Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/QhcLfBQpvZVLuK1kQFtEojUEYy4.roa
File:                     QhcLfBQpvZVLuK1kQFtEojUEYy4.roa (raw, json)
Hash identifier:          d6rYjnzoACatM0sRStTcbFttb/8qH18KD7SiX3xQlR0=
Subject key identifier:   42:17:0B:7C:14:29:BD:95:4B:B8:AD:64:40:5B:44:A2:35:04:63:2E
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       019424B3B4942D0439471905B3F9500EE9E8
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/QhcLfBQpvZVLuK1kQFtEojUEYy4.roa
Signing time:             Thu 02 Jan 2025 01:49:04 +0000
ROA not before:           Thu 02 Jan 2025 01:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198636
IP address blocks:        94.131.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b4:94:2d:04:39:47:19:05:b3:f9:50:0e:e9:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  2 01:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42170b7c1429bd954bb8ad64405b44a23504632e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:97:15:4d:f2:55:21:1e:76:e9:a6:99:f5:8f:
                    d5:26:ff:f1:d7:30:1b:fd:ff:28:73:bb:48:07:20:
                    f5:27:79:31:0b:7b:36:45:45:55:23:90:7f:22:a4:
                    f1:7f:90:29:96:4d:9a:b2:c1:fa:35:5a:fc:c4:dd:
                    f5:9d:aa:f8:fa:0b:2e:40:84:a8:66:6b:75:28:c6:
                    4e:e3:15:c6:eb:b9:03:92:fd:22:1b:83:68:1f:9b:
                    df:e4:80:fc:08:b0:97:5e:83:85:d2:a7:5e:e8:72:
                    29:fc:23:4a:b1:15:18:54:6c:98:66:fd:57:4a:57:
                    8b:02:89:20:4c:cb:28:8b:a5:e3:fb:8c:98:6f:fa:
                    86:91:c0:2d:1c:ce:c3:16:22:d9:b1:db:d4:20:19:
                    a9:57:97:11:23:24:94:9e:75:b4:74:ed:9d:77:49:
                    5e:89:ef:b5:74:f8:ce:48:a6:31:27:ef:95:96:89:
                    d1:23:c5:ea:4a:ef:a3:8b:51:a4:40:9d:11:85:34:
                    c6:35:dc:13:e0:c4:b9:b0:2b:63:93:95:5b:95:54:
                    36:9e:d0:5c:9c:83:6a:6e:c0:8d:38:14:2d:24:3a:
                    8f:b4:7e:20:46:6e:9a:50:90:c2:b3:ac:54:bd:0d:
                    ff:dc:ca:50:66:a1:54:81:a1:37:97:49:d6:0e:7f:
                    a3:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:17:0B:7C:14:29:BD:95:4B:B8:AD:64:40:5B:44:A2:35:04:63:2E
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/QhcLfBQpvZVLuK1kQFtEojUEYy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:6b:77:a4:60:6c:25:f0:13:e2:f8:90:f9:db:ee:01:a9:23:
         e5:1d:39:14:c8:37:cd:cb:ec:85:cf:99:fb:fe:6c:27:43:ff:
         cd:ff:e8:d5:95:b1:21:65:2b:18:dc:d8:a6:35:ee:a0:f6:01:
         0e:31:a6:e2:a5:5b:19:7b:38:62:08:d6:66:de:d9:b5:ea:0d:
         88:f4:20:c8:63:1e:e8:ae:db:63:ef:ce:1d:fd:78:30:b4:d5:
         45:d6:cd:f5:d2:dd:49:28:ed:6d:92:b6:82:07:97:a0:28:41:
         fc:82:a9:6b:6f:34:cf:74:4b:af:a0:5d:e1:97:4f:87:59:4b:
         3c:bd:de:1c:e0:aa:96:d5:ff:a8:0c:f6:74:b4:81:47:ef:db:
         b6:79:51:f7:13:15:8b:b5:b0:c6:af:bf:02:c3:62:e2:54:ba:
         21:4b:57:e1:e3:d4:0b:01:be:88:e1:99:dc:d6:37:dc:17:fe:
         92:91:de:62:20:ea:51:b9:eb:10:05:74:fe:ef:0e:f2:60:a8:
         1d:5c:ca:a5:de:67:80:07:60:59:c9:4c:49:28:82:94:40:b7:
         92:76:b5:1f:af:67:9e:b5:4f:a3:79:87:af:2f:17:24:b1:42:
         e2:7c:82:0c:ed:a2:f3:ac:b7:47:61:dc:69:f4:fc:db:8d:fa:
         34:c2:6a:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks7SULQQ5RxkFs/lQDunoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwMTAyMDE0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjE3MGI3YzE0MjliZDk1NGJiOGFkNjQ0MDViNDRhMjM1MDQ2MzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ZcVTfJVIR526aaZ9Y/VJv/x1zAb
/f8oc7tIByD1J3kxC3s2RUVVI5B/IqTxf5Aplk2assH6NVr8xN31nar4+gsuQISo
Zmt1KMZO4xXG67kDkv0iG4NoH5vf5ID8CLCXXoOF0qde6HIp/CNKsRUYVGyYZv1X
SleLAokgTMsoi6Xj+4yYb/qGkcAtHM7DFiLZsdvUIBmpV5cRIySUnnW0dO2dd0le
ie+1dPjOSKYxJ++VlonRI8XqSu+ji1GkQJ0RhTTGNdwT4MS5sCtjk5VblVQ2ntBc
nINqbsCNOBQtJDqPtH4gRm6aUJDCs6xUvQ3/3MpQZqFUgaE3l0nWDn+jHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIXC3wUKb2VS7itZEBbRKI1BGMuMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvUWhjTGZCUXB2WlZMdUsxa1FGdEVvalVFWXk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXoMcMA0G
CSqGSIb3DQEBCwUAA4IBAQBYa3ekYGwl8BPi+JD52+4BqSPlHTkUyDfNy+yFz5n7
/mwnQ//N/+jVlbEhZSsY3NimNe6g9gEOMabipVsZezhiCNZm3tm16g2I9CDIYx7o
rttj784d/XgwtNVF1s310t1JKO1tkraCB5egKEH8gqlrbzTPdEuvoF3hl0+HWUs8
vd4c4KqW1f+oDPZ0tIFH79u2eVH3ExWLtbDGr78Cw2LiVLohS1fh49QLAb6I4Znc
1jfcF/6Skd5iIOpRuesQBXT+7w7yYKgdXMql3meAB2BZyUxJKIKUQLeSdrUfr2ee
tU+jeYevLxcksULifIIM7aLzrLdHYdxp9Pzbjfo0wmrJ
-----END CERTIFICATE-----