Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/df8551-3f9f-44b2-b7e4-886593f7dce0/1/wqgIahTiUfpB5-vEurFskts5IVA.roa
File:                     wqgIahTiUfpB5-vEurFskts5IVA.roa (raw, json)
Hash identifier:          XTqqN0VPVFji7V2+PpE1m4lwBVLsT9DZSImWN2tqtPU=
Subject key identifier:   C2:A8:08:6A:14:E2:51:FA:41:E7:EB:C4:BA:B1:6C:92:DB:39:21:50
Certificate issuer:       /CN=a98cfb9b5f445fd2f6ccfa179c37c53449b2af06
Certificate serial:       01941FFA0F6FE9D4A8CC5971E7040AAC6351
Authority key identifier: A9:8C:FB:9B:5F:44:5F:D2:F6:CC:FA:17:9C:37:C5:34:49:B2:AF:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qYz7m19EX9L2zPoXnDfFNEmyrwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/df8551-3f9f-44b2-b7e4-886593f7dce0/1/wqgIahTiUfpB5-vEurFskts5IVA.roa
Signing time:             Wed 01 Jan 2025 03:47:49 +0000
ROA not before:           Wed 01 Jan 2025 03:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210498
IP address blocks:        185.140.239.0/24 maxlen: 24
                          2a05:37c7::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/df8551-3f9f-44b2-b7e4-886593f7dce0/1/qYz7m19EX9L2zPoXnDfFNEmyrwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/df8551-3f9f-44b2-b7e4-886593f7dce0/1/qYz7m19EX9L2zPoXnDfFNEmyrwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qYz7m19EX9L2zPoXnDfFNEmyrwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 12:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:0f:6f:e9:d4:a8:cc:59:71:e7:04:0a:ac:63:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a98cfb9b5f445fd2f6ccfa179c37c53449b2af06
        Validity
            Not Before: Jan  1 03:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2a8086a14e251fa41e7ebc4bab16c92db392150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:0c:ee:21:70:95:27:00:9c:65:13:ac:ed:63:
                    7a:ee:95:5b:08:5d:35:df:37:79:35:9a:b7:f7:cb:
                    cc:3c:87:ab:14:ed:bb:10:5b:3e:18:f4:3f:bb:29:
                    8e:f3:3f:62:13:20:e4:ec:dd:2f:05:82:05:9c:50:
                    46:1d:50:36:3a:64:e9:1e:5e:4d:35:62:9b:bd:8b:
                    7b:2a:37:5d:18:92:80:6c:25:a6:7a:08:4d:d7:59:
                    df:f6:23:42:39:de:4e:0b:96:bc:2a:e8:8c:cb:08:
                    a5:c3:02:e7:44:cf:5f:de:17:92:54:87:6d:5c:ad:
                    43:4b:22:0c:41:38:65:34:34:3a:30:81:c1:ca:66:
                    be:48:05:7d:22:22:63:c2:91:5a:74:27:7c:74:c9:
                    f9:f9:33:13:26:b3:8c:87:ba:40:51:6d:4f:2f:d1:
                    f3:c8:f9:81:94:09:39:a5:e4:52:59:42:2e:e0:0f:
                    16:a1:f5:b0:42:54:17:7e:74:59:c2:89:05:f4:96:
                    33:30:88:e2:f0:24:fe:61:99:90:fd:4d:af:da:f6:
                    52:3e:6e:dc:e2:74:36:c7:a1:10:33:f4:4f:f5:c4:
                    16:66:07:e3:8f:93:62:98:3d:2a:e8:92:bc:a4:40:
                    28:e6:3a:0f:26:73:52:1d:be:f7:b2:d2:ca:bf:71:
                    4f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:A8:08:6A:14:E2:51:FA:41:E7:EB:C4:BA:B1:6C:92:DB:39:21:50
            X509v3 Authority Key Identifier:
                keyid:A9:8C:FB:9B:5F:44:5F:D2:F6:CC:FA:17:9C:37:C5:34:49:B2:AF:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYz7m19EX9L2zPoXnDfFNEmyrwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/df8551-3f9f-44b2-b7e4-886593f7dce0/1/wqgIahTiUfpB5-vEurFskts5IVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/df8551-3f9f-44b2-b7e4-886593f7dce0/1/qYz7m19EX9L2zPoXnDfFNEmyrwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.239.0/24
                IPv6:
                  2a05:37c7::/40

    Signature Algorithm: sha256WithRSAEncryption
         8b:bb:a1:79:8a:d9:d2:45:c5:62:e0:97:8f:a1:f1:b0:c7:70:
         6f:e9:5d:79:d8:19:30:5c:c4:ac:6f:ff:48:98:df:bd:06:b5:
         a4:99:d8:8f:fa:0d:7c:df:f9:c2:4f:3d:86:6f:c8:38:d2:37:
         79:cb:d2:f3:b0:31:b5:13:35:ba:75:82:5e:ec:14:22:64:6a:
         fb:d4:a3:cb:73:3a:98:3e:5a:94:69:4c:d0:f2:fd:04:6a:df:
         cb:60:04:ad:02:c2:bc:61:a6:2d:71:be:58:5b:15:ad:03:e6:
         5a:3c:b5:e2:e6:48:0e:36:26:73:82:b5:12:87:c7:dd:55:af:
         63:84:4b:83:8f:3f:04:4f:b7:72:81:45:cf:f4:a1:8f:03:18:
         e1:1c:0e:71:d0:67:71:ea:f1:fd:84:60:9f:fd:0d:6c:45:60:
         72:c2:bc:a0:13:13:6b:59:98:38:ab:ab:2c:a0:2e:34:87:0c:
         8f:1c:55:c2:16:36:65:39:30:a2:98:17:be:cf:43:50:a5:14:
         ae:a5:99:b7:f0:dd:99:f6:1e:1e:a0:3d:7c:3c:37:e1:c1:78:
         a0:98:4d:2c:a5:b1:0f:ae:59:8e:4d:d0:1d:de:f8:aa:17:58:
         4e:02:ae:bf:b7:31:dd:16:50:4f:61:a3:6a:c0:68:3b:cd:83:
         b7:41:a7:ec
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQf+g9v6dSozFlx5wQKrGNRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5OGNmYjliNWY0NDVmZDJmNmNjZmExNzljMzdjNTM0NDli
MmFmMDYwHhcNMjUwMTAxMDM0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmE4MDg2YTE0ZTI1MWZhNDFlN2ViYzRiYWIxNmM5MmRiMzkyMTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QzuIXCVJwCcZROs7WN67pVbCF01
3zd5NZq398vMPIerFO27EFs+GPQ/uymO8z9iEyDk7N0vBYIFnFBGHVA2OmTpHl5N
NWKbvYt7KjddGJKAbCWmeghN11nf9iNCOd5OC5a8KuiMywilwwLnRM9f3heSVIdt
XK1DSyIMQThlNDQ6MIHByma+SAV9IiJjwpFadCd8dMn5+TMTJrOMh7pAUW1PL9Hz
yPmBlAk5peRSWUIu4A8WofWwQlQXfnRZwokF9JYzMIji8CT+YZmQ/U2v2vZSPm7c
4nQ2x6EQM/RP9cQWZgfjj5NimD0q6JK8pEAo5joPJnNSHb73stLKv3FPTQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFMKoCGoU4lH6QefrxLqxbJLbOSFQMB8GA1UdIwQY
MBaAFKmM+5tfRF/S9sz6F5w3xTRJsq8GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVl6N20xOUVYOUwyelBvWG5EZkZORW15cndZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9kZjg1NTEtM2Y5Zi00NGIyLWI3ZTQt
ODg2NTkzZjdkY2UwLzEvd3FnSWFoVGlVZnBCNS12RXVyRnNrdHM1SVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9kZjg1NTEtM2Y5Zi00NGIyLWI3ZTQtODg2NTkzZjdkY2Uw
LzEvcVl6N20xOUVYOUwyelBvWG5EZkZORW15cndZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuYzvMA4E
AgACMAgDBgAqBTfHADANBgkqhkiG9w0BAQsFAAOCAQEAi7uheYrZ0kXFYuCXj6Hx
sMdwb+ldedgZMFzErG//SJjfvQa1pJnYj/oNfN/5wk89hm/IONI3ecvS87AxtRM1
unWCXuwUImRq+9Sjy3M6mD5alGlM0PL9BGrfy2AErQLCvGGmLXG+WFsVrQPmWjy1
4uZIDjYmc4K1EofH3VWvY4RLg48/BE+3coFFz/ShjwMY4RwOcdBncerx/YRgn/0N
bEVgcsK8oBMTa1mYOKurLKAuNIcMjxxVwhY2ZTkwopgXvs9DUKUUrqWZt/DdmfYe
HqA9fDw34cF4oJhNLKWxD65Zjk3QHd74qhdYTgKuv7cx3RZQT2GjasBoO82Dt0Gn
7A==
-----END CERTIFICATE-----