Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/RQkXqsrplw0zjDsXai-BBXwMLBo.roa
File:                     RQkXqsrplw0zjDsXai-BBXwMLBo.roa (raw, json)
Hash identifier:          8ubhZZt/B5qNdYxUcXc1uAYTFsQNty/CaNvlBt65c8o=
Subject key identifier:   45:09:17:AA:CA:E9:97:0D:33:8C:3B:17:6A:2F:81:05:7C:0C:2C:1A
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       019427B69512D73E718AFFB28DAB31B32F74
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/RQkXqsrplw0zjDsXai-BBXwMLBo.roa
Signing time:             Thu 02 Jan 2025 15:51:04 +0000
ROA not before:           Thu 02 Jan 2025 15:51:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6205
IP address blocks:        104.247.191.0/24 maxlen: 24
                          185.73.128.0/24 maxlen: 24
                          185.73.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:95:12:d7:3e:71:8a:ff:b2:8d:ab:31:b3:2f:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Jan  2 15:51:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=450917aacae9970d338c3b176a2f81057c0c2c1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:a8:e6:26:85:1e:8d:aa:9c:ed:6f:64:47:ab:
                    04:fa:c4:17:8f:13:90:74:9d:04:cc:19:b3:45:0b:
                    2a:96:11:f7:d7:ff:dc:07:b4:09:00:ba:b2:2b:77:
                    47:78:df:4e:f7:a8:4b:9b:bd:8f:06:26:c0:cb:38:
                    1d:3c:e4:1f:36:85:8e:c6:49:e0:c8:7e:f1:4e:7e:
                    05:5e:ea:87:41:2e:9f:98:80:6c:bc:87:b9:eb:3a:
                    9e:50:2d:d7:cf:d3:9a:c9:57:a8:95:cd:c4:6a:af:
                    66:d7:dd:3e:7b:2b:c9:e2:d5:09:f8:e7:a5:33:e3:
                    d1:35:5d:3e:ad:74:3f:f9:fa:22:6b:04:8b:3a:60:
                    1e:cb:41:20:56:fc:df:23:9e:97:a1:8c:8a:ad:5e:
                    ac:2a:25:77:60:de:6d:f2:00:b5:0b:57:d9:da:0e:
                    a7:24:82:87:1c:01:17:6c:27:22:c3:e2:d8:a4:d7:
                    0e:ae:b0:fc:3d:24:30:06:69:d7:61:48:d7:4d:a5:
                    7b:37:f5:c3:19:a8:57:47:3c:82:5b:ea:b8:ac:50:
                    c1:c4:5e:8c:d0:dc:98:e0:48:3c:8a:bb:73:13:a9:
                    29:c2:a1:d8:53:41:2a:35:38:9f:db:cb:c6:36:ef:
                    04:b3:9b:b5:5b:9e:ea:a0:17:c1:9f:54:b2:79:df:
                    93:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:09:17:AA:CA:E9:97:0D:33:8C:3B:17:6A:2F:81:05:7C:0C:2C:1A
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/RQkXqsrplw0zjDsXai-BBXwMLBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.191.0/24
                  185.73.128.0/24
                  185.73.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:5d:69:17:bf:6f:3b:97:cd:07:81:70:4f:b7:e4:a9:0c:56:
         4c:c9:93:32:49:60:79:af:46:0b:a7:be:8b:2d:00:0c:a5:4f:
         eb:7b:7c:b4:e8:b6:b7:8b:16:1b:e5:be:8f:78:00:ee:24:08:
         96:37:c3:51:06:56:86:a8:e0:47:0b:ba:4c:76:98:a5:d1:f4:
         27:3b:fe:de:c3:31:31:03:a0:19:75:19:1e:61:61:29:da:38:
         3d:99:c7:9f:7e:31:b1:16:d2:18:0d:4c:b2:c0:22:d0:5c:bf:
         fb:06:4c:37:6f:9e:84:43:4a:45:a2:18:c9:41:1c:c2:2b:a5:
         ae:58:2d:65:c7:e6:e5:f4:be:09:d8:40:46:8d:b9:5b:46:cb:
         d7:8c:d1:d8:d3:42:25:2a:31:b7:eb:f0:b6:63:5f:1e:4c:9d:
         33:79:99:cc:11:1f:3d:9e:86:8b:32:87:93:2f:1d:75:9e:d2:
         76:e8:8f:d9:5f:cd:96:e1:af:a3:b4:95:15:60:a7:a5:ad:1c:
         16:4c:0c:6f:43:32:8f:a3:bc:ef:fd:19:12:b7:b6:78:1a:48:
         4e:65:71:0a:bb:36:93:08:25:2c:f3:43:1f:d3:01:ca:c8:44:
         5a:26:bc:c1:45:5e:0e:01:a4:52:b2:45:4d:2c:4e:89:49:dc:
         0e:e8:96:0e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQntpUS1z5xiv+yjasxsy90MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjUwMTAyMTU1MTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTA5MTdhYWNhZTk5NzBkMzM4YzNiMTc2YTJmODEwNTdjMGMyYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA96jmJoUejaqc7W9kR6sE+sQXjxOQ
dJ0EzBmzRQsqlhH31//cB7QJALqyK3dHeN9O96hLm72PBibAyzgdPOQfNoWOxkng
yH7xTn4FXuqHQS6fmIBsvIe56zqeUC3Xz9OayVeolc3Eaq9m190+eyvJ4tUJ+Oel
M+PRNV0+rXQ/+foiawSLOmAey0EgVvzfI56XoYyKrV6sKiV3YN5t8gC1C1fZ2g6n
JIKHHAEXbCciw+LYpNcOrrD8PSQwBmnXYUjXTaV7N/XDGahXRzyCW+q4rFDBxF6M
0NyY4Eg8irtzE6kpwqHYU0EqNTif28vGNu8Es5u1W57qoBfBn1Syed+T9QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEUJF6rK6ZcNM4w7F2ovgQV8DCwaMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvUlFrWHFzcnBsdzB6akRzWGFpLUJCWHdNTEJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAaPe/AwQA
uUmAAwQAuUmDMA0GCSqGSIb3DQEBCwUAA4IBAQBTXWkXv287l80HgXBPt+SpDFZM
yZMySWB5r0YLp76LLQAMpU/re3y06La3ixYb5b6PeADuJAiWN8NRBlaGqOBHC7pM
dpil0fQnO/7ewzExA6AZdRkeYWEp2jg9mceffjGxFtIYDUyywCLQXL/7Bkw3b56E
Q0pFohjJQRzCK6WuWC1lx+bl9L4J2EBGjblbRsvXjNHY00IlKjG36/C2Y18eTJ0z
eZnMER89noaLMoeTLx11ntJ26I/ZX82W4a+jtJUVYKelrRwWTAxvQzKPo7zv/RkS
t7Z4GkhOZXEKuzaTCCUs80Mf0wHKyERaJrzBRV4OAaRSskVNLE6JSdwO6JYO
-----END CERTIFICATE-----