Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/ae1166-d606-45b7-9a22-7bc83220fb62/1/Q01X85MGyHMF5rr2gbqyxSbVGJU.roa
File:                     Q01X85MGyHMF5rr2gbqyxSbVGJU.roa (raw, json)
Hash identifier:          3pLndBzBIS9IcjtzdUX4XacaMZCMolKRG+4KwxWHWEU=
Subject key identifier:   43:4D:57:F3:93:06:C8:73:05:E6:BA:F6:81:BA:B2:C5:26:D5:18:95
Certificate issuer:       /CN=97f697013433b891d64697d928663be734dba4e7
Certificate serial:       019420D64176EAF0F83B7B82B2F1822DCCEF
Authority key identifier: 97:F6:97:01:34:33:B8:91:D6:46:97:D9:28:66:3B:E7:34:DB:A4:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l_aXATQzuJHWRpfZKGY75zTbpOc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/ae1166-d606-45b7-9a22-7bc83220fb62/1/Q01X85MGyHMF5rr2gbqyxSbVGJU.roa
Signing time:             Wed 01 Jan 2025 07:48:19 +0000
ROA not before:           Wed 01 Jan 2025 07:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21147
IP address blocks:        195.190.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/ae1166-d606-45b7-9a22-7bc83220fb62/1/l_aXATQzuJHWRpfZKGY75zTbpOc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/ae1166-d606-45b7-9a22-7bc83220fb62/1/l_aXATQzuJHWRpfZKGY75zTbpOc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l_aXATQzuJHWRpfZKGY75zTbpOc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:41:76:ea:f0:f8:3b:7b:82:b2:f1:82:2d:cc:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97f697013433b891d64697d928663be734dba4e7
        Validity
            Not Before: Jan  1 07:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=434d57f39306c87305e6baf681bab2c526d51895
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:60:e8:30:c7:0e:e8:f7:8a:4e:ab:7d:0e:2d:
                    65:50:a5:23:37:ab:04:34:80:31:1b:e3:38:61:a9:
                    e6:6a:2c:ec:c7:6a:8b:f2:a3:4a:cf:04:4d:b8:10:
                    df:c7:3b:ca:76:7f:43:84:93:aa:bc:05:6d:1b:64:
                    45:7e:0e:3a:5a:ac:28:18:80:ed:62:16:65:63:ee:
                    07:14:e4:65:9e:bf:83:af:45:95:bd:45:fe:63:46:
                    72:09:66:0c:77:a9:a1:a0:03:80:ac:55:b0:09:2a:
                    6d:4b:3d:ae:03:77:19:c5:30:98:d6:8e:74:df:8f:
                    8e:cc:7b:0a:c4:57:4e:14:a4:b9:af:78:96:ed:75:
                    81:db:13:53:4d:e8:e0:70:9b:4e:44:de:08:bb:40:
                    8e:eb:da:7d:0b:aa:b4:cb:66:e4:55:20:7e:b2:ec:
                    f2:bc:91:1d:3d:f0:e1:e4:45:1a:06:cc:53:78:28:
                    33:a1:6c:38:ab:77:1c:bf:64:0e:de:b8:20:96:6f:
                    39:4c:fa:fa:7e:7b:9e:32:1a:c0:ed:47:ee:b5:a3:
                    c1:0b:e3:ce:98:25:9c:1d:ef:a9:9b:cc:23:e5:3d:
                    06:26:57:00:14:fd:cc:e9:b7:79:c2:42:59:f2:cf:
                    6a:c3:51:6a:b2:ec:63:f5:7e:8c:ee:4f:3e:88:9d:
                    6f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:4D:57:F3:93:06:C8:73:05:E6:BA:F6:81:BA:B2:C5:26:D5:18:95
            X509v3 Authority Key Identifier:
