Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/2bb948-478c-4a02-a18e-d647dc8a56b6/1/qj9pJEL6aLQRmJQwwNdSHRT6Q7o.roa
File:                     qj9pJEL6aLQRmJQwwNdSHRT6Q7o.roa (raw, json)
Hash identifier:          YXXU3MHXgJerIl9CeLyHeV8Hu3RdrFxQkf90wVwUCHQ=
Subject key identifier:   AA:3F:69:24:42:FA:68:B4:11:98:94:30:C0:D7:52:1D:14:FA:43:BA
Certificate issuer:       /CN=0fbfe9385e6a759f833e4f09a09f0dcfed53b3e4
Certificate serial:       0194228D1190D5B57A5CCD8EF53BD043EC52
Authority key identifier: 0F:BF:E9:38:5E:6A:75:9F:83:3E:4F:09:A0:9F:0D:CF:ED:53:B3:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D7_pOF5qdZ-DPk8JoJ8Nz-1Ts-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/2bb948-478c-4a02-a18e-d647dc8a56b6/1/qj9pJEL6aLQRmJQwwNdSHRT6Q7o.roa
Signing time:             Wed 01 Jan 2025 15:47:37 +0000
ROA not before:           Wed 01 Jan 2025 15:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209801
IP address blocks:        192.88.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/2bb948-478c-4a02-a18e-d647dc8a56b6/1/D7_pOF5qdZ-DPk8JoJ8Nz-1Ts-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/2bb948-478c-4a02-a18e-d647dc8a56b6/1/D7_pOF5qdZ-DPk8JoJ8Nz-1Ts-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D7_pOF5qdZ-DPk8JoJ8Nz-1Ts-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:11:90:d5:b5:7a:5c:cd:8e:f5:3b:d0:43:ec:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0fbfe9385e6a759f833e4f09a09f0dcfed53b3e4
        Validity
            Not Before: Jan  1 15:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa3f692442fa68b411989430c0d7521d14fa43ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d6:8c:e4:bb:d7:7d:25:1f:bb:a9:52:a6:03:
                    fb:c1:27:c1:ab:07:23:81:d9:86:60:1e:b3:1f:f3:
                    90:3e:f0:3e:bf:f1:9c:28:32:04:82:98:5f:a6:85:
                    01:04:16:94:4c:e5:d8:f3:c5:2d:5c:22:ca:34:75:
                    3a:77:5d:b5:12:66:05:a2:85:19:d1:8f:0a:02:3b:
                    70:96:64:2b:d1:ce:66:c6:49:4b:7f:01:42:20:93:
                    c9:21:dc:42:49:29:a9:07:29:a3:ed:d4:dd:ab:f5:
                    d9:81:48:60:a6:89:b5:60:fe:79:ea:05:0b:79:9b:
                    54:45:5c:df:52:7b:b7:1e:4e:b0:ed:a3:2a:f1:73:
                    9a:29:22:fc:8d:25:e9:2c:a8:0a:f8:65:31:36:d6:
                    03:1c:3d:fa:c9:4d:90:3a:5a:9d:ce:b3:85:22:59:
                    47:79:05:c0:77:d0:12:e9:87:33:3c:5a:65:32:6a:
                    eb:bb:0b:85:de:23:65:6b:86:8f:03:25:c4:0d:c8:
                    20:78:c4:84:3d:19:9d:c8:2b:0d:49:82:b6:4b:a5:
                    a3:7f:98:41:7a:d7:29:5f:17:ab:4a:6c:f6:1c:2d:
                    87:d0:da:56:df:32:b2:8a:08:51:6a:9d:c2:b9:dd:
                    34:b3:90:4a:04:80:c6:ee:51:75:a9:ba:9c:0b:a2:
                    44:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:3F:69:24:42:FA:68:B4:11:98:94:30:C0:D7:52:1D:14:FA:43:BA
            X509v3 Authority Key Identifier:
                keyid:0F:BF:E9:38:5E:6A:75:9F:83:3E:4F:09:A0:9F:0D:CF:ED:53:B3:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D7_pOF5qdZ-DPk8JoJ8Nz-1Ts-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2bb948-478c-4a02-a18e-d647dc8a56b6/1/qj9pJEL6aLQRmJQwwNdSHRT6Q7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2bb948-478c-4a02-a18e-d647dc8a56b6/1/D7_pOF5qdZ-DPk8JoJ8Nz-1Ts-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.88.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:ab:ca:a7:76:a0:57:46:41:36:57:d2:eb:e7:43:73:54:e1:
         77:e5:ca:08:a1:89:bc:41:ea:aa:23:b8:4d:57:bb:9a:bb:07:
         e2:84:94:53:19:2d:1a:54:4b:60:8f:ce:9c:34:14:aa:26:48:
         4f:70:16:b7:58:fb:a5:c2:d7:37:7f:bf:66:38:8d:72:89:c6:
         4f:58:ae:50:a3:e3:ac:0e:d0:ad:61:95:c1:a8:d7:c2:00:fb:
         eb:a0:81:37:78:67:a8:8c:6e:a7:eb:fd:96:88:0b:0f:68:36:
         03:c2:56:55:ce:1b:38:7c:fa:a7:73:52:22:5d:ee:ba:85:2a:
         b6:c9:44:bd:52:9b:68:8e:b5:0c:d4:e5:a6:de:7f:a0:d5:ec:
         67:c8:fa:d8:0a:f4:89:63:c1:45:ab:22:d8:1c:61:5e:83:6d:
         3b:dd:f5:e9:ec:e8:d3:e6:07:c0:bd:11:bb:f4:c0:92:80:04:
         d3:09:bd:8d:5a:6a:a3:53:5b:ca:d4:7b:64:de:40:a5:44:a5:
         df:04:dd:ee:36:52:9e:b7:ae:40:14:9f:f8:1d:93:1e:23:5a:
         32:b3:5b:bc:72:06:3b:43:4d:70:bf:ae:81:c8:7f:af:20:ae:
         2e:8a:dc:4f:45:a4:05:7b:0b:90:c1:2e:71:0c:69:81:6a:c9:
         73:91:ed:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijRGQ1bV6XM2O9TvQQ+xSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmYmZlOTM4NWU2YTc1OWY4MzNlNGYwOWEwOWYwZGNmZWQ1
M2IzZTQwHhcNMjUwMTAxMTU0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTNmNjkyNDQyZmE2OGI0MTE5ODk0MzBjMGQ3NTIxZDE0ZmE0M2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9aM5LvXfSUfu6lSpgP7wSfBqwcj
gdmGYB6zH/OQPvA+v/GcKDIEgphfpoUBBBaUTOXY88UtXCLKNHU6d121EmYFooUZ
0Y8KAjtwlmQr0c5mxklLfwFCIJPJIdxCSSmpBymj7dTdq/XZgUhgpom1YP556gUL
eZtURVzfUnu3Hk6w7aMq8XOaKSL8jSXpLKgK+GUxNtYDHD36yU2QOlqdzrOFIllH
eQXAd9AS6YczPFplMmrruwuF3iNla4aPAyXEDcggeMSEPRmdyCsNSYK2S6Wjf5hB
etcpXxerSmz2HC2H0NpW3zKyighRap3Cud00s5BKBIDG7lF1qbqcC6JEzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKo/aSRC+mi0EZiUMMDXUh0U+kO6MB8GA1UdIwQY
MBaAFA+/6TheanWfgz5PCaCfDc/tU7PkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDdfcE9GNXFkWi1EUGs4Sm9KOE56LTFUcy1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8yYmI5NDgtNDc4Yy00YTAyLWExOGUt
ZDY0N2RjOGE1NmI2LzEvcWo5cEpFTDZhTFFSbUpRd3dOZFNIUlQ2UTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8yYmI5NDgtNDc4Yy00YTAyLWExOGUtZDY0N2RjOGE1NmI2
LzEvRDdfcE9GNXFkWi1EUGs4Sm9KOE56LTFUcy1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwFjMMA0G
CSqGSIb3DQEBCwUAA4IBAQBjq8qndqBXRkE2V9Lr50NzVOF35coIoYm8QeqqI7hN
V7uauwfihJRTGS0aVEtgj86cNBSqJkhPcBa3WPulwtc3f79mOI1yicZPWK5Qo+Os
DtCtYZXBqNfCAPvroIE3eGeojG6n6/2WiAsPaDYDwlZVzhs4fPqnc1IiXe66hSq2
yUS9UptojrUM1OWm3n+g1exnyPrYCvSJY8FFqyLYHGFeg2073fXp7OjT5gfAvRG7
9MCSgATTCb2NWmqjU1vK1Htk3kClRKXfBN3uNlKet65AFJ/4HZMeI1oys1u8cgY7
Q01wv66ByH+vIK4uitxPRaQFewuQwS5xDGmBaslzke17
-----END CERTIFICATE-----