Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/44aac4-45f4-4d19-8c15-3623b9b50f96/1/Q_ims3iMsd_-X6SLZymyMfxiqeY.roa
File:                     Q_ims3iMsd_-X6SLZymyMfxiqeY.roa (raw, json)
Hash identifier:          qoveLZ9hvSpmFj9tGEU+xhgVHHwSYMsdMzy4SgEKACs=
Subject key identifier:   43:F8:A6:B3:78:8C:B1:DF:FE:5F:A4:8B:67:29:B2:31:FC:62:A9:E6
Certificate issuer:       /CN=72c293760a734018cdd2a07f1d8bd54f27df680a
Certificate serial:       018CC6B923085EAAE4BAB00A2C29BBB480AF
Authority key identifier: 72:C2:93:76:0A:73:40:18:CD:D2:A0:7F:1D:8B:D5:4F:27:DF:68:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/csKTdgpzQBjN0qB_HYvVTyffaAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/44aac4-45f4-4d19-8c15-3623b9b50f96/1/Q_ims3iMsd_-X6SLZymyMfxiqeY.roa
Signing time:             Mon 01 Jan 2024 20:31:11 +0000
ROA not before:           Mon 01 Jan 2024 20:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49014
IP address blocks:        194.107.232.0/21 maxlen: 21
                          194.107.240.0/21 maxlen: 21
                          2001:67c:2c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/44aac4-45f4-4d19-8c15-3623b9b50f96/1/csKTdgpzQBjN0qB_HYvVTyffaAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/44aac4-45f4-4d19-8c15-3623b9b50f96/1/csKTdgpzQBjN0qB_HYvVTyffaAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/csKTdgpzQBjN0qB_HYvVTyffaAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:23:08:5e:aa:e4:ba:b0:0a:2c:29:bb:b4:80:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72c293760a734018cdd2a07f1d8bd54f27df680a
        Validity
            Not Before: Jan  1 20:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43f8a6b3788cb1dffe5fa48b6729b231fc62a9e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:0f:e6:04:90:c2:1b:27:42:ff:a6:2d:32:28:
                    94:b9:60:38:ec:bd:42:d7:ed:24:08:e5:39:41:44:
                    18:36:af:3e:5f:ce:79:28:7d:2b:cb:21:09:f4:54:
                    89:08:8b:27:94:f5:a2:74:42:a6:68:c6:29:5e:40:
                    57:86:04:10:17:de:77:3c:4a:fc:42:df:43:c9:1f:
                    c8:2e:9b:bd:1a:3d:d5:ef:f5:48:fc:8b:61:03:54:
                    d1:98:ce:90:c8:67:36:26:4c:d9:7f:7e:9c:a0:bd:
                    02:fd:16:0e:40:06:ae:67:ba:1a:ae:67:9f:4e:a2:
                    2a:58:c7:39:63:35:0a:5e:58:73:07:0b:d5:6f:ec:
                    38:67:09:f3:06:d9:2a:c7:71:fe:70:02:3e:9a:fd:
                    49:31:09:18:7c:64:e7:76:4e:50:cc:98:7c:87:28:
                    0f:cb:83:2c:34:6a:99:07:3d:89:0d:51:21:f8:01:
                    c8:6f:e6:6b:0b:a5:c9:31:62:bf:37:5e:5f:1e:a7:
                    56:5d:be:40:39:9e:ef:71:ae:c6:d7:52:e2:aa:42:
                    1b:2a:93:48:b0:2e:22:31:87:bc:d7:7b:da:55:69:
                    b5:b5:51:04:ea:75:4b:35:ac:78:66:03:ce:6c:57:
                    b4:97:ec:43:24:33:bf:29:25:a1:79:ad:44:b5:71:
                    17:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:F8:A6:B3:78:8C:B1:DF:FE:5F:A4:8B:67:29:B2:31:FC:62:A9:E6
            X509v3 Authority Key Identifier:
                keyid:72:C2:93:76:0A:73:40:18:CD:D2:A0:7F:1D:8B:D5:4F:27:DF:68:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/csKTdgpzQBjN0qB_HYvVTyffaAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/44aac4-45f4-4d19-8c15-3623b9b50f96/1/Q_ims3iMsd_-X6SLZymyMfxiqeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/44aac4-45f4-4d19-8c15-3623b9b50f96/1/csKTdgpzQBjN0qB_HYvVTyffaAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.107.232.0-194.107.247.255
                IPv6:
                  2001:67c:2c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:3c:28:9d:c3:c6:eb:34:48:29:5a:de:95:cf:63:78:b9:47:
         bf:e8:d7:43:34:d3:30:e2:6a:6c:64:b7:85:84:79:d1:43:af:
         33:5a:2c:43:89:da:7e:ac:f8:dc:6f:6a:8a:b6:b5:b6:38:32:
         39:9b:c6:0f:f7:a9:de:50:13:95:1b:b7:e6:72:78:a6:c9:3b:
         30:b4:26:2e:77:09:4c:51:89:7d:56:2f:7e:02:b8:a9:83:d8:
         6c:9d:76:c9:a7:fe:d7:18:51:81:a1:0a:de:f8:18:72:de:46:
         9c:1d:1b:a2:23:f7:99:38:89:eb:bd:79:41:a8:87:58:b4:d2:
         12:fc:5d:9a:46:ae:e2:ac:9e:f7:87:aa:de:8d:04:99:69:e6:
         47:20:40:c7:97:23:88:32:58:b2:d5:61:56:46:f0:bc:c9:a7:
         81:20:9f:ec:f4:70:13:37:4e:b5:80:78:e0:7b:ca:f6:60:88:
         e7:79:19:f2:ee:72:27:5c:92:c5:3e:6f:60:e3:84:3e:5e:df:
         48:cd:01:3c:f5:2f:bc:a3:46:8f:33:ec:87:60:b7:ab:fc:a4:
         4f:91:23:8a:e4:51:b3:17:c4:50:16:20:eb:df:25:3d:62:46:
         64:47:e4:b9:48:35:30:a7:a0:e9:5d:fc:fe:d6:3d:b6:76:d4:
         ca:32:ba:2d
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYzGuSMIXqrkurAKLCm7tICvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYzI5Mzc2MGE3MzQwMThjZGQyYTA3ZjFkOGJkNTRmMjdk
ZjY4MGEwHhcNMjQwMTAxMjAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2Y4YTZiMzc4OGNiMWRmZmU1ZmE0OGI2NzI5YjIzMWZjNjJhOWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhw/mBJDCGydC/6YtMiiUuWA47L1C
1+0kCOU5QUQYNq8+X855KH0ryyEJ9FSJCIsnlPWidEKmaMYpXkBXhgQQF953PEr8
Qt9DyR/ILpu9Gj3V7/VI/IthA1TRmM6QyGc2JkzZf36coL0C/RYOQAauZ7oarmef
TqIqWMc5YzUKXlhzBwvVb+w4ZwnzBtkqx3H+cAI+mv1JMQkYfGTndk5QzJh8hygP
y4MsNGqZBz2JDVEh+AHIb+ZrC6XJMWK/N15fHqdWXb5AOZ7vca7G11LiqkIbKpNI
sC4iMYe813vaVWm1tVEE6nVLNax4ZgPObFe0l+xDJDO/KSWhea1EtXEXVwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFEP4prN4jLHf/l+ki2cpsjH8YqnmMB8GA1UdIwQY
MBaAFHLCk3YKc0AYzdKgfx2L1U8n32gKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3NLVGRncHpRQmpOMHFCX0hZdlZUeWZmYUFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS80NGFhYzQtNDVmNC00ZDE5LThjMTUt
MzYyM2I5YjUwZjk2LzEvUV9pbXMzaU1zZF8tWDZTTFp5bXlNZnhpcWVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS80NGFhYzQtNDVmNC00ZDE5LThjMTUtMzYyM2I5YjUwZjk2
LzEvY3NLVGRncHpRQmpOMHFCX0hZdlZUeWZmYUFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAPCa+gD
BAPCa/AwDwQCAAIwCQMHACABBnwCwDANBgkqhkiG9w0BAQsFAAOCAQEAmzwoncPG
6zRIKVrelc9jeLlHv+jXQzTTMOJqbGS3hYR50UOvM1osQ4nafqz43G9qira1tjgy
OZvGD/ep3lATlRu35nJ4psk7MLQmLncJTFGJfVYvfgK4qYPYbJ12yaf+1xhRgaEK
3vgYct5GnB0boiP3mTiJ6715QaiHWLTSEvxdmkau4qye94eq3o0EmWnmRyBAx5cj
iDJYstVhVkbwvMmngSCf7PRwEzdOtYB44HvK9mCI53kZ8u5yJ1ySxT5vYOOEPl7f
SM0BPPUvvKNGjzPsh2C3q/ykT5EjiuRRsxfEUBYg698lPWJGZEfkuUg1MKeg6V38
/tY9tnbUyjK6LQ==
-----END CERTIFICATE-----