Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fdafd2-3dcf-4043-86e6-3e801694e048/1/QR-zQIVibRJB9ns_9zLe6nWD96k.roa
File:                     QR-zQIVibRJB9ns_9zLe6nWD96k.roa (raw, json)
Hash identifier:          jMrO0doBp+THPWATLIAWRCiu1D+dZsrkTGuCrPHOfLU=
Subject key identifier:   41:1F:B3:40:85:62:6D:12:41:F6:7B:3F:F7:32:DE:EA:75:83:F7:A9
Certificate issuer:       /CN=1b12f8b5681f554a03b30e2e4f805c66f8315e0a
Certificate serial:       01903067E8CF89C64A5B7E407B52F284258B
Authority key identifier: 1B:12:F8:B5:68:1F:55:4A:03:B3:0E:2E:4F:80:5C:66:F8:31:5E:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GxL4tWgfVUoDsw4uT4BcZvgxXgo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fdafd2-3dcf-4043-86e6-3e801694e048/1/QR-zQIVibRJB9ns_9zLe6nWD96k.roa
Signing time:             Wed 19 Jun 2024 12:10:34 +0000
ROA not before:           Wed 19 Jun 2024 12:10:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        193.84.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fdafd2-3dcf-4043-86e6-3e801694e048/1/GxL4tWgfVUoDsw4uT4BcZvgxXgo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fdafd2-3dcf-4043-86e6-3e801694e048/1/GxL4tWgfVUoDsw4uT4BcZvgxXgo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GxL4tWgfVUoDsw4uT4BcZvgxXgo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:30:67:e8:cf:89:c6:4a:5b:7e:40:7b:52:f2:84:25:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b12f8b5681f554a03b30e2e4f805c66f8315e0a
        Validity
            Not Before: Jun 19 12:10:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=411fb34085626d1241f67b3ff732deea7583f7a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:18:51:27:28:17:9c:73:1b:ea:01:46:cb:01:
                    60:62:0d:cd:5a:7e:7c:00:cf:8b:cc:67:65:7d:5f:
                    9b:30:f3:f4:67:18:49:0f:18:01:49:f3:1f:7d:17:
                    7a:a3:27:4b:e8:48:bb:42:92:64:6a:0a:a8:57:1a:
                    31:38:d2:63:ea:35:84:51:60:63:8a:fd:88:d5:46:
                    4c:21:06:3a:eb:dd:eb:2f:c3:da:67:72:da:3e:c6:
                    cc:f5:52:17:ff:c3:fa:8a:7b:66:c9:2d:e2:e2:e2:
                    bb:fc:7b:2f:a5:2c:e1:20:98:f3:cc:f9:2e:64:d5:
                    08:8f:82:13:b3:96:88:ae:ff:73:58:4f:cf:6d:0a:
                    c3:7b:f4:34:42:ae:9b:de:79:95:c8:79:da:ed:ea:
                    a9:7d:93:d7:04:fd:b4:91:d7:8a:b4:af:ec:25:8f:
                    1e:cb:a5:56:5d:eb:6e:9d:c0:2d:64:a3:43:e0:07:
                    47:8c:41:85:f6:32:d7:2f:0e:6c:e4:0f:ec:18:18:
                    28:ec:09:64:bf:8a:e6:a8:07:51:4b:c5:6d:6c:bc:
                    8f:7d:31:4d:06:ea:6b:e5:44:54:fb:b0:b6:ef:9d:
                    cd:ed:93:d5:1a:4b:a5:07:d0:dc:81:e4:83:e0:39:
                    44:dd:8e:b7:52:cd:48:4e:10:b5:b7:37:5b:b3:ac:
                    de:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:1F:B3:40:85:62:6D:12:41:F6:7B:3F:F7:32:DE:EA:75:83:F7:A9
            X509v3 Authority Key Identifier:
