Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/c514cd-7954-44ce-bd7f-713b41688706/1/QSbfKTjwWystyhGf93AKODi43Qw.roa
File:                     QSbfKTjwWystyhGf93AKODi43Qw.roa (raw, json)
Hash identifier:          QLAjdgH0y5Nvk5/OywYikq5KPIqG2c6CYLG+eQyHpSY=
Subject key identifier:   41:26:DF:29:38:F0:5B:2B:2D:CA:11:9F:F7:70:0A:38:38:B8:DD:0C
Certificate issuer:       /CN=57e898bf420924f976b5ae451108b9e6a01fc7dc
Certificate serial:       019420685DDC06C42399CFF54249C0E9A21D
Authority key identifier: 57:E8:98:BF:42:09:24:F9:76:B5:AE:45:11:08:B9:E6:A0:1F:C7:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V-iYv0IJJPl2ta5FEQi55qAfx9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/c514cd-7954-44ce-bd7f-713b41688706/1/QSbfKTjwWystyhGf93AKODi43Qw.roa
Signing time:             Wed 01 Jan 2025 05:48:18 +0000
ROA not before:           Wed 01 Jan 2025 05:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202771
IP address blocks:        185.155.28.0/22 maxlen: 24
                          2a07:90c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/c514cd-7954-44ce-bd7f-713b41688706/1/V-iYv0IJJPl2ta5FEQi55qAfx9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/c514cd-7954-44ce-bd7f-713b41688706/1/V-iYv0IJJPl2ta5FEQi55qAfx9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V-iYv0IJJPl2ta5FEQi55qAfx9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:5d:dc:06:c4:23:99:cf:f5:42:49:c0:e9:a2:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57e898bf420924f976b5ae451108b9e6a01fc7dc
        Validity
            Not Before: Jan  1 05:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4126df2938f05b2b2dca119ff7700a3838b8dd0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:e9:83:4c:21:d2:cc:de:dc:b8:42:f3:7f:cc:
                    98:a5:2d:25:25:85:4b:6e:92:7c:2c:62:6c:ca:e0:
                    5d:39:56:6d:69:2f:6b:0b:88:b8:ca:07:a1:69:3a:
                    03:5c:ee:ab:c5:e5:67:ce:4e:71:38:3f:b6:c9:04:
                    6b:94:93:21:fc:63:b0:69:39:cf:89:3a:d2:9d:61:
                    7f:2d:e6:29:f3:47:33:6c:b1:74:fb:41:c3:69:5d:
                    af:33:62:91:87:3d:da:19:44:83:01:b1:62:a2:23:
                    99:1f:39:e1:87:89:17:73:9c:c4:27:94:b0:67:b4:
                    34:bf:b8:08:94:63:76:47:7b:42:bd:7e:54:90:3f:
                    f8:41:55:ce:90:d6:68:c7:09:bf:1b:3c:ef:23:61:
                    30:61:94:8d:b4:6a:c2:24:29:d7:b1:fb:8a:5c:ea:
                    df:05:cd:70:c9:a4:94:32:3a:46:61:b5:62:5d:b6:
                    ab:d6:e2:9e:80:f1:1b:ca:6c:83:34:11:0f:a4:58:
                    b4:e3:67:2a:4d:de:2e:f1:5a:82:6d:26:ef:f7:e0:
                    8f:3c:79:b7:bc:28:1e:e9:1a:45:d1:52:2e:00:e9:
                    04:67:33:75:45:dc:64:70:78:28:c9:f6:99:13:85:
                    c4:bf:3a:bc:e5:fd:29:20:ca:6b:31:9d:78:19:be:
                    f6:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:26:DF:29:38:F0:5B:2B:2D:CA:11:9F:F7:70:0A:38:38:B8:DD:0C
            X509v3 Authority Key Identifier:
