Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/85ce82-dd06-4958-9e82-db10dcfec4bf/1/qHsglpTjaUy6D2wkWmdz8udPRn4.roa
File:                     qHsglpTjaUy6D2wkWmdz8udPRn4.roa (raw, json)
Hash identifier:          4Um1Beu8aZnlezP4Me/VufAkyUkp19/FydjNRHcjoJE=
Subject key identifier:   A8:7B:20:96:94:E3:69:4C:BA:0F:6C:24:5A:67:73:F2:E7:4F:46:7E
Certificate issuer:       /CN=c9aef87167585d2898315aa3753f3fa68dad2c6d
Certificate serial:       019420684F591D22F0EEFD8496A2FA280ABE
Authority key identifier: C9:AE:F8:71:67:58:5D:28:98:31:5A:A3:75:3F:3F:A6:8D:AD:2C:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ya74cWdYXSiYMVqjdT8_po2tLG0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/85ce82-dd06-4958-9e82-db10dcfec4bf/1/qHsglpTjaUy6D2wkWmdz8udPRn4.roa
Signing time:             Wed 01 Jan 2025 05:48:14 +0000
ROA not before:           Wed 01 Jan 2025 05:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215892
IP address blocks:        185.151.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/85ce82-dd06-4958-9e82-db10dcfec4bf/1/ya74cWdYXSiYMVqjdT8_po2tLG0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/85ce82-dd06-4958-9e82-db10dcfec4bf/1/ya74cWdYXSiYMVqjdT8_po2tLG0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ya74cWdYXSiYMVqjdT8_po2tLG0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:4f:59:1d:22:f0:ee:fd:84:96:a2:fa:28:0a:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9aef87167585d2898315aa3753f3fa68dad2c6d
        Validity
            Not Before: Jan  1 05:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a87b209694e3694cba0f6c245a6773f2e74f467e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:79:0f:a6:34:8d:43:34:4d:78:3b:d6:56:2e:
                    63:72:d4:41:2d:87:c6:0a:48:fa:a5:4c:91:93:34:
                    f0:7c:99:a7:23:61:71:c0:90:11:e5:ad:25:df:82:
                    ea:9d:f1:e0:53:a5:ba:08:e5:ea:a4:e4:2c:12:56:
                    8a:9c:40:cc:13:6d:b6:b6:82:27:6a:b2:e7:36:6b:
                    b4:e7:2d:b1:5b:4d:7b:57:c6:10:be:dc:b0:3f:aa:
                    11:c4:95:98:56:7e:b1:e0:d4:32:d5:f4:1a:7c:80:
                    8a:d3:2b:bc:3b:0f:f8:0c:4f:57:2f:7b:80:31:c3:
                    d9:59:c0:87:66:30:88:4d:46:b2:12:17:85:83:a8:
                    91:92:2e:2c:ae:e0:f8:c1:55:1c:72:e5:b1:7a:b9:
                    bf:de:40:50:77:64:95:76:f5:49:6e:50:b2:70:53:
                    2c:a6:a9:31:f3:54:37:3b:1b:47:f2:3f:fb:d8:1a:
                    8f:08:9b:81:d9:46:85:0d:3a:60:c2:be:4f:54:44:
                    70:ad:22:d1:e8:89:6f:06:9f:20:1b:f3:02:1c:80:
                    5a:73:bd:6d:15:18:d3:97:cf:54:7f:86:33:38:b8:
                    8a:7c:f8:81:66:c7:4e:ef:6c:4e:be:18:5a:11:9d:
                    b2:84:1f:c3:7b:1a:b9:c0:bc:f2:e5:0d:0c:07:7b:
                    dd:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:7B:20:96:94:E3:69:4C:BA:0F:6C:24:5A:67:73:F2:E7:4F:46:7E
            X509v3 Authority Key Identifier:
