Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/qTTergxDeV9PAn74EwkjtHgbn2o.roa
File:                     qTTergxDeV9PAn74EwkjtHgbn2o.roa (raw, json)
Hash identifier:          LFYDt+uYMND5224RZAEk1RWxDOCG+EkRnKKIkEZ5Cic=
Subject key identifier:   A9:34:DE:AE:0C:43:79:5F:4F:02:7E:F8:13:09:23:B4:78:1B:9F:6A
Certificate issuer:       /CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
Certificate serial:       0196F77A6131613DA89633ACE553965844C8
Authority key identifier: 71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/qTTergxDeV9PAn74EwkjtHgbn2o.roa
Signing time:             Thu 22 May 2025 10:11:54 +0000
ROA not before:           Thu 22 May 2025 10:11:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63023
IP address blocks:        185.224.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 10:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f7:7a:61:31:61:3d:a8:96:33:ac:e5:53:96:58:44:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
        Validity
            Not Before: May 22 10:11:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a934deae0c43795f4f027ef8130923b4781b9f6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:13:e6:ab:62:d5:d0:c3:c0:9d:6a:07:b0:14:
                    27:cb:6f:01:f2:e3:3d:eb:3e:e7:3d:86:a8:ef:73:
                    39:41:1d:8a:0f:62:4a:32:6b:18:58:80:de:a7:19:
                    02:98:c1:34:9f:c1:4e:1f:10:e3:83:9c:04:9b:9f:
                    b4:86:ae:9d:99:e4:3b:0a:fb:6e:94:a5:62:35:ab:
                    db:d0:56:19:23:e7:84:af:af:11:d3:8c:4e:58:e6:
                    1f:15:c2:7d:cf:a0:b2:2b:84:01:c7:4f:48:5b:25:
                    2e:c3:66:31:bb:89:45:fd:58:42:15:06:13:8f:24:
                    09:f7:b9:da:0d:c9:8b:5d:97:1c:64:49:e7:ae:20:
                    d6:f7:e7:00:86:70:c6:1b:2c:d8:3c:c8:e2:21:b5:
                    1a:80:2b:c1:a6:12:14:8d:94:a5:a0:f2:49:91:c7:
                    58:d3:20:98:ca:5a:5f:f4:ef:8b:19:74:38:a6:e8:
                    27:52:6f:99:b7:0e:73:0c:a4:63:e5:7f:5a:40:a8:
                    e5:ae:22:5e:87:66:06:cf:48:46:3f:bc:8d:fd:d9:
                    11:7b:b7:fd:e7:09:0e:ba:df:18:d0:07:58:02:f9:
                    59:af:9c:7a:ed:c6:3e:f9:19:e0:a8:93:5b:14:f5:
                    eb:2f:33:0f:3e:e5:1a:92:df:8b:4e:7e:7e:3e:1e:
                    30:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:34:DE:AE:0C:43:79:5F:4F:02:7E:F8:13:09:23:B4:78:1B:9F:6A
            X509v3 Authority Key Identifier:
                keyid:71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/qTTergxDeV9PAn74EwkjtHgbn2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:05:d4:0a:eb:f9:ee:5c:42:ac:9a:79:65:88:2a:7f:32:f9:
         ed:7b:c0:1e:76:d3:73:f5:47:46:79:af:17:8b:c8:30:f8:c2:
         8a:90:61:3f:1b:0e:92:8f:90:ae:15:3c:6a:ee:26:69:ae:cb:
         93:4c:c2:13:66:79:0b:ac:80:bd:1e:ef:e1:bd:ea:1b:8e:f2:
         bd:d7:db:bc:14:3e:e9:7f:d7:a4:ea:ec:77:41:5a:63:a7:fd:
         f1:06:ac:a8:e1:04:6d:15:af:af:70:47:37:89:8f:50:73:33:
         27:b0:d5:e0:51:20:7c:67:23:de:05:cc:95:af:bb:be:f6:29:
         b0:94:ce:52:a8:04:e7:9b:86:f8:17:10:26:ca:75:be:f1:54:
         99:86:45:63:14:8c:15:09:15:d6:93:8f:a8:14:b5:34:f9:ac:
         bf:17:62:b1:b5:cb:ab:45:c1:94:d9:fb:8b:34:3e:b7:01:44:
         1e:1c:f1:31:c3:32:4a:2a:73:aa:74:8d:6c:dc:ea:b5:5f:50:
         c6:27:9f:67:31:af:34:8c:68:0b:77:f4:d5:e0:ac:f1:89:30:
         49:39:0b:1c:d6:e0:a1:18:4f:3c:82:04:28:7b:3f:eb:6a:d7:
         43:b7:43:ae:aa:f7:9d:72:7e:69:09:ba:87:3d:39:8d:f6:0a:
         39:73:b3:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb3emExYT2oljOs5VOWWETIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYmRkZWFmMGYzMGZiZGFmOWU3NWI5MmFjN2Q1YmQxM2Yy
ODVkZTcwHhcNMjUwNTIyMTAxMTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTM0ZGVhZTBjNDM3OTVmNGYwMjdlZjgxMzA5MjNiNDc4MWI5ZjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BPmq2LV0MPAnWoHsBQny28B8uM9
6z7nPYao73M5QR2KD2JKMmsYWIDepxkCmME0n8FOHxDjg5wEm5+0hq6dmeQ7Cvtu
lKViNavb0FYZI+eEr68R04xOWOYfFcJ9z6CyK4QBx09IWyUuw2Yxu4lF/VhCFQYT
jyQJ97naDcmLXZccZEnnriDW9+cAhnDGGyzYPMjiIbUagCvBphIUjZSloPJJkcdY
0yCYylpf9O+LGXQ4pugnUm+Ztw5zDKRj5X9aQKjlriJeh2YGz0hGP7yN/dkRe7f9
5wkOut8Y0AdYAvlZr5x67cY++RngqJNbFPXrLzMPPuUakt+LTn5+Ph4wIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKk03q4MQ3lfTwJ++BMJI7R4G59qMB8GA1UdIwQY
MBaAFHG93q8PMPva+edbkqx9W9E/KF3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUt
NDc3MjMxMTkxYTM1LzEvcVRUZXJneERlVjlQQW43NEV3a2p0SGdibjJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUtNDc3MjMxMTkxYTM1
LzEvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueDYMA0G
CSqGSIb3DQEBCwUAA4IBAQAUBdQK6/nuXEKsmnlliCp/Mvnte8AedtNz9UdGea8X
i8gw+MKKkGE/Gw6Sj5CuFTxq7iZprsuTTMITZnkLrIC9Hu/hveobjvK919u8FD7p
f9ek6ux3QVpjp/3xBqyo4QRtFa+vcEc3iY9QczMnsNXgUSB8ZyPeBcyVr7u+9imw
lM5SqATnm4b4FxAmynW+8VSZhkVjFIwVCRXWk4+oFLU0+ay/F2KxtcurRcGU2fuL
ND63AUQeHPExwzJKKnOqdI1s3Oq1X1DGJ59nMa80jGgLd/TV4KzxiTBJOQsc1uCh
GE88ggQoez/ratdDt0Ouqvedcn5pCbqHPTmN9go5c7Od
-----END CERTIFICATE-----