Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/qlt-CjR0Oi0L3lo2PS7A4jbvIUg.roa
File:                     qlt-CjR0Oi0L3lo2PS7A4jbvIUg.roa (raw, json)
Hash identifier:          iydTkBpS1P6s3+CKe74qws4olK3ajXbhwYqoUw/uhBk=
Subject key identifier:   AA:5B:7E:0A:34:74:3A:2D:0B:DE:5A:36:3D:2E:C0:E2:36:EF:21:48
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       0194410428CC61AFE3D93B7905580FD8A01A
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/qlt-CjR0Oi0L3lo2PS7A4jbvIUg.roa
Signing time:             Tue 07 Jan 2025 13:46:19 +0000
ROA not before:           Tue 07 Jan 2025 13:46:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8280
IP address blocks:        151.236.29.0/24 maxlen: 24
                          212.52.16.0/24 maxlen: 24
                          2a03:f80:30::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:41:04:28:cc:61:af:e3:d9:3b:79:05:58:0f:d8:a0:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  7 13:46:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa5b7e0a34743a2d0bde5a363d2ec0e236ef2148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:37:53:c3:d7:7a:1c:92:f2:33:36:16:14:07:
                    87:53:d2:b0:b9:c1:20:32:96:da:86:f7:4e:10:0a:
                    b4:7a:19:e2:b9:cf:d8:f7:30:f0:7f:d5:83:aa:c2:
                    bd:ed:00:1b:b4:da:46:d7:75:5a:22:bc:3c:79:11:
                    37:e0:fc:84:b8:f8:a9:ab:0e:1f:14:1e:ac:54:ae:
                    53:47:04:7b:70:a9:d1:75:c6:87:96:48:73:ad:d0:
                    c2:e2:71:ed:f3:0e:38:86:d9:ef:14:58:3f:d0:22:
                    28:33:b1:ea:71:84:e4:46:64:18:dc:f4:f6:61:ec:
                    03:4a:6b:8b:49:92:cc:59:c8:0f:65:8f:15:ca:be:
                    66:86:92:36:a5:ae:ce:1a:50:f1:d2:15:36:b1:a2:
                    09:a9:6f:b7:64:0c:92:7a:76:cb:5d:8e:a6:f3:0e:
                    cc:4a:c5:a7:12:ee:b6:7c:d3:68:1d:f2:c8:bf:01:
                    9c:85:f5:16:85:6b:14:52:00:6b:e2:a5:30:bb:b9:
                    7c:6b:59:26:8c:36:ea:c3:1e:fd:32:8a:40:a7:fa:
                    37:83:3d:b6:31:bd:d4:0c:f8:2f:e6:92:f5:52:44:
                    2c:bc:a5:81:ad:5b:82:be:14:4a:98:12:28:e1:90:
                    30:b9:32:04:0d:51:71:7e:6f:4b:a3:d0:8b:1f:17:
                    b8:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:5B:7E:0A:34:74:3A:2D:0B:DE:5A:36:3D:2E:C0:E2:36:EF:21:48
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/qlt-CjR0Oi0L3lo2PS7A4jbvIUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.236.29.0/24
                  212.52.16.0/24
                IPv6:
                  2a03:f80:30::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:5a:4a:b8:35:2c:9a:07:10:f3:cb:b2:71:24:ce:ba:6c:d1:
         0b:7c:2c:9c:e9:49:64:33:86:80:10:43:2a:b0:8d:d7:16:d1:
         82:75:bc:18:5d:0d:e7:6e:54:10:cd:a6:47:bc:da:fc:a5:3f:
         1d:99:b5:13:9f:9f:34:28:6e:a2:1a:0f:72:2a:13:b4:43:59:
         7e:ef:2b:8c:1e:76:f7:6b:7f:3a:f2:c8:d2:0e:78:11:77:8c:
         a2:a5:01:11:dc:ca:42:05:1a:d7:59:3c:30:a7:bf:99:b5:3d:
         c0:5a:02:d1:4b:46:57:eb:11:74:94:0d:99:a7:65:c7:b5:40:
         20:4a:b2:93:c7:31:0f:ed:d4:6d:6f:5f:50:73:8b:86:48:77:
         27:dc:e8:f5:a8:b6:46:b7:a1:79:89:61:6e:00:78:a4:2f:2f:
         ab:a4:e0:0d:59:2d:99:58:a7:e7:1f:d1:a1:07:cb:a3:c0:66:
         d5:b0:58:14:d3:e5:78:c8:bc:77:7d:a7:c5:c9:15:4b:21:41:
         d2:ff:b0:ed:a4:49:f8:25:22:0a:11:da:eb:20:90:3d:cf:21:
         95:a1:42:7c:a1:b9:02:3c:ef:e5:5a:1b:36:bf:7f:03:ef:ee:
         01:78:e8:fd:d7:86:f5:19:67:0d:ee:6e:7d:2f:37:0e:a7:b2:
         a5:4e:74:81
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZRBBCjMYa/j2Tt5BVgP2KAaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjUwMTA3MTM0NjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTViN2UwYTM0NzQzYTJkMGJkZTVhMzYzZDJlYzBlMjM2ZWYyMTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzdTw9d6HJLyMzYWFAeHU9KwucEg
MpbahvdOEAq0ehniuc/Y9zDwf9WDqsK97QAbtNpG13VaIrw8eRE34PyEuPipqw4f
FB6sVK5TRwR7cKnRdcaHlkhzrdDC4nHt8w44htnvFFg/0CIoM7HqcYTkRmQY3PT2
YewDSmuLSZLMWcgPZY8Vyr5mhpI2pa7OGlDx0hU2saIJqW+3ZAySenbLXY6m8w7M
SsWnEu62fNNoHfLIvwGchfUWhWsUUgBr4qUwu7l8a1kmjDbqwx79MopAp/o3gz22
Mb3UDPgv5pL1UkQsvKWBrVuCvhRKmBIo4ZAwuTIEDVFxfm9Lo9CLHxe4CwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFKpbfgo0dDotC95aNj0uwOI27yFIMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvcWx0LUNqUjBPaTBMM2xvMlBTN0E0amJ2SVVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAl+wdAwQA
1DQQMA8EAgACMAkDBwAqAw+AADAwDQYJKoZIhvcNAQELBQADggEBAKdaSrg1LJoH
EPPLsnEkzrps0Qt8LJzpSWQzhoAQQyqwjdcW0YJ1vBhdDeduVBDNpke82vylPx2Z
tROfnzQobqIaD3IqE7RDWX7vK4wedvdrfzryyNIOeBF3jKKlARHcykIFGtdZPDCn
v5m1PcBaAtFLRlfrEXSUDZmnZce1QCBKspPHMQ/t1G1vX1Bzi4ZIdyfc6PWotka3
oXmJYW4AeKQvL6uk4A1ZLZlYp+cf0aEHy6PAZtWwWBTT5XjIvHd9p8XJFUshQdL/
sO2kSfglIgoR2usgkD3PIZWhQnyhuQI87+VaGza/fwPv7gF46P3XhvUZZw3ubn0v
Nw6nsqVOdIE=
-----END CERTIFICATE-----