Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/063e59-9e94-4e91-8b7e-6f4de020aae6/1/qCeuxbsdPWjYz6dUoiRbMdD09Dw.roa
File:                     qCeuxbsdPWjYz6dUoiRbMdD09Dw.roa (raw, json)
Hash identifier:          QZVLi0RA6kMFxMzcxqoJuUqRhm4X2VYid6cQjyGjkOw=
Subject key identifier:   A8:27:AE:C5:BB:1D:3D:68:D8:CF:A7:54:A2:24:5B:31:D0:F4:F4:3C
Certificate issuer:       /CN=d547cf9f27767477120b1d3b26cc57a61099a724
Certificate serial:       01912E72DB8528EDD845E4F25A51B3174BDC
Authority key identifier: D5:47:CF:9F:27:76:74:77:12:0B:1D:3B:26:CC:57:A6:10:99:A7:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1UfPnyd2dHcSCx07JsxXphCZpyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/063e59-9e94-4e91-8b7e-6f4de020aae6/1/qCeuxbsdPWjYz6dUoiRbMdD09Dw.roa
Signing time:             Wed 07 Aug 2024 20:06:04 +0000
ROA not before:           Wed 07 Aug 2024 20:06:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197738
IP address blocks:        109.197.166.0/23 maxlen: 24
                          176.97.56.0/21 maxlen: 24
                          192.162.208.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/063e59-9e94-4e91-8b7e-6f4de020aae6/1/1UfPnyd2dHcSCx07JsxXphCZpyQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/063e59-9e94-4e91-8b7e-6f4de020aae6/1/1UfPnyd2dHcSCx07JsxXphCZpyQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1UfPnyd2dHcSCx07JsxXphCZpyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2e:72:db:85:28:ed:d8:45:e4:f2:5a:51:b3:17:4b:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d547cf9f27767477120b1d3b26cc57a61099a724
        Validity
            Not Before: Aug  7 20:06:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a827aec5bb1d3d68d8cfa754a2245b31d0f4f43c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:29:27:92:c5:13:c3:15:ec:5b:35:87:c4:30:
                    97:b2:11:c8:fd:23:8c:b5:01:45:18:2f:bc:ff:83:
                    4b:39:46:95:bb:aa:89:c6:55:d8:0c:5b:bb:14:71:
                    ff:c5:ae:ab:78:43:e8:43:f7:9d:1a:2b:26:40:b2:
                    31:32:de:b4:8e:01:4e:cc:06:0b:7b:81:0f:00:1b:
                    0f:61:b6:98:29:7e:b7:a9:72:42:9e:0d:6a:8e:f6:
                    e3:81:79:3e:20:d3:c2:3e:02:04:a5:c5:6b:96:03:
                    89:12:a0:6d:0b:2a:33:f4:48:a4:85:07:7c:cc:b6:
                    fd:19:91:fc:c6:61:d7:fd:93:2a:9b:77:bf:61:be:
                    4f:0a:ff:e2:e6:03:61:a1:58:b6:d6:61:c0:b7:f6:
                    73:ce:37:f7:95:2f:5f:8e:f5:0d:63:b2:91:fe:c6:
                    92:bd:05:2d:f1:9b:52:38:09:60:19:53:fc:95:45:
                    76:b4:72:9e:e3:17:3c:02:22:5a:aa:8a:94:04:51:
                    b3:15:a1:18:0c:de:d4:f6:b9:c2:d9:3d:c6:ba:b4:
                    23:1d:b9:8b:53:d9:f4:9d:2d:e9:f6:5d:7c:55:be:
                    8e:2f:d9:c9:47:ff:db:62:ff:7e:3e:5c:ba:0b:c2:
                    fa:ea:29:33:ef:b5:f5:bf:50:3b:75:47:63:8d:ea:
                    d2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:27:AE:C5:BB:1D:3D:68:D8:CF:A7:54:A2:24:5B:31:D0:F4:F4:3C
            X509v3 Authority Key Identifier:
