Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/pQ1xpkkoI9PCIFalLU_rxIiI4Uk.roa
File:                     pQ1xpkkoI9PCIFalLU_rxIiI4Uk.roa (raw, json)
Hash identifier:          d4HW5inbIQ6jCbHfcwW8bw196Rt9dBCKOm1bouEThSY=
Subject key identifier:   A5:0D:71:A6:49:28:23:D3:C2:20:56:A5:2D:4F:EB:C4:88:88:E1:49
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019424B2E79C5540384B6E08C11F11E40B43
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/pQ1xpkkoI9PCIFalLU_rxIiI4Uk.roa
Signing time:             Thu 02 Jan 2025 01:48:12 +0000
ROA not before:           Thu 02 Jan 2025 01:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20548
IP address blocks:        159.148.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:e7:9c:55:40:38:4b:6e:08:c1:1f:11:e4:0b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 01:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a50d71a6492823d3c22056a52d4febc48888e149
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e0:dd:2a:3e:fa:74:fc:cb:f4:00:73:fe:33:
                    6e:ac:ff:78:74:44:88:6e:16:2e:2b:4e:f6:90:ec:
                    dd:70:a6:a9:b9:26:1e:60:fc:93:a9:b1:3b:fe:26:
                    2a:97:5a:43:b4:a0:5f:8e:2e:a1:7c:d8:c2:c3:c5:
                    44:73:cb:06:cf:ad:11:3c:d0:a2:59:a3:3f:e2:2c:
                    42:db:77:f6:62:f8:63:e0:7d:85:71:f1:72:e5:9d:
                    9c:d1:2c:94:65:36:5b:52:1d:cf:27:42:46:b4:54:
                    42:eb:38:f7:1e:f7:98:26:a3:fa:8b:2b:8e:ca:d1:
                    eb:f3:0a:b8:b1:e3:30:b4:e9:d1:40:29:05:fb:16:
                    37:b8:45:73:a2:8c:2f:8b:2d:cd:32:91:47:aa:66:
                    c3:21:02:aa:be:ef:0e:b1:26:42:a0:4a:f4:06:1d:
                    07:40:21:86:ac:4a:66:d6:f6:24:ca:21:bd:5d:9b:
                    0f:d3:58:ba:9d:51:55:1d:94:a7:d2:e2:45:55:7b:
                    2d:c1:9a:8d:a3:d4:fd:87:a3:9c:da:fa:87:66:64:
                    2f:4e:9c:93:19:8f:14:3f:df:25:b0:cf:f2:71:ad:
                    89:d9:32:56:a7:86:48:22:42:e9:76:21:bb:ee:2f:
                    db:e9:bd:da:24:a1:52:86:81:19:dd:33:e7:21:c2:
                    01:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:0D:71:A6:49:28:23:D3:C2:20:56:A5:2D:4F:EB:C4:88:88:E1:49
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/pQ1xpkkoI9PCIFalLU_rxIiI4Uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:60:2f:c8:c0:17:2c:bc:5c:f2:83:29:2b:a6:7d:21:03:dd:
         08:34:9b:32:27:93:44:dc:5b:76:29:aa:57:59:43:06:3b:f9:
         65:5b:1f:d5:14:27:d0:42:01:6c:3e:7d:8a:f9:62:33:3e:36:
         ce:b3:65:af:3b:be:80:45:ce:2b:b5:a9:c0:a1:6f:98:78:d0:
         56:4f:9a:ba:0b:1a:aa:cb:0c:19:16:99:a9:b3:83:97:7d:f9:
         33:5f:b9:05:54:4e:ad:90:ad:3c:7f:2d:36:75:ad:5e:8a:ff:
         b2:b5:e1:6c:5d:1d:93:51:14:51:8a:fc:3f:5b:ee:96:c2:26:
         55:1b:89:be:9c:53:c0:b9:76:f2:bb:a8:30:46:5a:ee:0f:f7:
         ed:e7:f9:26:a4:d1:4f:90:67:6c:1d:2f:cb:f7:72:37:bd:80:
         c6:be:1d:b8:31:2d:d2:dc:27:37:dc:24:a8:fe:68:b5:51:e5:
         3e:91:be:b2:67:07:0f:44:8b:0e:30:59:c6:fe:5b:42:83:4f:
         fa:11:91:53:be:f0:1e:24:64:e6:c6:2c:49:3b:9d:5a:aa:bc:
         ab:fa:9a:e6:2b:4d:d9:5b:33:c3:38:d9:59:db:d0:8d:25:14:
         47:8a:80:e2:b3:e7:d6:99:25:6e:df:b9:91:cb:0b:80:1e:07:
         6a:f3:90:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksuecVUA4S24IwR8R5AtDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwMTAyMDE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTBkNzFhNjQ5MjgyM2QzYzIyMDU2YTUyZDRmZWJjNDg4ODhlMTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuODdKj76dPzL9ABz/jNurP94dESI
bhYuK072kOzdcKapuSYeYPyTqbE7/iYql1pDtKBfji6hfNjCw8VEc8sGz60RPNCi
WaM/4ixC23f2Yvhj4H2FcfFy5Z2c0SyUZTZbUh3PJ0JGtFRC6zj3HveYJqP6iyuO
ytHr8wq4seMwtOnRQCkF+xY3uEVzoowviy3NMpFHqmbDIQKqvu8OsSZCoEr0Bh0H
QCGGrEpm1vYkyiG9XZsP01i6nVFVHZSn0uJFVXstwZqNo9T9h6Oc2vqHZmQvTpyT
GY8UP98lsM/yca2J2TJWp4ZIIkLpdiG77i/b6b3aJKFShoEZ3TPnIcIBxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKUNcaZJKCPTwiBWpS1P68SIiOFJMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvcFExeHBra29JOVBDSUZhbExVX3J4SWlJNFVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5QXMA0G
CSqGSIb3DQEBCwUAA4IBAQCNYC/IwBcsvFzygykrpn0hA90INJsyJ5NE3Ft2KapX
WUMGO/llWx/VFCfQQgFsPn2K+WIzPjbOs2WvO76ARc4rtanAoW+YeNBWT5q6Cxqq
ywwZFpmps4OXffkzX7kFVE6tkK08fy02da1eiv+yteFsXR2TURRRivw/W+6WwiZV
G4m+nFPAuXbyu6gwRlruD/ft5/kmpNFPkGdsHS/L93I3vYDGvh24MS3S3Cc33CSo
/mi1UeU+kb6yZwcPRIsOMFnG/ltCg0/6EZFTvvAeJGTmxixJO51aqryr+prmK03Z
WzPDONlZ29CNJRRHioDis+fWmSVu37mRywuAHgdq85AA
-----END CERTIFICATE-----