:06:2f:71:32:0b:
         44:06:95:d7:3a:ec:eb:b0:49:d4:30:06:60:5c:0d:7e:2c:15:
         85:02:d0:88:aa:ca:50:d5:6c:aa:a9:26:96:0a:4a:8c:ca:fe:
         c6:b9:64:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbeieRaUsbs7NBUZfiVwbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmFmNmM3MmZjNmRmY2Y1M2UwMjM3NjAxOTAyZDU0Mzk4MWNiMDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIo2+BcwqDDbaObO2YfCNI5pnd8P
yc06KylNB7jDwbMHzpB7OEtM72HBrf9z/Mx5hRd77akohZGYk5RO6Yd+S/qT2YvA
66bZp+s6wAhGYSaUTj4k7RDPNGJiBRLwtA5h50PUZCqkQ3yVyyiMj2phIxVfYGTD
aY9RuPi7L7Xtehte0FjR9avvP+Z/PSj6zCMsQwqEyrw7RiVY3bI3zw31BxujTy8E
SqXPxGcRwF4eXAL8BldGmBf2HS7i7dp6qaRgyeEjCzYAxx2FUuAXQEuVJHgdsK5B
VabCbC+Rqsttjebkf1/a+EUhlQBod+VPGkjHLK/lcW81/G0+X9ac04obhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKvbHL8bfz1PgI3YBkC1UOYHLCYMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvd3E5c2N2eHRfUFUtQWpkZ0dRTFZRNWdjc0pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvKTVMA0G
CSqGSIb3DQEBCwUAA4IBAQCP2mBjUIC3R8nDBemxBa7VhsxK8IDjx4GWtcOw07uL
jO0NMIstWa4TWck4AI58VP4kDiBq8yQhfi4HdjyW2owpu09N8gn8BhZbLNE3pR6M
O72Dvw2RLRtlywwXZqR+7nOsEYZHqu4rgodiYB168D/Qva56jekkmPKoHatgIkQt
3qYxxeJxKTCNkdc4Of5JPxcs+bGn67oRccAfivnIbq7L7e+b5BUgyE0dsjGZxm2p
mZ+RjeBTL5AUkCA9tNUkiS09eO4OiLUT7A2GFAvjuE9R8Oh3Bi9xMgtEBpXXOuzr
sEnUMAZgXA1+LBWFAtCIqspQ1WyqqSaWCkqMyv7GuWTe
-----END CERTIFICATE-----