Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/QMPLXBS-VmGpy_F-fyyv3btDcY4.roa
File:                     QMPLXBS-VmGpy_F-fyyv3btDcY4.roa (raw, json)
Hash identifier:          Do8/kKMA1L3e1fH/7pixN2jXPYbV2yasdAFAwhssnGs=
Subject key identifier:   40:C3:CB:5C:14:BE:56:61:A9:CB:F1:7E:7F:2C:AF:DD:BB:43:71:8E
Certificate issuer:       /CN=d3367dba3a220060e67d4ec680b0f99f247a872c
Certificate serial:       018CC500653B453B29C39F5A961935107F61
Authority key identifier: D3:36:7D:BA:3A:22:00:60:E6:7D:4E:C6:80:B0:F9:9F:24:7A:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/QMPLXBS-VmGpy_F-fyyv3btDcY4.roa
Signing time:             Mon 01 Jan 2024 12:29:46 +0000
ROA not before:           Mon 01 Jan 2024 12:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        176.116.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:65:3b:45:3b:29:c3:9f:5a:96:19:35:10:7f:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3367dba3a220060e67d4ec680b0f99f247a872c
        Validity
            Not Before: Jan  1 12:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40c3cb5c14be5661a9cbf17e7f2cafddbb43718e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6a:4e:d1:ba:96:e9:24:10:2c:53:4c:72:f0:
                    13:c9:4f:af:60:df:91:ba:78:0c:6f:f3:ed:4d:ff:
                    1b:63:95:1b:a1:9a:dd:3f:0a:ed:7a:35:ed:5d:e8:
                    e2:99:5c:ec:95:92:30:3f:be:50:78:d6:bb:ca:f5:
                    5a:85:42:d4:61:b6:3c:d3:8b:47:89:1e:b5:69:98:
                    e7:d6:2c:03:27:f0:87:66:55:b9:8d:01:fb:f8:d1:
                    bc:92:e4:75:f5:3b:5b:d2:f2:78:a1:99:fc:b5:f7:
                    4b:81:1e:90:62:88:20:92:1f:55:53:ca:37:37:aa:
                    77:7c:0a:57:ac:f8:c3:7e:16:1d:4a:ce:e5:ae:98:
                    6f:35:c5:39:36:96:da:4a:27:93:ec:98:8a:e3:13:
                    83:8f:3f:23:11:ac:a2:90:c2:c6:ee:33:c4:f5:1e:
                    18:8d:af:6b:6b:62:1f:c6:54:4c:d9:36:94:d5:ef:
                    40:75:e5:58:71:03:c1:83:96:61:15:45:a8:2b:34:
                    70:03:21:4f:38:1c:09:a2:be:26:d9:67:b0:79:74:
                    ce:c2:60:45:e7:e5:34:9d:be:09:57:2d:75:bf:1b:
                    61:29:33:e3:56:c8:d4:26:6c:ca:cf:dd:57:74:65:
                    cd:ec:c2:43:df:33:7a:2e:54:ea:d0:5c:ed:c5:16:
                    e7:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:C3:CB:5C:14:BE:56:61:A9:CB:F1:7E:7F:2C:AF:DD:BB:43:71:8E
            X509v3 Authority Key Identifier:
                keyid:D3:36:7D:BA:3A:22:00:60:E6:7D:4E:C6:80:B0:F9:9F:24:7A:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/QMPLXBS-VmGpy_F-fyyv3btDcY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:63:69:50:70:3f:cd:89:3e:88:17:95:6f:d1:34:88:f4:a3:
