Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/dsqp4bxyFCCs7RL2PZGSdi7KthE.roa
File:                     dsqp4bxyFCCs7RL2PZGSdi7KthE.roa (raw, json)
Hash identifier:          LpothYWyfl3DUg9u8R+0xehBO2vE3vsq9xV0G0H4C0U=
Subject key identifier:   76:CA:A9:E1:BC:72:14:20:AC:ED:12:F6:3D:91:92:76:2E:CA:B6:11
Certificate issuer:       /CN=39f873cd3939203c778a8eaaf1683e9464ac3400
Certificate serial:       01956F0DF3C116D42E8B344DD7CB54C88CD4
Authority key identifier: 39:F8:73:CD:39:39:20:3C:77:8A:8E:AA:F1:68:3E:94:64:AC:34:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfhzzTk5IDx3io6q8Wg-lGSsNAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/dsqp4bxyFCCs7RL2PZGSdi7KthE.roa
Signing time:             Fri 07 Mar 2025 05:22:20 +0000
ROA not before:           Fri 07 Mar 2025 05:22:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55933
IP address blocks:        194.32.148.0/23 maxlen: 23
                          194.32.148.0/24 maxlen: 24
                          194.32.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/OfhzzTk5IDx3io6q8Wg-lGSsNAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/OfhzzTk5IDx3io6q8Wg-lGSsNAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfhzzTk5IDx3io6q8Wg-lGSsNAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6f:0d:f3:c1:16:d4:2e:8b:34:4d:d7:cb:54:c8:8c:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f873cd3939203c778a8eaaf1683e9464ac3400
        Validity
            Not Before: Mar  7 05:22:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76caa9e1bc721420aced12f63d9192762ecab611
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:68:7c:91:c9:1a:b1:a6:e2:ab:b8:c7:63:1a:
                    57:55:33:2c:02:bf:d1:63:da:c2:77:c3:32:42:0b:
                    a0:17:1d:3d:2a:a1:60:f7:e4:f7:93:89:00:47:12:
                    55:88:2c:31:bc:ee:62:6f:f2:30:bb:8f:e3:6e:af:
                    f7:85:9e:a6:c5:82:79:d3:41:c5:42:16:12:e4:08:
                    62:60:8e:f4:17:71:0b:2e:89:62:a9:51:97:11:83:
                    00:85:36:a5:2e:e9:a1:5a:c4:ca:58:76:75:de:fb:
                    56:44:18:57:fb:7e:b5:44:4a:91:5b:fb:b1:5f:ba:
                    16:b9:dd:48:87:a3:6a:c0:2c:0e:b6:65:d8:eb:84:
                    0d:38:71:67:ab:50:89:2e:95:b6:4c:74:c0:78:f1:
                    0d:33:ba:8f:df:e3:20:c3:dd:97:c6:d0:e9:1d:ba:
                    32:fe:fc:da:60:2b:7b:ef:1f:3f:b4:29:94:f3:02:
                    43:aa:f6:fe:b6:cd:eb:16:aa:03:8d:9a:7c:d8:bc:
                    2e:63:c7:23:27:ca:c6:f2:a8:e6:3a:18:b7:a7:a2:
                    c5:b9:f5:33:f0:c0:cc:dc:16:a2:60:be:c4:f4:a9:
                    f1:02:a8:6c:88:6f:0e:dc:9e:41:f6:a9:8a:09:41:
                    9d:02:f3:ae:60:be:3b:4f:ad:a2:41:2d:c5:7e:a6:
                    d5:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:CA:A9:E1:BC:72:14:20:AC:ED:12:F6:3D:91:92:76:2E:CA:B6:11
            X509v3 Authority Key Identifier:
                keyid:39:F8:73:CD:39:39:20:3C:77:8A:8E:AA:F1:68:3E:94:64:AC:34:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfhzzTk5IDx3io6q8Wg-lGSsNAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/dsqp4bxyFCCs7RL2PZGSdi7KthE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/OfhzzTk5IDx3io6q8Wg-lGSsNAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:08:12:1d:59:58:ff:ee:1a:89:ef:b4:05:e5:71:f5:48:11:
         db:9d:10:d7:da:31:7d:49:07:95:7c:bf:ec:18:9f:f7:cb:48:
         0c:e0:6f:9c:23:03:a4:4d:12:27:21:81:31:6f:84:4a:31:bc:
         65:c7:ec:d2:25:92:a3:2f:d5:65:7d:9b:dc:0f:0f:1f:10:3c:
         76:2a:21:ff:5e:89:9c:c7:14:45:d0:79:ae:41:97:64:c2:39:
         cf:93:2f:5a:a5:fe:4d:bf:68:70:87:ee:38:df:68:45:f7:8b:
         94:21:84:16:a5:1b:a1:9a:5f:ee:b0:55:f1:c5:78:41:39:89:
         4c:9b:1b:d0:1c:76:66:20:c5:7f:bd:19:e7:4c:7d:48:c2:ef:
         9e:43:69:46:9c:b0:6e:da:8f:ce:c5:a9:17:bb:fc:7b:ee:b6:
         db:cf:f4:b6:ec:44:b0:f5:7a:1f:05:9e:33:88:72:b6:bb:66:
         0e:28:f6:76:a5:69:1f:f3:0e:11:c8:6c:69:94:81:ee:fe:5b:
         e4:9c:e1:a6:a5:f7:69:5a:08:cb:ae:5e:bd:e9:c4:4e:4c:43:
         6e:42:ad:87:4f:ab:ef:53:11:c7:b3:ff:5a:ad:14:b8:08:75:
         1d:03:fc:c3:14:68:c0:d3:0b:d9:76:9c:aa:72:0c:f2:d6:76:
         ce:87:e8:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVvDfPBFtQuizRN18tUyIzUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5Zjg3M2NkMzkzOTIwM2M3NzhhOGVhYWYxNjgzZTk0NjRh
YzM0MDAwHhcNMjUwMzA3MDUyMjIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmNhYTllMWJjNzIxNDIwYWNlZDEyZjYzZDkxOTI3NjJlY2FiNjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmh8kckasabiq7jHYxpXVTMsAr/R
Y9rCd8MyQgugFx09KqFg9+T3k4kARxJViCwxvO5ib/Iwu4/jbq/3hZ6mxYJ500HF
QhYS5AhiYI70F3ELLoliqVGXEYMAhTalLumhWsTKWHZ13vtWRBhX+361REqRW/ux
X7oWud1Ih6NqwCwOtmXY64QNOHFnq1CJLpW2THTAePENM7qP3+Mgw92XxtDpHboy
/vzaYCt77x8/tCmU8wJDqvb+ts3rFqoDjZp82LwuY8cjJ8rG8qjmOhi3p6LFufUz
8MDM3BaiYL7E9KnxAqhsiG8O3J5B9qmKCUGdAvOuYL47T62iQS3FfqbVCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbKqeG8chQgrO0S9j2RknYuyrYRMB8GA1UdIwQY
MBaAFDn4c805OSA8d4qOqvFoPpRkrDQAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2ZoenpUazVJRHgzaW82cThXZy1sR1NzTkFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi85MGU5MjMtMmYyZC00MDg2LTgxOWMt
NGU2NTViNWI2NDI3LzEvZHNxcDRieHlGQ0NzN1JMMlBaR1NkaTdLdGhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi85MGU5MjMtMmYyZC00MDg2LTgxOWMtNGU2NTViNWI2NDI3
LzEvT2ZoenpUazVJRHgzaW82cThXZy1sR1NzTkFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwiCUMA0G
CSqGSIb3DQEBCwUAA4IBAQA9CBIdWVj/7hqJ77QF5XH1SBHbnRDX2jF9SQeVfL/s
GJ/3y0gM4G+cIwOkTRInIYExb4RKMbxlx+zSJZKjL9VlfZvcDw8fEDx2KiH/Xomc
xxRF0HmuQZdkwjnPky9apf5Nv2hwh+4432hF94uUIYQWpRuhml/usFXxxXhBOYlM
mxvQHHZmIMV/vRnnTH1Iwu+eQ2lGnLBu2o/OxakXu/x77rbbz/S27ESw9XofBZ4z
iHK2u2YOKPZ2pWkf8w4RyGxplIHu/lvknOGmpfdpWgjLrl696cROTENuQq2HT6vv
UxHHs/9arRS4CHUdA/zDFGjA0wvZdpyqcgzy1nbOh+jK
-----END CERTIFICATE-----