Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/qfVV9jSGkUSpTVAmIfthWu05Cnw.roa
File:                     qfVV9jSGkUSpTVAmIfthWu05Cnw.roa (raw, json)
Hash identifier:          UbRHP3L39dp/ZkCYjMy0IuUuv/BT0urLDu7xXNtiXsY=
Subject key identifier:   A9:F5:55:F6:34:86:91:44:A9:4D:50:26:21:FB:61:5A:ED:39:0A:7C
Certificate issuer:       /CN=080369a358961f7284fbd591e927737cdb05c35d
Certificate serial:       019425217492065E23C76FFA077EE8597BD5
Authority key identifier: 08:03:69:A3:58:96:1F:72:84:FB:D5:91:E9:27:73:7C:DB:05:C3:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CANpo1iWH3KE-9WR6SdzfNsFw10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/qfVV9jSGkUSpTVAmIfthWu05Cnw.roa
Signing time:             Thu 02 Jan 2025 03:48:57 +0000
ROA not before:           Thu 02 Jan 2025 03:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209190
IP address blocks:        81.92.128.0/20 maxlen: 20
                          81.92.128.0/21 maxlen: 21
                          81.92.136.0/21 maxlen: 21
                          81.92.142.0/24 maxlen: 24
                          81.92.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/CANpo1iWH3KE-9WR6SdzfNsFw10.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/CANpo1iWH3KE-9WR6SdzfNsFw10.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CANpo1iWH3KE-9WR6SdzfNsFw10.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:74:92:06:5e:23:c7:6f:fa:07:7e:e8:59:7b:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=080369a358961f7284fbd591e927737cdb05c35d
        Validity
            Not Before: Jan  2 03:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9f555f634869144a94d502621fb615aed390a7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:1f:a8:9e:bd:b2:fa:bc:83:c9:0d:22:1a:56:
                    f5:7c:f5:4a:66:3d:95:e5:07:30:fd:8e:21:32:5f:
                    4c:18:2e:63:c5:02:5d:80:02:ef:91:e3:83:6a:f9:
                    d3:b5:06:c4:78:99:c9:f8:cc:8c:35:e8:55:e0:26:
                    b4:6d:46:dd:97:cb:48:8b:3b:60:8b:b4:33:f9:17:
                    fa:ca:4c:f9:5d:ea:52:1d:1b:e4:5e:4b:73:a3:b4:
                    8f:0e:dd:b6:4c:de:89:42:9d:89:02:12:13:b4:40:
                    49:a3:93:b4:8b:8d:52:b0:12:8e:d9:79:1a:96:9a:
                    76:7f:8f:7b:87:6a:30:20:f1:81:8a:18:b2:11:37:
                    6e:4a:da:ed:51:8b:27:95:28:fc:52:b0:5d:6f:6c:
                    a3:c6:56:33:03:ea:b0:8e:97:29:24:4b:de:2c:d1:
                    70:ab:eb:54:f4:20:ca:83:c4:33:92:16:15:29:7d:
                    ab:cb:be:ea:94:9c:82:7e:c6:bf:37:db:5a:0a:76:
                    66:1a:ba:9d:64:9f:be:a1:5a:da:d3:49:61:b6:e7:
                    89:c6:50:c4:d2:f6:ab:c1:c1:73:07:76:31:e6:f1:
                    97:1b:e0:26:c0:c1:7a:47:ed:08:d2:07:23:18:82:
                    42:3b:76:6e:af:d1:96:04:62:23:f4:10:9e:be:8f:
                    a7:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:F5:55:F6:34:86:91:44:A9:4D:50:26:21:FB:61:5A:ED:39:0A:7C
            X509v3 Authority Key Identifier:
                keyid:08:03:69:A3:58:96:1F:72:84:FB:D5:91:E9:27:73:7C:DB:05:C3:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CANpo1iWH3KE-9WR6SdzfNsFw10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/qfVV9jSGkUSpTVAmIfthWu05Cnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/CANpo1iWH3KE-9WR6SdzfNsFw10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.92.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         76:53:19:90:52:db:82:1a:fa:f3:3c:54:ed:5c:5d:75:b4:31:
         73:73:d3:9b:b7:57:c1:82:b9:76:9b:93:af:21:6b:ea:07:2b:
         a3:25:00:bd:4f:6a:10:bb:88:88:ab:0e:e5:45:ab:d6:2d:f0:
         12:a5:8d:20:b0:04:de:3c:07:57:bc:7c:3f:99:06:9e:32:4d:
         cd:ba:ac:9b:aa:d7:c7:e6:7c:e7:56:b6:0d:85:c3:f3:60:08:
         35:59:c7:77:40:9c:de:6c:4a:70:e5:64:84:7a:92:9a:0f:35:
         06:b3:cd:bb:0e:21:3b:dd:32:27:cd:97:05:6b:2b:ca:ba:1e:
         a8:a6:f1:a4:07:96:f4:fa:19:66:a3:36:b2:44:bc:71:03:f7:
         0c:16:16:f6:cc:1c:69:61:00:b3:37:81:11:29:41:cb:f4:27:
         e0:62:5b:1e:52:70:c1:fa:44:8b:c7:d6:f7:a4:40:6a:28:f1:
         c5:f4:15:4d:e0:2b:b7:75:83:95:31:88:82:a3:0c:d2:03:94:
         11:6d:8d:48:e8:37:ab:aa:b6:97:a5:1f:be:df:af:42:be:87:
         5f:05:f5:47:b4:ad:16:88:da:10:90:48:ec:b9:21:b8:c1:e0:
         5b:12:21:30:ff:5f:7c:39:a4:bb:ba:95:34:c2:97:9d:e6:d1:
         4c:5e:a1:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIXSSBl4jx2/6B37oWXvVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDM2OWEzNTg5NjFmNzI4NGZiZDU5MWU5Mjc3MzdjZGIw
NWMzNWQwHhcNMjUwMTAyMDM0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWY1NTVmNjM0ODY5MTQ0YTk0ZDUwMjYyMWZiNjE1YWVkMzkwYTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0x+onr2y+ryDyQ0iGlb1fPVKZj2V
5Qcw/Y4hMl9MGC5jxQJdgALvkeODavnTtQbEeJnJ+MyMNehV4Ca0bUbdl8tIiztg
i7Qz+Rf6ykz5XepSHRvkXktzo7SPDt22TN6JQp2JAhITtEBJo5O0i41SsBKO2Xka
lpp2f497h2owIPGBihiyETduStrtUYsnlSj8UrBdb2yjxlYzA+qwjpcpJEveLNFw
q+tU9CDKg8QzkhYVKX2ry77qlJyCfsa/N9taCnZmGrqdZJ++oVra00lhtueJxlDE
0varwcFzB3Yx5vGXG+AmwMF6R+0I0gcjGIJCO3Zur9GWBGIj9BCevo+nfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKn1VfY0hpFEqU1QJiH7YVrtOQp8MB8GA1UdIwQY
MBaAFAgDaaNYlh9yhPvVkeknc3zbBcNdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FOcG8xaVdIM0tFLTlXUjZTZHpmTnNGdzEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8wMWFhYzMtYmNlOS00ZDdlLWE1ZmMt
M2YxYjE2YzZjZDYzLzEvcWZWVjlqU0drVVNwVFZBbUlmdGhXdTA1Q253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8wMWFhYzMtYmNlOS00ZDdlLWE1ZmMtM2YxYjE2YzZjZDYz
LzEvQ0FOcG8xaVdIM0tFLTlXUjZTZHpmTnNGdzEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUVyAMA0G
CSqGSIb3DQEBCwUAA4IBAQB2UxmQUtuCGvrzPFTtXF11tDFzc9Obt1fBgrl2m5Ov
IWvqByujJQC9T2oQu4iIqw7lRavWLfASpY0gsATePAdXvHw/mQaeMk3NuqybqtfH
5nznVrYNhcPzYAg1Wcd3QJzebEpw5WSEepKaDzUGs827DiE73TInzZcFayvKuh6o
pvGkB5b0+hlmozayRLxxA/cMFhb2zBxpYQCzN4ERKUHL9CfgYlseUnDB+kSLx9b3
pEBqKPHF9BVN4Cu3dYOVMYiCowzSA5QRbY1I6DerqraXpR++369CvodfBfVHtK0W
iNoQkEjsuSG4weBbEiEw/198OaS7upU0wped5tFMXqEq
-----END CERTIFICATE-----