Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/qqV4lt6FTPnmuHdRaoUeaEC2b8U.roa
File:                     qqV4lt6FTPnmuHdRaoUeaEC2b8U.roa (raw, json)
Hash identifier:          HtCD/Cd4hhljqddcvUw+6pkmRGrV8qPj/FjkfpsV+Jw=
Subject key identifier:   AA:A5:78:96:DE:85:4C:F9:E6:B8:77:51:6A:85:1E:68:40:B6:6F:C5
Certificate issuer:       /CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
Certificate serial:       01954744B47F3C1F7D84432CF6AB0C6561E1
Authority key identifier: 4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/qqV4lt6FTPnmuHdRaoUeaEC2b8U.roa
Signing time:             Thu 27 Feb 2025 11:57:19 +0000
ROA not before:           Thu 27 Feb 2025 11:57:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212701
IP address blocks:        185.149.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:47:44:b4:7f:3c:1f:7d:84:43:2c:f6:ab:0c:65:61:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
        Validity
            Not Before: Feb 27 11:57:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aaa57896de854cf9e6b877516a851e6840b66fc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:97:0b:cf:e8:e9:5e:7e:8b:db:35:98:1b:c6:
                    3a:f3:8f:78:ec:a6:ff:b7:b2:ce:dd:e5:a6:5e:ec:
                    e2:c8:ad:df:c0:c0:62:5c:61:1d:88:a2:e6:25:d3:
                    c9:21:25:be:a1:20:f6:03:3d:c3:fb:a3:75:65:74:
                    1e:91:32:5a:db:ab:5a:f7:cf:c6:b9:cd:cf:e5:6c:
                    65:1d:bd:1d:76:b3:c5:7f:1c:f6:1f:5d:8e:10:1b:
                    3b:47:e3:6e:8d:45:b6:13:b0:79:04:27:0c:56:a7:
                    7f:7b:f0:67:f6:30:68:17:1f:34:db:78:bb:9c:fb:
                    18:5d:57:54:ee:bc:05:cd:fe:1b:35:2c:25:13:46:
                    d1:1a:cf:20:79:af:25:c0:63:df:a7:45:79:cf:06:
                    ba:56:09:61:0c:6d:70:0c:c8:bc:0e:14:fd:f4:2b:
                    d1:5e:f8:70:d7:fe:4c:a9:b0:9f:03:be:b4:da:eb:
                    ca:6a:0e:25:ba:01:8e:f2:79:a1:a5:1b:c2:dd:00:
                    ae:3a:44:89:55:ab:bf:5a:fd:50:3d:1f:e6:c0:15:
                    6d:67:ae:a2:ee:ac:44:e7:1c:82:69:36:9d:6a:62:
                    75:47:9b:2f:68:ae:45:79:7d:89:ac:a8:e4:ee:8e:
                    de:5b:cb:13:3e:72:21:63:2f:6f:41:f6:d4:3a:9e:
                    e7:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:A5:78:96:DE:85:4C:F9:E6:B8:77:51:6A:85:1E:68:40:B6:6F:C5
            X509v3 Authority Key Identifier:
                keyid:4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/qqV4lt6FTPnmuHdRaoUeaEC2b8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:2a:aa:eb:29:24:07:ec:c2:95:ff:88:c3:3c:ec:b6:da:18:
         ff:fc:4a:59:e4:40:1f:e4:3d:a3:9e:d0:2b:a6:cc:d8:b4:d1:
         e0:7a:b9:22:04:9d:cf:00:86:2f:63:58:a6:b9:54:be:34:27:
         51:ec:a7:50:53:a8:1f:17:70:2e:7d:08:8b:b0:af:a8:a5:9a:
         a1:30:8e:eb:81:b0:d0:de:07:ec:ca:c1:13:5e:d4:25:b0:8c:
         10:ad:57:24:6c:0f:76:63:cc:81:90:59:b8:84:8e:8b:ec:6b:
         20:c6:41:fa:b8:b2:ee:cc:09:8b:5d:5c:51:a8:89:45:12:58:
         99:b0:94:70:5a:aa:50:44:95:19:8e:2c:6c:12:5c:56:96:0f:
         83:37:75:6b:db:1a:63:5f:ec:9e:16:11:bd:5c:21:fb:cc:71:
         eb:07:5c:2a:4a:31:29:43:da:98:6a:f8:96:a2:97:cc:42:03:
         a8:be:37:2d:76:38:1b:2e:8a:b7:a9:1d:89:d4:cf:a7:44:bd:
         c4:6f:6c:f1:82:ca:7c:9a:4c:a9:c2:b3:76:d1:c7:87:78:92:
         3b:1f:1f:41:22:ef:02:0c:6d:84:2c:4e:a5:f0:ad:66:4f:fc:
         15:0a:2d:16:38:c1:7a:81:ae:22:33:39:20:dc:fa:0c:e6:2f:
         a1:3b:85:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVHRLR/PB99hEMs9qsMZWHhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMmQzMGIwMTVlYzRlZjFiMGQzYzY0MzQ3YzhkMWI1OTgy
OTNmODEwHhcNMjUwMjI3MTE1NzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWE1Nzg5NmRlODU0Y2Y5ZTZiODc3NTE2YTg1MWU2ODQwYjY2ZmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZcLz+jpXn6L2zWYG8Y684947Kb/
t7LO3eWmXuziyK3fwMBiXGEdiKLmJdPJISW+oSD2Az3D+6N1ZXQekTJa26ta98/G
uc3P5WxlHb0ddrPFfxz2H12OEBs7R+NujUW2E7B5BCcMVqd/e/Bn9jBoFx8023i7
nPsYXVdU7rwFzf4bNSwlE0bRGs8gea8lwGPfp0V5zwa6VglhDG1wDMi8DhT99CvR
Xvhw1/5MqbCfA7602uvKag4lugGO8nmhpRvC3QCuOkSJVau/Wv1QPR/mwBVtZ66i
7qxE5xyCaTadamJ1R5svaK5FeX2JrKjk7o7eW8sTPnIhYy9vQfbUOp7nywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqleJbehUz55rh3UWqFHmhAtm/FMB8GA1UdIwQY
MBaAFE8tMLAV7E7xsNPGQ0fI0bWYKT+BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjkt
NDM1MWJiZjc0YzBjLzEvcXFWNGx0NkZUUG5tdUhkUmFvVWVhRUMyYjhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjktNDM1MWJiZjc0YzBj
LzEvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZWSMA0G
CSqGSIb3DQEBCwUAA4IBAQADKqrrKSQH7MKV/4jDPOy22hj//EpZ5EAf5D2jntAr
pszYtNHgerkiBJ3PAIYvY1imuVS+NCdR7KdQU6gfF3AufQiLsK+opZqhMI7rgbDQ
3gfsysETXtQlsIwQrVckbA92Y8yBkFm4hI6L7GsgxkH6uLLuzAmLXVxRqIlFEliZ
sJRwWqpQRJUZjixsElxWlg+DN3Vr2xpjX+yeFhG9XCH7zHHrB1wqSjEpQ9qYaviW
opfMQgOovjctdjgbLoq3qR2J1M+nRL3Eb2zxgsp8mkypwrN20ceHeJI7Hx9BIu8C
DG2ELE6l8K1mT/wVCi0WOMF6ga4iMzkg3PoM5i+hO4UM
-----END CERTIFICATE-----