Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/e5a2c7-0453-48ba-b10c-0ba9679de2e6/1/QeiRkvhJ1jMmsZj6cRnslCHsAIo.roa
File:                     QeiRkvhJ1jMmsZj6cRnslCHsAIo.roa (raw, json)
Hash identifier:          uEqxaO+pWPZv8MfWPZnEIuXT69hT3YN8Q/V/0g2kRZQ=
Subject key identifier:   41:E8:91:92:F8:49:D6:33:26:B1:98:FA:71:19:EC:94:21:EC:00:8A
Certificate issuer:       /CN=5fc24743304b7fd9a065d22cd89cda95045e269c
Certificate serial:       0194282721AF97D4B8299E61D58EA83E809B
Authority key identifier: 5F:C2:47:43:30:4B:7F:D9:A0:65:D2:2C:D8:9C:DA:95:04:5E:26:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X8JHQzBLf9mgZdIs2JzalQReJpw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/e5a2c7-0453-48ba-b10c-0ba9679de2e6/1/QeiRkvhJ1jMmsZj6cRnslCHsAIo.roa
Signing time:             Thu 02 Jan 2025 17:54:00 +0000
ROA not before:           Thu 02 Jan 2025 17:54:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30781
IP address blocks:        185.61.160.0/24 maxlen: 24
                          185.61.161.0/24 maxlen: 24
                          185.61.162.0/24 maxlen: 24
                          185.61.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/e5a2c7-0453-48ba-b10c-0ba9679de2e6/1/X8JHQzBLf9mgZdIs2JzalQReJpw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/e5a2c7-0453-48ba-b10c-0ba9679de2e6/1/X8JHQzBLf9mgZdIs2JzalQReJpw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X8JHQzBLf9mgZdIs2JzalQReJpw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:21:af:97:d4:b8:29:9e:61:d5:8e:a8:3e:80:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fc24743304b7fd9a065d22cd89cda95045e269c
        Validity
            Not Before: Jan  2 17:54:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41e89192f849d63326b198fa7119ec9421ec008a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a8:c0:ce:7c:1a:7b:33:c9:42:10:1d:16:2b:
                    f8:d5:0e:52:5a:46:0d:ed:68:20:da:0e:de:71:9d:
                    00:1a:cb:a2:21:72:6a:0f:ca:51:e6:cc:d4:75:30:
                    f1:4c:b0:70:33:63:c3:c5:f1:e9:be:e8:9a:8c:6f:
                    22:6b:54:f1:90:a7:43:db:4d:81:75:54:9f:69:4e:
                    80:c8:b3:1b:f7:27:e0:3c:ac:60:e3:63:2a:60:5d:
                    4e:13:cf:fe:e0:c2:60:86:db:f4:24:0a:3f:c9:ae:
                    b8:77:f8:c2:e6:29:da:55:3e:c0:62:c8:3a:2f:76:
                    20:58:1e:ca:8d:7d:90:e4:33:e0:ad:48:ac:ff:e5:
                    39:c3:31:7e:18:d5:64:c3:66:1f:f9:be:6c:cf:bf:
                    13:d2:b1:c3:15:c1:fc:76:3c:0e:5a:d6:47:7c:20:
                    b6:4f:8d:f5:51:14:f4:67:fe:ab:7b:11:ce:26:6b:
                    06:5a:ef:b4:c1:0d:de:dc:9c:98:52:d4:ba:26:e5:
                    6d:ea:26:8a:2c:f1:84:a7:ad:3b:f3:a3:f9:3b:f7:
                    52:87:1e:cb:a6:4e:3d:d7:15:67:b7:ae:fd:d9:2c:
                    e1:41:db:ea:5d:a0:3d:cc:cb:bf:1d:7e:88:66:af:
                    65:aa:ee:86:7b:bc:0c:0f:28:e5:b7:74:34:ab:0d:
                    c4:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:E8:91:92:F8:49:D6:33:26:B1:98:FA:71:19:EC:94:21:EC:00:8A