                keyid:D5:47:CF:9F:27:76:74:77:12:0B:1D:3B:26:CC:57:A6:10:99:A7:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1UfPnyd2dHcSCx07JsxXphCZpyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/063e59-9e94-4e91-8b7e-6f4de020aae6/1/qCeuxbsdPWjYz6dUoiRbMdD09Dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/063e59-9e94-4e91-8b7e-6f4de020aae6/1/1UfPnyd2dHcSCx07JsxXphCZpyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.197.166.0/23
                  176.97.56.0/21
                  192.162.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:85:0f:3e:ad:34:e7:f4:62:39:a1:d5:fd:0c:40:7a:d5:57:
         3e:fe:f5:90:53:b3:f2:b7:e7:5c:74:2d:12:35:96:94:c5:6a:
         d7:6e:5f:01:cc:05:64:bc:3b:ea:72:52:7a:1b:25:c7:c1:44:
         44:3f:bd:03:48:08:51:aa:4d:5a:c5:51:0a:06:51:fe:97:aa:
         f6:ca:4a:b9:a1:d9:cb:0d:24:37:e1:f4:6d:4d:59:d8:8d:05:
         be:5b:9b:5c:b9:24:07:3b:93:45:03:9f:56:d4:56:36:42:12:
         7e:69:b7:56:bf:52:ff:8d:05:93:1f:23:95:27:36:4e:13:49:
         a2:61:ab:56:8a:b0:2e:4d:84:a4:6f:dc:70:9d:59:a1:0a:11:
         c7:8a:8e:59:64:4d:f4:d5:ff:07:e4:fe:10:1d:4f:a2:a7:19:
         12:9b:c0:1c:27:a2:6f:d9:fb:04:b8:78:e2:cb:69:46:2b:12:
         80:6e:b7:b2:ae:6c:c2:ca:fd:65:20:0d:20:a9:74:8f:60:52:
         1d:99:a7:52:08:ae:1f:96:a1:23:bc:ad:eb:af:c9:8b:90:46:
         32:29:ca:07:ee:2f:a7:ce:60:d8:52:0b:78:2f:26:a3:d2:47:
         b0:a7:d5:a3:6c:bd:c2:da:2f:c6:d9:88:d1:1c:1c:4d:79:1e:
         85:9c:13:d6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZEuctuFKO3YReTyWlGzF0vcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NDdjZjlmMjc3Njc0NzcxMjBiMWQzYjI2Y2M1N2E2MTA5
OWE3MjQwHhcNMjQwODA3MjAwNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODI3YWVjNWJiMWQzZDY4ZDhjZmE3NTRhMjI0NWIzMWQwZjRmNDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyknksUTwxXsWzWHxDCXshHI/SOM
tQFFGC+8/4NLOUaVu6qJxlXYDFu7FHH/xa6reEPoQ/edGismQLIxMt60jgFOzAYL
e4EPABsPYbaYKX63qXJCng1qjvbjgXk+INPCPgIEpcVrlgOJEqBtCyoz9EikhQd8
zLb9GZH8xmHX/ZMqm3e/Yb5PCv/i5gNhoVi21mHAt/Zzzjf3lS9fjvUNY7KR/saS
vQUt8ZtSOAlgGVP8lUV2tHKe4xc8AiJaqoqUBFGzFaEYDN7U9rnC2T3GurQjHbmL
U9n0nS3p9l18Vb6OL9nJR//bYv9+Ply6C8L66ikz77X1v1A7dUdjjerSAQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKgnrsW7HT1o2M+nVKIkWzHQ9PQ8MB8GA1UdIwQY
MBaAFNVHz58ndnR3EgsdOybMV6YQmackMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVVmUG55ZDJkSGNTQ3gwN0pzeFhwaENacHlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8wNjNlNTktOWU5NC00ZTkxLThiN2Ut
NmY0ZGUwMjBhYWU2LzEvcUNldXhic2RQV2pZejZkVW9pUmJNZEQwOUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8wNjNlNTktOWU5NC00ZTkxLThiN2UtNmY0ZGUwMjBhYWU2
LzEvMVVmUG55ZDJkSGNTQ3gwN0pzeFhwaENacHlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBbcWmAwQD
sGE4AwQCwKLQMA0GCSqGSIb3DQEBCwUAA4IBAQCBhQ8+rTTn9GI5odX9DEB61Vc+
/vWQU7Pyt+dcdC0SNZaUxWrXbl8BzAVkvDvqclJ6GyXHwUREP70DSAhRqk1axVEK
BlH+l6r2ykq5odnLDSQ34fRtTVnYjQW+W5tcuSQHO5NFA59W1FY2QhJ+abdWv1L/
jQWTHyOVJzZOE0miYatWirAuTYSkb9xwnVmhChHHio5ZZE301f8H5P4QHU+ipxkS
m8AcJ6Jv2fsEuHjiy2lGKxKAbreyrmzCyv1lIA0gqXSPYFIdmadSCK4flqEjvK3r
r8mLkEYyKcoH7i+nzmDYUgt4Lyaj0kewp9WjbL3C2i/G2YjRHBxNeR6FnBPW
-----END CERTIFICATE-----