                keyid:57:E8:98:BF:42:09:24:F9:76:B5:AE:45:11:08:B9:E6:A0:1F:C7:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V-iYv0IJJPl2ta5FEQi55qAfx9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/c514cd-7954-44ce-bd7f-713b41688706/1/QSbfKTjwWystyhGf93AKODi43Qw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/c514cd-7954-44ce-bd7f-713b41688706/1/V-iYv0IJJPl2ta5FEQi55qAfx9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.28.0/22
                IPv6:
                  2a07:90c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:8f:23:11:c8:06:ad:f9:02:a8:5f:34:57:92:09:60:78:d8:
         3f:32:89:1a:b6:75:df:39:d3:b6:8b:19:b1:71:e5:21:54:3f:
         a1:21:97:0c:5c:35:39:55:97:ac:65:c7:82:3d:86:1f:67:bd:
         4c:70:2d:f2:3e:11:38:e2:29:b9:64:52:98:d2:c6:2f:e1:39:
         23:2b:e4:36:d0:e3:87:b5:c2:6e:66:1b:52:7d:25:60:b6:c7:
         80:6f:06:b3:35:0d:57:91:50:01:08:61:4a:fe:d0:ff:34:6b:
         66:17:82:7a:f7:f2:7f:93:52:97:90:8f:52:0c:25:c8:7f:c8:
         c0:67:e5:d6:38:c4:31:c7:7c:65:1f:e3:56:a8:8a:21:5e:46:
         14:86:ce:ec:39:20:e4:a0:f7:d5:53:aa:0d:f9:90:39:6f:01:
         7d:c3:3f:9e:10:b5:ec:78:fd:83:0e:10:cb:0a:e3:6c:33:d6:
         79:2d:38:eb:24:55:64:4b:65:13:ff:1e:b7:79:a3:20:8a:20:
         1e:93:40:6b:c9:32:2c:65:ab:08:35:57:e8:0b:6b:86:37:9c:
         8b:83:23:33:7e:50:58:c2:46:58:d0:4e:43:0a:80:9d:7a:d3:
         74:19:07:f7:53:2d:35:63:eb:14:5a:4a:c2:24:c5:da:64:cb:
         70:3f:31:47
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaF3cBsQjmc/1QknA6aIdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3ZTg5OGJmNDIwOTI0Zjk3NmI1YWU0NTExMDhiOWU2YTAx
ZmM3ZGMwHhcNMjUwMTAxMDU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTI2ZGYyOTM4ZjA1YjJiMmRjYTExOWZmNzcwMGEzODM4YjhkZDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5+mDTCHSzN7cuELzf8yYpS0lJYVL
bpJ8LGJsyuBdOVZtaS9rC4i4ygehaToDXO6rxeVnzk5xOD+2yQRrlJMh/GOwaTnP
iTrSnWF/LeYp80czbLF0+0HDaV2vM2KRhz3aGUSDAbFioiOZHznhh4kXc5zEJ5Sw
Z7Q0v7gIlGN2R3tCvX5UkD/4QVXOkNZoxwm/GzzvI2EwYZSNtGrCJCnXsfuKXOrf
Bc1wyaSUMjpGYbViXbar1uKegPEbymyDNBEPpFi042cqTd4u8VqCbSbv9+CPPHm3
vCge6RpF0VIuAOkEZzN1RdxkcHgoyfaZE4XEvzq85f0pIMprMZ14Gb72yQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEEm3yk48FsrLcoRn/dwCjg4uN0MMB8GA1UdIwQY
MBaAFFfomL9CCST5drWuRREIueagH8fcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVi1pWXYwSUpKUGwydGE1RkVRaTU1cUFmeDl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9jNTE0Y2QtNzk1NC00NGNlLWJkN2Yt
NzEzYjQxNjg4NzA2LzEvUVNiZktUandXeXN0eWhHZjkzQUtPRGk0M1F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9jNTE0Y2QtNzk1NC00NGNlLWJkN2YtNzEzYjQxNjg4NzA2
LzEvVi1pWXYwSUpKUGwydGE1RkVRaTU1cUFmeDl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZscMA0E
AgACMAcDBQMqB5DAMA0GCSqGSIb3DQEBCwUAA4IBAQB4jyMRyAat+QKoXzRXkglg
eNg/MokatnXfOdO2ixmxceUhVD+hIZcMXDU5VZesZceCPYYfZ71McC3yPhE44im5
ZFKY0sYv4TkjK+Q20OOHtcJuZhtSfSVgtseAbwazNQ1XkVABCGFK/tD/NGtmF4J6
9/J/k1KXkI9SDCXIf8jAZ+XWOMQxx3xlH+NWqIohXkYUhs7sOSDkoPfVU6oN+ZA5
bwF9wz+eELXseP2DDhDLCuNsM9Z5LTjrJFVkS2UT/x63eaMgiiAek0BryTIsZasI
NVfoC2uGN5yLgyMzflBYwkZY0E5DCoCdetN0GQf3Uy01Y+sUWkrCJMXaZMtwPzFH
-----END CERTIFICATE-----