Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/f088bd-5029-4903-9616-0672ea0440bb/1/qITCJgiY_Env4lyDxnPT2Wn5hNo.roa
File:                     qITCJgiY_Env4lyDxnPT2Wn5hNo.roa (raw, json)
Hash identifier:          4pKpF8CvRp1reVK7IatJorUGjYB6L3YfoYk8gFSr//c=
Subject key identifier:   A8:84:C2:26:08:98:FC:49:EF:E2:5C:83:C6:73:D3:D9:69:F9:84:DA
Certificate issuer:       /CN=a1b71eb8df171e642f1b2b90419001f1fc445e4d
Certificate serial:       018CC4246817F1098D9120950500C9C2CF38
Authority key identifier: A1:B7:1E:B8:DF:17:1E:64:2F:1B:2B:90:41:90:01:F1:FC:44:5E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/obceuN8XHmQvGyuQQZAB8fxEXk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/f088bd-5029-4903-9616-0672ea0440bb/1/qITCJgiY_Env4lyDxnPT2Wn5hNo.roa
Signing time:             Mon 01 Jan 2024 08:29:29 +0000
ROA not before:           Mon 01 Jan 2024 08:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44189
IP address blocks:        195.5.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/f088bd-5029-4903-9616-0672ea0440bb/1/obceuN8XHmQvGyuQQZAB8fxEXk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/f088bd-5029-4903-9616-0672ea0440bb/1/obceuN8XHmQvGyuQQZAB8fxEXk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/obceuN8XHmQvGyuQQZAB8fxEXk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:68:17:f1:09:8d:91:20:95:05:00:c9:c2:cf:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1b71eb8df171e642f1b2b90419001f1fc445e4d
        Validity
            Not Before: Jan  1 08:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a884c2260898fc49efe25c83c673d3d969f984da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ae:65:57:2c:4c:11:1e:15:a4:35:28:25:a8:
                    e0:9d:00:84:14:68:5d:6d:ba:53:26:9c:2d:ec:d8:
                    f6:1e:23:1e:95:26:be:b5:a9:cc:7b:cf:f3:2b:1f:
                    c6:9f:b6:0c:b4:d6:f8:47:f7:cb:b8:24:b5:52:25:
                    35:20:36:36:e9:8a:0e:80:93:52:93:1a:53:91:f0:
                    4f:2f:f8:55:32:2c:38:ec:1a:21:97:6f:fb:52:97:
                    c5:b8:30:89:75:a8:fd:ee:08:1f:32:74:b8:9a:e2:
                    2a:f9:80:a2:cc:a8:70:6f:60:aa:46:9e:77:41:7e:
                    00:56:61:22:e7:6c:24:90:d3:ab:c9:b6:80:b3:4d:
                    3b:2c:6d:25:5d:58:94:2f:f2:96:7a:71:e8:0f:f0:
                    2c:bd:5f:f3:bc:f0:41:6d:82:aa:98:5e:ba:7c:d2:
                    5b:46:69:b6:8c:f4:b2:b3:aa:04:36:8c:21:de:a6:
                    c9:77:d5:9d:59:d2:a5:88:f4:85:ef:80:f3:30:c2:
                    97:38:96:8c:e5:4a:a2:e7:6a:fe:e4:fb:5a:3c:ca:
                    a8:8a:88:25:f4:df:85:75:4d:e5:8a:69:18:7a:24:
                    9f:60:7e:8a:88:ad:dc:6c:42:88:97:3f:30:f7:88:
                    69:a9:2a:87:08:90:2f:91:bf:f7:71:fa:31:27:8d:
                    24:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:84:C2:26:08:98:FC:49:EF:E2:5C:83:C6:73:D3:D9:69:F9:84:DA
            X509v3 Authority Key Identifier:
