Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/bbb30b-2688-4a6e-b2a2-1399a282227a/1/qVkX5RlHS3sPyQOw3galYp3H46c.roa
File:                     qVkX5RlHS3sPyQOw3galYp3H46c.roa (raw, json)
Hash identifier:          o5KCCl+KevQFiSBwzLjv5f5HLVAkS9bSZz+fAqp6nWk=
Subject key identifier:   A9:59:17:E5:19:47:4B:7B:0F:C9:03:B0:DE:06:A5:62:9D:C7:E3:A7
Certificate issuer:       /CN=9a5550e908a9b9688c29aac9895353dea836c45a
Certificate serial:       019421B1E15C0F019EEEF42CC4FA3D3BF019
Authority key identifier: 9A:55:50:E9:08:A9:B9:68:8C:29:AA:C9:89:53:53:DE:A8:36:C4:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mlVQ6QipuWiMKarJiVNT3qg2xFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/bbb30b-2688-4a6e-b2a2-1399a282227a/1/qVkX5RlHS3sPyQOw3galYp3H46c.roa
Signing time:             Wed 01 Jan 2025 11:48:13 +0000
ROA not before:           Wed 01 Jan 2025 11:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.11.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/bbb30b-2688-4a6e-b2a2-1399a282227a/1/mlVQ6QipuWiMKarJiVNT3qg2xFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/bbb30b-2688-4a6e-b2a2-1399a282227a/1/mlVQ6QipuWiMKarJiVNT3qg2xFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mlVQ6QipuWiMKarJiVNT3qg2xFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:e1:5c:0f:01:9e:ee:f4:2c:c4:fa:3d:3b:f0:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a5550e908a9b9688c29aac9895353dea836c45a
        Validity
            Not Before: Jan  1 11:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a95917e519474b7b0fc903b0de06a5629dc7e3a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9a:2e:d1:83:05:50:b1:fb:39:ca:3f:9f:17:
                    b9:d6:3a:21:0b:09:19:fd:74:f6:ee:f1:ad:f8:d1:
                    fd:70:72:b1:36:ce:c1:13:f8:62:68:53:32:1d:fa:
                    f4:33:19:0d:f2:e1:46:e9:3c:2d:d4:2f:76:8b:7f:
                    ff:ad:c6:f8:be:0f:db:28:0b:d7:01:e9:7d:79:c8:
                    b6:42:22:9b:8c:98:dd:f3:eb:4e:a2:78:4a:d3:42:
                    55:0f:e8:e5:1a:9f:87:f9:fa:52:06:8a:01:5d:d3:
                    4c:ba:15:e6:c9:9c:a5:7a:35:e4:1c:0c:96:91:bf:
                    2f:ea:fc:c6:5f:c2:99:56:74:61:bd:d6:31:18:bf:
                    bd:e8:f1:d0:9b:2d:b4:3f:ca:9a:76:51:94:ef:65:
                    85:83:66:a3:77:8d:aa:61:82:ad:95:99:24:eb:c4:
                    5a:3f:d8:18:e3:00:7b:d6:43:ef:a2:05:56:1f:6d:
                    ea:83:1a:09:0f:51:59:ab:12:24:48:d6:3a:45:1c:
                    02:0d:c4:9c:e3:8a:41:6e:f3:70:01:fe:c1:14:84:
                    78:51:4a:c6:f3:f6:82:84:8e:c9:cf:fd:81:c3:f0:
                    8f:fb:f6:49:53:25:2b:5f:ec:a7:2e:64:ba:89:3b:
                    2b:0a:4f:96:73:0e:08:a8:2c:1f:6a:6f:b4:55:d0:
                    8c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:59:17:E5:19:47:4B:7B:0F:C9:03:B0:DE:06:A5:62:9D:C7:E3:A7
            X509v3 Authority Key Identifier:
                keyid:9A:55:50:E9:08:A9:B9:68:8C:29:AA:C9:89:53:53:DE:A8:36:C4:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mlVQ6QipuWiMKarJiVNT3qg2xFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/bbb30b-2688-4a6e-b2a2-1399a282227a/1/qVkX5RlHS3sPyQOw3galYp3H46c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/bbb30b-2688-4a6e-b2a2-1399a282227a/1/mlVQ6QipuWiMKarJiVNT3qg2xFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:4a:9f:95:55:82:e6:e5:76:95:00:c1:7b:74:4a:e1:df:7e:
         ae:62:47:76:54:3e:84:dc:62:da:d0:4b:da:4e:68:f0:8f:63:
         b9:29:5c:21:94:e9:5c:3b:ca:78:62:46:dd:04:ee:05:a6:93:
         ee:9b:fb:22:b5:cf:6f:83:19:14:1d:4d:11:49:71:2e:19:8d:
         1d:7b:74:f3:f2:d2:58:5b:8e:2d:98:6e:5c:ea:d5:15:c1:9e:
         3c:ed:31:94:db:68:1a:4c:e2:cb:94:78:ee:1f:92:4d:3b:b7:
         2a:01:e1:90:7b:d4:ad:18:1f:f8:c5:3d:0d:21:c9:c4:5b:73:
         e2:6d:c2:cb:35:aa:de:f1:94:d8:b7:50:3a:15:43:56:fa:93:
         ab:31:19:42:10:40:34:90:b7:ea:d6:41:5c:c8:57:09:18:0f:
         8d:df:54:5e:41:89:c3:a6:ea:db:d5:dc:77:32:e0:48:5f:6b:
         14:e9:53:53:68:9b:73:f7:bf:87:93:71:ca:c4:f8:b9:67:98:
         d2:39:13:7b:95:52:0b:23:d4:1f:47:1e:03:cf:d5:82:a8:b2:
         d5:dc:a9:2c:99:cf:7e:03:81:09:79:22:71:95:1d:79:17:31:
         e1:54:2f:36:ad:91:a7:27:6a:5b:c7:59:c3:02:7b:f0:03:cf:
         e6:47:6f:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhseFcDwGe7vQsxPo9O/AZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNTU1MGU5MDhhOWI5Njg4YzI5YWFjOTg5NTM1M2RlYTgz
NmM0NWEwHhcNMjUwMTAxMTE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTU5MTdlNTE5NDc0YjdiMGZjOTAzYjBkZTA2YTU2MjlkYzdlM2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZou0YMFULH7Oco/nxe51johCwkZ
/XT27vGt+NH9cHKxNs7BE/hiaFMyHfr0MxkN8uFG6Twt1C92i3//rcb4vg/bKAvX
Ael9eci2QiKbjJjd8+tOonhK00JVD+jlGp+H+fpSBooBXdNMuhXmyZylejXkHAyW
kb8v6vzGX8KZVnRhvdYxGL+96PHQmy20P8qadlGU72WFg2ajd42qYYKtlZkk68Ra
P9gY4wB71kPvogVWH23qgxoJD1FZqxIkSNY6RRwCDcSc44pBbvNwAf7BFIR4UUrG
8/aChI7Jz/2Bw/CP+/ZJUyUrX+ynLmS6iTsrCk+Wcw4IqCwfam+0VdCMtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKlZF+UZR0t7D8kDsN4GpWKdx+OnMB8GA1UdIwQY
MBaAFJpVUOkIqblojCmqyYlTU96oNsRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWxWUTZRaXB1V2lNS2FySmlWTlQzcWcyeEZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iYmIzMGItMjY4OC00YTZlLWIyYTIt
MTM5OWEyODIyMjdhLzEvcVZrWDVSbEhTM3NQeVFPdzNnYWxZcDNINDZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iYmIzMGItMjY4OC00YTZlLWIyYTItMTM5OWEyODIyMjdh
LzEvbWxWUTZRaXB1V2lNS2FySmlWTlQzcWcyeEZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQt+MA0G
CSqGSIb3DQEBCwUAA4IBAQB3Sp+VVYLm5XaVAMF7dErh336uYkd2VD6E3GLa0Eva
Tmjwj2O5KVwhlOlcO8p4YkbdBO4FppPum/sitc9vgxkUHU0RSXEuGY0de3Tz8tJY
W44tmG5c6tUVwZ487TGU22gaTOLLlHjuH5JNO7cqAeGQe9StGB/4xT0NIcnEW3Pi
bcLLNare8ZTYt1A6FUNW+pOrMRlCEEA0kLfq1kFcyFcJGA+N31ReQYnDpurb1dx3
MuBIX2sU6VNTaJtz97+Hk3HKxPi5Z5jSORN7lVILI9QfRx4Dz9WCqLLV3Kksmc9+
A4EJeSJxlR15FzHhVC82rZGnJ2pbx1nDAnvwA8/mR28J
-----END CERTIFICATE-----