Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/w_q7lMoSjsh87AtbKJG_MjZSzbs.roa
File:                     w_q7lMoSjsh87AtbKJG_MjZSzbs.roa (raw, json)
Hash identifier:          aLEvMvWLIZ7MDfR1jeEEkQ6VSWVyC5TKwxKUplfky8o=
Subject key identifier:   C3:FA:BB:94:CA:12:8E:C8:7C:EC:0B:5B:28:91:BF:32:36:52:CD:BB
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       01941FFA429DA47BE7BCA339C575BB3B91F1
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/w_q7lMoSjsh87AtbKJG_MjZSzbs.roa
Signing time:             Wed 01 Jan 2025 03:48:02 +0000
ROA not before:           Wed 01 Jan 2025 03:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3457
IP address blocks:        83.125.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:42:9d:a4:7b:e7:bc:a3:39:c5:75:bb:3b:91:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 03:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3fabb94ca128ec87cec0b5b2891bf323652cdbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f7:6c:6c:d0:ed:02:ee:53:40:f9:2d:e0:ad:
                    da:8c:50:14:d6:37:8f:49:5e:21:e2:4d:e8:2b:09:
                    33:a0:b5:f5:36:75:f8:fa:6d:dd:0a:04:fd:86:d0:
                    23:b2:ed:e6:b8:a4:eb:5b:3f:80:cf:5c:03:86:de:
                    a4:d6:66:08:93:34:15:43:d4:81:e9:40:4d:4a:b7:
                    70:90:63:f2:d1:89:9b:ac:9d:42:08:8e:c6:74:ad:
                    e5:89:6c:ed:78:bc:74:dd:58:e9:42:33:41:f8:a5:
                    47:05:7c:db:fb:64:ce:fc:56:2d:8c:4c:61:3c:c9:
                    10:c2:52:b7:fa:8f:20:ca:96:ef:aa:bd:e0:5f:d7:
                    58:d2:46:ce:d1:3b:5a:62:fe:62:68:13:c1:0a:8c:
                    6e:f8:75:28:27:08:90:85:24:ec:e9:2e:70:f6:d1:
                    fe:53:03:c9:ba:9e:3f:b9:d3:f8:4b:c1:ac:f0:bd:
                    8f:80:3b:6e:90:9a:4f:93:e3:2e:3e:9a:e3:48:73:
                    f2:ac:33:f4:a3:c6:ad:89:96:4f:b3:a4:ce:6c:6e:
                    cd:cb:dc:bf:c9:e0:be:59:93:6b:b9:5c:9f:c2:13:
                    5c:45:58:af:42:a8:00:4d:23:76:e7:69:ea:94:d6:
                    6a:1f:6c:f2:71:07:50:e6:ea:be:ff:a8:cc:6e:4d:
                    2c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:FA:BB:94:CA:12:8E:C8:7C:EC:0B:5B:28:91:BF:32:36:52:CD:BB
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/w_q7lMoSjsh87AtbKJG_MjZSzbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.125.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:cb:02:40:39:97:99:4d:21:57:08:3c:73:41:36:9a:de:37:
         a1:27:90:0b:35:19:33:30:1f:5d:a3:6b:a0:d8:92:ab:cc:3b:
         cb:20:9c:a2:89:98:10:a9:4b:4f:76:24:0b:9e:58:b4:0d:10:
         7b:eb:98:e3:62:53:f1:39:53:af:ee:af:35:d1:fe:14:79:fa:
         d3:bf:28:f9:b6:15:cc:ae:3a:40:31:97:f1:09:62:3a:75:09:
         1a:9b:0f:e1:7f:ef:47:43:46:a4:38:3d:73:f1:8a:8c:32:64:
         ed:52:95:7c:de:ac:12:e8:60:39:5f:33:1a:16:aa:55:26:52:
         19:70:00:41:94:03:10:50:31:5b:66:53:ad:76:2e:28:96:1f:
         f6:3d:6d:de:b8:55:0a:95:da:43:1c:28:ba:89:e1:8f:2a:72:
         ae:86:07:cb:3a:1b:cb:5c:15:90:b1:fa:5d:90:1b:f6:b1:54:
         46:99:45:90:85:65:40:ee:93:00:20:d4:90:1e:4c:ef:49:df:
         0c:3b:88:5d:9d:38:0a:20:09:48:be:6e:6d:09:87:a3:9e:54:
         50:03:61:27:2e:5f:08:8d:67:4a:f9:95:17:c6:cb:a5:92:5d:
         d0:c9:66:75:0d:8a:d6:d8:b0:11:e2:58:6d:a7:e0:6d:4f:b1:
         0e:54:61:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+kKdpHvnvKM5xXW7O5HxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjUwMTAxMDM0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2ZhYmI5NGNhMTI4ZWM4N2NlYzBiNWIyODkxYmYzMjM2NTJjZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPdsbNDtAu5TQPkt4K3ajFAU1jeP
SV4h4k3oKwkzoLX1NnX4+m3dCgT9htAjsu3muKTrWz+Az1wDht6k1mYIkzQVQ9SB
6UBNSrdwkGPy0YmbrJ1CCI7GdK3liWzteLx03VjpQjNB+KVHBXzb+2TO/FYtjExh
PMkQwlK3+o8gypbvqr3gX9dY0kbO0TtaYv5iaBPBCoxu+HUoJwiQhSTs6S5w9tH+
UwPJup4/udP4S8Gs8L2PgDtukJpPk+MuPprjSHPyrDP0o8atiZZPs6TObG7Ny9y/
yeC+WZNruVyfwhNcRVivQqgATSN252nqlNZqH2zycQdQ5uq+/6jMbk0s8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMP6u5TKEo7IfOwLWyiRvzI2Us27MB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvd19xN2xNb1Nqc2g4N0F0YktKR19NalpTemJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU30aMA0G
CSqGSIb3DQEBCwUAA4IBAQCjywJAOZeZTSFXCDxzQTaa3jehJ5ALNRkzMB9do2ug
2JKrzDvLIJyiiZgQqUtPdiQLnli0DRB765jjYlPxOVOv7q810f4UefrTvyj5thXM
rjpAMZfxCWI6dQkamw/hf+9HQ0akOD1z8YqMMmTtUpV83qwS6GA5XzMaFqpVJlIZ
cABBlAMQUDFbZlOtdi4olh/2PW3euFUKldpDHCi6ieGPKnKuhgfLOhvLXBWQsfpd
kBv2sVRGmUWQhWVA7pMAINSQHkzvSd8MO4hdnTgKIAlIvm5tCYejnlRQA2EnLl8I
jWdK+ZUXxsulkl3QyWZ1DYrW2LAR4lhtp+BtT7EOVGEP
-----END CERTIFICATE-----