Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/QhIb9pU2TFz78TnVhDlEb28bLew.roa
File:                     QhIb9pU2TFz78TnVhDlEb28bLew.roa (raw, json)
Hash identifier:          RCBq8YAUky5FP3KjBMjIj1v3CgulfdLRMkZuDyWMETw=
Subject key identifier:   42:12:1B:F6:95:36:4C:5C:FB:F1:39:D5:84:39:44:6F:6F:1B:2D:EC
Certificate issuer:       /CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
Certificate serial:       01941FFA2B1F45CF62434FD031686E958231
Authority key identifier: 12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/QhIb9pU2TFz78TnVhDlEb28bLew.roa
Signing time:             Wed 01 Jan 2025 03:47:56 +0000
ROA not before:           Wed 01 Jan 2025 03:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201838
IP address blocks:        185.240.24.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:2b:1f:45:cf:62:43:4f:d0:31:68:6e:95:82:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
        Validity
            Not Before: Jan  1 03:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42121bf695364c5cfbf139d58439446f6f1b2dec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:de:13:c8:94:21:2a:09:c8:cb:48:67:28:fb:
                    ef:a1:80:61:e8:fc:51:45:38:90:00:8f:4a:3c:cb:
                    72:b1:87:7e:c1:48:29:b7:a3:fa:81:ce:b9:9e:9e:
                    f9:6f:26:f9:98:0f:2d:a0:98:c7:b7:66:12:8d:1b:
                    83:6a:31:42:07:41:cc:23:54:63:4e:e7:ee:7c:65:
                    64:56:a9:78:6f:d0:df:fa:83:85:44:36:61:5b:33:
                    fc:b4:70:cf:02:0a:dd:33:6f:99:2c:49:45:7c:be:
                    54:e1:25:28:a8:06:28:c8:df:83:39:e3:72:80:b8:
                    70:0c:6a:c6:71:17:86:48:4b:c3:19:04:6a:ed:4d:
                    b6:c4:dc:34:04:0d:f1:ef:cb:38:d9:88:29:56:8e:
                    a9:ba:87:cf:8b:5b:fd:e0:a0:8c:6f:01:31:ea:99:
                    52:26:b2:9f:0b:69:00:69:1a:9f:ec:52:d1:73:51:
                    cf:5f:eb:6d:3c:6e:4f:59:af:fa:07:c8:dc:36:cf:
                    15:7f:a2:98:65:36:a5:d6:e9:03:6e:ab:8c:e1:ac:
                    cf:13:7c:d1:fc:c9:36:60:73:6e:32:17:92:a4:72:
                    66:59:6e:f5:50:8d:30:ba:43:cd:c3:78:58:b5:67:
                    08:02:27:eb:76:e3:83:ba:51:7d:cb:92:07:b3:aa:
                    8b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:12:1B:F6:95:36:4C:5C:FB:F1:39:D5:84:39:44:6F:6F:1B:2D:EC
            X509v3 Authority Key Identifier:
                keyid:12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/QhIb9pU2TFz78TnVhDlEb28bLew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:58:f7:d0:e0:39:53:78:2b:b9:70:d8:48:8c:2c:84:fe:d4:
         1d:69:aa:9c:b7:66:83:44:0f:4a:08:6c:98:0b:64:38:8e:91:
         1a:7b:b4:de:7e:67:bb:99:32:98:81:21:3b:29:c6:7c:79:a5:
         13:21:e3:c9:6e:b0:4f:83:dd:cd:24:3b:fc:46:84:3f:1c:01:
         24:71:ea:48:6d:31:0c:3c:3e:1f:b2:7f:b9:ba:b8:47:45:d9:
         04:96:a4:a8:1f:79:af:37:da:de:b0:2e:48:d4:8b:55:3f:74:
         f6:66:c6:ca:24:c2:8a:1b:3f:3b:6f:eb:95:3b:c4:ce:fd:33:
         e6:37:0d:f7:5b:65:57:94:7f:69:7e:48:73:fa:96:94:2b:e4:
         1e:ca:7d:d2:3d:74:44:1a:18:59:52:0d:ff:f3:4a:e4:c1:09:
         38:1f:fa:ad:1e:8c:76:9f:01:45:f9:f2:17:10:ee:8e:6a:f8:
         9c:d1:c8:70:d7:32:f1:ef:5d:a4:68:ff:79:fa:30:63:fe:7d:
         a2:76:49:3d:e6:13:f6:66:da:ba:21:f8:8a:c7:36:62:a1:21:
         9e:3e:be:f8:cb:a4:aa:8f:be:6e:f3:54:c5:4e:22:9d:8e:f1:
         33:21:b5:23:c5:0d:30:6f:6e:e7:60:27:32:19:2b:98:ce:f6:
         d3:44:e5:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+isfRc9iQ0/QMWhulYIxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMTRhN2UyYThjNzAxMjMyNWFlOTczZWQxYTJiYmEwNWIy
YmI5YzEwHhcNMjUwMTAxMDM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjEyMWJmNjk1MzY0YzVjZmJmMTM5ZDU4NDM5NDQ2ZjZmMWIyZGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9t4TyJQhKgnIy0hnKPvvoYBh6PxR
RTiQAI9KPMtysYd+wUgpt6P6gc65np75byb5mA8toJjHt2YSjRuDajFCB0HMI1Rj
TufufGVkVql4b9Df+oOFRDZhWzP8tHDPAgrdM2+ZLElFfL5U4SUoqAYoyN+DOeNy
gLhwDGrGcReGSEvDGQRq7U22xNw0BA3x78s42YgpVo6puofPi1v94KCMbwEx6plS
JrKfC2kAaRqf7FLRc1HPX+ttPG5PWa/6B8jcNs8Vf6KYZTal1ukDbquM4azPE3zR
/Mk2YHNuMheSpHJmWW71UI0wukPNw3hYtWcIAifrduODulF9y5IHs6qLuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEISG/aVNkxc+/E51YQ5RG9vGy3sMB8GA1UdIwQY
MBaAFBIUp+KoxwEjJa6XPtGiu6BbK7nBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQt
ZTljMzY0OWMxMjE4LzEvUWhJYjlwVTJURno3OFRuVmhEbEViMjhiTGV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQtZTljMzY0OWMxMjE4
LzEvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufAYMA0G
CSqGSIb3DQEBCwUAA4IBAQATWPfQ4DlTeCu5cNhIjCyE/tQdaaqct2aDRA9KCGyY
C2Q4jpEae7Tefme7mTKYgSE7KcZ8eaUTIePJbrBPg93NJDv8RoQ/HAEkcepIbTEM
PD4fsn+5urhHRdkElqSoH3mvN9resC5I1ItVP3T2ZsbKJMKKGz87b+uVO8TO/TPm
Nw33W2VXlH9pfkhz+paUK+Qeyn3SPXREGhhZUg3/80rkwQk4H/qtHox2nwFF+fIX
EO6Oavic0chw1zLx712kaP95+jBj/n2idkk95hP2Ztq6IfiKxzZioSGePr74y6Sq
j75u81TFTiKdjvEzIbUjxQ0wb27nYCcyGSuYzvbTROUn
-----END CERTIFICATE-----