Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/dQcGvMsR-By8rmf63OPVeRoG1kI.roa
File:                     dQcGvMsR-By8rmf63OPVeRoG1kI.roa (raw, json)
Hash identifier:          UUTwEFWKXd8UKczRmcM1HwJqB9u2VJL8KBgLmOxv5wQ=
Subject key identifier:   75:07:06:BC:CB:11:F8:1C:BC:AE:67:FA:DC:E3:D5:79:1A:06:D6:42
Certificate issuer:       /CN=fd3a1e8465bfc4df700894372d0b9808e8b629ea
Certificate serial:       0194244558B6C74841C987CA8B31E82423E6
Authority key identifier: FD:3A:1E:84:65:BF:C4:DF:70:08:94:37:2D:0B:98:08:E8:B6:29:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_ToehGW_xN9wCJQ3LQuYCOi2Keo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/dQcGvMsR-By8rmf63OPVeRoG1kI.roa
Signing time:             Wed 01 Jan 2025 23:48:31 +0000
ROA not before:           Wed 01 Jan 2025 23:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2871
IP address blocks:        92.42.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/_ToehGW_xN9wCJQ3LQuYCOi2Keo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/_ToehGW_xN9wCJQ3LQuYCOi2Keo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_ToehGW_xN9wCJQ3LQuYCOi2Keo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:58:b6:c7:48:41:c9:87:ca:8b:31:e8:24:23:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd3a1e8465bfc4df700894372d0b9808e8b629ea
        Validity
            Not Before: Jan  1 23:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=750706bccb11f81cbcae67fadce3d5791a06d642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d6:38:b0:10:9b:53:ec:db:62:87:68:cc:8d:
                    58:ea:9d:ff:0a:20:c1:a4:6c:a8:0d:1f:c3:c9:8b:
                    29:70:4d:66:45:89:69:35:99:41:47:07:3a:cd:95:
                    61:2d:c7:c2:8a:3f:9d:c9:04:fc:e7:5a:80:8a:04:
                    89:91:91:fb:58:13:f5:44:e1:97:ef:76:de:d5:4e:
                    5b:52:ac:8c:c0:20:72:b6:a3:fd:fb:91:ba:4b:59:
                    d9:63:0a:52:37:22:24:3c:67:13:7e:d5:4b:6c:4f:
                    e3:8b:da:07:63:2c:ea:f5:65:70:70:c1:30:39:07:
                    bb:60:05:fe:27:7f:3f:9e:84:6c:40:17:05:69:85:
                    33:5e:89:91:d0:a8:38:21:d1:cf:42:06:ba:b2:9e:
                    fb:8c:e7:05:1e:3c:e0:a2:b6:de:1e:a3:13:5a:4f:
                    f6:aa:cd:61:09:e5:7a:89:c3:9f:e8:bf:ac:8e:81:
                    0f:79:ff:64:e1:dc:42:79:d8:b5:51:d4:28:54:a3:
                    55:5c:b7:de:67:b7:fc:b3:1d:e5:31:5b:b3:c3:a5:
                    dd:79:05:d7:dc:4f:0c:a7:7e:59:5b:42:d6:88:44:
                    1f:0f:8c:30:1e:72:78:92:0a:cb:77:ff:9b:53:1a:
                    9c:d1:5b:d2:7d:76:28:15:9a:23:0f:2d:a7:e4:19:
                    a5:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:07:06:BC:CB:11:F8:1C:BC:AE:67:FA:DC:E3:D5:79:1A:06:D6:42
            X509v3 Authority Key Identifier:
