Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/763921-3cd7-466b-864b-188c4a78cd62/1/Qee5azsYY4N16uiVLrsj67f2Xck.roa
File:                     Qee5azsYY4N16uiVLrsj67f2Xck.roa (raw, json)
Hash identifier:          XGyiHw9/L+phjXtcyMphKJFJtS3Hkh38V319Pyskfgw=
Subject key identifier:   41:E7:B9:6B:3B:18:63:83:75:EA:E8:95:2E:BB:23:EB:B7:F6:5D:C9
Certificate issuer:       /CN=66626623084e6cf116674a3fd0a9951cac0dedc0
Certificate serial:       018CC2DAFB6EAE13C788885A83FFABD9D895
Authority key identifier: 66:62:66:23:08:4E:6C:F1:16:67:4A:3F:D0:A9:95:1C:AC:0D:ED:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZmJmIwhObPEWZ0o_0KmVHKwN7cA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/763921-3cd7-466b-864b-188c4a78cd62/1/Qee5azsYY4N16uiVLrsj67f2Xck.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197312
IP address blocks:        194.147.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/763921-3cd7-466b-864b-188c4a78cd62/1/ZmJmIwhObPEWZ0o_0KmVHKwN7cA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/763921-3cd7-466b-864b-188c4a78cd62/1/ZmJmIwhObPEWZ0o_0KmVHKwN7cA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZmJmIwhObPEWZ0o_0KmVHKwN7cA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fb:6e:ae:13:c7:88:88:5a:83:ff:ab:d9:d8:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66626623084e6cf116674a3fd0a9951cac0dedc0
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41e7b96b3b18638375eae8952ebb23ebb7f65dc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:74:d9:1d:3f:80:01:0f:70:93:10:98:0a:ae:
                    32:dd:36:a3:1f:b8:8b:a8:21:75:91:c2:6d:37:6f:
                    35:43:27:23:bb:22:3b:f2:ba:85:3c:57:ae:9b:2c:
                    a7:9d:06:2f:49:93:d9:16:3c:75:06:5b:c9:1d:22:
                    dd:56:39:82:27:38:ff:8c:0c:6f:91:76:c5:49:ed:
                    b3:d1:92:cc:7c:35:37:fc:fe:74:ca:60:71:0b:be:
                    ee:62:e4:05:2e:b9:82:2a:2d:66:a3:ba:be:da:8a:
                    6e:b0:23:3d:3d:e8:5c:58:1c:c6:ff:33:a5:75:02:
                    5e:ad:c3:d5:39:c5:b4:96:14:80:c5:b5:17:3b:69:
                    db:45:98:4d:99:a0:13:55:b0:59:ea:fd:18:67:a5:
                    54:dd:3c:68:05:52:48:80:a7:87:70:98:65:7f:d4:
                    d5:ca:96:24:f1:2f:e6:28:36:c5:a8:e1:f2:c6:d9:
                    26:73:75:b0:69:51:79:48:bb:19:f3:5d:06:1c:9d:
                    b8:ae:f8:85:73:28:56:20:9a:b8:05:cf:83:18:bd:
                    b1:56:2c:72:37:0c:e0:f7:f8:83:60:f2:45:b0:fd:
                    e4:f1:50:3e:9f:4d:a2:11:05:ec:ca:d7:81:4f:a1:
                    85:0f:fe:96:a3:96:2f:91:a7:41:66:d4:52:35:fc:
                    71:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:E7:B9:6B:3B:18:63:83:75:EA:E8:95:2E:BB:23:EB:B7:F6:5D:C9
            X509v3 Authority Key Identifier:
                keyid:66:62:66:23:08:4E:6C:F1:16:67:4A:3F:D0:A9:95:1C:AC:0D:ED:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZmJmIwhObPEWZ0o_0KmVHKwN7cA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/763921-3cd7-466b-864b-188c4a78cd62/1/Qee5azsYY4N16uiVLrsj67f2Xck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/763921-3cd7-466b-864b-188c4a78cd62/1/ZmJmIwhObPEWZ0o_0KmVHKwN7cA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:cb:83:a3:a1:ed:a2:f7:fe:1e:fe:32:a3:3b:90:3e:59:02:
         63:77:fd:55:a4:ec:bd:05:af:8d:1f:b8:e2:05:07:38:c9:db:
         ae:76:b3:74:db:47:fb:9b:ea:cb:df:77:d0:d5:dc:59:b5:a4:
         51:38:07:e8:e4:7d:6e:ae:e8:ae:f8:b6:11:fe:db:c1:af:df:
         7d:fa:4e:b3:bc:84:0d:f7:bd:72:3f:62:d5:97:18:17:9b:74:
         8e:5d:43:7c:61:f4:b7:c6:c7:f7:7d:78:61:fb:9f:85:fd:6b:
         fb:d2:61:64:bd:66:0d:e0:97:60:b3:d9:0f:99:ec:ec:fb:0c:
         a1:71:fa:ac:16:7a:e4:0e:d8:fd:9a:f5:a0:af:af:b6:2b:5b:
         0b:88:3c:77:13:7f:e0:d7:83:fb:fb:3e:74:d5:3b:42:6b:48:
         fd:00:45:19:c7:78:8a:70:30:64:40:97:d8:0c:36:e3:c7:3c:
         18:20:36:0c:44:39:03:eb:ed:dc:01:f8:73:bf:c9:a2:1d:37:
         9b:9c:96:73:b1:7c:5f:7a:8c:05:dc:5e:c3:ab:ad:c0:62:bd:
         b4:f7:65:75:9b:d1:d7:9d:dc:1b:57:0f:b2:16:eb:01:aa:fb:
         e4:66:bb:88:2c:72:6f:0f:a8:59:33:a7:b8:2a:63:84:47:a2:
         fd:dd:0e:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vturhPHiIhag/+r2diVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NjI2NjIzMDg0ZTZjZjExNjY3NGEzZmQwYTk5NTFjYWMw
ZGVkYzAwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWU3Yjk2YjNiMTg2MzgzNzVlYWU4OTUyZWJiMjNlYmI3ZjY1ZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunTZHT+AAQ9wkxCYCq4y3TajH7iL
qCF1kcJtN281QycjuyI78rqFPFeumyynnQYvSZPZFjx1BlvJHSLdVjmCJzj/jAxv
kXbFSe2z0ZLMfDU3/P50ymBxC77uYuQFLrmCKi1mo7q+2opusCM9PehcWBzG/zOl
dQJercPVOcW0lhSAxbUXO2nbRZhNmaATVbBZ6v0YZ6VU3TxoBVJIgKeHcJhlf9TV
ypYk8S/mKDbFqOHyxtkmc3WwaVF5SLsZ810GHJ24rviFcyhWIJq4Bc+DGL2xVixy
Nwzg9/iDYPJFsP3k8VA+n02iEQXsyteBT6GFD/6Wo5YvkadBZtRSNfxx2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHnuWs7GGODderolS67I+u39l3JMB8GA1UdIwQY
MBaAFGZiZiMITmzxFmdKP9CplRysDe3AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm1KbUl3aE9iUEVXWjBvXzBLbVZIS3dON2NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83NjM5MjEtM2NkNy00NjZiLTg2NGIt
MTg4YzRhNzhjZDYyLzEvUWVlNWF6c1lZNE4xNnVpVkxyc2o2N2YyWGNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83NjM5MjEtM2NkNy00NjZiLTg2NGItMTg4YzRhNzhjZDYy
LzEvWm1KbUl3aE9iUEVXWjBvXzBLbVZIS3dON2NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpP+MA0G
CSqGSIb3DQEBCwUAA4IBAQBpy4Ojoe2i9/4e/jKjO5A+WQJjd/1VpOy9Ba+NH7ji
BQc4yduudrN020f7m+rL33fQ1dxZtaRROAfo5H1uruiu+LYR/tvBr999+k6zvIQN
971yP2LVlxgXm3SOXUN8YfS3xsf3fXhh+5+F/Wv70mFkvWYN4Jdgs9kPmezs+wyh
cfqsFnrkDtj9mvWgr6+2K1sLiDx3E3/g14P7+z501TtCa0j9AEUZx3iKcDBkQJfY
DDbjxzwYIDYMRDkD6+3cAfhzv8miHTebnJZzsXxfeowF3F7Dq63AYr2092V1m9HX
ndwbVw+yFusBqvvkZruILHJvD6hZM6e4KmOER6L93Q5c
-----END CERTIFICATE-----