Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/911b83-0c27-4040-970e-ecaf553c31d7/1/qPByKnpBcwc5PCFg3I5YVGxollc.roa
File:                     qPByKnpBcwc5PCFg3I5YVGxollc.roa (raw, json)
Hash identifier:          VpVIKGAdMgvH4OCbsZNXF0xBFfIGSal78lndZpVlhBE=
Subject key identifier:   A8:F0:72:2A:7A:41:73:07:39:3C:21:60:DC:8E:58:54:6C:68:96:57
Certificate issuer:       /CN=79a9f6a381ce4a5a3eccb2493a684609c988a0fc
Certificate serial:       019422FBFE82C6EE14A6E4780877A3607DAA
Authority key identifier: 79:A9:F6:A3:81:CE:4A:5A:3E:CC:B2:49:3A:68:46:09:C9:88:A0:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ean2o4HOSlo-zLJJOmhGCcmIoPw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/911b83-0c27-4040-970e-ecaf553c31d7/1/qPByKnpBcwc5PCFg3I5YVGxollc.roa
Signing time:             Wed 01 Jan 2025 17:48:47 +0000
ROA not before:           Wed 01 Jan 2025 17:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15576
IP address blocks:        185.218.240.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/911b83-0c27-4040-970e-ecaf553c31d7/1/ean2o4HOSlo-zLJJOmhGCcmIoPw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/911b83-0c27-4040-970e-ecaf553c31d7/1/ean2o4HOSlo-zLJJOmhGCcmIoPw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ean2o4HOSlo-zLJJOmhGCcmIoPw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 04:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:fe:82:c6:ee:14:a6:e4:78:08:77:a3:60:7d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a9f6a381ce4a5a3eccb2493a684609c988a0fc
        Validity
            Not Before: Jan  1 17:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8f0722a7a417307393c2160dc8e58546c689657
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:97:db:a6:9e:da:d1:e1:3c:df:06:8d:8b:0f:
                    e2:00:9a:8c:dd:68:d7:64:30:50:39:74:b7:ea:10:
                    8e:e6:28:cf:b0:74:05:89:9c:24:c8:56:9d:bb:44:
                    51:00:eb:fb:06:4a:f9:ff:42:04:8b:9c:69:19:4a:
                    80:8f:a1:dc:d9:19:44:76:17:48:eb:e9:19:7e:62:
                    d7:b6:05:5e:4e:e7:ae:96:ee:fb:6e:10:74:c7:50:
                    0d:ed:b1:93:98:3c:28:91:93:cb:0f:7d:67:b8:d5:
                    64:d1:ca:7a:3b:c8:ef:c2:26:11:ab:60:89:95:77:
                    6e:f8:1d:b2:e5:c5:9c:28:c2:e9:92:d0:24:5c:3d:
                    7f:63:18:48:f3:71:fc:cd:0e:ba:cc:3e:e8:54:96:
                    56:a1:6c:66:d8:f4:15:5a:db:78:e6:4b:bb:26:25:
                    5a:a6:b9:fa:9c:c1:94:8f:58:6c:94:53:25:05:f9:
                    a5:72:ee:5a:b8:be:82:78:19:c3:2e:b1:fa:ce:c1:
                    8f:87:8c:95:31:77:fd:75:e9:83:c4:cc:02:ae:37:
                    4c:8a:7b:ca:ae:25:e2:e1:0f:43:45:6d:70:1a:0a:
                    d7:d6:68:ec:4b:fc:27:84:d9:93:53:cc:da:49:33:
                    65:60:67:35:26:fe:ad:3a:5b:39:9b:55:00:fa:6e:
                    6a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:F0:72:2A:7A:41:73:07:39:3C:21:60:DC:8E:58:54:6C:68:96:57
            X509v3 Authority Key Identifier:
                keyid:79:A9:F6:A3:81:CE:4A:5A:3E:CC:B2:49:3A:68:46:09:C9:88:A0:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ean2o4HOSlo-zLJJOmhGCcmIoPw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/911b83-0c27-4040-970e-ecaf553c31d7/1/qPByKnpBcwc5PCFg3I5YVGxollc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/911b83-0c27-4040-970e-ecaf553c31d7/1/ean2o4HOSlo-zLJJOmhGCcmIoPw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:13:a1:8d:18:d0:d6:1c:e9:d4:58:af:40:f0:eb:35:f7:a1:
         79:b1:ac:ae:31:0a:d4:47:2d:c8:16:1c:9f:7c:97:12:f1:f5:
         c4:c5:37:2c:1c:c8:24:61:99:09:79:2b:62:5d:8e:df:ba:90:
         f3:2d:15:b2:be:33:26:88:d6:aa:54:1e:bf:35:33:2f:e2:0a:
         1c:0b:e6:0c:c8:2f:9a:06:a4:aa:41:0c:13:1b:aa:6b:81:fa:
         80:64:56:2c:51:42:4c:94:b6:fe:2c:f8:12:6a:a5:4c:30:c8:
         34:9f:4d:60:73:d9:de:68:e5:36:a3:ca:06:9a:ca:cc:6e:7e:
         db:cb:63:84:3f:ae:27:f3:93:57:7e:94:02:3e:3f:9f:b3:a6:
         9a:1c:ba:62:f9:2a:48:33:68:2d:ff:77:17:a0:cf:0d:77:c7:
         11:2c:86:85:de:dd:44:5c:b9:6a:b1:61:14:e5:9c:f0:64:47:
         69:0c:68:4f:de:36:01:9a:3b:70:71:a6:8d:ac:08:64:b7:3a:
         65:b9:19:7f:ae:3c:0b:97:a0:43:72:83:16:9c:1b:57:0f:64:
         50:32:2c:d7:70:fb:6c:e6:32:91:23:90:0e:ea:c0:e4:3f:ad:
         4c:fd:67:82:36:5b:5d:70:29:9e:2b:9c:0b:61:11:ae:9c:3f:
         d4:3a:7f:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+/6Cxu4UpuR4CHejYH2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTlmNmEzODFjZTRhNWEzZWNjYjI0OTNhNjg0NjA5Yzk4
OGEwZmMwHhcNMjUwMTAxMTc0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGYwNzIyYTdhNDE3MzA3MzkzYzIxNjBkYzhlNTg1NDZjNjg5NjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5fbpp7a0eE83waNiw/iAJqM3WjX
ZDBQOXS36hCO5ijPsHQFiZwkyFadu0RRAOv7Bkr5/0IEi5xpGUqAj6Hc2RlEdhdI
6+kZfmLXtgVeTueulu77bhB0x1AN7bGTmDwokZPLD31nuNVk0cp6O8jvwiYRq2CJ
lXdu+B2y5cWcKMLpktAkXD1/YxhI83H8zQ66zD7oVJZWoWxm2PQVWtt45ku7JiVa
prn6nMGUj1hslFMlBfmlcu5auL6CeBnDLrH6zsGPh4yVMXf9demDxMwCrjdMinvK
riXi4Q9DRW1wGgrX1mjsS/wnhNmTU8zaSTNlYGc1Jv6tOls5m1UA+m5qfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjwcip6QXMHOTwhYNyOWFRsaJZXMB8GA1UdIwQY
MBaAFHmp9qOBzkpaPsyySTpoRgnJiKD8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFuMm80SE9TbG8tekxKSk9taEdDY21Jb1B3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi85MTFiODMtMGMyNy00MDQwLTk3MGUt
ZWNhZjU1M2MzMWQ3LzEvcVBCeUtucEJjd2M1UENGZzNJNVlWR3hvbGxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi85MTFiODMtMGMyNy00MDQwLTk3MGUtZWNhZjU1M2MzMWQ3
LzEvZWFuMm80SE9TbG8tekxKSk9taEdDY21Jb1B3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudrwMA0G
CSqGSIb3DQEBCwUAA4IBAQADE6GNGNDWHOnUWK9A8Os196F5sayuMQrURy3IFhyf
fJcS8fXExTcsHMgkYZkJeStiXY7fupDzLRWyvjMmiNaqVB6/NTMv4gocC+YMyC+a
BqSqQQwTG6prgfqAZFYsUUJMlLb+LPgSaqVMMMg0n01gc9neaOU2o8oGmsrMbn7b
y2OEP64n85NXfpQCPj+fs6aaHLpi+SpIM2gt/3cXoM8Nd8cRLIaF3t1EXLlqsWEU
5ZzwZEdpDGhP3jYBmjtwcaaNrAhktzpluRl/rjwLl6BDcoMWnBtXD2RQMizXcPts
5jKRI5AO6sDkP61M/WeCNltdcCmeK5wLYRGunD/UOn94
-----END CERTIFICATE-----