Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Q6juGTzdYMY1_iqUHUwa-zIJELc.roa
File:                     Q6juGTzdYMY1_iqUHUwa-zIJELc.roa (raw, json)
Hash identifier:          hlXTHkPvfMOwFX/4cMHAachIKJnbd00GUnVp4IR+G5I=
Subject key identifier:   43:A8:EE:19:3C:DD:60:C6:35:FE:2A:94:1D:4C:1A:FB:32:09:10:B7
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       01941F8C1B86EDBB2BEC96E8FDCA743931F1
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Q6juGTzdYMY1_iqUHUwa-zIJELc.roa
Signing time:             Wed 01 Jan 2025 01:47:43 +0000
ROA not before:           Wed 01 Jan 2025 01:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35371
IP address blocks:        85.122.100.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:1b:86:ed:bb:2b:ec:96:e8:fd:ca:74:39:31:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 01:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43a8ee193cdd60c635fe2a941d4c1afb320910b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:5a:b1:64:47:73:3f:57:dd:e2:14:48:12:19:
                    ce:bc:4a:d7:b5:fd:13:20:da:2d:81:6a:82:4c:4e:
                    8e:19:d2:14:80:b1:54:61:48:57:39:1b:bc:7c:07:
                    a4:11:88:18:69:76:95:41:3d:ca:26:31:27:76:b9:
                    f7:63:ec:29:2a:db:76:1c:85:c9:40:92:50:18:c1:
                    bb:38:f9:0e:e7:98:80:f6:f7:68:e1:5f:c8:cd:b3:
                    1e:a3:06:9d:d4:45:4c:2f:2d:59:91:76:ff:f9:dc:
                    55:e4:60:1e:e8:7d:9f:86:d5:fd:1a:c1:e4:21:a4:
                    dd:6c:3a:cb:93:49:88:27:4b:d1:99:7d:08:ad:f9:
                    b6:38:3c:44:66:99:12:a6:b9:04:b9:d2:7e:b9:4a:
                    b1:d7:69:40:ae:c9:3d:55:4d:aa:1d:f8:85:3a:fc:
                    9b:13:65:6d:21:f4:18:26:db:14:5e:32:ea:ee:b5:
                    bf:46:3f:29:a9:af:e4:4d:d6:f1:ce:11:bd:31:0e:
                    1a:b7:07:b6:06:85:cc:f9:a1:1f:20:a0:5c:f6:d4:
                    fe:dc:7d:82:d2:2a:e3:a1:f6:d0:20:57:e7:6d:68:
                    36:53:be:56:17:0d:35:39:e6:37:e9:a5:fa:fc:6d:
                    90:5e:83:84:5c:c5:8e:91:05:42:e4:f4:44:06:a2:
                    fe:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:A8:EE:19:3C:DD:60:C6:35:FE:2A:94:1D:4C:1A:FB:32:09:10:B7
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Q6juGTzdYMY1_iqUHUwa-zIJELc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.122.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b2:34:11:36:03:27:f4:34:ac:62:2b:78:01:b6:08:ee:02:19:
         6e:a3:4b:9f:cb:a3:d3:9b:0a:6f:bc:b6:dd:4b:92:08:f6:ce:
         be:67:af:8d:b9:8a:09:df:7e:8a:8e:1a:b0:bd:f2:f9:17:ca:
         9d:16:7f:9e:ff:98:35:2c:60:e9:d1:93:91:2d:6f:32:6c:85:
         fa:04:36:63:f3:16:21:83:38:54:37:a8:04:e2:1d:e2:d6:0e:
         57:d2:cc:80:f4:68:05:af:83:4b:61:03:2e:45:d5:73:19:8e:
         19:fc:d7:08:a4:bc:9a:fb:2c:29:17:2b:72:98:bc:2e:b8:f1:
         15:de:76:f4:dc:f9:fa:c5:ea:68:dd:24:bf:87:c7:ca:c1:1c:
         27:fd:b4:ad:09:07:d9:e3:0a:b9:b1:ce:c2:78:7a:f8:7d:17:
         ac:72:be:df:0e:87:7f:60:5c:18:76:8a:62:a6:d6:a7:e2:57:
         03:20:4c:3c:8e:0d:d3:07:04:55:e6:94:43:e7:a1:6f:3b:97:
         14:44:0e:b1:33:fa:98:a2:2b:15:10:31:5c:54:ab:47:96:a6:
         97:c5:a5:5a:e9:a0:20:a0:25:7f:35:84:cd:25:53:20:47:54:
         c3:31:ac:d8:bc:96:50:c7:fc:08:45:c4:56:76:50:7c:e2:0a:
         08:ae:8c:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjBuG7bsr7Jbo/cp0OTHxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwMTAxMDE0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2E4ZWUxOTNjZGQ2MGM2MzVmZTJhOTQxZDRjMWFmYjMyMDkxMGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1qxZEdzP1fd4hRIEhnOvErXtf0T
INotgWqCTE6OGdIUgLFUYUhXORu8fAekEYgYaXaVQT3KJjEndrn3Y+wpKtt2HIXJ
QJJQGMG7OPkO55iA9vdo4V/IzbMeowad1EVMLy1ZkXb/+dxV5GAe6H2fhtX9GsHk
IaTdbDrLk0mIJ0vRmX0Irfm2ODxEZpkSprkEudJ+uUqx12lArsk9VU2qHfiFOvyb
E2VtIfQYJtsUXjLq7rW/Rj8pqa/kTdbxzhG9MQ4atwe2BoXM+aEfIKBc9tT+3H2C
0irjofbQIFfnbWg2U75WFw01OeY36aX6/G2QXoOEXMWOkQVC5PREBqL+/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOo7hk83WDGNf4qlB1MGvsyCRC3MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvUTZqdUdUemRZTVkxX2lxVUhVd2EteklKRUxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVXpkMA0G
CSqGSIb3DQEBCwUAA4IBAQCyNBE2Ayf0NKxiK3gBtgjuAhluo0ufy6PTmwpvvLbd
S5II9s6+Z6+NuYoJ336KjhqwvfL5F8qdFn+e/5g1LGDp0ZORLW8ybIX6BDZj8xYh
gzhUN6gE4h3i1g5X0syA9GgFr4NLYQMuRdVzGY4Z/NcIpLya+ywpFytymLwuuPEV
3nb03Pn6xepo3SS/h8fKwRwn/bStCQfZ4wq5sc7CeHr4fRescr7fDod/YFwYdopi
ptan4lcDIEw8jg3TBwRV5pRD56FvO5cURA6xM/qYoisVEDFcVKtHlqaXxaVa6aAg
oCV/NYTNJVMgR1TDMazYvJZQx/wIRcRWdlB84goIrowO
-----END CERTIFICATE-----