Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/2aa8d1-cb71-4904-a591-3449522710e7/1/QZzbQhQ_hTZIcpg_dJkoU6Xnnto.roa
File:                     QZzbQhQ_hTZIcpg_dJkoU6Xnnto.roa (raw, json)
Hash identifier:          ldOsJ7e5BAcbKryAIK3bxjb3zV/1t/RqgjAXr4tG6fc=
Subject key identifier:   41:9C:DB:42:14:3F:85:36:48:72:98:3F:74:99:28:53:A5:E7:9E:DA
Certificate issuer:       /CN=46c98b2e4a3e060def45abc62c0e345faa80b5ec
Certificate serial:       019421444652CD2DCA6B1E658FDB5830D7BC
Authority key identifier: 46:C9:8B:2E:4A:3E:06:0D:EF:45:AB:C6:2C:0E:34:5F:AA:80:B5:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RsmLLko-Bg3vRavGLA40X6qAtew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/2aa8d1-cb71-4904-a591-3449522710e7/1/QZzbQhQ_hTZIcpg_dJkoU6Xnnto.roa
Signing time:             Wed 01 Jan 2025 09:48:30 +0000
ROA not before:           Wed 01 Jan 2025 09:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47674
IP address blocks:        185.61.136.0/22 maxlen: 24
                          2a02:7a60::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/2aa8d1-cb71-4904-a591-3449522710e7/1/RsmLLko-Bg3vRavGLA40X6qAtew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/2aa8d1-cb71-4904-a591-3449522710e7/1/RsmLLko-Bg3vRavGLA40X6qAtew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RsmLLko-Bg3vRavGLA40X6qAtew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:46:52:cd:2d:ca:6b:1e:65:8f:db:58:30:d7:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46c98b2e4a3e060def45abc62c0e345faa80b5ec
        Validity
            Not Before: Jan  1 09:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=419cdb42143f85364872983f74992853a5e79eda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3b:de:15:37:8f:e9:8a:d7:86:39:78:a5:32:
                    e6:65:3a:39:e2:88:3e:0f:4e:1c:c2:77:b8:b7:f1:
                    57:bd:b4:2f:54:b8:12:b0:75:86:3e:1e:92:d3:e1:
                    17:7d:ab:7a:1f:d6:fd:97:60:10:3b:45:ef:d9:5e:
                    75:fe:b4:da:ef:a6:63:23:8b:d8:9f:35:88:02:f3:
                    5d:83:4c:31:d1:16:1e:61:f4:86:68:f4:5a:3e:0a:
                    e8:56:0a:4f:fe:fa:98:5b:61:36:31:f1:7f:36:9f:
                    ea:97:de:7c:17:78:42:64:1a:b2:09:af:7a:f8:33:
                    bb:0d:a7:e9:da:65:b5:23:08:41:98:d6:59:2d:fe:
                    0c:fd:c3:fa:c8:13:52:95:71:47:da:48:eb:c1:81:
                    25:7c:90:2a:95:b7:25:2b:39:85:14:70:9d:7b:ce:
                    90:af:cf:b4:ea:c2:f6:59:1d:fe:3b:6c:19:f1:37:
                    19:d2:40:63:30:4f:bb:21:ac:66:a8:16:04:46:fb:
                    49:e5:a3:b2:5f:f7:43:c7:83:eb:e4:f3:23:8e:d6:
                    a9:0d:eb:e1:07:75:34:40:e9:d3:8c:d6:e3:ec:d6:
                    7e:31:b8:14:d3:80:07:f7:3b:39:71:21:e8:37:89:
                    a7:27:c8:e4:9e:e1:5b:3f:74:40:47:82:25:43:f5:
                    11:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:9C:DB:42:14:3F:85:36:48:72:98:3F:74:99:28:53:A5:E7:9E:DA
            X509v3 Authority Key Identifier:
                keyid:46:C9:8B:2E:4A:3E:06:0D:EF:45:AB:C6:2C:0E:34:5F:AA:80:B5:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RsmLLko-Bg3vRavGLA40X6qAtew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/2aa8d1-cb71-4904-a591-3449522710e7/1/QZzbQhQ_hTZIcpg_dJkoU6Xnnto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/2aa8d1-cb71-4904-a591-3449522710e7/1/RsmLLko-Bg3vRavGLA40X6qAtew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.61.136.0/22
                IPv6:
                  2a02:7a60::/32

    Signature Algorithm: sha256WithRSAEncryption
         a5:31:b9:f2:4c:2f:ef:fb:4e:64:c7:f6:15:2d:6a:b9:37:e1:
         21:85:ff:d4:e5:39:dd:97:72:47:6b:1b:08:1c:cb:b0:9f:d6:
         12:91:85:f8:46:df:24:45:c6:cc:e9:5d:0a:45:56:1a:de:ed:
         56:2b:8a:65:fc:31:65:ae:7c:ac:6d:26:4b:16:bf:d8:a3:c8:
         c6:c7:57:6c:43:cb:cc:81:c2:b7:13:42:36:81:64:27:7a:4b:
         75:11:83:9f:98:f2:45:0c:17:16:38:af:62:6f:bf:69:09:15:
         f2:21:0d:3e:6e:a9:ab:02:ef:f0:47:ad:15:72:6e:f0:d7:01:
         0e:52:18:6a:eb:49:e3:7a:cf:c8:f5:7e:48:8b:90:bc:f9:6e:
         ae:6b:f6:4d:53:39:8a:8c:51:44:10:96:64:0a:e1:34:0e:b6:
         d1:76:b3:e9:8f:26:aa:c7:8d:1e:5e:bd:31:a8:31:13:61:04:
         ae:ae:79:61:38:c6:81:ca:e9:78:19:4f:90:da:af:83:2c:92:
         9c:ca:c0:51:1e:18:2b:97:75:00:38:fd:07:34:03:ad:2e:c7:
         53:6b:b7:13:b6:8f:31:1d:25:bd:ab:43:f4:a7:b9:bb:46:e5:
         5a:13:a8:cc:02:73:69:af:64:96:73:c4:c5:90:1a:67:cc:04:
         a9:43:9d:94
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhREZSzS3Kax5lj9tYMNe8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2Yzk4YjJlNGEzZTA2MGRlZjQ1YWJjNjJjMGUzNDVmYWE4
MGI1ZWMwHhcNMjUwMTAxMDk0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTljZGI0MjE0M2Y4NTM2NDg3Mjk4M2Y3NDk5Mjg1M2E1ZTc5ZWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTveFTeP6YrXhjl4pTLmZTo54og+
D04cwne4t/FXvbQvVLgSsHWGPh6S0+EXfat6H9b9l2AQO0Xv2V51/rTa76ZjI4vY
nzWIAvNdg0wx0RYeYfSGaPRaPgroVgpP/vqYW2E2MfF/Np/ql958F3hCZBqyCa96
+DO7Dafp2mW1IwhBmNZZLf4M/cP6yBNSlXFH2kjrwYElfJAqlbclKzmFFHCde86Q
r8+06sL2WR3+O2wZ8TcZ0kBjME+7IaxmqBYERvtJ5aOyX/dDx4Pr5PMjjtapDevh
B3U0QOnTjNbj7NZ+MbgU04AH9zs5cSHoN4mnJ8jknuFbP3RAR4IlQ/URfQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEGc20IUP4U2SHKYP3SZKFOl557aMB8GA1UdIwQY
MBaAFEbJiy5KPgYN70WrxiwONF+qgLXsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnNtTExrby1CZzN2UmF2R0xBNDBYNnFBdGV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8yYWE4ZDEtY2I3MS00OTA0LWE1OTEt
MzQ0OTUyMjcxMGU3LzEvUVp6YlFoUV9oVFpJY3BnX2RKa29VNlhubnRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8yYWE4ZDEtY2I3MS00OTA0LWE1OTEtMzQ0OTUyMjcxMGU3
LzEvUnNtTExrby1CZzN2UmF2R0xBNDBYNnFBdGV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuT2IMA0E
AgACMAcDBQAqAnpgMA0GCSqGSIb3DQEBCwUAA4IBAQClMbnyTC/v+05kx/YVLWq5
N+Ehhf/U5Tndl3JHaxsIHMuwn9YSkYX4Rt8kRcbM6V0KRVYa3u1WK4pl/DFlrnys
bSZLFr/Yo8jGx1dsQ8vMgcK3E0I2gWQnekt1EYOfmPJFDBcWOK9ib79pCRXyIQ0+
bqmrAu/wR60Vcm7w1wEOUhhq60njes/I9X5Ii5C8+W6ua/ZNUzmKjFFEEJZkCuE0
DrbRdrPpjyaqx40eXr0xqDETYQSurnlhOMaByul4GU+Q2q+DLJKcysBRHhgrl3UA
OP0HNAOtLsdTa7cTto8xHSW9q0P0p7m7RuVaE6jMAnNpr2SWc8TFkBpnzASpQ52U
-----END CERTIFICATE-----