Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/qLWefGaIQEsRkcA1tO3guUVq3OU.roa
File:                     qLWefGaIQEsRkcA1tO3guUVq3OU.roa (raw, json)
Hash identifier:          xslOk/6LQdIGFli9jwCBp6kVRfq8yxFvis0Kh4JP+fk=
Subject key identifier:   A8:B5:9E:7C:66:88:40:4B:11:91:C0:35:B4:ED:E0:B9:45:6A:DC:E5
Certificate issuer:       /CN=2b46c9ccf7ff7bdccf837762a0e157bdc13570e0
Certificate serial:       019423D6D84FA74C9A09E9165C5DFFDB4E85
Authority key identifier: 2B:46:C9:CC:F7:FF:7B:DC:CF:83:77:62:A0:E1:57:BD:C1:35:70:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K0bJzPf_e9zPg3dioOFXvcE1cOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/qLWefGaIQEsRkcA1tO3guUVq3OU.roa
Signing time:             Wed 01 Jan 2025 21:47:50 +0000
ROA not before:           Wed 01 Jan 2025 21:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57333
IP address blocks:        176.97.160.0/19 maxlen: 19
                          176.97.160.0/21 maxlen: 21
                          176.97.168.0/21 maxlen: 21
                          176.97.176.0/21 maxlen: 21
                          176.97.184.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/K0bJzPf_e9zPg3dioOFXvcE1cOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/K0bJzPf_e9zPg3dioOFXvcE1cOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K0bJzPf_e9zPg3dioOFXvcE1cOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:d8:4f:a7:4c:9a:09:e9:16:5c:5d:ff:db:4e:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b46c9ccf7ff7bdccf837762a0e157bdc13570e0
        Validity
            Not Before: Jan  1 21:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8b59e7c6688404b1191c035b4ede0b9456adce5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bb:33:56:33:20:b5:7c:fe:ec:cc:76:f6:70:
                    d6:7e:0f:93:5f:48:eb:8d:94:86:9a:97:1e:2d:f1:
                    e3:ba:57:d7:46:d2:94:1a:09:79:a2:7b:21:4d:7f:
                    5b:ef:6f:66:f2:48:38:86:1e:8e:81:ed:04:cb:32:
                    19:36:ef:a0:b1:79:9f:02:65:62:65:df:af:be:e0:
                    4b:5b:6c:d6:ea:e0:4f:a5:49:29:25:30:06:a2:c2:
                    aa:2e:30:71:b0:0c:ae:6a:fc:ee:3e:f3:26:f5:8d:
                    b4:f2:66:13:fd:ba:8e:1e:17:8d:03:a9:d5:6d:ca:
                    b7:1a:d7:5f:8d:b5:d4:bf:48:e6:1e:e1:d4:c7:ba:
                    2b:dd:3b:b6:ea:1d:54:7a:e5:5f:57:3c:a3:ec:a1:
                    e9:dc:62:6f:8f:39:a5:bf:6a:27:e6:8d:3c:71:f9:
                    0c:31:3a:64:9c:04:75:24:33:6a:b2:1c:32:47:b9:
                    24:af:f2:a6:c5:6a:e9:67:ff:1a:d3:6f:bb:63:74:
                    49:8e:da:f3:69:cb:56:17:9b:7c:1d:46:f3:a8:3f:
                    46:bd:49:d8:8f:1a:17:c5:c6:0a:d7:17:cf:77:d5:
                    c2:16:f4:bb:fe:7d:a2:3a:6a:80:e5:30:c6:00:e5:
                    57:9e:6a:ea:28:4a:f8:b7:6c:6b:89:12:a2:b9:29:
                    18:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:B5:9E:7C:66:88:40:4B:11:91:C0:35:B4:ED:E0:B9:45:6A:DC:E5
