Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/ea17b3-d54e-4279-ad98-deef7f151e8e/1/M-QQBOQ-6S7j-YqKpySFGNN4Ot0.roa
File:                     M-QQBOQ-6S7j-YqKpySFGNN4Ot0.roa (raw, json)
Hash identifier:          Zg6JFxgj9j+UHGSYaarTej1HDT0jsQgjxzCz7T/jP6E=
Subject key identifier:   33:E4:10:04:E4:3E:E9:2E:E3:F9:8A:8A:A7:24:85:18:D3:78:3A:DD
Certificate issuer:       /CN=c8bebcfe82b2627ea8de8161cb927b245b058e69
Certificate serial:       018CC4244B97B33EAF97A39DAEC7D0E6219B
Authority key identifier: C8:BE:BC:FE:82:B2:62:7E:A8:DE:81:61:CB:92:7B:24:5B:05:8E:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yL68_oKyYn6o3oFhy5J7JFsFjmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/ea17b3-d54e-4279-ad98-deef7f151e8e/1/M-QQBOQ-6S7j-YqKpySFGNN4Ot0.roa
Signing time:             Mon 01 Jan 2024 08:29:22 +0000
ROA not before:           Mon 01 Jan 2024 08:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39222
IP address blocks:        193.30.245.0/24 maxlen: 24
                          194.165.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/ea17b3-d54e-4279-ad98-deef7f151e8e/1/yL68_oKyYn6o3oFhy5J7JFsFjmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/ea17b3-d54e-4279-ad98-deef7f151e8e/1/yL68_oKyYn6o3oFhy5J7JFsFjmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yL68_oKyYn6o3oFhy5J7JFsFjmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:4b:97:b3:3e:af:97:a3:9d:ae:c7:d0:e6:21:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8bebcfe82b2627ea8de8161cb927b245b058e69
        Validity
            Not Before: Jan  1 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33e41004e43ee92ee3f98a8aa7248518d3783add
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:59:23:08:73:20:cd:d5:30:3e:11:3f:b4:20:
                    92:d2:5e:d3:4c:61:f5:1c:b9:c9:a5:f8:b1:6e:19:
                    4b:13:df:a4:5e:e5:45:d5:b8:20:28:fc:87:fd:40:
                    d3:4f:39:d2:9b:48:1c:b3:01:1e:e4:7d:29:11:d8:
                    32:68:17:f7:0e:da:3d:0d:b6:8d:df:9d:ce:9e:96:
                    4d:44:5e:c8:8c:80:14:64:cd:88:c5:a4:42:3d:60:
                    4c:93:0e:b4:e9:ae:8c:cb:80:4f:db:a2:58:11:95:
                    6c:c0:7f:65:d8:9b:09:d6:c9:f1:d7:50:98:50:81:
                    be:cb:3a:85:4b:34:6c:e8:69:da:31:f6:5e:4f:ee:
                    db:97:8c:46:e0:97:d7:19:9d:b8:33:c4:c4:d0:de:
                    71:e0:db:59:7a:be:a9:1f:a1:8a:ad:4c:58:f2:0d:
                    27:65:6d:5e:0f:71:60:b4:21:d1:25:2f:17:a6:68:
                    d2:2a:9c:72:5e:bd:73:1d:55:bd:2e:1a:5d:6f:57:
                    2c:1f:00:c1:cd:e3:f6:9f:e9:85:44:2e:a0:e5:8e:
                    21:23:82:4f:2a:a8:48:dc:58:30:b3:83:a4:a5:97:
                    22:e5:f7:c5:dc:e3:fe:e6:ec:d5:f4:5a:3a:11:f7:
                    ce:23:d2:fb:51:c3:38:b3:49:c1:02:b1:66:cb:01:
                    ae:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:E4:10:04:E4:3E:E9:2E:E3:F9:8A:8A:A7:24:85:18:D3:78:3A:DD
            X509v3 Authority Key Identifier:
                keyid:C8:BE:BC:FE:82:B2:62:7E:A8:DE:81:61:CB:92:7B:24:5B:05:8E:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yL68_oKyYn6o3oFhy5J7JFsFjmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/ea17b3-d54e-4279-ad98-deef7f151e8e/1/M-QQBOQ-6S7j-YqKpySFGNN4Ot0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/ea17b3-d54e-4279-ad98-deef7f151e8e/1/yL68_oKyYn6o3oFhy5J7JFsFjmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.245.0/24
                  194.165.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:f6:f0:0c:41:51:8f:9e:fc:d6:2a:dc:ac:2e:b6:31:2b:c6:
         06:f4:36:a9:06:f2:6f:50:1a:dc:18:97:3c:f1:24:23:f0:60:
         aa:75:2b:f0:fc:49:ea:f9:76:e0:81:a3:b9:13:09:59:1a:1d:
         68:1f:16:a7:d8:3e:9b:42:61:6a:4d:91:f4:7c:5f:5d:bb:26:
         94:db:35:77:24:4c:23:96:4a:26:97:be:00:50:99:7f:a3:3d:
         08:4d:7c:32:bc:21:6b:1f:5a:79:c2:0f:31:04:d8:f0:0e:74:
         8d:5f:7f:ba:05:8a:67:a7:18:7b:9e:3c:c8:1d:5d:0b:42:67:
         07:de:26:c8:57:11:66:38:21:76:f2:7b:4f:cb:34:8e:6d:fb:
         1a:65:3e:cf:fd:bc:a2:d7:a4:7c:13:3c:61:ed:ca:43:08:d7:
         10:26:3c:12:df:f9:45:0f:22:a1:ef:64:fd:8c:0c:0f:64:f1:
         3f:5e:90:9b:d9:75:4b:de:73:30:52:ce:34:3a:9c:40:3d:76:
         56:86:69:24:a5:0a:8f:68:55:39:ee:b5:51:34:dd:60:00:13:
         8d:10:e8:12:67:71:47:e1:0c:a8:7f:f7:92:09:b6:78:b0:3b:
         7c:c3:e1:d0:ec:81:92:97:ff:3f:e3:2b:b7:9b:c9:c6:61:fb:
         82:65:56:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJEuXsz6vl6OdrsfQ5iGbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YmViY2ZlODJiMjYyN2VhOGRlODE2MWNiOTI3YjI0NWIw
NThlNjkwHhcNMjQwMTAxMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2U0MTAwNGU0M2VlOTJlZTNmOThhOGFhNzI0ODUxOGQzNzgzYWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlkjCHMgzdUwPhE/tCCS0l7TTGH1
HLnJpfixbhlLE9+kXuVF1bggKPyH/UDTTznSm0gcswEe5H0pEdgyaBf3Dto9DbaN
353OnpZNRF7IjIAUZM2IxaRCPWBMkw606a6My4BP26JYEZVswH9l2JsJ1snx11CY
UIG+yzqFSzRs6GnaMfZeT+7bl4xG4JfXGZ24M8TE0N5x4NtZer6pH6GKrUxY8g0n
ZW1eD3FgtCHRJS8XpmjSKpxyXr1zHVW9Lhpdb1csHwDBzeP2n+mFRC6g5Y4hI4JP
KqhI3Fgws4OkpZci5ffF3OP+5uzV9Fo6EffOI9L7UcM4s0nBArFmywGuEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDPkEATkPuku4/mKiqckhRjTeDrdMB8GA1UdIwQY
MBaAFMi+vP6CsmJ+qN6BYcuSeyRbBY5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUw2OF9vS3lZbjZvM29GaHk1SjdKRnNGam1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYTE3YjMtZDU0ZS00Mjc5LWFkOTgt
ZGVlZjdmMTUxZThlLzEvTS1RUUJPUS02UzdqLVlxS3B5U0ZHTk40T3QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYTE3YjMtZDU0ZS00Mjc5LWFkOTgtZGVlZjdmMTUxZThl
LzEveUw2OF9vS3lZbjZvM29GaHk1SjdKRnNGam1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwR71AwQA
wqUuMA0GCSqGSIb3DQEBCwUAA4IBAQAv9vAMQVGPnvzWKtysLrYxK8YG9DapBvJv
UBrcGJc88SQj8GCqdSvw/Enq+XbggaO5EwlZGh1oHxan2D6bQmFqTZH0fF9duyaU
2zV3JEwjlkoml74AUJl/oz0ITXwyvCFrH1p5wg8xBNjwDnSNX3+6BYpnpxh7njzI
HV0LQmcH3ibIVxFmOCF28ntPyzSObfsaZT7P/byi16R8Ezxh7cpDCNcQJjwS3/lF
DyKh72T9jAwPZPE/XpCb2XVL3nMwUs40OpxAPXZWhmkkpQqPaFU57rVRNN1gABON
EOgSZ3FH4Qyof/eSCbZ4sDt8w+HQ7IGSl/8/4yu3m8nGYfuCZVa9
-----END CERTIFICATE-----