Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/084d33-9fed-4620-b46c-88a63148026f/1/QQYnKZZEKh0t39rLRqceu8xA4vU.roa
File:                     QQYnKZZEKh0t39rLRqceu8xA4vU.roa (raw, json)
Hash identifier:          PxxqnNy49Cu4ltRHNTmmrI+SwKZQqPOvx1a9kq3y6xs=
Subject key identifier:   41:06:27:29:96:44:2A:1D:2D:DF:DA:CB:46:A7:1E:BB:CC:40:E2:F5
Certificate issuer:       /CN=fe5dbc41b11e77bc44bd2c735554b5b4258d0c33
Certificate serial:       019421B2487C5C3B5EAD03F7BDABD405E06F
Authority key identifier: FE:5D:BC:41:B1:1E:77:BC:44:BD:2C:73:55:54:B5:B4:25:8D:0C:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_l28QbEed7xEvSxzVVS1tCWNDDM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/084d33-9fed-4620-b46c-88a63148026f/1/QQYnKZZEKh0t39rLRqceu8xA4vU.roa
Signing time:             Wed 01 Jan 2025 11:48:39 +0000
ROA not before:           Wed 01 Jan 2025 11:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48933
IP address blocks:        193.36.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/084d33-9fed-4620-b46c-88a63148026f/1/_l28QbEed7xEvSxzVVS1tCWNDDM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/084d33-9fed-4620-b46c-88a63148026f/1/_l28QbEed7xEvSxzVVS1tCWNDDM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_l28QbEed7xEvSxzVVS1tCWNDDM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 05:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:48:7c:5c:3b:5e:ad:03:f7:bd:ab:d4:05:e0:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe5dbc41b11e77bc44bd2c735554b5b4258d0c33
        Validity
            Not Before: Jan  1 11:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4106272996442a1d2ddfdacb46a71ebbcc40e2f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c8:b1:a1:89:3b:e0:9c:23:1c:fe:5b:4f:23:
                    f4:1e:c4:a6:99:f2:8a:8f:c1:ae:df:bd:0f:6e:4f:
                    26:ae:73:eb:b3:0f:e7:eb:4e:78:73:30:24:aa:cd:
                    6a:35:14:18:76:3b:7b:01:66:57:74:87:fd:8c:6b:
                    e2:a5:7e:99:03:88:3d:41:49:8c:09:5c:a4:fc:cd:
                    98:11:5c:07:70:3d:71:84:98:e6:7b:3e:e5:14:1c:
                    7c:6b:ea:93:df:4f:f8:66:33:01:0d:37:0e:2c:de:
                    3e:fe:eb:c5:8d:e3:b6:fb:5b:2b:19:d9:bc:e6:11:
                    20:5f:42:39:f9:98:44:7b:93:4f:a2:70:8a:06:22:
                    17:ef:90:46:53:87:32:1e:ae:63:1a:85:57:b2:ea:
                    38:39:34:a5:e1:a3:f5:57:64:fa:40:6a:01:c5:07:
                    b0:a1:98:e7:6a:8e:1a:b6:81:da:67:ed:88:64:c9:
                    43:7e:02:d3:6f:02:d1:79:9d:d3:74:57:03:ab:a2:
                    2d:f7:68:c5:2a:9c:07:39:be:7b:d7:7b:94:cf:93:
                    de:5e:02:51:35:69:22:fa:07:1d:ff:79:07:f3:1f:
                    e2:ef:0c:dd:43:14:f0:c8:0a:82:4e:be:ae:3d:e6:
                    78:6f:20:10:b0:c4:da:7b:95:e8:78:34:df:5f:8b:
                    07:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:06:27:29:96:44:2A:1D:2D:DF:DA:CB:46:A7:1E:BB:CC:40:E2:F5
            X509v3 Authority Key Identifier:
                keyid:FE:5D:BC:41:B1:1E:77:BC:44:BD:2C:73:55:54:B5:B4:25:8D:0C:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_l28QbEed7xEvSxzVVS1tCWNDDM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/084d33-9fed-4620-b46c-88a63148026f/1/QQYnKZZEKh0t39rLRqceu8xA4vU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/084d33-9fed-4620-b46c-88a63148026f/1/_l28QbEed7xEvSxzVVS1tCWNDDM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:02:cc:1b:b8:08:eb:27:a2:a1:b8:8b:31:38:98:a6:8d:5f:
         48:c6:0c:0a:94:c5:29:b1:81:94:b5:49:01:9d:19:2a:04:44:
         a1:56:37:02:82:84:bc:fd:f8:ca:ec:e5:2d:01:23:14:a8:d5:
         3c:b5:23:c2:5c:6e:40:2e:0b:a8:36:5d:92:5f:44:14:14:ef:
         2a:fb:5d:73:04:93:c6:c2:ee:86:62:5a:d7:bb:38:e7:d1:4b:
         54:a6:68:61:8f:45:2e:19:45:46:7b:d8:23:1f:14:5f:ef:8a:
         80:e6:ba:23:1b:bc:b5:f3:7a:8a:2a:9f:39:e4:8d:e2:63:42:
         a6:49:8f:65:33:bc:ac:f5:a2:58:39:36:4e:7f:10:7d:10:3e:
         df:ef:81:a7:82:30:5c:99:5f:22:40:d2:b5:30:54:b6:66:d3:
         6d:55:03:a0:ca:d5:b7:71:b8:2e:4c:1e:f6:85:f6:9c:c8:63:
         1c:7c:f6:5c:3f:34:e9:85:a0:9c:a3:a1:af:7f:32:0c:8f:68:
         24:d9:3d:3a:2f:d2:bc:f3:51:e2:52:5f:f6:4c:c2:3b:b1:10:
         e5:85:99:33:e8:69:8b:4b:36:be:8a:b0:27:a4:80:1f:b5:d3:
         02:65:18:92:dd:e0:38:34:6e:40:55:d7:a0:e2:6b:4f:4e:04:
         ff:57:36:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhskh8XDterQP3vavUBeBvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNWRiYzQxYjExZTc3YmM0NGJkMmM3MzU1NTRiNWI0MjU4
ZDBjMzMwHhcNMjUwMTAxMTE0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTA2MjcyOTk2NDQyYTFkMmRkZmRhY2I0NmE3MWViYmNjNDBlMmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsixoYk74JwjHP5bTyP0HsSmmfKK
j8Gu370Pbk8mrnPrsw/n6054czAkqs1qNRQYdjt7AWZXdIf9jGvipX6ZA4g9QUmM
CVyk/M2YEVwHcD1xhJjmez7lFBx8a+qT30/4ZjMBDTcOLN4+/uvFjeO2+1srGdm8
5hEgX0I5+ZhEe5NPonCKBiIX75BGU4cyHq5jGoVXsuo4OTSl4aP1V2T6QGoBxQew
oZjnao4atoHaZ+2IZMlDfgLTbwLReZ3TdFcDq6It92jFKpwHOb5713uUz5PeXgJR
NWki+gcd/3kH8x/i7wzdQxTwyAqCTr6uPeZ4byAQsMTae5XoeDTfX4sHBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEEGJymWRCodLd/ay0anHrvMQOL1MB8GA1UdIwQY
MBaAFP5dvEGxHne8RL0sc1VUtbQljQwzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2wyOFFiRWVkN3hFdlN4elZWUzF0Q1dORERNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8wODRkMzMtOWZlZC00NjIwLWI0NmMt
ODhhNjMxNDgwMjZmLzEvUVFZbktaWkVLaDB0MzlyTFJxY2V1OHhBNHZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8wODRkMzMtOWZlZC00NjIwLWI0NmMtODhhNjMxNDgwMjZm
LzEvX2wyOFFiRWVkN3hFdlN4elZWUzF0Q1dORERNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSQjMA0G
CSqGSIb3DQEBCwUAA4IBAQA+AswbuAjrJ6KhuIsxOJimjV9IxgwKlMUpsYGUtUkB
nRkqBEShVjcCgoS8/fjK7OUtASMUqNU8tSPCXG5ALguoNl2SX0QUFO8q+11zBJPG
wu6GYlrXuzjn0UtUpmhhj0UuGUVGe9gjHxRf74qA5rojG7y183qKKp855I3iY0Km
SY9lM7ys9aJYOTZOfxB9ED7f74GngjBcmV8iQNK1MFS2ZtNtVQOgytW3cbguTB72
hfacyGMcfPZcPzTphaCco6GvfzIMj2gk2T06L9K881HiUl/2TMI7sRDlhZkz6GmL
Sza+irAnpIAftdMCZRiS3eA4NG5AVdeg4mtPTgT/Vzaa
-----END CERTIFICATE-----