Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/QRWbN9gDLtiBKX0OHWitK4sar4Y.roa
File:                     QRWbN9gDLtiBKX0OHWitK4sar4Y.roa (raw, json)
Hash identifier:          9r207a3pRIUCl7V+9HyJcMsCjA45mcSFholzvZsRQ5g=
Subject key identifier:   41:15:9B:37:D8:03:2E:D8:81:29:7D:0E:1D:68:AD:2B:8B:1A:AF:86
Certificate issuer:       /CN=70e7ad0598208a6af9d1500a740d73bcf28f0384
Certificate serial:       019420D59D390283E2341F56FA09F61E5D33
Authority key identifier: 70:E7:AD:05:98:20:8A:6A:F9:D1:50:0A:74:0D:73:BC:F2:8F:03:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cOetBZggimr50VAKdA1zvPKPA4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/QRWbN9gDLtiBKX0OHWitK4sar4Y.roa
Signing time:             Wed 01 Jan 2025 07:47:37 +0000
ROA not before:           Wed 01 Jan 2025 07:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28681
IP address blocks:        193.201.116.0/24 maxlen: 24
                          2001:67c:5e8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/cOetBZggimr50VAKdA1zvPKPA4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/cOetBZggimr50VAKdA1zvPKPA4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cOetBZggimr50VAKdA1zvPKPA4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:9d:39:02:83:e2:34:1f:56:fa:09:f6:1e:5d:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70e7ad0598208a6af9d1500a740d73bcf28f0384
        Validity
            Not Before: Jan  1 07:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41159b37d8032ed881297d0e1d68ad2b8b1aaf86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:87:ed:02:e5:a3:1a:44:c7:f2:fb:ad:10:1a:
                    ef:b4:5d:8f:c8:a3:12:de:35:32:a4:d3:84:96:21:
                    13:d2:ea:fb:c1:6a:d6:67:13:4e:e1:b0:2e:cf:10:
                    30:d3:41:95:c1:b2:b8:93:e0:de:19:78:fb:f4:74:
                    d2:46:69:29:d0:5f:9b:b1:14:4a:78:33:7d:5c:80:
                    ed:dc:99:76:97:41:d5:58:84:e3:b3:7b:2c:11:ad:
                    c7:b2:9c:a9:f0:d9:82:e4:7c:ab:d6:2a:b3:96:f5:
                    6c:b9:16:eb:2e:87:96:23:4b:1f:01:1e:7b:cc:80:
                    d1:c9:7a:cb:e2:bc:a7:ef:11:58:c1:43:41:dc:b0:
                    c0:10:2e:40:ea:5c:b3:d4:37:76:9a:63:5f:8b:a5:
                    c9:cb:97:f8:37:ce:ee:f1:76:6d:d5:ff:af:c0:65:
                    a3:cc:6c:66:79:3b:78:04:78:bc:b8:3e:d6:1d:61:
                    b0:31:f3:30:a7:cc:3e:cd:51:5c:85:22:d4:de:f8:
                    db:75:c0:4f:55:53:1d:6c:ba:69:1a:12:4d:75:9c:
                    94:20:83:ab:41:45:5c:d1:ad:3e:22:c7:bd:ca:3e:
                    e1:ad:4b:d9:aa:05:61:c9:a9:57:15:5a:a4:d6:95:
                    3e:94:7e:5f:41:49:1c:67:be:dc:2e:ca:b2:b2:72:
                    e7:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:15:9B:37:D8:03:2E:D8:81:29:7D:0E:1D:68:AD:2B:8B:1A:AF:86
            X509v3 Authority Key Identifier:
