Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/bec756-1dfe-4374-8607-9d8f0ef5c503/1/QW6syWpnf0vqyILLjJUX4x26ONM.roa
File:                     QW6syWpnf0vqyILLjJUX4x26ONM.roa (raw, json)
Hash identifier:          qFwWEKmzXxAiCGb5bVd4vtSjZ2jjOJwwjqw2pXbW8TQ=
Subject key identifier:   41:6E:AC:C9:6A:67:7F:4B:EA:C8:82:CB:8C:95:17:E3:1D:BA:38:D3
Certificate issuer:       /CN=9d5ecce8c87c4f0a75ba21e5c84f624121e08e32
Certificate serial:       01961FF2DCECD27435EC988B64F67DCE7277
Authority key identifier: 9D:5E:CC:E8:C8:7C:4F:0A:75:BA:21:E5:C8:4F:62:41:21:E0:8E:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nV7M6Mh8Twp1uiHlyE9iQSHgjjI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/bec756-1dfe-4374-8607-9d8f0ef5c503/1/QW6syWpnf0vqyILLjJUX4x26ONM.roa
Signing time:             Thu 10 Apr 2025 13:45:31 +0000
ROA not before:           Thu 10 Apr 2025 13:45:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32787
IP address blocks:        185.118.194.0/24 maxlen: 24
                          185.118.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/bec756-1dfe-4374-8607-9d8f0ef5c503/1/nV7M6Mh8Twp1uiHlyE9iQSHgjjI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/bec756-1dfe-4374-8607-9d8f0ef5c503/1/nV7M6Mh8Twp1uiHlyE9iQSHgjjI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nV7M6Mh8Twp1uiHlyE9iQSHgjjI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 13:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1f:f2:dc:ec:d2:74:35:ec:98:8b:64:f6:7d:ce:72:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5ecce8c87c4f0a75ba21e5c84f624121e08e32
        Validity
            Not Before: Apr 10 13:45:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=416eacc96a677f4beac882cb8c9517e31dba38d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4d:7a:29:f6:80:7a:f0:51:26:51:ee:61:df:
                    50:ad:9e:0c:b4:85:c6:85:1b:90:ec:38:c0:1c:5c:
                    f5:c7:a8:bc:41:c9:3f:3d:d5:a9:7d:6b:af:b1:b4:
                    9c:a5:67:66:08:a2:c3:83:56:d9:c9:86:79:8f:3a:
                    22:d5:3c:14:fd:f2:69:d0:ac:94:94:14:fd:16:a0:
                    59:ad:4e:cc:87:55:94:a8:04:46:fb:e1:f5:02:e8:
                    ed:6f:b9:f2:3a:b2:51:6d:e7:f5:b0:69:2c:84:c2:
                    1c:80:e6:8d:f6:e4:18:a2:ec:84:05:d9:c3:df:8c:
                    c2:8a:e7:8e:6b:a2:6e:dc:87:14:a2:f4:8c:99:2d:
                    68:28:cd:6a:7e:11:06:f7:fc:70:dd:e8:d0:27:35:
                    f3:e4:2c:d4:ea:80:8f:bc:ee:c6:12:fb:4a:65:c0:
                    23:c2:dd:e0:28:cc:3c:23:bb:22:30:f8:e2:e5:bc:
                    70:b8:c5:61:ce:dc:0a:e7:8b:c2:9d:7c:f8:69:33:
                    42:8d:36:b0:98:c1:e6:42:04:b6:de:da:24:df:92:
                    05:82:5a:aa:fe:76:b5:f3:cb:41:84:5a:30:ca:ce:
                    95:70:4d:ba:97:3d:7d:fe:e2:11:d1:2e:1b:7a:8a:
                    65:b8:b9:dd:d4:16:9f:cc:9d:d6:53:c8:a2:61:4f:
                    91:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:6E:AC:C9:6A:67:7F:4B:EA:C8:82:CB:8C:95:17:E3:1D:BA:38:D3