            X509v3 Authority Key Identifier:
                keyid:2B:46:C9:CC:F7:FF:7B:DC:CF:83:77:62:A0:E1:57:BD:C1:35:70:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K0bJzPf_e9zPg3dioOFXvcE1cOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/qLWefGaIQEsRkcA1tO3guUVq3OU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/K0bJzPf_e9zPg3dioOFXvcE1cOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6d:c8:9c:e4:1e:6f:5e:78:7a:4f:39:1f:1a:56:3f:af:fc:f9:
         92:08:d4:49:d2:37:df:a6:db:34:d7:61:73:8d:aa:99:d2:d2:
         e4:81:6b:b4:a7:9a:36:6e:40:c7:74:b7:9e:71:ee:7f:da:be:
         8b:d2:02:be:7f:4b:fb:02:80:54:ad:27:86:a7:bb:c9:0f:30:
         40:2c:a8:fa:d6:0b:8c:90:16:0a:53:4e:64:da:0c:04:0e:48:
         a8:97:30:8f:5f:f1:39:5b:5e:55:f3:f5:df:2f:f0:87:51:ed:
         df:7b:98:5e:d8:cd:ea:5f:1a:2d:e7:21:5d:36:c3:8d:65:3f:
         c0:6e:94:e0:2c:a9:f4:9f:f1:5b:60:18:9f:49:14:bd:93:8c:
         1f:f3:83:8d:52:96:54:08:21:98:35:6b:0e:90:64:b1:4b:66:
         0b:c9:5c:74:7b:ba:91:61:64:5f:c3:45:71:29:3b:df:5d:b6:
         31:1a:73:7c:1e:11:4e:1a:6d:9e:dd:36:5d:31:fa:92:dc:90:
         32:6b:3e:34:09:02:86:d3:b4:f4:f7:f2:59:e9:33:4f:18:dc:
         23:48:2d:2c:fc:99:43:b8:f2:ab:94:7e:c2:20:fd:7f:23:94:
         5e:fd:ad:be:2c:0d:ee:ec:28:f3:3f:72:ed:12:33:1f:d4:2f:
         77:ee:68:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1thPp0yaCekWXF3/206FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNDZjOWNjZjdmZjdiZGNjZjgzNzc2MmEwZTE1N2JkYzEz
NTcwZTAwHhcNMjUwMTAxMjE0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGI1OWU3YzY2ODg0MDRiMTE5MWMwMzViNGVkZTBiOTQ1NmFkY2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbszVjMgtXz+7Mx29nDWfg+TX0jr
jZSGmpceLfHjulfXRtKUGgl5onshTX9b729m8kg4hh6Oge0EyzIZNu+gsXmfAmVi
Zd+vvuBLW2zW6uBPpUkpJTAGosKqLjBxsAyuavzuPvMm9Y208mYT/bqOHheNA6nV
bcq3GtdfjbXUv0jmHuHUx7or3Tu26h1UeuVfVzyj7KHp3GJvjzmlv2on5o08cfkM
MTpknAR1JDNqshwyR7kkr/KmxWrpZ/8a02+7Y3RJjtrzactWF5t8HUbzqD9GvUnY
jxoXxcYK1xfPd9XCFvS7/n2iOmqA5TDGAOVXnmrqKEr4t2xriRKiuSkYewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKi1nnxmiEBLEZHANbTt4LlFatzlMB8GA1UdIwQY
MBaAFCtGycz3/3vcz4N3YqDhV73BNXDgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzBiSnpQZl9lOXpQZzNkaW9PRlh2Y0UxY09BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8zNGNjZmUtODBlNi00ZDk2LWI5Njgt
YzdhMmQ1ZjlmZDYwLzEvcUxXZWZHYUlRRXNSa2NBMXRPM2d1VVZxM09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8zNGNjZmUtODBlNi00ZDk2LWI5NjgtYzdhMmQ1ZjlmZDYw
LzEvSzBiSnpQZl9lOXpQZzNkaW9PRlh2Y0UxY09BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFsGGgMA0G
CSqGSIb3DQEBCwUAA4IBAQBtyJzkHm9eeHpPOR8aVj+v/PmSCNRJ0jffpts012Fz
jaqZ0tLkgWu0p5o2bkDHdLeece5/2r6L0gK+f0v7AoBUrSeGp7vJDzBALKj61guM
kBYKU05k2gwEDkiolzCPX/E5W15V8/XfL/CHUe3fe5he2M3qXxot5yFdNsONZT/A
bpTgLKn0n/FbYBifSRS9k4wf84ONUpZUCCGYNWsOkGSxS2YLyVx0e7qRYWRfw0Vx
KTvfXbYxGnN8HhFOGm2e3TZdMfqS3JAyaz40CQKG07T09/JZ6TNPGNwjSC0s/JlD
uPKrlH7CIP1/I5Re/a2+LA3u7CjzP3LtEjMf1C937mgo
-----END CERTIFICATE-----