                keyid:97:F6:97:01:34:33:B8:91:D6:46:97:D9:28:66:3B:E7:34:DB:A4:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l_aXATQzuJHWRpfZKGY75zTbpOc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/ae1166-d606-45b7-9a22-7bc83220fb62/1/Q01X85MGyHMF5rr2gbqyxSbVGJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/ae1166-d606-45b7-9a22-7bc83220fb62/1/l_aXATQzuJHWRpfZKGY75zTbpOc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:80:77:6f:e4:f1:20:0f:8a:03:be:47:ac:07:b2:4f:e3:81:
         cd:2a:88:c3:19:53:cc:7b:c1:ab:8e:c5:0e:ad:99:38:6b:d1:
         69:24:e9:4f:88:fc:27:b2:67:43:06:fc:b9:a9:b8:c4:8c:7f:
         3f:3e:60:aa:26:a5:1f:93:b8:c2:d5:10:42:17:f1:17:df:b1:
         a5:00:79:3c:4c:9c:cc:e6:c3:c5:9d:16:bc:94:28:50:20:d9:
         c5:4d:0d:7f:7b:e9:1b:9c:24:e6:00:32:bf:f9:da:84:f4:87:
         fb:6d:a4:47:47:6f:d9:f7:23:53:ec:a4:a5:48:02:ac:ec:13:
         f1:e4:a4:fc:b1:2a:15:4c:f7:f8:b4:5e:b2:37:91:0f:47:83:
         63:cc:33:ed:62:3a:0a:9d:90:8b:71:b0:6d:4c:9c:ec:fb:57:
         e5:b4:6f:76:6b:08:fc:b6:05:16:b9:a0:7e:12:44:c0:8e:d0:
         df:bc:c8:a8:6b:ca:6f:2c:3d:e2:a6:85:c1:23:d1:2c:f7:eb:
         ba:da:42:63:1c:29:1c:26:91:1a:f6:b2:1c:8e:c2:62:12:e6:
         af:42:d8:ff:de:7b:61:6f:a4:6e:a5:22:6d:81:13:72:b4:5b:
         eb:a6:09:19:97:59:46:fd:7e:7c:9b:79:c3:22:d8:b5:4b:4d:
         42:ce:4b:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1kF26vD4O3uCsvGCLczvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZjY5NzAxMzQzM2I4OTFkNjQ2OTdkOTI4NjYzYmU3MzRk
YmE0ZTcwHhcNMjUwMTAxMDc0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzRkNTdmMzkzMDZjODczMDVlNmJhZjY4MWJhYjJjNTI2ZDUxODk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWDoMMcO6PeKTqt9Di1lUKUjN6sE
NIAxG+M4Yanmaizsx2qL8qNKzwRNuBDfxzvKdn9DhJOqvAVtG2RFfg46WqwoGIDt
YhZlY+4HFORlnr+Dr0WVvUX+Y0ZyCWYMd6mhoAOArFWwCSptSz2uA3cZxTCY1o50
34+OzHsKxFdOFKS5r3iW7XWB2xNTTejgcJtORN4Iu0CO69p9C6q0y2bkVSB+suzy
vJEdPfDh5EUaBsxTeCgzoWw4q3ccv2QO3rgglm85TPr6fnueMhrA7UfutaPBC+PO
mCWcHe+pm8wj5T0GJlcAFP3M6bd5wkJZ8s9qw1Fqsuxj9X6M7k8+iJ1vRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENNV/OTBshzBea69oG6ssUm1RiVMB8GA1UdIwQY
MBaAFJf2lwE0M7iR1kaX2ShmO+c026TnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbF9hWEFUUXp1SkhXUnBmWktHWTc1elRicE9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9hZTExNjYtZDYwNi00NWI3LTlhMjIt
N2JjODMyMjBmYjYyLzEvUTAxWDg1TUd5SE1GNXJyMmdicXl4U2JWR0pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9hZTExNjYtZDYwNi00NWI3LTlhMjItN2JjODMyMjBmYjYy
LzEvbF9hWEFUUXp1SkhXUnBmWktHWTc1elRicE9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw76NMA0G
CSqGSIb3DQEBCwUAA4IBAQCagHdv5PEgD4oDvkesB7JP44HNKojDGVPMe8GrjsUO
rZk4a9FpJOlPiPwnsmdDBvy5qbjEjH8/PmCqJqUfk7jC1RBCF/EX37GlAHk8TJzM
5sPFnRa8lChQINnFTQ1/e+kbnCTmADK/+dqE9If7baRHR2/Z9yNT7KSlSAKs7BPx
5KT8sSoVTPf4tF6yN5EPR4NjzDPtYjoKnZCLcbBtTJzs+1fltG92awj8tgUWuaB+
EkTAjtDfvMioa8pvLD3ipoXBI9Es9+u62kJjHCkcJpEa9rIcjsJiEuavQtj/3nth
b6RupSJtgRNytFvrpgkZl1lG/X58m3nDIti1S01Czkul
-----END CERTIFICATE-----