Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/qV0bi1f4xUUogQC2jTvfOlCFNsY.roa
File:                     qV0bi1f4xUUogQC2jTvfOlCFNsY.roa (raw, json)
Hash identifier:          JeZIDT/pHiJyZCYpNCof5wbSJ0INX3sJ+QZbs083uM0=
Subject key identifier:   A9:5D:1B:8B:57:F8:C5:45:28:81:00:B6:8D:3B:DF:3A:50:85:36:C6
Certificate issuer:       /CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
Certificate serial:       019421446463B6C83B3843C158F1F6AA9D29
Authority key identifier: 29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/qV0bi1f4xUUogQC2jTvfOlCFNsY.roa
Signing time:             Wed 01 Jan 2025 09:48:37 +0000
ROA not before:           Wed 01 Jan 2025 09:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51030
IP address blocks:        185.121.224.0/24 maxlen: 24
                          185.188.141.0/24 maxlen: 24
                          185.188.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:64:63:b6:c8:3b:38:43:c1:58:f1:f6:aa:9d:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
        Validity
            Not Before: Jan  1 09:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a95d1b8b57f8c545288100b68d3bdf3a508536c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:0e:f9:bf:7f:f4:ee:46:80:6c:46:7a:fb:0c:
                    0b:16:92:c3:d3:0c:f2:da:8e:f9:f9:6d:7b:92:95:
                    38:ed:15:b2:51:c3:12:42:59:ef:da:06:ce:19:b5:
                    a9:91:a9:ba:6b:bf:92:8c:74:23:07:d0:dc:90:c3:
                    6c:d6:5a:1e:92:ba:8c:a0:74:a6:cf:a2:1f:95:88:
                    76:13:b3:e3:10:28:e6:e3:be:7b:45:fa:6d:e6:5c:
                    4b:9c:1e:c2:59:d7:0a:0e:13:40:2a:af:e5:72:97:
                    5a:1f:04:7c:59:b9:90:65:83:d8:c3:35:13:9d:cf:
                    0a:eb:aa:9d:e2:fd:63:1b:e3:60:1b:a6:37:70:a9:
                    21:74:33:ce:ae:e1:8b:e6:3c:58:57:7a:1d:d4:84:
                    89:c5:b6:e5:71:cd:d1:28:ee:b3:eb:f0:37:d2:3d:
                    dc:57:53:07:49:ef:b2:d7:98:ce:57:19:c3:eb:e9:
                    f4:f8:c0:2a:e2:1d:70:2a:1c:97:12:fc:01:b4:e7:
                    82:8b:37:99:63:49:7c:38:bd:c3:c7:3d:52:e2:5c:
                    79:94:bd:85:7f:b4:5e:78:c1:9f:ee:b8:66:f6:8c:
                    57:86:36:c9:c9:33:5a:ea:68:32:c3:b8:4f:d6:36:
                    7f:5c:81:df:89:ee:75:bd:98:b8:55:53:d8:74:e5:
                    ae:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:5D:1B:8B:57:F8:C5:45:28:81:00:B6:8D:3B:DF:3A:50:85:36:C6
            X509v3 Authority Key Identifier:
                keyid:29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/qV0bi1f4xUUogQC2jTvfOlCFNsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.224.0/24
                  185.188.141.0-185.188.142.255

    Signature Algorithm: sha256WithRSAEncryption
         56:05:41:57:8c:06:ed:2f:e5:81:77:5c:37:c9:2f:d0:32:39:
         3c:3c:f5:ea:0f:09:47:36:55:99:e8:d1:2f:37:5a:a9:a1:47:
         6e:6a:35:f3:3a:4e:71:e1:47:11:a6:b6:bf:c8:6c:8d:dd:2a:
         a5:21:e2:97:81:b7:70:da:e4:99:b5:8a:84:e4:17:d5:a4:0f:
         9c:7a:ed:42:a6:c0:25:19:ab:1e:b9:97:b2:97:37:b1:5d:80:
         81:b3:f6:cc:72:3e:06:89:ec:62:e2:f6:38:f7:83:33:83:d4:
         77:72:0d:63:7b:3c:86:9d:65:1b:60:df:47:00:e5:b9:4f:e2:
         e0:d8:8b:fd:09:77:ed:3a:8f:c8:d1:be:fa:60:bc:7c:98:2c:
         0d:48:88:97:7b:50:a1:7b:bf:6f:62:d2:22:d0:f5:93:fa:d2:
         5c:01:64:c1:d5:38:dc:c4:3c:a4:3f:03:ad:ef:5f:4d:3a:db:
         32:70:fa:65:a4:7e:44:87:1d:6b:c2:1c:26:78:b4:9b:ee:78:
         dd:a2:a6:36:09:69:b2:da:18:37:03:19:41:f9:69:e7:eb:b2:
         c1:c2:b8:68:42:89:ee:80:09:13:1c:18:44:77:b6:10:6d:0f:
         2c:90:be:b6:e4:11:a8:fa:32:44:2a:d8:f7:24:23:08:92:16:
         95:de:33:a4
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQhRGRjtsg7OEPBWPH2qp0pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzljYzQzYzI0NjlmZmE1Y2Y4YjdhYzYzOWIwMWYzYTc2
OGFjNTUwHhcNMjUwMTAxMDk0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTVkMWI4YjU3ZjhjNTQ1Mjg4MTAwYjY4ZDNiZGYzYTUwODUzNmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2w75v3/07kaAbEZ6+wwLFpLD0wzy
2o75+W17kpU47RWyUcMSQlnv2gbOGbWpkam6a7+SjHQjB9DckMNs1loekrqMoHSm
z6IflYh2E7PjECjm4757Rfpt5lxLnB7CWdcKDhNAKq/lcpdaHwR8WbmQZYPYwzUT
nc8K66qd4v1jG+NgG6Y3cKkhdDPOruGL5jxYV3od1ISJxbblcc3RKO6z6/A30j3c
V1MHSe+y15jOVxnD6+n0+MAq4h1wKhyXEvwBtOeCizeZY0l8OL3Dxz1S4lx5lL2F
f7ReeMGf7rhm9oxXhjbJyTNa6mgyw7hP1jZ/XIHfie51vZi4VVPYdOWurQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKldG4tX+MVFKIEAto073zpQhTbGMB8GA1UdIwQY
MBaAFCl5zEPCRp/6XPi3rGObAfOnaKxVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQt
NDBlYWViYzFjNDdlLzEvcVYwYmkxZjR4VVVvZ1FDMmpUdmZPbENGTnNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQtNDBlYWViYzFjNDdl
LzEvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAuXngMAwD
BAC5vI0DBAC5vI4wDQYJKoZIhvcNAQELBQADggEBAFYFQVeMBu0v5YF3XDfJL9Ay
OTw89eoPCUc2VZno0S83WqmhR25qNfM6TnHhRxGmtr/IbI3dKqUh4peBt3Da5Jm1
ioTkF9WkD5x67UKmwCUZqx65l7KXN7FdgIGz9sxyPgaJ7GLi9jj3gzOD1HdyDWN7
PIadZRtg30cA5blP4uDYi/0Jd+06j8jRvvpgvHyYLA1IiJd7UKF7v29i0iLQ9ZP6
0lwBZMHVONzEPKQ/A63vX0062zJw+mWkfkSHHWvCHCZ4tJvueN2ipjYJabLaGDcD
GUH5aefrssHCuGhCie6ACRMcGER3thBtDyyQvrbkEaj6MkQq2PckIwiSFpXeM6Q=
-----END CERTIFICATE-----