            X509v3 Authority Key Identifier:
                keyid:9D:5E:CC:E8:C8:7C:4F:0A:75:BA:21:E5:C8:4F:62:41:21:E0:8E:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nV7M6Mh8Twp1uiHlyE9iQSHgjjI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/bec756-1dfe-4374-8607-9d8f0ef5c503/1/QW6syWpnf0vqyILLjJUX4x26ONM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/bec756-1dfe-4374-8607-9d8f0ef5c503/1/nV7M6Mh8Twp1uiHlyE9iQSHgjjI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:00:df:44:e6:b3:05:05:a7:55:95:11:1b:4f:0f:e0:84:5b:
         10:40:41:1f:97:42:71:40:2d:9e:df:78:3f:a4:83:43:f5:be:
         fa:ba:12:76:8f:b7:54:fb:07:80:ec:cd:c6:2b:f7:2d:65:cb:
         64:eb:b9:5e:ed:12:98:08:81:28:45:1e:1f:fc:2a:48:d6:57:
         ee:49:29:c0:b4:67:31:65:cd:a2:49:c5:56:d3:86:62:fa:e0:
         43:3e:80:86:26:2e:df:7e:74:d2:32:73:6d:d7:1d:cb:81:50:
         56:06:cd:38:6c:7a:b7:65:1d:b4:6a:a5:aa:8a:ec:44:97:1c:
         35:1e:25:73:8e:53:1b:36:a2:f8:ee:8a:78:6a:38:50:45:04:
         3b:25:73:ec:d9:0b:0e:67:6a:4c:4f:e9:03:c5:90:16:11:26:
         2e:b0:21:af:63:8e:95:06:fd:6a:3e:2b:50:94:0c:e7:3d:22:
         a3:5a:31:d6:4c:61:d1:48:df:0b:bc:06:4f:83:a8:f8:b7:d8:
         96:c3:7b:2d:cb:f8:82:b2:ab:be:68:4d:64:f4:3d:fa:b2:9c:
         34:64:62:a3:a3:5d:b2:70:3f:ff:dc:c0:f0:e4:1b:36:85:4c:
         ce:af:f3:cd:aa:26:13:ba:1a:bc:ee:1e:91:f1:fc:5e:9d:89:
         64:29:27:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYf8tzs0nQ17JiLZPZ9znJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNWVjY2U4Yzg3YzRmMGE3NWJhMjFlNWM4NGY2MjQxMjFl
MDhlMzIwHhcNMjUwNDEwMTM0NTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTZlYWNjOTZhNjc3ZjRiZWFjODgyY2I4Yzk1MTdlMzFkYmEzOGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArk16KfaAevBRJlHuYd9QrZ4MtIXG
hRuQ7DjAHFz1x6i8Qck/PdWpfWuvsbScpWdmCKLDg1bZyYZ5jzoi1TwU/fJp0KyU
lBT9FqBZrU7Mh1WUqARG++H1Aujtb7nyOrJRbef1sGkshMIcgOaN9uQYouyEBdnD
34zCiueOa6Ju3IcUovSMmS1oKM1qfhEG9/xw3ejQJzXz5CzU6oCPvO7GEvtKZcAj
wt3gKMw8I7siMPji5bxwuMVhztwK54vCnXz4aTNCjTawmMHmQgS23tok35IFglqq
/na188tBhFowys6VcE26lz19/uIR0S4beopluLnd1BafzJ3WU8iiYU+RyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFurMlqZ39L6siCy4yVF+MdujjTMB8GA1UdIwQY
MBaAFJ1ezOjIfE8Kdboh5chPYkEh4I4yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblY3TTZNaDhUd3AxdWlIbHlFOWlRU0hnampJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9iZWM3NTYtMWRmZS00Mzc0LTg2MDct
OWQ4ZjBlZjVjNTAzLzEvUVc2c3lXcG5mMHZxeUlMTGpKVVg0eDI2T05NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9iZWM3NTYtMWRmZS00Mzc0LTg2MDctOWQ4ZjBlZjVjNTAz
LzEvblY3TTZNaDhUd3AxdWlIbHlFOWlRU0hnampJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXbCMA0G
CSqGSIb3DQEBCwUAA4IBAQA2AN9E5rMFBadVlREbTw/ghFsQQEEfl0JxQC2e33g/
pIND9b76uhJ2j7dU+weA7M3GK/ctZctk67le7RKYCIEoRR4f/CpI1lfuSSnAtGcx
Zc2iScVW04Zi+uBDPoCGJi7ffnTSMnNt1x3LgVBWBs04bHq3ZR20aqWqiuxElxw1
HiVzjlMbNqL47op4ajhQRQQ7JXPs2QsOZ2pMT+kDxZAWESYusCGvY46VBv1qPitQ
lAznPSKjWjHWTGHRSN8LvAZPg6j4t9iWw3sty/iCsqu+aE1k9D36spw0ZGKjo12y
cD//3MDw5Bs2hUzOr/PNqiYTuhq87h6R8fxenYlkKSdc
-----END CERTIFICATE-----