Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/QO8hI5AlziMoxX9vxNEO1mLo3Wo.roa
File:                     QO8hI5AlziMoxX9vxNEO1mLo3Wo.roa (raw, json)
Hash identifier:          zSuCHI2yIlhURMCCWUPs1npsVcx0mJz7OdyPFxZdq6s=
Subject key identifier:   40:EF:21:23:90:25:CE:23:28:C5:7F:6F:C4:D1:0E:D6:62:E8:DD:6A
Certificate issuer:       /CN=7e1167886da81524431bbf2efb0572914b686ebc
Certificate serial:       019326780270FEF48E76BC65F7DC14304336
Authority key identifier: 7E:11:67:88:6D:A8:15:24:43:1B:BF:2E:FB:05:72:91:4B:68:6E:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/QO8hI5AlziMoxX9vxNEO1mLo3Wo.roa
Signing time:             Wed 13 Nov 2024 17:00:19 +0000
ROA not before:           Wed 13 Nov 2024 17:00:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202
IP address blocks:        195.160.148.0/24 maxlen: 24
                          195.160.149.0/24 maxlen: 24
                          212.39.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:26:78:02:70:fe:f4:8e:76:bc:65:f7:dc:14:30:43:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e1167886da81524431bbf2efb0572914b686ebc
        Validity
            Not Before: Nov 13 17:00:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40ef21239025ce2328c57f6fc4d10ed662e8dd6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:92:6c:e7:1b:dc:b0:b1:fc:5e:3c:ac:47:58:
                    74:4a:54:77:1e:84:34:07:6b:ec:df:c1:05:a6:f2:
                    6a:00:38:8d:50:73:09:a9:4b:9f:68:ee:9f:44:5c:
                    fb:17:11:33:1e:6a:72:f4:73:d7:9a:e2:32:81:b7:
                    a4:df:16:ea:23:fd:8b:1f:bd:0e:f8:e5:7e:0c:49:
                    59:d2:8f:94:0a:d7:37:0e:8e:2d:c1:a1:a4:53:01:
                    55:31:99:85:4b:37:37:2f:a9:4f:6d:1c:a0:12:e8:
                    c4:93:0f:b0:a9:21:fe:58:ab:8a:9a:f9:5a:d8:1e:
                    96:bb:be:d7:a3:65:b0:8c:05:cc:48:17:e7:cb:a5:
                    41:46:e4:d5:14:f0:28:a9:29:6c:b5:b4:ea:79:23:
                    40:ad:bf:c0:54:b2:5b:88:2d:7d:76:93:47:64:63:
                    59:50:bd:e9:50:47:ed:75:63:b8:f1:83:c0:77:6f:
                    6a:74:35:e3:64:1c:35:67:fe:15:a8:df:5d:4c:27:
                    9e:e4:22:94:d2:e6:12:f7:1f:9e:f3:da:d5:7c:fc:
                    20:2b:95:25:c3:0c:70:5c:31:6a:8a:d8:3c:ca:fd:
                    10:c7:8f:42:0b:8d:e2:82:36:0c:76:2d:24:d6:48:
                    69:49:11:48:85:b2:8d:2e:49:55:97:5d:39:a8:60:
                    77:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:EF:21:23:90:25:CE:23:28:C5:7F:6F:C4:D1:0E:D6:62:E8:DD:6A
            X509v3 Authority Key Identifier:
                keyid:7E:11:67:88:6D:A8:15:24:43:1B:BF:2E:FB:05:72:91:4B:68:6E:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/QO8hI5AlziMoxX9vxNEO1mLo3Wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.160.148.0/23
