Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/qZZbtST4xHc2DIVXIeynnxoQX8A.roa
File:                     qZZbtST4xHc2DIVXIeynnxoQX8A.roa (raw, json)
Hash identifier:          QGoMh/GrS0H7Y8dsV957V4aAgbE9u8/b5guwN1AN1bc=
Subject key identifier:   A9:96:5B:B5:24:F8:C4:77:36:0C:85:57:21:EC:A7:9F:1A:10:5F:C0
Certificate issuer:       /CN=296016ad64c22600acf3049f8758f53ebb1e57c4
Certificate serial:       01913256F2D5CEA8DD61F2C3C6CA094E9702
Authority key identifier: 29:60:16:AD:64:C2:26:00:AC:F3:04:9F:87:58:F5:3E:BB:1E:57:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWAWrWTCJgCs8wSfh1j1PrseV8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/qZZbtST4xHc2DIVXIeynnxoQX8A.roa
Signing time:             Thu 08 Aug 2024 14:14:04 +0000
ROA not before:           Thu 08 Aug 2024 14:14:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208226
IP address blocks:        216.87.54.0/24 maxlen: 24
                          2001:678:204::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/KWAWrWTCJgCs8wSfh1j1PrseV8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/KWAWrWTCJgCs8wSfh1j1PrseV8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWAWrWTCJgCs8wSfh1j1PrseV8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:32:56:f2:d5:ce:a8:dd:61:f2:c3:c6:ca:09:4e:97:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296016ad64c22600acf3049f8758f53ebb1e57c4
        Validity
            Not Before: Aug  8 14:14:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9965bb524f8c477360c855721eca79f1a105fc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f9:9c:54:7e:6f:51:91:39:46:08:8b:d2:d8:
                    60:d0:8a:ac:ff:f4:59:1f:67:54:3d:49:b0:3b:0a:
                    e9:79:5a:b2:fb:91:4d:43:24:d3:54:af:f0:30:3d:
                    5d:bd:19:a6:4f:89:4c:e8:fd:03:2b:3b:b5:15:78:
                    f6:c1:62:fd:f6:3c:86:22:78:6b:b3:00:4e:aa:cc:
                    10:5a:01:41:b7:2b:19:84:99:8d:ba:8b:58:46:ea:
                    13:7e:f8:55:51:dc:70:70:1d:3c:f2:b6:d4:81:83:
                    3b:f0:4f:6f:c4:6f:34:ed:b2:a4:be:65:c7:68:54:
                    99:17:7e:b3:d5:25:9a:78:88:d3:8d:19:89:6a:6b:
                    d4:5d:f3:05:7b:d4:d9:e5:b8:1e:58:90:0f:52:79:
                    79:6c:e0:67:2b:52:18:0c:c1:d8:ea:c1:72:16:ea:
                    ad:c3:e7:2b:8b:0d:d1:23:7b:00:f5:9c:02:f3:83:
                    ba:9d:66:e0:12:25:34:68:1e:d1:95:0b:34:1b:1f:
                    31:16:ec:6b:4b:5b:61:9e:27:70:a0:01:cb:5b:b4:
                    f8:ad:7d:c2:30:4f:3d:26:73:a3:cf:17:0a:86:63:
                    e3:fd:ac:23:70:89:12:c3:8a:7a:2a:26:ab:72:23:
                    45:fb:23:fa:97:3c:4d:05:f5:7d:1c:f9:80:4b:aa:
                    1b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:96:5B:B5:24:F8:C4:77:36:0C:85:57:21:EC:A7:9F:1A:10:5F:C0
            X509v3 Authority Key Identifier:
                keyid:29:60:16:AD:64:C2:26:00:AC:F3:04:9F:87:58:F5:3E:BB:1E:57:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWAWrWTCJgCs8wSfh1j1PrseV8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/qZZbtST4xHc2DIVXIeynnxoQX8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/KWAWrWTCJgCs8wSfh1j1PrseV8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.87.54.0/24
                IPv6:
                  2001:678:204::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:9e:3a:01:cc:40:b7:d4:59:d1:28:b9:dd:98:a7:6c:c2:ac:
         14:20:61:38:b4:32:17:11:34:5b:b7:26:37:86:4f:6d:59:ac:
         59:b0:32:c4:7b:34:cb:2f:ec:d2:43:ce:ed:c4:e9:36:c7:61:
         8e:f9:21:59:80:6f:fc:43:d1:cc:66:db:fd:e7:f8:51:59:e4:
         1b:7b:9b:8f:c5:e8:18:ab:ec:3e:8b:4b:63:21:2d:2d:21:7a:
         86:be:44:2e:e7:90:02:81:f9:67:a7:07:bf:05:be:4e:c7:60:
         b5:e3:0a:d0:1a:c1:e9:1e:6c:61:42:76:ee:f8:3a:00:e1:17:
         3b:fe:2f:95:84:a3:2a:c9:3c:54:4d:56:b6:f9:b2:d4:16:99:
         ae:c1:94:dc:34:87:d0:ce:2a:92:e9:7e:cb:71:c1:30:e9:b3:
         c2:6e:68:69:28:ea:3c:5e:d0:34:50:71:a5:97:e6:a4:7f:5d:
         74:81:9f:1d:6a:49:eb:63:58:d2:17:37:0b:ab:d3:77:7a:31:
         01:96:77:bb:87:32:7a:6c:3a:2b:de:74:96:17:e2:2a:7b:0a:
         ae:2b:32:aa:fd:e5:d9:3d:32:d5:c6:8b:d6:7f:c9:93:3b:aa:
         a2:49:38:38:4e:22:14:7c:e9:c8:4e:d8:90:3e:10:b0:ba:1c:
         47:e4:72:8d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZEyVvLVzqjdYfLDxsoJTpcCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjAxNmFkNjRjMjI2MDBhY2YzMDQ5Zjg3NThmNTNlYmIx
ZTU3YzQwHhcNMjQwODA4MTQxNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTk2NWJiNTI0ZjhjNDc3MzYwYzg1NTcyMWVjYTc5ZjFhMTA1ZmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPmcVH5vUZE5RgiL0thg0Iqs//RZ
H2dUPUmwOwrpeVqy+5FNQyTTVK/wMD1dvRmmT4lM6P0DKzu1FXj2wWL99jyGInhr
swBOqswQWgFBtysZhJmNuotYRuoTfvhVUdxwcB088rbUgYM78E9vxG807bKkvmXH
aFSZF36z1SWaeIjTjRmJamvUXfMFe9TZ5bgeWJAPUnl5bOBnK1IYDMHY6sFyFuqt
w+criw3RI3sA9ZwC84O6nWbgEiU0aB7RlQs0Gx8xFuxrS1thnidwoAHLW7T4rX3C
ME89JnOjzxcKhmPj/awjcIkSw4p6KiarciNF+yP6lzxNBfV9HPmAS6obJwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKmWW7Uk+MR3NgyFVyHsp58aEF/AMB8GA1UdIwQY
MBaAFClgFq1kwiYArPMEn4dY9T67HlfEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dBV3JXVENKZ0NzOHdTZmgxajFQcnNlVjhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMzM0ODEtNjYzNC00ZDA5LWJmMTIt
YWI3ZjE0ZGFhZTRmLzEvcVpaYnRTVDR4SGMyRElWWElleW5ueG9RWDhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMzM0ODEtNjYzNC00ZDA5LWJmMTItYWI3ZjE0ZGFhZTRm
LzEvS1dBV3JXVENKZ0NzOHdTZmgxajFQcnNlVjhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA2Fc2MA8E
AgACMAkDBwAgAQZ4AgQwDQYJKoZIhvcNAQELBQADggEBAHieOgHMQLfUWdEoud2Y
p2zCrBQgYTi0MhcRNFu3JjeGT21ZrFmwMsR7NMsv7NJDzu3E6TbHYY75IVmAb/xD
0cxm2/3n+FFZ5Bt7m4/F6Bir7D6LS2MhLS0heoa+RC7nkAKB+WenB78Fvk7HYLXj
CtAawekebGFCdu74OgDhFzv+L5WEoyrJPFRNVrb5stQWma7BlNw0h9DOKpLpfstx
wTDps8JuaGko6jxe0DRQcaWX5qR/XXSBnx1qSetjWNIXNwur03d6MQGWd7uHMnps
OivedJYX4ip7Cq4rMqr95dk9MtXGi9Z/yZM7qqJJODhOIhR86chO2JA+ELC6HEfk
co0=
-----END CERTIFICATE-----