            X509v3 Authority Key Identifier:
                keyid:5F:C2:47:43:30:4B:7F:D9:A0:65:D2:2C:D8:9C:DA:95:04:5E:26:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X8JHQzBLf9mgZdIs2JzalQReJpw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/e5a2c7-0453-48ba-b10c-0ba9679de2e6/1/QeiRkvhJ1jMmsZj6cRnslCHsAIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/e5a2c7-0453-48ba-b10c-0ba9679de2e6/1/X8JHQzBLf9mgZdIs2JzalQReJpw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.61.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:52:25:84:ab:06:4f:e0:2c:fc:a2:98:eb:7a:ee:ee:ab:26:
         08:fb:a7:49:0c:24:26:ff:43:75:e5:f0:aa:7e:8e:fe:21:b6:
         a5:ea:b4:9a:99:c3:c8:d8:75:8e:bd:79:ea:d4:5d:a3:c6:51:
         4a:26:d7:33:9d:93:5f:44:06:13:6d:1d:ee:c6:4e:ce:37:ea:
         d4:9e:d2:52:58:a4:e9:93:74:88:3e:9c:71:02:1c:58:8b:30:
         a9:6f:38:46:93:ac:d6:74:0c:a4:38:0b:a8:61:56:b4:d4:37:
         24:18:f4:ed:13:7d:5f:85:df:a8:d5:27:c8:aa:16:66:7c:95:
         bc:5e:f1:a2:a9:86:95:22:ff:c9:19:bb:6b:cd:45:51:c2:b5:
         97:fc:4e:a3:50:fa:83:c2:c8:07:e3:55:39:50:e2:a8:7d:ed:
         ec:42:4a:cc:08:69:c1:be:ed:d2:ff:1e:38:73:ec:03:4b:e8:
         ec:f8:42:0a:5d:b7:72:35:20:93:4e:8b:65:7a:90:ab:87:22:
         6d:6f:d1:4d:e8:79:49:c4:bf:0e:c1:ed:7f:0b:89:05:9a:7c:
         f0:8f:ec:b2:ab:1a:69:59:28:08:e2:08:f4:8c:54:51:76:ce:
         91:fb:61:70:53:cd:1e:1f:43:84:3f:b0:c4:1e:d8:5b:10:eb:
         92:28:12:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJyGvl9S4KZ5h1Y6oPoCbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYzI0NzQzMzA0YjdmZDlhMDY1ZDIyY2Q4OWNkYTk1MDQ1
ZTI2OWMwHhcNMjUwMTAyMTc1NDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWU4OTE5MmY4NDlkNjMzMjZiMTk4ZmE3MTE5ZWM5NDIxZWMwMDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtajAznwaezPJQhAdFiv41Q5SWkYN
7Wgg2g7ecZ0AGsuiIXJqD8pR5szUdTDxTLBwM2PDxfHpvuiajG8ia1TxkKdD202B
dVSfaU6AyLMb9yfgPKxg42MqYF1OE8/+4MJghtv0JAo/ya64d/jC5inaVT7AYsg6
L3YgWB7KjX2Q5DPgrUis/+U5wzF+GNVkw2Yf+b5sz78T0rHDFcH8djwOWtZHfCC2
T431URT0Z/6rexHOJmsGWu+0wQ3e3JyYUtS6JuVt6iaKLPGEp60786P5O/dShx7L
pk491xVnt6792SzhQdvqXaA9zMu/HX6IZq9lqu6Ge7wMDyjlt3Q0qw3EZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHokZL4SdYzJrGY+nEZ7JQh7ACKMB8GA1UdIwQY
MBaAFF/CR0MwS3/ZoGXSLNic2pUEXiacMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDhKSFF6QkxmOW1nWmRJczJKemFsUVJlSnB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9lNWEyYzctMDQ1My00OGJhLWIxMGMt
MGJhOTY3OWRlMmU2LzEvUWVpUmt2aEoxak1tc1pqNmNSbnNsQ0hzQUlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9lNWEyYzctMDQ1My00OGJhLWIxMGMtMGJhOTY3OWRlMmU2
LzEvWDhKSFF6QkxmOW1nWmRJczJKemFsUVJlSnB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuT2gMA0G
CSqGSIb3DQEBCwUAA4IBAQCqUiWEqwZP4Cz8opjreu7uqyYI+6dJDCQm/0N15fCq
fo7+Ibal6rSamcPI2HWOvXnq1F2jxlFKJtcznZNfRAYTbR3uxk7ON+rUntJSWKTp
k3SIPpxxAhxYizCpbzhGk6zWdAykOAuoYVa01DckGPTtE31fhd+o1SfIqhZmfJW8
XvGiqYaVIv/JGbtrzUVRwrWX/E6jUPqDwsgH41U5UOKofe3sQkrMCGnBvu3S/x44
c+wDS+js+EIKXbdyNSCTTotlepCrhyJtb9FN6HlJxL8Owe1/C4kFmnzwj+yyqxpp
WSgI4gj0jFRRds6R+2FwU80eH0OEP7DEHthbEOuSKBLG
-----END CERTIFICATE-----