Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/8c09b3-f6d8-4c9a-964c-8527c9b3e75f/1/gQl4YCr829YOGRu3QQEM_8QNnRo.roa
File:                     gQl4YCr829YOGRu3QQEM_8QNnRo.roa (raw, json)
Hash identifier:          468s9eqjwKzKxWWYEkQfsVXrMKlrp7YiLVsT2AanKV4=
Subject key identifier:   81:09:78:60:2A:FC:DB:D6:0E:19:1B:B7:41:01:0C:FF:C4:0D:9D:1A
Certificate issuer:       /CN=baa23f740ad564c5693b77091c71b3c03136a580
Certificate serial:       0194236A2E07B0580EBF21536566D9E37394
Authority key identifier: BA:A2:3F:74:0A:D5:64:C5:69:3B:77:09:1C:71:B3:C0:31:36:A5:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uqI_dArVZMVpO3cJHHGzwDE2pYA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/8c09b3-f6d8-4c9a-964c-8527c9b3e75f/1/gQl4YCr829YOGRu3QQEM_8QNnRo.roa
Signing time:             Wed 01 Jan 2025 19:49:08 +0000
ROA not before:           Wed 01 Jan 2025 19:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49040
IP address blocks:        185.242.88.0/24 maxlen: 24
                          185.242.89.0/24 maxlen: 24
                          185.242.90.0/24 maxlen: 24
                          185.242.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/8c09b3-f6d8-4c9a-964c-8527c9b3e75f/1/uqI_dArVZMVpO3cJHHGzwDE2pYA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/8c09b3-f6d8-4c9a-964c-8527c9b3e75f/1/uqI_dArVZMVpO3cJHHGzwDE2pYA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uqI_dArVZMVpO3cJHHGzwDE2pYA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:2e:07:b0:58:0e:bf:21:53:65:66:d9:e3:73:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baa23f740ad564c5693b77091c71b3c03136a580
        Validity
            Not Before: Jan  1 19:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=810978602afcdbd60e191bb741010cffc40d9d1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:93:22:bc:a7:c9:eb:8f:8a:2d:cb:c8:16:1b:
                    fb:ea:21:89:37:10:61:c8:75:e3:3f:3c:85:15:33:
                    10:35:53:a6:f5:9d:49:0b:93:6a:8b:36:8e:16:6c:
                    ba:0b:c3:78:a8:0d:12:6f:c4:86:0c:91:bc:52:d5:
                    b2:d9:a4:66:8b:90:06:fd:f3:ed:b1:c1:14:2d:cc:
                    b9:3c:d4:fe:c9:d7:b6:68:7e:7e:bf:a2:35:ad:06:
                    77:1a:11:54:81:fc:cd:1a:ca:bb:5a:8e:01:7e:ea:
                    a8:b8:1f:d9:b6:0f:ca:54:49:70:21:e1:6b:57:ce:
                    e5:86:d9:22:a7:a7:5c:18:b4:c7:34:59:c3:2c:ce:
                    d6:a9:c8:ff:8e:d3:48:35:00:f9:c5:66:2e:b9:fb:
                    1b:41:36:3a:12:25:e8:2f:d9:b2:b5:73:7c:30:00:
                    4b:a7:f7:a8:5d:bd:72:68:eb:4e:ea:ac:2f:56:83:
                    19:7a:e3:ff:21:d1:3f:da:aa:57:ef:c9:7d:18:1a:
                    2c:ac:b1:de:6b:20:fa:cd:a7:ce:06:9b:79:5b:51:
                    65:27:a9:c1:68:6b:05:31:96:4e:f4:2c:dc:6d:a0:
                    7d:06:d8:86:62:06:7c:26:0f:e1:c7:0b:36:f2:b5:
                    81:84:37:1b:03:ac:79:35:da:3f:3c:63:79:60:c9:
                    84:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:09:78:60:2A:FC:DB:D6:0E:19:1B:B7:41:01:0C:FF:C4:0D:9D:1A