         89:0f:c7:d0:27:b5:ac:a9:76:5b:c9:98:b5:7e:66:b5:04:69:
         c3:b4:7b:fd:f6:2e:14:4e:1c:e2:b4:e4:e5:ce:34:d2:12:74:
         64:ce:2e:cd:fc:43:43:cd:2d:9a:b1:28:2c:57:57:b9:d7:31:
         23:6d:47:0a:bb:40:48:f0:fb:6e:9c:49:87:89:aa:a2:c2:a1:
         39:11:d8:c4:62:96:90:a2:ef:b9:ca:4e:8c:ca:a6:1d:54:20:
         5b:d5:c5:35:92:19:14:14:84:a0:07:e0:75:2e:41:da:a4:35:
         24:60:03:91:fc:46:fb:63:20:41:76:3e:63:55:26:00:48:88:
         cf:f3:bd:37:bd:25:9a:d2:28:a2:33:4f:11:ec:62:84:c1:ef:
         cf:61:c2:f6:2d:a2:c0:a3:a1:d7:a4:9e:a9:53:bf:02:ef:3f:
         df:66:f3:93:e6:46:02:41:c5:6b:5a:cd:7c:9a:35:63:50:33:
         d6:0e:5c:c7:3f:18:3b:4d:db:a7:b2:81:8b:39:01:e7:ec:b1:
         ab:43:a7:e0:cc:57:53:b3:e8:b5:7a:86:b3:63:dd:e7:4a:3d:
         63:ee:d3:4a:86:e1:13:1d:d4:e4:4d:c9:1c:32:1b:c7:d8:99:
         b8:db:7a:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAGU7RTspw59alhk1EH9hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMzY3ZGJhM2EyMjAwNjBlNjdkNGVjNjgwYjBmOTlmMjQ3
YTg3MmMwHhcNMjQwMTAxMTIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGMzY2I1YzE0YmU1NjYxYTljYmYxN2U3ZjJjYWZkZGJiNDM3MThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWpO0bqW6SQQLFNMcvATyU+vYN+R
ungMb/PtTf8bY5UboZrdPwrtejXtXejimVzslZIwP75QeNa7yvVahULUYbY804tH
iR61aZjn1iwDJ/CHZlW5jQH7+NG8kuR19Ttb0vJ4oZn8tfdLgR6QYoggkh9VU8o3
N6p3fApXrPjDfhYdSs7lrphvNcU5NpbaSieT7JiK4xODjz8jEayikMLG7jPE9R4Y
ja9ra2IfxlRM2TaU1e9AdeVYcQPBg5ZhFUWoKzRwAyFPOBwJor4m2WeweXTOwmBF
5+U0nb4JVy11vxthKTPjVsjUJmzKz91XdGXN7MJD3zN6LlTq0FztxRbnWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDDy1wUvlZhqcvxfn8sr927Q3GOMB8GA1UdIwQY
MBaAFNM2fbo6IgBg5n1OxoCw+Z8keocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHpaOXVqb2lBR0RtZlU3R2dMRDVueVI2aHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9hYzQxMGEtNDlhMC00ZTM4LWFlM2It
NWNhNWJmNjdlNjlkLzEvUU1QTFhCUy1WbUdweV9GLWZ5eXYzYnREY1k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9hYzQxMGEtNDlhMC00ZTM4LWFlM2ItNWNhNWJmNjdlNjlk
LzEvMHpaOXVqb2lBR0RtZlU3R2dMRDVueVI2aHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHQVMA0G
CSqGSIb3DQEBCwUAA4IBAQBqY2lQcD/NiT6IF5Vv0TSI9KOJD8fQJ7WsqXZbyZi1
fma1BGnDtHv99i4UThzitOTlzjTSEnRkzi7N/ENDzS2asSgsV1e51zEjbUcKu0BI
8PtunEmHiaqiwqE5EdjEYpaQou+5yk6MyqYdVCBb1cU1khkUFISgB+B1LkHapDUk
YAOR/Eb7YyBBdj5jVSYASIjP8703vSWa0iiiM08R7GKEwe/PYcL2LaLAo6HXpJ6p
U78C7z/fZvOT5kYCQcVrWs18mjVjUDPWDlzHPxg7TdunsoGLOQHn7LGrQ6fgzFdT
s+i1eoazY93nSj1j7tNKhuETHdTkTckcMhvH2Jm423qx
-----END CERTIFICATE-----