                keyid:C9:AE:F8:71:67:58:5D:28:98:31:5A:A3:75:3F:3F:A6:8D:AD:2C:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ya74cWdYXSiYMVqjdT8_po2tLG0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/85ce82-dd06-4958-9e82-db10dcfec4bf/1/qHsglpTjaUy6D2wkWmdz8udPRn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/85ce82-dd06-4958-9e82-db10dcfec4bf/1/ya74cWdYXSiYMVqjdT8_po2tLG0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:01:f2:91:7f:1e:fa:80:7f:c8:86:53:f0:92:f6:9a:ee:b4:
         c5:0c:a6:86:78:92:c4:ab:62:87:2d:3e:28:07:f8:d5:51:cf:
         4d:a5:65:d3:01:4a:64:bc:bc:28:20:7e:71:a0:38:70:d2:2b:
         ca:bf:40:af:17:7f:85:66:5a:fa:ec:a8:7d:ea:4e:fe:4f:bd:
         9d:53:86:c7:ee:a2:de:2c:38:f4:7a:66:c4:ab:d8:47:df:a8:
         02:65:a3:05:fa:c1:ba:c2:09:85:c5:e0:bf:f4:fa:8e:af:8e:
         a9:7f:2a:e0:f7:79:bd:00:1c:f4:16:df:39:75:6c:36:69:47:
         2d:30:7e:28:17:b8:fa:af:8f:5b:e3:76:7f:99:d2:a9:78:33:
         1b:b1:8d:e1:22:55:50:7d:0b:f5:45:06:79:35:7d:04:82:31:
         f0:14:f5:53:e0:34:6d:af:d9:4e:9a:d0:3c:61:9e:51:11:35:
         e1:ec:af:c8:88:87:39:0c:a0:d1:68:37:fb:20:90:e2:8d:d7:
         99:3a:86:16:e6:ec:d1:13:b7:93:50:e4:32:a4:95:f4:0a:7f:
         73:92:f5:0b:62:f1:83:94:3d:43:2e:39:ff:ad:77:bd:a8:ad:
         0d:cc:84:9e:a2:40:e0:5e:ad:43:c8:21:c1:de:00:4e:b5:40:
         41:68:ee:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaE9ZHSLw7v2ElqL6KAq+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YWVmODcxNjc1ODVkMjg5ODMxNWFhMzc1M2YzZmE2OGRh
ZDJjNmQwHhcNMjUwMTAxMDU0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODdiMjA5Njk0ZTM2OTRjYmEwZjZjMjQ1YTY3NzNmMmU3NGY0NjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXkPpjSNQzRNeDvWVi5jctRBLYfG
Ckj6pUyRkzTwfJmnI2FxwJAR5a0l34LqnfHgU6W6COXqpOQsElaKnEDME222toIn
arLnNmu05y2xW017V8YQvtywP6oRxJWYVn6x4NQy1fQafICK0yu8Ow/4DE9XL3uA
McPZWcCHZjCITUayEheFg6iRki4sruD4wVUccuWxerm/3kBQd2SVdvVJblCycFMs
pqkx81Q3OxtH8j/72BqPCJuB2UaFDTpgwr5PVERwrSLR6IlvBp8gG/MCHIBac71t
FRjTl89Uf4YzOLiKfPiBZsdO72xOvhhaEZ2yhB/Dexq5wLzy5Q0MB3vddwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKh7IJaU42lMug9sJFpnc/LnT0Z+MB8GA1UdIwQY
MBaAFMmu+HFnWF0omDFao3U/P6aNrSxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWE3NGNXZFlYU2lZTVZxamRUOF9wbzJ0TEcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi84NWNlODItZGQwNi00OTU4LTllODIt
ZGIxMGRjZmVjNGJmLzEvcUhzZ2xwVGphVXk2RDJ3a1dtZHo4dWRQUm40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi84NWNlODItZGQwNi00OTU4LTllODItZGIxMGRjZmVjNGJm
LzEveWE3NGNXZFlYU2lZTVZxamRUOF9wbzJ0TEcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZfvMA0G
CSqGSIb3DQEBCwUAA4IBAQAkAfKRfx76gH/IhlPwkvaa7rTFDKaGeJLEq2KHLT4o
B/jVUc9NpWXTAUpkvLwoIH5xoDhw0ivKv0CvF3+FZlr67Kh96k7+T72dU4bH7qLe
LDj0embEq9hH36gCZaMF+sG6wgmFxeC/9PqOr46pfyrg93m9ABz0Ft85dWw2aUct
MH4oF7j6r49b43Z/mdKpeDMbsY3hIlVQfQv1RQZ5NX0EgjHwFPVT4DRtr9lOmtA8
YZ5RETXh7K/IiIc5DKDRaDf7IJDijdeZOoYW5uzRE7eTUOQypJX0Cn9zkvULYvGD
lD1DLjn/rXe9qK0NzISeokDgXq1DyCHB3gBOtUBBaO6u
-----END CERTIFICATE-----