Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/QgcxRY8GoUHLoMHw4HCRq6GfMmI.roa
File:                     QgcxRY8GoUHLoMHw4HCRq6GfMmI.roa (raw, json)
Hash identifier:          SVs6ehw/vc4hperSLoOGy+ykQHt4m5NwTttsWfltOyw=
Subject key identifier:   42:07:31:45:8F:06:A1:41:CB:A0:C1:F0:E0:70:91:AB:A1:9F:32:62
Certificate issuer:       /CN=99ce569a14c2db3772f23187ce68e6541ec0048e
Certificate serial:       018CC6B928778DF624C370DF177F288A086D
Authority key identifier: 99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/QgcxRY8GoUHLoMHw4HCRq6GfMmI.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202580
IP address blocks:        185.196.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:28:77:8d:f6:24:c3:70:df:17:7f:28:8a:08:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce569a14c2db3772f23187ce68e6541ec0048e
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=420731458f06a141cba0c1f0e07091aba19f3262
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:68:a7:0e:77:eb:4d:d6:27:7b:ea:88:91:57:
                    84:67:b4:dd:ef:af:da:db:19:fd:c7:91:40:1f:2d:
                    e2:07:38:ab:49:e0:3a:c2:67:8b:f9:d7:8e:47:8d:
                    32:82:d3:c3:94:22:29:1a:39:81:f4:b3:41:bc:66:
                    07:54:2b:fd:75:62:95:07:23:77:f0:ea:61:0a:c0:
                    66:99:4e:42:ea:83:43:0c:26:82:c9:1b:d4:fa:93:
                    87:50:cf:d5:76:5f:41:9a:92:6c:05:05:1d:3d:07:
                    9d:89:cf:cb:3b:ad:d9:19:4c:fb:0d:a1:53:39:65:
                    6b:df:13:1c:30:70:5f:d8:61:71:0b:b0:37:c0:1e:
                    2e:0e:ea:6f:50:9d:d9:fb:1a:0a:71:a6:08:9b:44:
                    87:4f:34:14:30:5c:28:9d:dd:bd:4b:13:6a:9f:df:
                    e7:77:92:8a:07:3a:34:ff:19:11:8d:bc:46:15:67:
                    1f:49:74:c7:7f:27:e6:b0:8a:27:9a:81:6a:70:8b:
                    47:43:0e:54:ad:09:03:54:0e:b3:fc:ca:bf:ae:a9:
                    36:37:63:e7:cf:29:04:f5:a8:c1:d1:28:30:29:b6:
                    a5:a5:41:d3:bf:47:a5:24:1f:a0:b9:b4:32:53:26:
                    b0:38:cc:c9:7c:c4:6b:23:91:49:b6:b8:bd:ac:e5:
                    c2:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:07:31:45:8F:06:A1:41:CB:A0:C1:F0:E0:70:91:AB:A1:9F:32:62
            X509v3 Authority Key Identifier:
                keyid:99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/QgcxRY8GoUHLoMHw4HCRq6GfMmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:89:5a:fb:77:34:86:ee:ff:ba:ab:57:07:76:e9:61:f6:23:
         53:b7:e1:b1:b1:93:bb:3c:47:d2:d1:98:b8:ec:9a:75:22:16:
         da:ba:4a:84:9c:1c:b1:90:81:73:3e:98:1d:47:7e:12:30:c0:
         82:2d:d4:86:23:be:f9:b0:38:75:b3:f3:8b:00:c2:24:90:6e:
         75:c9:dc:53:37:18:b2:3e:ef:4d:cd:ce:81:18:03:27:70:44:
         3e:26:74:61:49:f0:12:3c:d3:1c:a6:22:64:75:2a:bd:19:c1:
         07:a8:0f:f1:af:27:f2:3c:38:ce:28:33:f0:43:78:b2:51:6d:
         2b:06:35:d9:37:96:c3:f3:67:fd:94:1d:32:04:fd:4e:83:0d:
         d9:b4:ac:4e:2d:35:ca:cb:6a:65:9c:95:5e:b7:66:bc:0d:9f:
         14:5d:93:bb:36:f3:9f:41:af:fe:e2:99:6a:e0:e2:48:91:ac:
         aa:34:ee:a4:6a:4f:9c:32:3f:c8:46:5f:f3:39:34:23:0c:e6:
         d6:46:fe:2c:eb:64:f6:7b:25:23:9a:d1:6c:91:43:23:84:14:
         8c:21:e8:86:7b:2a:62:a3:4a:73:e4:ed:7f:3a:de:eb:cd:62:
         33:28:b1:8e:7d:ac:1c:45:37:ce:69:20:20:b1:de:57:77:3d:
         7d:73:1b:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSh3jfYkw3DfF38oightMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U1NjlhMTRjMmRiMzc3MmYyMzE4N2NlNjhlNjU0MWVj
MDA0OGUwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjA3MzE0NThmMDZhMTQxY2JhMGMxZjBlMDcwOTFhYmExOWYzMjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtminDnfrTdYne+qIkVeEZ7Td76/a
2xn9x5FAHy3iBzirSeA6wmeL+deOR40ygtPDlCIpGjmB9LNBvGYHVCv9dWKVByN3
8OphCsBmmU5C6oNDDCaCyRvU+pOHUM/Vdl9BmpJsBQUdPQedic/LO63ZGUz7DaFT
OWVr3xMcMHBf2GFxC7A3wB4uDupvUJ3Z+xoKcaYIm0SHTzQUMFwond29SxNqn9/n
d5KKBzo0/xkRjbxGFWcfSXTHfyfmsIonmoFqcItHQw5UrQkDVA6z/Mq/rqk2N2Pn
zykE9ajB0SgwKbalpUHTv0elJB+gubQyUyawOMzJfMRrI5FJtri9rOXCDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIHMUWPBqFBy6DB8OBwkauhnzJiMB8GA1UdIwQY
MBaAFJnOVpoUwts3cvIxh85o5lQewASOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQt
MTA5NTU0NGM2YzUwLzEvUWdjeFJZOEdvVUhMb01IdzRIQ1JxNkdmTW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQtMTA5NTU0NGM2YzUw
LzEvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucTfMA0G
CSqGSIb3DQEBCwUAA4IBAQAyiVr7dzSG7v+6q1cHdulh9iNTt+GxsZO7PEfS0Zi4
7Jp1IhbaukqEnByxkIFzPpgdR34SMMCCLdSGI775sDh1s/OLAMIkkG51ydxTNxiy
Pu9Nzc6BGAMncEQ+JnRhSfASPNMcpiJkdSq9GcEHqA/xryfyPDjOKDPwQ3iyUW0r
BjXZN5bD82f9lB0yBP1Ogw3ZtKxOLTXKy2plnJVet2a8DZ8UXZO7NvOfQa/+4plq
4OJIkayqNO6kak+cMj/IRl/zOTQjDObWRv4s62T2eyUjmtFskUMjhBSMIeiGeypi
o0pz5O1/Ot7rzWIzKLGOfawcRTfOaSAgsd5Xdz19cxsx
-----END CERTIFICATE-----