Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/QOSive1cmGDxbBJxoauVoYL9-7U.roa
File:                     QOSive1cmGDxbBJxoauVoYL9-7U.roa (raw, json)
Hash identifier:          xDjjhb8PsqPKaE/+6ifT3xHzcDIZIFiuKaI3xcq9QGs=
Subject key identifier:   40:E4:A2:BD:ED:5C:98:60:F1:6C:12:71:A1:AB:95:A1:82:FD:FB:B5
Certificate issuer:       /CN=f0cc7a447482e57b0604babb82a52409cde3b36d
Certificate serial:       018CC64B7670D60478342AD86097C7E678AD
Authority key identifier: F0:CC:7A:44:74:82:E5:7B:06:04:BA:BB:82:A5:24:09:CD:E3:B3:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Mx6RHSC5XsGBLq7gqUkCc3js20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/QOSive1cmGDxbBJxoauVoYL9-7U.roa
Signing time:             Mon 01 Jan 2024 18:31:23 +0000
ROA not before:           Mon 01 Jan 2024 18:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206150
IP address blocks:        45.89.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/8Mx6RHSC5XsGBLq7gqUkCc3js20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/8Mx6RHSC5XsGBLq7gqUkCc3js20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8Mx6RHSC5XsGBLq7gqUkCc3js20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:76:70:d6:04:78:34:2a:d8:60:97:c7:e6:78:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0cc7a447482e57b0604babb82a52409cde3b36d
        Validity
            Not Before: Jan  1 18:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40e4a2bded5c9860f16c1271a1ab95a182fdfbb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:24:4b:f0:88:5d:2c:ef:f6:df:7b:fd:88:92:
                    86:8f:85:0a:6c:63:96:7b:ff:3b:8d:8e:c0:c0:49:
                    45:ff:e2:49:21:07:c6:d2:64:44:54:4e:a1:47:82:
                    60:1a:ba:e7:d1:dd:bb:5c:27:91:d1:8a:9e:d6:b2:
                    75:66:79:48:70:a4:c7:9d:d8:ca:5c:eb:97:20:75:
                    86:6e:f5:31:4f:1d:53:1f:0e:57:37:75:eb:42:6f:
                    e6:08:04:31:54:7d:ac:50:a6:72:bf:62:e7:5f:f2:
                    c8:24:62:e3:0b:34:3e:5a:6f:4a:0d:59:20:ea:c8:
                    2f:9a:03:2a:14:f8:bd:1b:55:47:31:ca:6c:3c:04:
                    59:56:d4:20:02:ea:c8:e2:0f:0e:52:0a:78:31:13:
                    32:a1:94:63:1c:ea:02:bd:6c:70:c1:66:0d:8b:2c:
                    b9:52:2a:64:25:27:3c:d7:4b:f0:b0:23:1a:a5:10:
                    ad:56:36:28:62:4a:5b:55:d3:4b:92:3c:c5:97:1c:
                    5d:d3:a1:29:7e:3f:c2:93:fd:79:ee:e9:e3:33:66:
                    02:e3:6c:d9:3c:98:94:c2:55:90:b8:5b:53:0b:e1:
                    16:95:df:d1:bc:59:4b:d3:88:9f:a8:13:c0:a7:22:
                    bb:1a:2b:20:ae:aa:fd:02:9a:9f:ca:ec:9e:cc:9f:
                    66:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:E4:A2:BD:ED:5C:98:60:F1:6C:12:71:A1:AB:95:A1:82:FD:FB:B5
            X509v3 Authority Key Identifier:
                keyid:F0:CC:7A:44:74:82:E5:7B:06:04:BA:BB:82:A5:24:09:CD:E3:B3:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Mx6RHSC5XsGBLq7gqUkCc3js20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/QOSive1cmGDxbBJxoauVoYL9-7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/8Mx6RHSC5XsGBLq7gqUkCc3js20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:0d:19:e8:16:b6:e1:37:f0:87:11:50:65:d4:dd:8f:1c:59:
         4f:99:bd:4b:1f:f4:e0:69:bb:62:03:ab:32:f3:3e:9c:f5:f9:
         93:a4:07:f1:42:52:93:c0:f2:3f:ad:19:96:2c:18:67:07:05:
         55:d2:94:7c:49:70:6c:97:2f:0b:01:6a:fe:36:a9:c5:95:f7:
         15:4d:04:1a:55:9e:46:aa:6f:07:02:e9:71:eb:6e:93:32:26:
         d8:13:fc:aa:82:ef:c1:c5:bb:2d:9c:28:9f:08:f6:fd:36:25:
         61:42:a3:c8:4f:5e:8e:cf:0d:68:f7:94:8f:14:bf:64:f0:fa:
         46:be:f3:cc:9f:d8:ef:00:47:29:4f:26:d8:8a:b7:f4:fc:ab:
         a6:8f:d8:c7:b9:b6:a3:78:b2:20:58:b1:81:fd:dc:a2:37:60:
         72:e7:08:01:e4:d3:08:f5:c8:98:77:2e:d6:97:ae:6a:80:42:
         9b:2f:5d:30:9e:fa:93:37:fe:31:c7:75:8b:a7:3e:d7:12:de:
         d4:7a:0a:31:7f:a0:ac:49:77:a9:c0:cb:e3:42:96:b7:d9:d8:
         a5:6d:06:aa:c0:45:aa:06:ec:9d:f1:22:0c:3c:b5:ec:a9:7d:
         d6:a7:95:a3:05:89:c7:6e:0a:25:36:2c:51:44:59:1a:0a:be:
         08:e5:8c:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS3Zw1gR4NCrYYJfH5nitMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwY2M3YTQ0NzQ4MmU1N2IwNjA0YmFiYjgyYTUyNDA5Y2Rl
M2IzNmQwHhcNMjQwMTAxMTgzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGU0YTJiZGVkNWM5ODYwZjE2YzEyNzFhMWFiOTVhMTgyZmRmYmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyRL8IhdLO/233v9iJKGj4UKbGOW
e/87jY7AwElF/+JJIQfG0mREVE6hR4JgGrrn0d27XCeR0Yqe1rJ1ZnlIcKTHndjK
XOuXIHWGbvUxTx1THw5XN3XrQm/mCAQxVH2sUKZyv2LnX/LIJGLjCzQ+Wm9KDVkg
6sgvmgMqFPi9G1VHMcpsPARZVtQgAurI4g8OUgp4MRMyoZRjHOoCvWxwwWYNiyy5
UipkJSc810vwsCMapRCtVjYoYkpbVdNLkjzFlxxd06Epfj/Ck/157unjM2YC42zZ
PJiUwlWQuFtTC+EWld/RvFlL04ifqBPApyK7Gisgrqr9ApqfyuyezJ9mvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDkor3tXJhg8WwScaGrlaGC/fu1MB8GA1UdIwQY
MBaAFPDMekR0guV7BgS6u4KlJAnN47NtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE14NlJIU0M1WHNHQkxxN2dxVWtDYzNqczIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8wZTU4ZGMtN2M5MC00OWQ3LTg4NTUt
ZmEzMmQyZDUyOTY4LzEvUU9TaXZlMWNtR0R4YkJKeG9hdVZvWUw5LTdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8wZTU4ZGMtN2M5MC00OWQ3LTg4NTUtZmEzMmQyZDUyOTY4
LzEvOE14NlJIU0M1WHNHQkxxN2dxVWtDYzNqczIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVkVMA0G
CSqGSIb3DQEBCwUAA4IBAQB7DRnoFrbhN/CHEVBl1N2PHFlPmb1LH/TgabtiA6sy
8z6c9fmTpAfxQlKTwPI/rRmWLBhnBwVV0pR8SXBsly8LAWr+NqnFlfcVTQQaVZ5G
qm8HAulx626TMibYE/yqgu/BxbstnCifCPb9NiVhQqPIT16Ozw1o95SPFL9k8PpG
vvPMn9jvAEcpTybYirf0/Kumj9jHubajeLIgWLGB/dyiN2By5wgB5NMI9ciYdy7W
l65qgEKbL10wnvqTN/4xx3WLpz7XEt7Uegoxf6CsSXepwMvjQpa32dilbQaqwEWq
Buyd8SIMPLXsqX3Wp5WjBYnHbgolNixRRFkaCr4I5Yy9
-----END CERTIFICATE-----