Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/Qfd2pQFSud35Kd5afgx_HllnhlU.roa
File:                     Qfd2pQFSud35Kd5afgx_HllnhlU.roa (raw, json)
Hash identifier:          AVzGY15QZRw23nEpfQHWMOhslLM4/l7mK/LlAJnwT6k=
Subject key identifier:   41:F7:76:A5:01:52:B9:DD:F9:29:DE:5A:7E:0C:7F:1E:59:67:86:55
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       01941F8C63B63A047A108419DDDC5266FB31
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/Qfd2pQFSud35Kd5afgx_HllnhlU.roa
Signing time:             Wed 01 Jan 2025 01:48:01 +0000
ROA not before:           Wed 01 Jan 2025 01:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49874
IP address blocks:        188.234.120.0/21 maxlen: 21
                          2a02:2698:a004::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:63:b6:3a:04:7a:10:84:19:dd:dc:52:66:fb:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  1 01:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41f776a50152b9ddf929de5a7e0c7f1e59678655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:71:03:f2:8a:1c:8a:8b:fb:8f:32:6c:e3:88:
                    22:e4:94:6d:e3:b5:aa:87:2c:e1:71:a6:96:fa:a8:
                    68:1a:a8:34:4e:1c:82:a7:8c:6b:b3:e3:93:11:61:
                    8e:a2:3c:df:e5:bc:c9:d2:a3:49:c1:31:0f:92:ea:
                    fa:60:e1:d3:a0:50:d1:1a:d2:62:1b:c3:3f:a5:bd:
                    a2:62:4b:e0:f4:74:a7:84:30:27:90:34:38:87:02:
                    b2:59:46:9d:cb:57:fa:e8:6a:e0:50:52:4f:b1:69:
                    a5:4d:1d:f6:a5:84:31:7e:38:e6:41:27:ae:11:4b:
                    02:10:36:92:13:e6:58:2b:b1:84:58:46:02:a5:8b:
                    f5:fc:9b:a9:20:8e:d7:1b:26:86:b8:01:70:b7:50:
                    4e:0b:5a:ad:16:fa:fa:c9:d4:44:37:f8:5b:5a:12:
                    54:05:f6:db:a2:34:63:0a:28:24:8f:f3:14:08:4b:
                    9e:1d:c5:df:3f:bf:30:18:78:3a:29:44:b5:62:fa:
                    79:d4:db:a0:80:36:bf:76:67:0f:c6:ac:c3:0b:42:
                    ce:7c:3a:90:85:69:bd:3a:d9:51:fb:2c:ac:89:ed:
                    b0:30:5c:18:55:5c:e4:09:74:c2:eb:31:ad:cc:99:
                    8c:41:91:c9:9e:bc:66:2e:e9:85:c7:a4:31:f6:41:
                    1f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F7:76:A5:01:52:B9:DD:F9:29:DE:5A:7E:0C:7F:1E:59:67:86:55
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/Qfd2pQFSud35Kd5afgx_HllnhlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.234.120.0/21
                IPv6:
                  2a02:2698:a004::/46

    Signature Algorithm: sha256WithRSAEncryption
         34:16:b2:5b:43:f8:35:c9:b5:9b:b4:1f:42:2f:c4:5a:a5:23:
         d0:de:b1:be:e7:c8:e6:30:2e:49:f9:b8:7a:34:74:36:59:83:
         8c:2e:3c:f9:5f:f3:30:eb:eb:7b:af:fd:17:47:d6:65:06:65:
         a0:91:9a:c1:c0:e2:1c:f9:1a:fb:24:02:4f:5e:bc:f8:3d:56:
         df:08:0e:5d:35:de:72:41:8d:d3:90:ff:00:a5:87:66:80:e3:
         a3:a5:42:12:d3:de:80:4d:e7:ee:ab:54:84:81:b4:77:35:d5:
         b9:a9:d7:d2:9e:9a:80:8b:a3:c4:33:ad:2a:cc:7d:e8:c7:da:
         7a:fb:bc:2b:08:78:80:a5:63:e7:19:f9:ae:88:16:34:f3:e5:
         9b:4d:22:bb:2b:52:ad:1e:aa:47:ba:c5:a0:14:d6:14:47:db:
         88:49:a4:1d:52:17:f0:b2:69:78:e5:5a:43:8a:26:db:3c:20:
         4e:36:09:56:58:d6:0f:3f:3d:8c:2c:db:ad:d9:e9:50:91:e7:
         56:a1:34:50:ce:5d:cf:61:d4:61:35:a4:95:40:30:fa:8f:69:
         ee:c2:02:66:6f:df:80:78:56:64:cd:bb:a8:6e:5f:b8:e3:6d:
         53:b8:48:0c:72:8b:2f:94:6e:8e:22:76:a8:85:5c:a8:8a:ed:
         fb:b9:7a:c1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQfjGO2OgR6EIQZ3dxSZvsxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjUwMTAxMDE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWY3NzZhNTAxNTJiOWRkZjkyOWRlNWE3ZTBjN2YxZTU5Njc4NjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3ED8oociov7jzJs44gi5JRt47Wq
hyzhcaaW+qhoGqg0ThyCp4xrs+OTEWGOojzf5bzJ0qNJwTEPkur6YOHToFDRGtJi
G8M/pb2iYkvg9HSnhDAnkDQ4hwKyWUady1f66GrgUFJPsWmlTR32pYQxfjjmQSeu
EUsCEDaSE+ZYK7GEWEYCpYv1/JupII7XGyaGuAFwt1BOC1qtFvr6ydREN/hbWhJU
BfbbojRjCigkj/MUCEueHcXfP78wGHg6KUS1Yvp51NuggDa/dmcPxqzDC0LOfDqQ
hWm9OtlR+yysie2wMFwYVVzkCXTC6zGtzJmMQZHJnrxmLumFx6Qx9kEfUQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEH3dqUBUrnd+SneWn4Mfx5ZZ4ZVMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvUWZkMnBRRlN1ZDM1S2Q1YWZneF9IbGxuaGxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDvOp4MA8E
AgACMAkDBwIqAiaYoAQwDQYJKoZIhvcNAQELBQADggEBADQWsltD+DXJtZu0H0Iv
xFqlI9Desb7nyOYwLkn5uHo0dDZZg4wuPPlf8zDr63uv/RdH1mUGZaCRmsHA4hz5
GvskAk9evPg9Vt8IDl013nJBjdOQ/wClh2aA46OlQhLT3oBN5+6rVISBtHc11bmp
19KemoCLo8QzrSrMfejH2nr7vCsIeIClY+cZ+a6IFjTz5ZtNIrsrUq0eqke6xaAU
1hRH24hJpB1SF/CyaXjlWkOKJts8IE42CVZY1g8/PYws263Z6VCR51ahNFDOXc9h
1GE1pJVAMPqPae7CAmZv34B4VmTNu6huX7jjbVO4SAxyiy+Ubo4idqiFXKiK7fu5
esE=
-----END CERTIFICATE-----