            X509v3 Authority Key Identifier:
                keyid:BA:A2:3F:74:0A:D5:64:C5:69:3B:77:09:1C:71:B3:C0:31:36:A5:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqI_dArVZMVpO3cJHHGzwDE2pYA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/8c09b3-f6d8-4c9a-964c-8527c9b3e75f/1/gQl4YCr829YOGRu3QQEM_8QNnRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/8c09b3-f6d8-4c9a-964c-8527c9b3e75f/1/uqI_dArVZMVpO3cJHHGzwDE2pYA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:94:0b:72:b2:5e:8a:e0:80:33:a6:00:b7:b4:df:92:07:1d:
         ed:1a:0c:d8:60:97:69:c8:00:e4:22:f7:57:2c:ba:00:46:e2:
         79:f2:f3:9c:b7:53:b1:02:63:23:15:37:ac:7e:22:9d:f8:83:
         56:e6:f7:3c:bd:7b:da:a7:f0:a9:91:bf:fc:07:22:cc:4e:6b:
         59:1f:ad:17:c9:09:44:f8:15:f3:ae:cb:c0:42:e6:34:dd:e4:
         ad:aa:66:63:a8:c3:67:bc:80:a7:c0:a0:11:12:77:58:34:f1:
         f3:a7:d0:85:c6:a2:1a:90:02:3c:3f:92:f8:f5:04:b2:17:49:
         d9:8c:10:e1:d7:5b:6c:da:60:83:2b:cd:a5:1c:62:10:b2:8c:
         31:c8:35:ae:df:2c:83:65:75:c1:f8:6d:e1:7a:aa:9e:04:07:
         73:47:9d:92:f2:9c:71:bd:e0:f7:c8:d5:e9:a6:1b:10:2d:df:
         41:91:47:c3:fb:39:10:07:71:de:1a:81:fd:a9:ff:2c:80:f9:
         3d:ad:1e:5d:2e:bb:03:3b:4a:0b:34:cb:af:1f:22:55:2f:f4:
         38:06:5a:70:9f:c6:ee:5f:50:b4:b6:f6:66:b3:2a:93:cb:c1:
         92:7c:00:f1:14:4d:93:fc:a7:44:fa:25:7f:68:7c:03:60:66:
         20:f0:2f:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjai4HsFgOvyFTZWbZ43OUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYTIzZjc0MGFkNTY0YzU2OTNiNzcwOTFjNzFiM2MwMzEz
NmE1ODAwHhcNMjUwMTAxMTk0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTA5Nzg2MDJhZmNkYmQ2MGUxOTFiYjc0MTAxMGNmZmM0MGQ5ZDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZMivKfJ64+KLcvIFhv76iGJNxBh
yHXjPzyFFTMQNVOm9Z1JC5NqizaOFmy6C8N4qA0Sb8SGDJG8UtWy2aRmi5AG/fPt
scEULcy5PNT+yde2aH5+v6I1rQZ3GhFUgfzNGsq7Wo4BfuqouB/Ztg/KVElwIeFr
V87lhtkip6dcGLTHNFnDLM7Wqcj/jtNINQD5xWYuufsbQTY6EiXoL9mytXN8MABL
p/eoXb1yaOtO6qwvVoMZeuP/IdE/2qpX78l9GBosrLHeayD6zafOBpt5W1FlJ6nB
aGsFMZZO9CzcbaB9BtiGYgZ8Jg/hxws28rWBhDcbA6x5Ndo/PGN5YMmEmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIEJeGAq/NvWDhkbt0EBDP/EDZ0aMB8GA1UdIwQY
MBaAFLqiP3QK1WTFaTt3CRxxs8AxNqWAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFJX2RBclZaTVZwTzNjSkhIR3p3REUycFlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi84YzA5YjMtZjZkOC00YzlhLTk2NGMt
ODUyN2M5YjNlNzVmLzEvZ1FsNFlDcjgyOVlPR1J1M1FRRU1fOFFOblJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi84YzA5YjMtZjZkOC00YzlhLTk2NGMtODUyN2M5YjNlNzVm
LzEvdXFJX2RBclZaTVZwTzNjSkhIR3p3REUycFlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufJYMA0G
CSqGSIb3DQEBCwUAA4IBAQA5lAtysl6K4IAzpgC3tN+SBx3tGgzYYJdpyADkIvdX
LLoARuJ58vOct1OxAmMjFTesfiKd+INW5vc8vXvap/Cpkb/8ByLMTmtZH60XyQlE
+BXzrsvAQuY03eStqmZjqMNnvICnwKAREndYNPHzp9CFxqIakAI8P5L49QSyF0nZ
jBDh11ts2mCDK82lHGIQsowxyDWu3yyDZXXB+G3heqqeBAdzR52S8pxxveD3yNXp
phsQLd9BkUfD+zkQB3HeGoH9qf8sgPk9rR5dLrsDO0oLNMuvHyJVL/Q4Blpwn8bu
X1C0tvZmsyqTy8GSfADxFE2T/KdE+iV/aHwDYGYg8C/N
-----END CERTIFICATE-----