                keyid:1B:12:F8:B5:68:1F:55:4A:03:B3:0E:2E:4F:80:5C:66:F8:31:5E:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GxL4tWgfVUoDsw4uT4BcZvgxXgo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fdafd2-3dcf-4043-86e6-3e801694e048/1/QR-zQIVibRJB9ns_9zLe6nWD96k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fdafd2-3dcf-4043-86e6-3e801694e048/1/GxL4tWgfVUoDsw4uT4BcZvgxXgo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:7d:45:34:f8:04:17:d1:ec:0c:03:c1:ed:0e:79:74:04:82:
         4c:7f:60:30:2b:0a:ab:87:4f:20:5d:90:4f:ad:18:dc:15:fb:
         d2:cb:2c:9a:c8:a9:b4:a7:92:17:13:5a:f0:83:79:b4:11:3f:
         7f:01:56:a2:1a:d1:89:9c:89:e7:a8:01:11:72:22:ce:c7:35:
         f3:57:e4:64:ff:a2:f6:9d:b8:1c:63:28:e9:d6:83:64:c6:f2:
         f1:1f:23:c2:34:07:68:ce:40:de:b4:60:0d:55:7e:6a:7f:2d:
         26:c7:fa:be:6f:35:84:84:78:35:0f:70:9b:25:32:07:4d:1a:
         cf:c1:22:66:34:c3:89:19:2f:9f:3f:0f:79:4e:34:f6:e2:92:
         11:76:39:0c:a6:52:51:96:20:03:cf:ac:ad:c2:e0:53:03:88:
         d4:0e:d1:46:0b:ca:5f:0f:24:46:ed:67:9f:ed:dd:6a:cc:ce:
         bc:ba:f4:52:35:ee:96:ec:77:82:81:78:45:1a:20:80:95:22:
         79:8a:6c:cd:62:51:75:f4:77:52:bc:f6:be:12:02:88:cc:67:
         4d:71:15:5b:25:85:b1:51:f9:3d:96:9f:90:b7:4e:f8:45:73:
         9d:1e:f3:f6:12:1b:29:f0:d4:6b:c7:05:75:d5:1e:fc:a1:ef:
         54:f1:f4:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAwZ+jPicZKW35Ae1LyhCWLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMTJmOGI1NjgxZjU1NGEwM2IzMGUyZTRmODA1YzY2Zjgz
MTVlMGEwHhcNMjQwNjE5MTIxMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTFmYjM0MDg1NjI2ZDEyNDFmNjdiM2ZmNzMyZGVlYTc1ODNmN2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxhRJygXnHMb6gFGywFgYg3NWn58
AM+LzGdlfV+bMPP0ZxhJDxgBSfMffRd6oydL6Ei7QpJkagqoVxoxONJj6jWEUWBj
iv2I1UZMIQY6693rL8PaZ3LaPsbM9VIX/8P6intmyS3i4uK7/HsvpSzhIJjzzPku
ZNUIj4ITs5aIrv9zWE/PbQrDe/Q0Qq6b3nmVyHna7eqpfZPXBP20kdeKtK/sJY8e
y6VWXetuncAtZKND4AdHjEGF9jLXLw5s5A/sGBgo7Alkv4rmqAdRS8VtbLyPfTFN
Bupr5URU+7C2753N7ZPVGkulB9DcgeSD4DlE3Y63Us1IThC1tzdbs6zevwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEEfs0CFYm0SQfZ7P/cy3up1g/epMB8GA1UdIwQY
MBaAFBsS+LVoH1VKA7MOLk+AXGb4MV4KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3hMNHRXZ2ZWVW9Ec3c0dVQ0QmNadmd4WGdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZGFmZDItM2RjZi00MDQzLTg2ZTYt
M2U4MDE2OTRlMDQ4LzEvUVItelFJVmliUkpCOW5zXzl6TGU2bldEOTZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZGFmZDItM2RjZi00MDQzLTg2ZTYtM2U4MDE2OTRlMDQ4
LzEvR3hMNHRXZ2ZWVW9Ec3c0dVQ0QmNadmd4WGdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVRkMA0G
CSqGSIb3DQEBCwUAA4IBAQCEfUU0+AQX0ewMA8HtDnl0BIJMf2AwKwqrh08gXZBP
rRjcFfvSyyyayKm0p5IXE1rwg3m0ET9/AVaiGtGJnInnqAERciLOxzXzV+Rk/6L2
nbgcYyjp1oNkxvLxHyPCNAdozkDetGANVX5qfy0mx/q+bzWEhHg1D3CbJTIHTRrP
wSJmNMOJGS+fPw95TjT24pIRdjkMplJRliADz6ytwuBTA4jUDtFGC8pfDyRG7Wef
7d1qzM68uvRSNe6W7HeCgXhFGiCAlSJ5imzNYlF19HdSvPa+EgKIzGdNcRVbJYWx
Ufk9lp+Qt074RXOdHvP2Ehsp8NRrxwV11R78oe9U8fR3
-----END CERTIFICATE-----