Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/QnLL_E3dngBvD7h0E4XLMypXvhg.roa
File:                     QnLL_E3dngBvD7h0E4XLMypXvhg.roa (raw, json)
Hash identifier:          QSFVe2PF4iSOwOmMgGkwLBrADT1zh8nSTUizWIPHjPg=
Subject key identifier:   42:72:CB:FC:4D:DD:9E:00:6F:0F:B8:74:13:85:CB:33:2A:57:BE:18
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       019428232FF18EF8B83BD6851AE73B25A396
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/QnLL_E3dngBvD7h0E4XLMypXvhg.roa
Signing time:             Thu 02 Jan 2025 17:49:42 +0000
ROA not before:           Thu 02 Jan 2025 17:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47531
IP address blocks:        37.202.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:2f:f1:8e:f8:b8:3b:d6:85:1a:e7:3b:25:a3:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Jan  2 17:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4272cbfc4ddd9e006f0fb8741385cb332a57be18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:9a:6f:19:1c:ed:85:8d:36:ac:de:50:1d:28:
                    b0:45:2c:59:18:3e:2e:ae:09:1a:74:f4:a5:04:f0:
                    07:c1:d5:f5:9a:6a:9b:fe:da:1a:f8:65:c3:94:10:
                    af:50:eb:e7:be:54:d1:89:e9:12:61:e1:45:11:9f:
                    8a:80:f8:ae:b0:27:ef:01:e3:2d:3b:7a:07:09:3c:
                    76:46:db:9e:21:a0:80:00:7f:40:07:28:e8:bf:1d:
                    52:54:0d:7b:72:7a:cd:37:d8:74:9d:64:86:89:46:
                    c9:cc:b5:34:e5:98:1f:94:0f:ce:58:1f:22:f9:96:
                    f0:9a:5b:6b:09:ac:69:95:95:ad:c4:14:a3:43:ea:
                    ee:d4:1d:ec:79:9a:1c:36:7c:84:c8:1a:a8:bd:4a:
                    a7:fd:45:4c:4a:47:fd:ad:8a:86:fb:b1:36:5e:83:
                    46:42:6d:4f:7f:da:db:61:f7:f0:6f:0a:e0:11:1c:
                    91:ae:14:e4:fc:0e:44:51:2d:14:ff:e8:d9:62:5a:
                    aa:66:91:8d:1d:04:c0:91:1d:51:8a:33:04:e0:e8:
                    57:ad:2e:fe:f0:23:35:be:d3:08:c1:23:54:08:5d:
                    c6:33:15:d3:ad:04:69:6e:52:ce:e1:d7:7e:b6:d5:
                    bd:56:91:2e:8b:fa:55:af:eb:fc:20:67:06:5a:6f:
                    74:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:72:CB:FC:4D:DD:9E:00:6F:0F:B8:74:13:85:CB:33:2A:57:BE:18
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/QnLL_E3dngBvD7h0E4XLMypXvhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:1f:3f:4c:28:fc:4d:e2:94:34:e4:0d:2c:85:ab:5f:26:76:
         26:63:17:dd:95:0f:9f:2b:0b:5a:e2:26:8b:34:de:d7:26:bd:
         8e:82:ad:3b:60:f3:3a:55:d7:19:f1:62:a4:07:de:de:8c:e1:
         d0:84:a6:9a:de:d8:8c:58:56:6b:53:48:24:ef:69:20:e7:87:
         f5:a5:6c:d6:55:39:3d:38:46:3b:fa:ab:0f:57:f4:ce:9e:73:
         d5:8f:90:de:7f:ac:a7:4c:31:34:92:46:ac:15:e4:c7:dc:71:
         71:20:0b:f6:79:40:67:96:14:ec:c1:e3:35:61:f2:3e:e0:c0:
         62:e1:5b:e1:b2:49:29:47:c6:01:90:82:8e:30:96:3c:d7:ee:
         70:c1:5b:c5:8b:11:c8:1c:8c:53:de:0d:75:26:9c:29:b1:1f:
         f5:03:bf:20:28:9b:62:ce:0e:a0:22:b1:8b:fc:ea:9b:38:3c:
         28:cb:97:a8:d3:01:ae:8e:d0:53:6e:3c:df:6a:49:ab:0b:4b:
         a7:f6:0c:2e:cd:5e:59:b2:79:72:39:c8:e9:6b:4d:5e:ba:53:
         6a:c5:8e:fc:c2:19:ae:70:f7:f8:7e:83:d7:9d:28:36:59:18:
         06:65:af:10:8f:a5:85:ba:98:8b:4d:d5:30:db:2f:f3:8c:ef:
         d0:16:ba:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoIy/xjvi4O9aFGuc7JaOWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjUwMTAyMTc0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjcyY2JmYzRkZGQ5ZTAwNmYwZmI4NzQxMzg1Y2IzMzJhNTdiZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5pvGRzthY02rN5QHSiwRSxZGD4u
rgkadPSlBPAHwdX1mmqb/toa+GXDlBCvUOvnvlTRiekSYeFFEZ+KgPiusCfvAeMt
O3oHCTx2RtueIaCAAH9AByjovx1SVA17cnrNN9h0nWSGiUbJzLU05ZgflA/OWB8i
+ZbwmltrCaxplZWtxBSjQ+ru1B3seZocNnyEyBqovUqn/UVMSkf9rYqG+7E2XoNG
Qm1Pf9rbYffwbwrgERyRrhTk/A5EUS0U/+jZYlqqZpGNHQTAkR1RijME4OhXrS7+
8CM1vtMIwSNUCF3GMxXTrQRpblLO4dd+ttW9VpEui/pVr+v8IGcGWm909QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJyy/xN3Z4Abw+4dBOFyzMqV74YMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvUW5MTF9FM2RuZ0J2RDdoMEU0WExNeXBYdmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJcoIMA0G
CSqGSIb3DQEBCwUAA4IBAQBZHz9MKPxN4pQ05A0shatfJnYmYxfdlQ+fKwta4iaL
NN7XJr2Ogq07YPM6VdcZ8WKkB97ejOHQhKaa3tiMWFZrU0gk72kg54f1pWzWVTk9
OEY7+qsPV/TOnnPVj5Def6ynTDE0kkasFeTH3HFxIAv2eUBnlhTsweM1YfI+4MBi
4VvhskkpR8YBkIKOMJY81+5wwVvFixHIHIxT3g11JpwpsR/1A78gKJtizg6gIrGL
/OqbODwoy5eo0wGujtBTbjzfakmrC0un9gwuzV5ZsnlyOcjpa01eulNqxY78whmu
cPf4foPXnSg2WRgGZa8Qj6WFupiLTdUw2y/zjO/QFroV
-----END CERTIFICATE-----