Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/QWYCXjPRwOA0N240TJ265a4Z_VY.roa
File:                     QWYCXjPRwOA0N240TJ265a4Z_VY.roa (raw, json)
Hash identifier:          MISdOk98xfsYVUHhbSa9VseYnCT528QSK0OmifOhA2o=
Subject key identifier:   41:66:02:5E:33:D1:C0:E0:34:37:6E:34:4C:9D:BA:E5:AE:19:FD:56
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       0195F1CEC8C03A05C8DFD89938C2838164C3
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/QWYCXjPRwOA0N240TJ265a4Z_VY.roa
Signing time:             Tue 01 Apr 2025 14:43:35 +0000
ROA not before:           Tue 01 Apr 2025 14:43:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208757
IP address blocks:        91.239.220.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f1:ce:c8:c0:3a:05:c8:df:d8:99:38:c2:83:81:64:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Apr  1 14:43:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4166025e33d1c0e034376e344c9dbae5ae19fd56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:1a:94:f0:00:75:ab:7b:78:fa:1e:59:c4:82:
                    3e:aa:13:ba:92:4e:69:a4:14:6b:35:d0:4f:7b:94:
                    4a:66:ff:31:b8:30:49:7b:bf:8c:4c:c5:05:1f:b7:
                    88:50:f5:2a:c7:e5:14:ac:02:3f:39:97:c5:bc:42:
                    70:0c:50:19:5b:58:80:47:5b:15:cd:9d:94:c6:b5:
                    e0:71:ba:62:47:52:86:a2:b6:ef:70:02:7a:77:cb:
                    e1:92:29:1f:62:28:92:4d:7b:c4:b4:18:e3:d6:ec:
                    7d:e5:3c:2c:96:62:cd:e0:49:3c:d0:f9:de:48:d7:
                    57:51:a3:df:a5:fa:26:27:cc:4e:60:e0:60:f3:56:
                    08:47:2c:db:8b:83:8e:c5:f0:9e:1e:db:68:00:31:
                    02:75:c8:71:a4:a1:cb:bc:7b:4b:28:c8:8d:5c:76:
                    7e:cc:88:de:e0:8e:43:2d:10:2f:be:71:8d:18:b6:
                    92:88:b6:1d:d6:1d:4f:02:d3:8a:e6:ab:74:2f:3e:
                    5e:bf:ae:c4:e4:96:0b:fd:77:75:63:79:48:5c:b2:
                    58:6d:0d:89:b2:0b:d9:b9:3c:8d:95:f6:c3:17:00:
                    1a:94:93:83:ee:e5:00:91:92:e6:d9:d9:4c:55:17:
                    b5:76:7f:8f:36:80:82:0b:7a:99:4b:f3:70:75:05:
                    b1:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:66:02:5E:33:D1:C0:E0:34:37:6E:34:4C:9D:BA:E5:AE:19:FD:56
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/QWYCXjPRwOA0N240TJ265a4Z_VY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:9c:60:23:c1:5c:19:04:7f:1a:96:12:17:f2:44:35:9f:b6:
         54:1a:d0:3d:ce:98:11:54:95:7b:46:a0:4e:26:ba:82:fa:e3:
         4d:07:6e:47:10:c3:02:65:fe:c3:12:68:ee:bd:5c:62:5a:81:
         17:fe:ae:58:8d:4f:f8:b5:c0:0f:85:d7:76:79:df:c5:02:ed:
         85:6f:21:b1:94:88:69:96:5c:4f:eb:25:b5:df:d1:63:38:28:
         ff:05:44:25:61:1d:c2:40:1e:86:8d:9e:c8:39:f0:1f:14:03:
         21:b8:b7:4c:08:2a:85:a9:c3:d3:87:29:dd:d1:d5:ce:43:5c:
         df:c0:42:49:9b:e7:6a:99:54:06:e2:6b:50:99:d7:14:55:92:
         ca:14:c9:1f:10:a0:a8:47:26:03:71:5c:e6:1f:a1:32:6f:47:
         c7:57:f1:f0:47:67:f4:22:ec:9a:00:ee:63:4d:bb:bf:27:19:
         0a:2d:d1:e4:07:c6:53:ff:14:46:ea:21:7b:d1:4a:92:f9:28:
         39:4c:81:f4:80:de:02:d4:25:b7:65:7f:a8:66:a0:72:f2:19:
         f7:b6:ee:22:e7:68:be:e5:d8:f5:c5:62:96:4f:49:ec:d9:50:
         67:cb:95:cc:b4:26:71:31:dc:f2:22:67:c0:8e:04:65:20:85:
         38:b1:60:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXxzsjAOgXI39iZOMKDgWTDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUwNDAxMTQ0MzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTY2MDI1ZTMzZDFjMGUwMzQzNzZlMzQ0YzlkYmFlNWFlMTlmZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+RqU8AB1q3t4+h5ZxII+qhO6kk5p
pBRrNdBPe5RKZv8xuDBJe7+MTMUFH7eIUPUqx+UUrAI/OZfFvEJwDFAZW1iAR1sV
zZ2UxrXgcbpiR1KGorbvcAJ6d8vhkikfYiiSTXvEtBjj1ux95TwslmLN4Ek80Pne
SNdXUaPfpfomJ8xOYOBg81YIRyzbi4OOxfCeHttoADECdchxpKHLvHtLKMiNXHZ+
zIje4I5DLRAvvnGNGLaSiLYd1h1PAtOK5qt0Lz5ev67E5JYL/Xd1Y3lIXLJYbQ2J
sgvZuTyNlfbDFwAalJOD7uUAkZLm2dlMVRe1dn+PNoCCC3qZS/NwdQWx0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFmAl4z0cDgNDduNEyduuWuGf1WMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvUVdZQ1hqUFJ3T0EwTjI0MFRKMjY1YTRaX1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+/cMA0G
CSqGSIb3DQEBCwUAA4IBAQAenGAjwVwZBH8alhIX8kQ1n7ZUGtA9zpgRVJV7RqBO
JrqC+uNNB25HEMMCZf7DEmjuvVxiWoEX/q5YjU/4tcAPhdd2ed/FAu2FbyGxlIhp
llxP6yW139FjOCj/BUQlYR3CQB6GjZ7IOfAfFAMhuLdMCCqFqcPThynd0dXOQ1zf
wEJJm+dqmVQG4mtQmdcUVZLKFMkfEKCoRyYDcVzmH6Eyb0fHV/HwR2f0IuyaAO5j
Tbu/JxkKLdHkB8ZT/xRG6iF70UqS+Sg5TIH0gN4C1CW3ZX+oZqBy8hn3tu4i52i+
5dj1xWKWT0ns2VBny5XMtCZxMdzyImfAjgRlIIU4sWC3
-----END CERTIFICATE-----