                keyid:70:E7:AD:05:98:20:8A:6A:F9:D1:50:0A:74:0D:73:BC:F2:8F:03:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cOetBZggimr50VAKdA1zvPKPA4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/QRWbN9gDLtiBKX0OHWitK4sar4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/cOetBZggimr50VAKdA1zvPKPA4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.116.0/24
                IPv6:
                  2001:67c:5e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:bd:73:50:4b:d4:c0:21:6f:d6:74:37:3b:c4:eb:84:e6:37:
         3d:ca:1a:04:72:7f:79:33:eb:2f:92:de:65:16:d2:dc:16:8f:
         27:72:f2:cc:00:6d:d1:f6:1d:27:c1:5b:ee:2b:5b:2d:9d:85:
         e2:80:2c:0f:4c:7e:44:89:35:64:2d:7a:20:ba:cc:39:b6:f2:
         83:8c:74:5b:68:76:c3:f7:f8:9c:08:2c:72:f6:74:f1:9e:3a:
         b0:ee:60:2b:2a:fb:0f:d0:c8:ec:d8:6c:ee:42:a2:48:c1:09:
         f8:b2:6f:d6:f7:e4:44:24:ef:cf:17:3f:68:8f:5a:75:6c:95:
         a0:28:46:a2:9d:6a:f8:ed:49:60:5d:57:2e:16:84:9c:cb:0a:
         dc:c6:35:ad:c6:b3:5a:0c:29:68:7b:de:95:bd:de:55:3d:36:
         22:73:93:a0:9c:7d:6b:50:8b:41:b8:94:a1:b1:23:25:cf:5d:
         cc:45:5f:33:59:b4:64:49:87:f9:a0:38:28:4f:d7:db:42:ad:
         54:a5:57:72:6f:cd:81:75:3e:84:f3:64:a2:03:4c:da:f1:d2:
         e3:fa:ed:f7:39:b6:c6:a9:3f:d5:03:72:ce:20:21:a7:18:22:
         d3:cd:97:7f:ec:31:a2:d7:fb:e5:b2:b8:78:1b:9f:bb:d5:a2:
         72:c6:9f:fa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQg1Z05AoPiNB9W+gn2Hl0zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZTdhZDA1OTgyMDhhNmFmOWQxNTAwYTc0MGQ3M2JjZjI4
ZjAzODQwHhcNMjUwMTAxMDc0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTE1OWIzN2Q4MDMyZWQ4ODEyOTdkMGUxZDY4YWQyYjhiMWFhZjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3oftAuWjGkTH8vutEBrvtF2PyKMS
3jUypNOEliET0ur7wWrWZxNO4bAuzxAw00GVwbK4k+DeGXj79HTSRmkp0F+bsRRK
eDN9XIDt3Jl2l0HVWITjs3ssEa3Hspyp8NmC5Hyr1iqzlvVsuRbrLoeWI0sfAR57
zIDRyXrL4ryn7xFYwUNB3LDAEC5A6lyz1Dd2mmNfi6XJy5f4N87u8XZt1f+vwGWj
zGxmeTt4BHi8uD7WHWGwMfMwp8w+zVFchSLU3vjbdcBPVVMdbLppGhJNdZyUIIOr
QUVc0a0+Ise9yj7hrUvZqgVhyalXFVqk1pU+lH5fQUkcZ77cLsqysnLnrwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEEVmzfYAy7YgSl9Dh1orSuLGq+GMB8GA1UdIwQY
MBaAFHDnrQWYIIpq+dFQCnQNc7zyjwOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY09ldEJaZ2dpbXI1MFZBS2RBMXp2UEtQQTRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS82NjY0MDQtYzI4Zi00ZDI5LTk2ZTQt
NjA3ZTE3YWVjNzUwLzEvUVJXYk45Z0RMdGlCS1gwT0hXaXRLNHNhcjRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS82NjY0MDQtYzI4Zi00ZDI5LTk2ZTQtNjA3ZTE3YWVjNzUw
LzEvY09ldEJaZ2dpbXI1MFZBS2RBMXp2UEtQQTRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwcl0MA8E
AgACMAkDBwAgAQZ8BegwDQYJKoZIhvcNAQELBQADggEBAI69c1BL1MAhb9Z0NzvE
64TmNz3KGgRyf3kz6y+S3mUW0twWjydy8swAbdH2HSfBW+4rWy2dheKALA9MfkSJ
NWQteiC6zDm28oOMdFtodsP3+JwILHL2dPGeOrDuYCsq+w/QyOzYbO5CokjBCfiy
b9b35EQk788XP2iPWnVslaAoRqKdavjtSWBdVy4WhJzLCtzGNa3Gs1oMKWh73pW9
3lU9NiJzk6CcfWtQi0G4lKGxIyXPXcxFXzNZtGRJh/mgOChP19tCrVSlV3JvzYF1
PoTzZKIDTNrx0uP67fc5tsapP9UDcs4gIacYItPNl3/sMaLX++WyuHgbn7vVonLG
n/o=
-----END CERTIFICATE-----