                keyid:FD:3A:1E:84:65:BF:C4:DF:70:08:94:37:2D:0B:98:08:E8:B6:29:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_ToehGW_xN9wCJQ3LQuYCOi2Keo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/dQcGvMsR-By8rmf63OPVeRoG1kI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/_ToehGW_xN9wCJQ3LQuYCOi2Keo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:5b:a1:15:cf:21:d2:a6:46:37:06:45:54:2f:40:e2:d2:d6:
         bf:4c:a5:ef:b9:a6:29:c7:8f:aa:49:26:11:e5:85:e6:fb:d7:
         d5:25:89:4e:d5:e1:e9:9a:e6:5a:63:07:06:bb:a7:d0:c7:2d:
         58:bb:d7:39:f8:a0:50:46:fa:a9:10:8c:dc:cf:98:41:b9:da:
         af:05:5b:84:9e:60:b5:32:c2:42:be:eb:c8:92:2f:d5:40:fa:
         8a:fa:38:75:f1:73:e0:33:e8:30:06:28:ef:e3:6e:79:fc:c0:
         6e:96:9f:b8:84:fa:6b:de:b3:40:7e:d7:49:97:5e:5e:a5:4e:
         12:d0:5a:01:c9:00:fa:25:45:0d:4f:4e:b1:fe:7b:ec:db:e4:
         e6:49:03:83:bb:e8:73:71:66:a9:88:95:23:0c:b3:08:d4:68:
         9f:71:84:c3:b6:48:4f:17:ab:fa:d7:74:31:b3:4d:6e:75:e7:
         3b:b3:f4:84:1e:09:8d:1c:1a:b7:86:e9:18:4f:36:88:55:a1:
         af:77:2a:fd:84:fc:11:d0:61:0e:fa:c7:7f:e8:a0:4c:21:b0:
         0b:c3:a0:d3:85:e0:8f:93:d8:03:31:bf:c8:69:02:c7:eb:84:
         d5:06:04:7f:59:15:ee:8b:70:79:e1:2d:b2:40:e4:aa:07:02:
         47:fc:9e:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRVi2x0hByYfKizHoJCPmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkM2ExZTg0NjViZmM0ZGY3MDA4OTQzNzJkMGI5ODA4ZThi
NjI5ZWEwHhcNMjUwMTAxMjM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTA3MDZiY2NiMTFmODFjYmNhZTY3ZmFkY2UzZDU3OTFhMDZkNjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9Y4sBCbU+zbYodozI1Y6p3/CiDB
pGyoDR/DyYspcE1mRYlpNZlBRwc6zZVhLcfCij+dyQT851qAigSJkZH7WBP1ROGX
73be1U5bUqyMwCBytqP9+5G6S1nZYwpSNyIkPGcTftVLbE/ji9oHYyzq9WVwcMEw
OQe7YAX+J38/noRsQBcFaYUzXomR0Kg4IdHPQga6sp77jOcFHjzgorbeHqMTWk/2
qs1hCeV6icOf6L+sjoEPef9k4dxCedi1UdQoVKNVXLfeZ7f8sx3lMVuzw6XdeQXX
3E8Mp35ZW0LWiEQfD4wwHnJ4kgrLd/+bUxqc0VvSfXYoFZojDy2n5BmlIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUHBrzLEfgcvK5n+tzj1XkaBtZCMB8GA1UdIwQY
MBaAFP06HoRlv8TfcAiUNy0LmAjotinqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RvZWhHV194Tjl3Q0pRM0xRdVlDT2kyS2VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS81MTM3MzQtYTQ4NS00YzI4LThhYTYt
OTU1NWQzMGY2ZjhmLzEvZFFjR3ZNc1ItQnk4cm1mNjNPUFZlUm9HMWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS81MTM3MzQtYTQ4NS00YzI4LThhYTYtOTU1NWQzMGY2Zjhm
LzEvX1RvZWhHV194Tjl3Q0pRM0xRdVlDT2kyS2VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCqNMA0G
CSqGSIb3DQEBCwUAA4IBAQAJW6EVzyHSpkY3BkVUL0Di0ta/TKXvuaYpx4+qSSYR
5YXm+9fVJYlO1eHpmuZaYwcGu6fQxy1Yu9c5+KBQRvqpEIzcz5hBudqvBVuEnmC1
MsJCvuvIki/VQPqK+jh18XPgM+gwBijv4255/MBulp+4hPpr3rNAftdJl15epU4S
0FoByQD6JUUNT06x/nvs2+TmSQODu+hzcWapiJUjDLMI1GifcYTDtkhPF6v613Qx
s01udec7s/SEHgmNHBq3hukYTzaIVaGvdyr9hPwR0GEO+sd/6KBMIbALw6DTheCP
k9gDMb/IaQLH64TVBgR/WRXui3B54S2yQOSqBwJH/J71
-----END CERTIFICATE-----