                keyid:A1:B7:1E:B8:DF:17:1E:64:2F:1B:2B:90:41:90:01:F1:FC:44:5E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/obceuN8XHmQvGyuQQZAB8fxEXk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f088bd-5029-4903-9616-0672ea0440bb/1/qITCJgiY_Env4lyDxnPT2Wn5hNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f088bd-5029-4903-9616-0672ea0440bb/1/obceuN8XHmQvGyuQQZAB8fxEXk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:a4:d8:f6:4d:21:b8:66:fc:4e:4a:94:6a:28:1d:12:61:6e:
         c1:70:24:57:e0:7c:4b:4b:19:dc:85:86:f4:e2:6d:a6:82:55:
         9a:f4:11:e3:fb:56:25:c3:e8:49:d1:ad:65:32:db:de:6a:0b:
         fd:d1:2c:23:f4:94:18:d5:a6:a6:7e:78:02:0f:7e:ab:6c:dc:
         a7:d5:2e:1b:2e:20:53:b6:d4:b2:7e:fa:67:8c:5c:cc:2f:62:
         ad:db:3d:f2:2a:a8:19:39:b4:cc:1f:9b:cc:9d:87:74:b3:66:
         6e:e3:cb:20:fb:60:68:59:6c:82:1d:9d:46:34:27:e4:93:d6:
         1e:0b:db:01:7b:d0:c4:69:80:41:77:62:12:6a:b5:ca:1c:0b:
         3e:b4:27:f2:b1:65:ac:43:26:df:a5:79:c1:e1:4e:c6:c9:68:
         2e:9b:48:bb:fb:5b:56:d7:b0:5c:5f:bd:6e:97:56:20:3c:c5:
         47:cc:fc:0e:a7:69:27:fd:e1:93:5f:5f:69:f7:d7:34:a0:19:
         e9:e2:4c:0d:9d:b9:b6:91:c6:66:ef:f8:b8:fd:ff:a6:56:e6:
         4c:c7:41:d8:a0:28:28:76:17:f8:70:7c:ca:bb:e3:f1:ac:f2:
         a8:88:44:f3:5b:88:59:3e:0f:0f:a2:53:ec:45:3c:3f:87:13:
         22:d8:04:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGgX8QmNkSCVBQDJws84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExYjcxZWI4ZGYxNzFlNjQyZjFiMmI5MDQxOTAwMWYxZmM0
NDVlNGQwHhcNMjQwMTAxMDgyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODg0YzIyNjA4OThmYzQ5ZWZlMjVjODNjNjczZDNkOTY5Zjk4NGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg65lVyxMER4VpDUoJajgnQCEFGhd
bbpTJpwt7Nj2HiMelSa+tanMe8/zKx/Gn7YMtNb4R/fLuCS1UiU1IDY26YoOgJNS
kxpTkfBPL/hVMiw47Bohl2/7UpfFuDCJdaj97ggfMnS4muIq+YCizKhwb2CqRp53
QX4AVmEi52wkkNOrybaAs007LG0lXViUL/KWenHoD/AsvV/zvPBBbYKqmF66fNJb
Rmm2jPSys6oENowh3qbJd9WdWdKliPSF74DzMMKXOJaM5Uqi52r+5PtaPMqoiogl
9N+FdU3limkYeiSfYH6KiK3cbEKIlz8w94hpqSqHCJAvkb/3cfoxJ40kGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKiEwiYImPxJ7+Jcg8Zz09lp+YTaMB8GA1UdIwQY
MBaAFKG3HrjfFx5kLxsrkEGQAfH8RF5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2JjZXVOOFhIbVF2R3l1UVFaQUI4ZnhFWGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9mMDg4YmQtNTAyOS00OTAzLTk2MTYt
MDY3MmVhMDQ0MGJiLzEvcUlUQ0pnaVlfRW52NGx5RHhuUFQyV241aE5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9mMDg4YmQtNTAyOS00OTAzLTk2MTYtMDY3MmVhMDQ0MGJi
LzEvb2JjZXVOOFhIbVF2R3l1UVFaQUI4ZnhFWGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwWtMA0G
CSqGSIb3DQEBCwUAA4IBAQB5pNj2TSG4ZvxOSpRqKB0SYW7BcCRX4HxLSxnchYb0
4m2mglWa9BHj+1Ylw+hJ0a1lMtveagv90Swj9JQY1aamfngCD36rbNyn1S4bLiBT
ttSyfvpnjFzML2Kt2z3yKqgZObTMH5vMnYd0s2Zu48sg+2BoWWyCHZ1GNCfkk9Ye
C9sBe9DEaYBBd2ISarXKHAs+tCfysWWsQybfpXnB4U7GyWgum0i7+1tW17BcX71u
l1YgPMVHzPwOp2kn/eGTX19p99c0oBnp4kwNnbm2kcZm7/i4/f+mVuZMx0HYoCgo
dhf4cHzKu+PxrPKoiETzW4hZPg8PolPsRTw/hxMi2ATf
-----END CERTIFICATE-----