Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/7176f6-371d-45b9-b276-877cf21c8f7b/1/QBnJw99597zp1MOGO0aw50ZWWWw.roa
File:                     QBnJw99597zp1MOGO0aw50ZWWWw.roa (raw, json)
Hash identifier:          Sivngawcknlc7BG16HCXOssKTWMLVcvalL4l8eCv6+o=
Subject key identifier:   40:19:C9:C3:DF:79:F7:BC:E9:D4:C3:86:3B:46:B0:E7:46:56:59:6C
Certificate issuer:       /CN=d351a8c5703dd1408959aa35592558ff51a243e9
Certificate serial:       01952D716BA3153D35DCFFE2AFAB76E81F4F
Authority key identifier: D3:51:A8:C5:70:3D:D1:40:89:59:AA:35:59:25:58:FF:51:A2:43:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/01GoxXA90UCJWao1WSVY_1GiQ-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/7176f6-371d-45b9-b276-877cf21c8f7b/1/QBnJw99597zp1MOGO0aw50ZWWWw.roa
Signing time:             Sat 22 Feb 2025 11:36:02 +0000
ROA not before:           Sat 22 Feb 2025 11:36:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49666
IP address blocks:        78.41.61.0/24 maxlen: 27
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/7176f6-371d-45b9-b276-877cf21c8f7b/1/01GoxXA90UCJWao1WSVY_1GiQ-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/7176f6-371d-45b9-b276-877cf21c8f7b/1/01GoxXA90UCJWao1WSVY_1GiQ-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/01GoxXA90UCJWao1WSVY_1GiQ-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:2d:71:6b:a3:15:3d:35:dc:ff:e2:af:ab:76:e8:1f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d351a8c5703dd1408959aa35592558ff51a243e9
        Validity
            Not Before: Feb 22 11:36:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4019c9c3df79f7bce9d4c3863b46b0e74656596c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:68:64:a9:d1:9f:e7:c6:3f:39:ff:83:a0:46:
                    87:20:39:67:95:e9:6e:79:0d:cd:d4:d2:65:49:e1:
                    71:1a:66:14:2f:ab:1d:f9:c0:18:79:5f:a1:81:be:
                    72:67:9f:83:32:29:f2:53:86:aa:2b:e1:d1:7a:c5:
                    86:fa:2d:42:5c:fa:17:be:bf:a2:cc:4d:98:21:35:
                    7e:01:cd:07:f3:c4:dd:41:dc:c4:38:e3:d6:c0:4a:
                    36:44:b5:48:1e:5b:04:17:e7:7e:9c:4e:5c:bd:b3:
                    e4:30:28:eb:91:e3:d3:b4:50:9a:af:eb:d2:1d:79:
                    3c:30:bf:8c:36:e3:f2:79:3e:4f:df:da:c8:01:a0:
                    f4:82:fc:33:d3:f7:45:2d:a3:db:39:cc:0b:b8:03:
                    98:db:b7:51:86:d0:80:ce:f1:87:c6:1c:09:dd:0f:
                    04:28:ba:44:56:79:e9:c3:9a:a0:d6:22:90:ec:3b:
                    d9:fe:d8:8e:d2:1e:c3:7b:43:a8:d8:2e:90:33:94:
                    be:18:c0:65:75:ec:78:9e:ff:74:29:e8:46:07:a8:
                    28:bc:b7:41:5c:15:f6:5b:b8:42:e9:a5:b6:51:c6:
                    11:f6:c9:54:aa:61:c6:2b:22:b8:2b:95:fc:b9:bf:
                    14:3b:4d:7d:e3:02:bb:f4:9b:5e:6b:f2:2b:cc:26:
                    b0:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:19:C9:C3:DF:79:F7:BC:E9:D4:C3:86:3B:46:B0:E7:46:56:59:6C
            X509v3 Authority Key Identifier:
                keyid:D3:51:A8:C5:70:3D:D1:40:89:59:AA:35:59:25:58:FF:51:A2:43:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/01GoxXA90UCJWao1WSVY_1GiQ-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/7176f6-371d-45b9-b276-877cf21c8f7b/1/QBnJw99597zp1MOGO0aw50ZWWWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/7176f6-371d-45b9-b276-877cf21c8f7b/1/01GoxXA90UCJWao1WSVY_1GiQ-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.41.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:cd:eb:3f:ff:b5:57:d7:3f:ec:cf:b9:c2:d0:b4:75:52:80:
         90:69:c4:2f:e9:9c:b6:27:0f:8a:df:78:2b:e8:47:ca:56:59:
         7a:90:b7:6e:89:71:20:1f:ce:e0:9c:7a:a8:5a:77:75:88:c0:
         60:aa:e3:b8:d2:7a:f0:7a:3c:9f:14:56:7c:ee:d5:e4:ac:45:
         97:84:7e:48:6c:85:dc:5b:38:5a:40:2a:60:d7:2f:f7:71:02:
         59:fc:ab:5d:85:09:fd:7f:cc:58:be:83:57:a7:58:36:3a:d0:
         2b:18:05:6e:c4:7f:e8:74:74:1e:4c:1e:eb:20:98:29:f0:e0:
         b2:cb:81:1f:50:65:e7:ce:c3:ca:e9:ca:b8:57:29:04:e4:66:
         ac:03:b1:cf:c1:74:04:de:5a:81:45:9d:39:1d:31:fa:a1:c6:
         68:5a:95:a9:27:fc:7a:dd:0f:03:15:ab:91:6c:4f:b1:eb:34:
         75:bf:87:f8:ce:f9:7c:e5:22:80:9b:d5:fa:a1:c3:fc:c6:9a:
         c9:d8:1c:d8:f1:0d:dc:02:c8:bd:21:06:e3:c7:08:90:e0:d8:
         78:3a:3c:2c:d5:12:6c:97:a4:b9:52:92:b8:5c:0b:60:5d:2c:
         17:3d:c2:fe:7a:86:bb:b9:c6:7d:d9:5b:0b:64:86:30:30:f0:
         ac:ef:ca:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUtcWujFT013P/ir6t26B9PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNTFhOGM1NzAzZGQxNDA4OTU5YWEzNTU5MjU1OGZmNTFh
MjQzZTkwHhcNMjUwMjIyMTEzNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDE5YzljM2RmNzlmN2JjZTlkNGMzODYzYjQ2YjBlNzQ2NTY1OTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWhkqdGf58Y/Of+DoEaHIDlnlelu
eQ3N1NJlSeFxGmYUL6sd+cAYeV+hgb5yZ5+DMinyU4aqK+HResWG+i1CXPoXvr+i
zE2YITV+Ac0H88TdQdzEOOPWwEo2RLVIHlsEF+d+nE5cvbPkMCjrkePTtFCar+vS
HXk8ML+MNuPyeT5P39rIAaD0gvwz0/dFLaPbOcwLuAOY27dRhtCAzvGHxhwJ3Q8E
KLpEVnnpw5qg1iKQ7DvZ/tiO0h7De0Oo2C6QM5S+GMBldex4nv90KehGB6govLdB
XBX2W7hC6aW2UcYR9slUqmHGKyK4K5X8ub8UO0194wK79Jtea/IrzCawwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAZycPfefe86dTDhjtGsOdGVllsMB8GA1UdIwQY
MBaAFNNRqMVwPdFAiVmqNVklWP9RokPpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDFHb3hYQTkwVUNKV2FvMVdTVllfMUdpUS1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS83MTc2ZjYtMzcxZC00NWI5LWIyNzYt
ODc3Y2YyMWM4ZjdiLzEvUUJuSnc5OTU5N3pwMU1PR08wYXc1MFpXV1d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS83MTc2ZjYtMzcxZC00NWI5LWIyNzYtODc3Y2YyMWM4Zjdi
LzEvMDFHb3hYQTkwVUNKV2FvMVdTVllfMUdpUS1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATik9MA0G
CSqGSIb3DQEBCwUAA4IBAQAzzes//7VX1z/sz7nC0LR1UoCQacQv6Zy2Jw+K33gr
6EfKVll6kLduiXEgH87gnHqoWnd1iMBgquO40nrwejyfFFZ87tXkrEWXhH5IbIXc
WzhaQCpg1y/3cQJZ/KtdhQn9f8xYvoNXp1g2OtArGAVuxH/odHQeTB7rIJgp8OCy
y4EfUGXnzsPK6cq4VykE5GasA7HPwXQE3lqBRZ05HTH6ocZoWpWpJ/x63Q8DFauR
bE+x6zR1v4f4zvl85SKAm9X6ocP8xprJ2BzY8Q3cAsi9IQbjxwiQ4Nh4Ojws1RJs
l6S5UpK4XAtgXSwXPcL+eoa7ucZ92VsLZIYwMPCs78pB
-----END CERTIFICATE-----