                  212.39.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:b3:5e:25:66:29:21:e3:2d:4c:05:00:0c:d3:36:2c:81:3f:
         5a:03:a3:5a:59:c1:9c:fd:e5:da:f3:aa:95:11:92:d8:f9:a7:
         58:ed:b2:38:4a:f9:c0:1a:da:fa:12:35:ae:6f:9f:88:6a:27:
         3c:96:97:fa:b6:57:b4:d7:4c:f1:da:0b:46:e0:84:a8:f9:4a:
         ac:b1:b8:b1:dd:2f:8b:20:2a:f1:a0:a5:63:b6:d8:13:fe:0d:
         32:3c:a8:bb:3c:ce:63:5c:32:a9:b7:fe:70:d9:98:33:ed:a9:
         af:4e:e5:cb:b9:df:d8:a4:c7:4c:52:6f:84:80:08:0b:69:35:
         62:1d:1f:8e:cf:8b:bd:c5:00:9a:b6:5d:21:3e:a4:05:d2:94:
         49:2b:e9:27:7b:11:23:e5:0a:b1:7c:f4:fc:77:90:80:fe:98:
         fe:16:1b:d3:da:eb:5a:d7:94:60:b5:02:de:4c:cf:9a:86:9a:
         60:0b:01:bd:ca:58:9e:1b:5c:c4:b5:fb:45:8f:d3:6c:9c:09:
         98:4f:6c:75:38:0b:d8:6c:75:55:0d:0f:2b:62:f5:f0:92:5a:
         d7:dd:ff:d8:5f:52:c2:18:47:6b:73:8f:d5:ae:e0:ba:17:81:
         3e:1c:28:56:ad:78:0e:2a:7e:fc:f7:e3:14:c0:e6:8f:1b:05:
         cb:d6:d1:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMmeAJw/vSOdrxl99wUMEM2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMTE2Nzg4NmRhODE1MjQ0MzFiYmYyZWZiMDU3MjkxNGI2
ODZlYmMwHhcNMjQxMTEzMTcwMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGVmMjEyMzkwMjVjZTIzMjhjNTdmNmZjNGQxMGVkNjYyZThkZDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5Js5xvcsLH8XjysR1h0SlR3HoQ0
B2vs38EFpvJqADiNUHMJqUufaO6fRFz7FxEzHmpy9HPXmuIygbek3xbqI/2LH70O
+OV+DElZ0o+UCtc3Do4twaGkUwFVMZmFSzc3L6lPbRygEujEkw+wqSH+WKuKmvla
2B6Wu77Xo2WwjAXMSBfny6VBRuTVFPAoqSlstbTqeSNArb/AVLJbiC19dpNHZGNZ
UL3pUEftdWO48YPAd29qdDXjZBw1Z/4VqN9dTCee5CKU0uYS9x+e89rVfPwgK5Ul
wwxwXDFqitg8yv0Qx49CC43igjYMdi0k1khpSRFIhbKNLklVl105qGB32wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEDvISOQJc4jKMV/b8TRDtZi6N1qMB8GA1UdIwQY
MBaAFH4RZ4htqBUkQxu/LvsFcpFLaG68MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmhGbmlHMm9GU1JERzc4dS13VnlrVXRvYnJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mOTJjZDctNjQ2Yy00NDFiLWFlNDYt
OWIyODJjNjQzMjU2LzEvUU84aEk1QWx6aU1veFg5dnhORU8xbUxvM1dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mOTJjZDctNjQ2Yy00NDFiLWFlNDYtOWIyODJjNjQzMjU2
LzEvZmhGbmlHMm9GU1JERzc4dS13VnlrVXRvYnJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw6CUAwQA
1CflMA0GCSqGSIb3DQEBCwUAA4IBAQATs14lZikh4y1MBQAM0zYsgT9aA6NaWcGc
/eXa86qVEZLY+adY7bI4SvnAGtr6EjWub5+Iaic8lpf6tle010zx2gtG4ISo+Uqs
sbix3S+LICrxoKVjttgT/g0yPKi7PM5jXDKpt/5w2Zgz7amvTuXLud/YpMdMUm+E
gAgLaTViHR+Oz4u9xQCatl0hPqQF0pRJK+knexEj5QqxfPT8d5CA/pj+FhvT2uta
15RgtQLeTM+ahppgCwG9ylieG1zEtftFj9NsnAmYT2x1OAvYbHVVDQ8rYvXwklrX
3f/YX1LCGEdrc4/VruC6F4E+HChWrXgOKn789+MUwOaPGwXL1tHm
-----END CERTIFICATE-----