Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/qZ8IrgThskj1r340PdY_VuW33_0.roa
File:                     qZ8IrgThskj1r340PdY_VuW33_0.roa (raw, json)
Hash identifier:          UuBfqZUfbevTLBy6lr8I6q70VwbTrxJN4nWmMDHhmr0=
Subject key identifier:   A9:9F:08:AE:04:E1:B2:48:F5:AF:7E:34:3D:D6:3F:56:E5:B7:DF:FD
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       01933E075CDCD0B75AB53E6080BEB6204654
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/qZ8IrgThskj1r340PdY_VuW33_0.roa
Signing time:             Mon 18 Nov 2024 06:48:10 +0000
ROA not before:           Mon 18 Nov 2024 06:48:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49508
IP address blocks:        194.32.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:25:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3e:07:5c:dc:d0:b7:5a:b5:3e:60:80:be:b6:20:46:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Nov 18 06:48:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a99f08ae04e1b248f5af7e343dd63f56e5b7dffd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a8:a2:91:ec:36:86:91:27:66:f7:cb:f7:96:
                    16:1a:45:98:e0:3f:ff:7d:bd:41:5a:94:b3:c9:28:
                    44:97:0e:eb:12:96:ae:d3:08:4a:42:5d:8a:e2:d4:
                    40:d4:1c:c1:73:c8:8b:0f:37:46:3b:d1:7b:f9:2f:
                    e0:7e:10:b6:10:a8:9b:ec:33:a3:08:68:84:f9:cd:
                    35:a8:6b:29:2b:f2:d2:0d:33:24:3d:73:b5:84:5e:
                    9a:fa:36:eb:ab:23:06:70:ec:c9:ec:ff:17:0e:6b:
                    38:5f:c4:2f:9a:89:94:5b:b9:d1:e7:18:4e:68:c8:
                    61:87:23:aa:7d:03:7d:f8:79:c2:cd:a8:be:53:d8:
                    f2:52:23:ea:bf:ec:ee:2a:ab:72:4c:c0:fd:b5:d5:
                    35:a4:4d:67:0d:23:e4:76:fe:e1:d9:2a:7f:95:b8:
                    dd:eb:b7:95:85:05:6e:1b:16:18:89:92:04:03:f1:
                    5c:71:33:8a:b1:d3:66:bc:00:6c:f2:fe:a8:b1:b5:
                    48:df:e0:8a:a8:29:9b:49:66:7b:67:9f:17:79:c6:
                    97:98:6f:6c:07:ff:1d:79:a1:1b:91:42:2c:9e:79:
                    75:7a:8a:a3:ab:57:c4:a0:c6:c3:fb:23:b8:05:56:
                    30:d3:8c:03:a4:25:cf:25:53:d9:d4:e9:cb:25:19:
                    25:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:9F:08:AE:04:E1:B2:48:F5:AF:7E:34:3D:D6:3F:56:E5:B7:DF:FD
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/qZ8IrgThskj1r340PdY_VuW33_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:4c:65:a5:90:42:e8:d6:1a:0b:3b:04:6a:3d:94:3a:2d:17:
         35:fd:52:24:55:d7:15:27:01:3e:81:8e:fc:c1:de:4a:1c:f8:
         8d:61:13:24:79:03:04:b1:df:c7:9d:fb:06:9b:0f:f7:4a:8d:
         2d:55:32:6a:54:b5:d5:52:65:f3:90:5c:d0:9d:0c:7c:f1:84:
         6a:43:e9:c0:06:f9:ce:3e:36:64:06:20:9e:20:da:97:1f:01:
         92:97:bf:af:82:de:73:07:76:fb:e5:41:e4:8d:71:75:79:37:
         9e:fa:91:e0:9a:d4:d6:e1:ab:9a:5c:89:fd:2c:51:c9:b0:d2:
         32:a1:fc:7f:bc:b2:d3:46:f4:08:c7:af:31:a4:33:ae:fb:06:
         ea:8d:38:1b:28:f0:5f:5b:cf:a0:71:c6:29:87:c1:fe:85:12:
         d6:69:d1:36:47:fd:8e:46:5a:63:e1:37:49:8c:7a:25:ee:b2:
         89:69:0b:87:e1:5a:ac:93:bf:55:5c:24:79:cc:66:f8:b4:52:
         6a:75:f6:82:48:5f:dd:4b:05:c6:0d:64:7a:05:c4:a4:6e:61:
         4c:46:26:0e:fa:1b:85:f6:79:26:77:0d:25:58:17:0b:0d:fe:
         d4:12:a8:eb:76:ee:47:35:c1:46:df:42:2a:7d:e9:46:f8:34:
         34:89:c8:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZM+B1zc0LdatT5ggL62IEZUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQxMTE4MDY0ODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTlmMDhhZTA0ZTFiMjQ4ZjVhZjdlMzQzZGQ2M2Y1NmU1YjdkZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6iikew2hpEnZvfL95YWGkWY4D//
fb1BWpSzyShElw7rEpau0whKQl2K4tRA1BzBc8iLDzdGO9F7+S/gfhC2EKib7DOj
CGiE+c01qGspK/LSDTMkPXO1hF6a+jbrqyMGcOzJ7P8XDms4X8QvmomUW7nR5xhO
aMhhhyOqfQN9+HnCzai+U9jyUiPqv+zuKqtyTMD9tdU1pE1nDSPkdv7h2Sp/lbjd
67eVhQVuGxYYiZIEA/FccTOKsdNmvABs8v6osbVI3+CKqCmbSWZ7Z58XecaXmG9s
B/8deaEbkUIsnnl1eoqjq1fEoMbD+yO4BVYw04wDpCXPJVPZ1OnLJRklaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKmfCK4E4bJI9a9+ND3WP1blt9/9MB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvcVo4SXJnVGhza2oxcjM0MFBkWV9WdVczM18wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiBjMA0G
CSqGSIb3DQEBCwUAA4IBAQAYTGWlkELo1hoLOwRqPZQ6LRc1/VIkVdcVJwE+gY78
wd5KHPiNYRMkeQMEsd/HnfsGmw/3So0tVTJqVLXVUmXzkFzQnQx88YRqQ+nABvnO
PjZkBiCeINqXHwGSl7+vgt5zB3b75UHkjXF1eTee+pHgmtTW4auaXIn9LFHJsNIy
ofx/vLLTRvQIx68xpDOu+wbqjTgbKPBfW8+gccYph8H+hRLWadE2R/2ORlpj4TdJ
jHol7rKJaQuH4Vqsk79VXCR5zGb4tFJqdfaCSF/dSwXGDWR6BcSkbmFMRiYO+huF
9nkmdw0lWBcLDf7UEqjrdu5HNcFG30IqfelG+DQ0icgG
-----END CERTIFICATE-----