Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/fffee1-bd46-4523-9eca-705563137d7a/1/QIqKLnFZSvkIdztpTOrghmndfqs.roa
File:                     QIqKLnFZSvkIdztpTOrghmndfqs.roa (raw, json)
Hash identifier:          wHBtvNsb06U7COg9JhFFEVNmIo0CSx+CQSOErCnUsO4=
Subject key identifier:   40:8A:8A:2E:71:59:4A:F9:08:77:3B:69:4C:EA:E0:86:69:DD:7E:AB
Certificate issuer:       /CN=35d851c114a3f779ea80257b1ee1826acdae4a4e
Certificate serial:       019421B24E2DDC5544ECF7F83F07BD83F4ED
Authority key identifier: 35:D8:51:C1:14:A3:F7:79:EA:80:25:7B:1E:E1:82:6A:CD:AE:4A:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NdhRwRSj93nqgCV7HuGCas2uSk4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/fffee1-bd46-4523-9eca-705563137d7a/1/QIqKLnFZSvkIdztpTOrghmndfqs.roa
Signing time:             Wed 01 Jan 2025 11:48:40 +0000
ROA not before:           Wed 01 Jan 2025 11:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42143
IP address blocks:        185.207.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/fffee1-bd46-4523-9eca-705563137d7a/1/NdhRwRSj93nqgCV7HuGCas2uSk4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/fffee1-bd46-4523-9eca-705563137d7a/1/NdhRwRSj93nqgCV7HuGCas2uSk4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NdhRwRSj93nqgCV7HuGCas2uSk4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:4e:2d:dc:55:44:ec:f7:f8:3f:07:bd:83:f4:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35d851c114a3f779ea80257b1ee1826acdae4a4e
        Validity
            Not Before: Jan  1 11:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=408a8a2e71594af908773b694ceae08669dd7eab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b0:8b:05:6b:10:d2:88:43:e3:37:c2:e3:f1:
                    89:4b:d0:2d:8a:21:81:d7:4f:f3:09:a2:07:04:5a:
                    72:35:d5:53:17:cc:34:46:5c:d1:54:c0:ef:8d:bb:
                    26:a4:13:c8:73:40:52:a3:19:e4:21:08:30:fd:d5:
                    72:24:4f:fc:cd:2c:dc:f9:0c:14:ce:15:08:97:ad:
                    4e:1a:bd:0f:b6:b3:5b:aa:de:c7:21:07:30:17:ee:
                    1e:85:fa:78:bc:18:86:66:a8:d5:eb:5c:f2:0c:16:
                    2a:70:6f:9c:f8:75:90:54:27:49:95:5c:5d:e1:9d:
                    2b:6c:fd:e5:d7:95:ab:af:da:1d:3a:b5:81:48:2e:
                    ba:aa:c7:ca:35:7a:bd:b7:78:f4:4c:7b:9b:b2:aa:
                    50:9a:d4:d7:a6:bc:cd:45:be:f3:39:2b:1b:bd:65:
                    c4:3f:4d:77:70:38:da:58:b1:fd:5a:50:bc:95:44:
                    85:54:6c:d9:8f:80:b1:8f:a7:ab:38:0f:85:ec:7f:
                    5c:35:42:35:50:a1:1a:8a:77:0d:22:97:cf:01:1c:
                    a4:1b:0f:18:56:3e:44:df:5b:9b:d1:70:f0:96:3c:
                    58:5d:54:cc:d0:05:4b:29:c2:0a:2c:9c:04:f8:71:
                    e9:83:71:2b:9d:f4:0b:5d:cb:26:7c:c3:6d:77:87:
                    35:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:8A:8A:2E:71:59:4A:F9:08:77:3B:69:4C:EA:E0:86:69:DD:7E:AB
            X509v3 Authority Key Identifier:
                keyid:35:D8:51:C1:14:A3:F7:79:EA:80:25:7B:1E:E1:82:6A:CD:AE:4A:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NdhRwRSj93nqgCV7HuGCas2uSk4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/fffee1-bd46-4523-9eca-705563137d7a/1/QIqKLnFZSvkIdztpTOrghmndfqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/fffee1-bd46-4523-9eca-705563137d7a/1/NdhRwRSj93nqgCV7HuGCas2uSk4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:4c:52:ff:e0:fd:14:6d:99:89:38:bc:cf:ef:ee:3b:c4:12:
         21:97:b3:fc:9c:5a:84:f4:0d:d9:5d:bd:22:31:56:c9:af:a9:
         d9:7f:3e:40:9c:46:55:a3:ab:10:e1:4f:19:14:9d:c9:48:80:
         b6:07:bf:fb:d7:dd:c9:73:fe:ed:8c:5f:5b:8b:70:00:8c:81:
         95:8c:a9:5d:35:36:93:67:e4:a0:0d:90:d1:4a:50:a4:38:81:
         90:2d:a0:3c:7b:33:e5:ad:b0:63:d9:67:3f:82:25:2c:53:90:
         21:e8:20:12:96:a4:92:7e:6a:b4:8a:7e:c7:59:22:d1:7d:11:
         72:59:ab:21:b8:2c:7b:63:7d:79:8c:7b:be:9e:83:df:86:59:
         eb:95:07:4f:af:87:00:16:d2:27:82:2a:82:1a:46:e1:b3:7a:
         8d:f9:0c:3a:3d:e1:d8:0e:6d:62:13:3d:9b:88:f3:2e:bf:d8:
         5a:f3:c0:9b:84:20:93:28:c6:8e:48:92:8b:f3:ec:be:44:c8:
         35:0f:1e:98:bd:ff:a6:60:47:12:d0:5c:d1:0d:34:34:c1:7c:
         27:4e:ef:af:08:14:c0:06:b1:6d:1a:b8:02:51:85:42:ba:d5:
         2b:39:98:0a:af:9e:3f:ab:8f:ce:5c:79:54:b2:e5:a1:2b:da:
         7e:9d:76:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsk4t3FVE7Pf4Pwe9g/TtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZDg1MWMxMTRhM2Y3NzllYTgwMjU3YjFlZTE4MjZhY2Rh
ZTRhNGUwHhcNMjUwMTAxMTE0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDhhOGEyZTcxNTk0YWY5MDg3NzNiNjk0Y2VhZTA4NjY5ZGQ3ZWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLCLBWsQ0ohD4zfC4/GJS9AtiiGB
10/zCaIHBFpyNdVTF8w0RlzRVMDvjbsmpBPIc0BSoxnkIQgw/dVyJE/8zSzc+QwU
zhUIl61OGr0PtrNbqt7HIQcwF+4ehfp4vBiGZqjV61zyDBYqcG+c+HWQVCdJlVxd
4Z0rbP3l15Wrr9odOrWBSC66qsfKNXq9t3j0THubsqpQmtTXprzNRb7zOSsbvWXE
P013cDjaWLH9WlC8lUSFVGzZj4Cxj6erOA+F7H9cNUI1UKEaincNIpfPARykGw8Y
Vj5E31ub0XDwljxYXVTM0AVLKcIKLJwE+HHpg3ErnfQLXcsmfMNtd4c1EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECKii5xWUr5CHc7aUzq4IZp3X6rMB8GA1UdIwQY
MBaAFDXYUcEUo/d56oAlex7hgmrNrkpOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmRoUndSU2o5M25xZ0NWN0h1R0NhczJ1U2s0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9mZmZlZTEtYmQ0Ni00NTIzLTllY2Et
NzA1NTYzMTM3ZDdhLzEvUUlxS0xuRlpTdmtJZHp0cFRPcmdobW5kZnFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9mZmZlZTEtYmQ0Ni00NTIzLTllY2EtNzA1NTYzMTM3ZDdh
LzEvTmRoUndSU2o5M25xZ0NWN0h1R0NhczJ1U2s0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc80MA0G
CSqGSIb3DQEBCwUAA4IBAQCyTFL/4P0UbZmJOLzP7+47xBIhl7P8nFqE9A3ZXb0i
MVbJr6nZfz5AnEZVo6sQ4U8ZFJ3JSIC2B7/7193Jc/7tjF9bi3AAjIGVjKldNTaT
Z+SgDZDRSlCkOIGQLaA8ezPlrbBj2Wc/giUsU5Ah6CASlqSSfmq0in7HWSLRfRFy
WashuCx7Y315jHu+noPfhlnrlQdPr4cAFtIngiqCGkbhs3qN+Qw6PeHYDm1iEz2b
iPMuv9ha88CbhCCTKMaOSJKL8+y+RMg1Dx6Yvf+mYEcS0FzRDTQ0wXwnTu+vCBTA
BrFtGrgCUYVCutUrOZgKr54/q4/OXHlUsuWhK9p+nXZG
-----END CERTIFICATE-----