Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/8d02cd-c9b5-401d-a50a-75069ae77326/1/QcxuOqhFkVESeJSn4_JWn1rI97A.roa
File:                     QcxuOqhFkVESeJSn4_JWn1rI97A.roa (raw, json)
Hash identifier:          n/3Q8ZHLJSc/tzSitRasmgvuoQRmsY6YOZM4e1NalRY=
Subject key identifier:   41:CC:6E:3A:A8:45:91:51:12:78:94:A7:E3:F2:56:9F:5A:C8:F7:B0
Certificate issuer:       /CN=984133b31d96b27c1af818114b169c9a5745e094
Certificate serial:       018CC5DC21A72D659E94BDDAB7F3D8684059
Authority key identifier: 98:41:33:B3:1D:96:B2:7C:1A:F8:18:11:4B:16:9C:9A:57:45:E0:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mEEzsx2Wsnwa-BgRSxacmldF4JQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/8d02cd-c9b5-401d-a50a-75069ae77326/1/QcxuOqhFkVESeJSn4_JWn1rI97A.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198991
IP address blocks:        176.122.32.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/8d02cd-c9b5-401d-a50a-75069ae77326/1/mEEzsx2Wsnwa-BgRSxacmldF4JQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/8d02cd-c9b5-401d-a50a-75069ae77326/1/mEEzsx2Wsnwa-BgRSxacmldF4JQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mEEzsx2Wsnwa-BgRSxacmldF4JQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:21:a7:2d:65:9e:94:bd:da:b7:f3:d8:68:40:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=984133b31d96b27c1af818114b169c9a5745e094
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41cc6e3aa8459151127894a7e3f2569f5ac8f7b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:01:dc:21:2f:04:08:39:01:3c:df:5f:50:ee:
                    80:0a:d0:46:5b:ec:28:0f:98:f2:8f:13:67:f2:78:
                    02:74:58:67:8f:49:e6:fb:71:b8:57:43:de:6b:c0:
                    3a:e0:a3:9c:05:4e:16:0f:ed:ff:6f:31:a9:2c:6a:
                    5e:e1:9e:34:ed:05:1f:01:0f:fc:3e:e6:30:be:80:
                    89:ce:54:39:90:0a:34:ca:a8:fe:d7:66:43:64:6a:
                    82:f5:dc:0d:1d:2e:b7:28:38:04:d6:ea:8c:8f:0e:
                    08:e6:b3:bf:63:aa:fd:78:db:4d:92:88:28:dd:2a:
                    76:31:7e:27:96:96:9b:46:e5:47:bf:af:11:ee:bf:
                    24:ae:e2:b0:3c:0a:33:f1:8e:0e:fc:a0:f6:47:e8:
                    f5:06:af:c4:a4:f4:c7:df:09:70:32:de:59:ec:74:
                    f7:11:9e:49:46:a1:d7:a7:28:0b:64:f2:98:5e:0b:
                    e5:cc:f7:d6:f4:96:2a:26:62:73:f6:ab:ad:08:d0:
                    ca:6a:82:5f:10:41:18:7f:1a:53:ee:d9:45:49:89:
                    6e:5a:22:00:9a:df:87:db:df:57:1f:ec:4b:f6:14:
                    4c:14:ba:9d:6a:93:80:92:67:56:f8:0d:6d:57:eb:
                    62:08:61:74:70:2f:29:62:d1:32:3f:e8:72:ba:0e:
                    44:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:CC:6E:3A:A8:45:91:51:12:78:94:A7:E3:F2:56:9F:5A:C8:F7:B0
            X509v3 Authority Key Identifier:
                keyid:98:41:33:B3:1D:96:B2:7C:1A:F8:18:11:4B:16:9C:9A:57:45:E0:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mEEzsx2Wsnwa-BgRSxacmldF4JQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/8d02cd-c9b5-401d-a50a-75069ae77326/1/QcxuOqhFkVESeJSn4_JWn1rI97A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/8d02cd-c9b5-401d-a50a-75069ae77326/1/mEEzsx2Wsnwa-BgRSxacmldF4JQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.122.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         14:30:29:96:53:92:94:d7:b8:86:be:f6:e9:9f:75:de:aa:35:
         66:f1:dc:b5:02:c9:58:ae:9a:ef:63:1b:28:9d:82:47:94:1c:
         64:a3:de:cd:f3:25:42:e8:51:8a:df:3a:b7:ea:e5:2d:c6:cf:
         81:db:ed:9e:80:3e:42:38:2b:10:01:05:78:1a:17:2d:95:fe:
         b1:59:ee:9c:9d:cc:67:f2:5f:d4:5a:d9:e6:9b:f2:57:12:02:
         f0:fc:e7:97:af:90:f1:97:58:10:8f:b3:a4:05:6e:0e:13:1f:
         3d:91:23:97:b4:e6:0e:40:14:92:24:50:ba:8a:67:52:1e:c5:
         5c:85:e6:2c:38:54:c7:4f:99:6b:03:bd:84:94:55:a0:a1:e2:
         bb:91:36:dc:e1:f9:0e:01:f5:6c:0b:c7:85:92:d2:3c:fb:06:
         8b:b2:19:42:a7:87:b7:aa:8c:be:33:e3:25:f0:a9:de:05:0c:
         11:c8:24:e3:22:3f:ef:91:f9:47:23:47:23:03:ab:f4:12:77:
         84:ef:55:0e:ec:35:7d:2d:f3:84:16:4e:e9:e3:8e:44:a9:5d:
         45:02:69:8a:60:74:e9:10:54:71:24:d6:d5:96:b4:1f:59:8b:
         35:84:c6:95:c1:0d:c9:ef:b3:fd:be:2f:9f:1d:95:7b:92:11:
         8c:72:ff:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CGnLWWelL3at/PYaEBZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NDEzM2IzMWQ5NmIyN2MxYWY4MTgxMTRiMTY5YzlhNTc0
NWUwOTQwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWNjNmUzYWE4NDU5MTUxMTI3ODk0YTdlM2YyNTY5ZjVhYzhmN2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAHcIS8ECDkBPN9fUO6ACtBGW+wo
D5jyjxNn8ngCdFhnj0nm+3G4V0Pea8A64KOcBU4WD+3/bzGpLGpe4Z407QUfAQ/8
PuYwvoCJzlQ5kAo0yqj+12ZDZGqC9dwNHS63KDgE1uqMjw4I5rO/Y6r9eNtNkogo
3Sp2MX4nlpabRuVHv68R7r8kruKwPAoz8Y4O/KD2R+j1Bq/EpPTH3wlwMt5Z7HT3
EZ5JRqHXpygLZPKYXgvlzPfW9JYqJmJz9qutCNDKaoJfEEEYfxpT7tlFSYluWiIA
mt+H299XH+xL9hRMFLqdapOAkmdW+A1tV+tiCGF0cC8pYtEyP+hyug5ErQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHMbjqoRZFREniUp+PyVp9ayPewMB8GA1UdIwQY
MBaAFJhBM7MdlrJ8GvgYEUsWnJpXReCUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUVFenN4MldzbndhLUJnUlN4YWNtbGRGNEpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC84ZDAyY2QtYzliNS00MDFkLWE1MGEt
NzUwNjlhZTc3MzI2LzEvUWN4dU9xaEZrVkVTZUpTbjRfSlduMXJJOTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC84ZDAyY2QtYzliNS00MDFkLWE1MGEtNzUwNjlhZTc3MzI2
LzEvbUVFenN4MldzbndhLUJnUlN4YWNtbGRGNEpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEsHogMA0G
CSqGSIb3DQEBCwUAA4IBAQAUMCmWU5KU17iGvvbpn3XeqjVm8dy1AslYrprvYxso
nYJHlBxko97N8yVC6FGK3zq36uUtxs+B2+2egD5COCsQAQV4Ghctlf6xWe6cncxn
8l/UWtnmm/JXEgLw/OeXr5Dxl1gQj7OkBW4OEx89kSOXtOYOQBSSJFC6imdSHsVc
heYsOFTHT5lrA72ElFWgoeK7kTbc4fkOAfVsC8eFktI8+waLshlCp4e3qoy+M+Ml
8KneBQwRyCTjIj/vkflHI0cjA6v0EneE71UO7DV9LfOEFk7p445EqV1FAmmKYHTp
EFRxJNbVlrQfWYs1hMaVwQ3J77P9vi+fHZV7khGMcv9m
-----END CERTIFICATE-----