Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/4f5903-ff9f-4ec6-86c0-07b0ea75c24b/1/Qzda_dpxvv_9oCqZ0rKtNjYGFYA.roa
File:                     Qzda_dpxvv_9oCqZ0rKtNjYGFYA.roa (raw, json)
Hash identifier:          yhmVIZybj8mBYPvdFgcuCe4v8sYhgAuDZKiw+Hdv0f4=
Subject key identifier:   43:37:5A:FD:DA:71:BE:FF:FD:A0:2A:99:D2:B2:AD:36:36:06:15:80
Certificate issuer:       /CN=63642c1ca3d38c7e15e687e0d9485c7826938c10
Certificate serial:       019423698702772DC3DCE2E4B1A55C0BC0C1
Authority key identifier: 63:64:2C:1C:A3:D3:8C:7E:15:E6:87:E0:D9:48:5C:78:26:93:8C:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2QsHKPTjH4V5ofg2UhceCaTjBA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/4f5903-ff9f-4ec6-86c0-07b0ea75c24b/1/Qzda_dpxvv_9oCqZ0rKtNjYGFYA.roa
Signing time:             Wed 01 Jan 2025 19:48:25 +0000
ROA not before:           Wed 01 Jan 2025 19:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51073
IP address blocks:        195.254.168.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/4f5903-ff9f-4ec6-86c0-07b0ea75c24b/1/Y2QsHKPTjH4V5ofg2UhceCaTjBA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/4f5903-ff9f-4ec6-86c0-07b0ea75c24b/1/Y2QsHKPTjH4V5ofg2UhceCaTjBA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2QsHKPTjH4V5ofg2UhceCaTjBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 07:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:87:02:77:2d:c3:dc:e2:e4:b1:a5:5c:0b:c0:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63642c1ca3d38c7e15e687e0d9485c7826938c10
        Validity
            Not Before: Jan  1 19:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43375afdda71befffda02a99d2b2ad3636061580
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c8:97:a5:cd:41:61:b7:99:21:55:7a:c0:76:
                    42:4c:08:a7:b7:5f:7e:47:4d:89:e7:93:9c:0d:7d:
                    db:06:e2:e4:fd:30:bb:c9:0c:88:95:8b:22:97:e5:
                    1c:40:f0:06:86:f9:92:f0:66:9c:11:c1:1c:49:c7:
                    02:ca:72:bc:98:04:a9:c1:1a:92:c0:97:1a:3d:fd:
                    d5:59:e1:d1:55:da:06:ff:27:ae:05:f3:3c:81:d2:
                    e6:13:84:74:91:da:84:be:95:4c:e0:e7:0b:a9:3e:
                    40:b9:f7:ca:88:59:24:16:79:17:03:fe:2c:4c:6d:
                    61:79:b3:c7:3a:82:ea:e0:97:f8:ce:24:54:e6:43:
                    04:5b:8e:36:3b:a0:dd:ef:7b:72:d4:81:c2:e6:36:
                    58:0f:67:65:50:5a:12:27:ce:92:73:a9:52:b8:d5:
                    51:f0:52:a3:dc:d7:28:80:1b:9c:7f:dd:30:d6:44:
                    22:50:0b:b4:21:44:b3:23:b0:09:53:23:98:65:77:
                    d2:13:8d:f2:4d:f3:02:59:da:8a:37:e9:f7:f1:33:
                    c0:b6:05:e3:19:68:b1:82:f2:f7:53:82:c9:5a:8d:
                    fe:ea:25:d9:4a:52:40:4d:0b:c5:61:0d:23:9e:50:
                    04:4d:cb:b4:89:46:ed:18:77:12:6a:e2:be:9b:96:
                    87:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:37:5A:FD:DA:71:BE:FF:FD:A0:2A:99:D2:B2:AD:36:36:06:15:80
            X509v3 Authority Key Identifier:
                keyid:63:64:2C:1C:A3:D3:8C:7E:15:E6:87:E0:D9:48:5C:78:26:93:8C:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2QsHKPTjH4V5ofg2UhceCaTjBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/4f5903-ff9f-4ec6-86c0-07b0ea75c24b/1/Qzda_dpxvv_9oCqZ0rKtNjYGFYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/4f5903-ff9f-4ec6-86c0-07b0ea75c24b/1/Y2QsHKPTjH4V5ofg2UhceCaTjBA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.254.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:39:4f:7d:14:0f:a1:b3:26:7e:91:84:5a:95:1a:0e:29:7c:
         74:1c:12:b5:20:a2:79:ce:c5:e0:22:97:58:e1:23:e2:7c:11:
         1d:2b:89:55:d8:03:e1:6c:7f:48:5e:1b:dd:6d:8f:8a:86:82:
         25:ce:a0:59:f3:e1:be:ca:43:d6:54:8d:f8:2b:64:ce:8b:f7:
         26:37:3a:07:5a:7b:99:db:4d:8a:d0:f4:de:12:fd:f3:b7:3a:
         ec:79:1b:8a:2e:b3:98:56:94:8b:22:a4:42:c1:c4:fe:24:18:
         68:4a:ed:a9:4f:f1:5f:3a:c0:34:fb:eb:b4:12:61:98:06:81:
         85:ef:28:a8:96:8a:34:21:2c:43:73:98:91:0c:44:ef:6f:74:
         7d:18:df:f2:b6:2f:25:1e:77:e9:67:9c:4a:81:27:5b:29:f6:
         21:3b:d3:44:dc:ff:9d:82:f0:33:62:b7:85:cb:f7:0f:ba:b4:
         51:66:6a:68:86:bb:0a:74:7f:84:d1:b0:5d:20:7a:3b:2f:ac:
         95:2b:d6:9a:a2:1a:f2:0b:30:08:52:31:a5:ec:f8:c6:60:5a:
         81:97:3f:d0:3b:37:cf:47:9f:04:d8:f5:26:88:21:99:21:a7:
         68:ed:60:44:06:b2:0e:28:56:65:00:8e:bf:dc:59:33:68:f3:
         69:82:97:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaYcCdy3D3OLksaVcC8DBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjQyYzFjYTNkMzhjN2UxNWU2ODdlMGQ5NDg1Yzc4MjY5
MzhjMTAwHhcNMjUwMTAxMTk0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzM3NWFmZGRhNzFiZWZmZmRhMDJhOTlkMmIyYWQzNjM2MDYxNTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsiXpc1BYbeZIVV6wHZCTAint19+
R02J55OcDX3bBuLk/TC7yQyIlYsil+UcQPAGhvmS8GacEcEcSccCynK8mASpwRqS
wJcaPf3VWeHRVdoG/yeuBfM8gdLmE4R0kdqEvpVM4OcLqT5AuffKiFkkFnkXA/4s
TG1hebPHOoLq4Jf4ziRU5kMEW442O6Dd73ty1IHC5jZYD2dlUFoSJ86Sc6lSuNVR
8FKj3NcogBucf90w1kQiUAu0IUSzI7AJUyOYZXfSE43yTfMCWdqKN+n38TPAtgXj
GWixgvL3U4LJWo3+6iXZSlJATQvFYQ0jnlAETcu0iUbtGHcSauK+m5aH7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEM3Wv3acb7//aAqmdKyrTY2BhWAMB8GA1UdIwQY
MBaAFGNkLByj04x+FeaH4NlIXHgmk4wQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJRc0hLUFRqSDRWNW9mZzJVaGNlQ2FUakJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS80ZjU5MDMtZmY5Zi00ZWM2LTg2YzAt
MDdiMGVhNzVjMjRiLzEvUXpkYV9kcHh2dl85b0NxWjByS3ROallHRllBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS80ZjU5MDMtZmY5Zi00ZWM2LTg2YzAtMDdiMGVhNzVjMjRi
LzEvWTJRc0hLUFRqSDRWNW9mZzJVaGNlQ2FUakJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/6oMA0G
CSqGSIb3DQEBCwUAA4IBAQBROU99FA+hsyZ+kYRalRoOKXx0HBK1IKJ5zsXgIpdY
4SPifBEdK4lV2APhbH9IXhvdbY+KhoIlzqBZ8+G+ykPWVI34K2TOi/cmNzoHWnuZ
202K0PTeEv3ztzrseRuKLrOYVpSLIqRCwcT+JBhoSu2pT/FfOsA0++u0EmGYBoGF
7yioloo0ISxDc5iRDETvb3R9GN/yti8lHnfpZ5xKgSdbKfYhO9NE3P+dgvAzYreF
y/cPurRRZmpohrsKdH+E0bBdIHo7L6yVK9aaohryCzAIUjGl7PjGYFqBlz/QOzfP
R58E2PUmiCGZIado7WBEBrIOKFZlAI6/3FkzaPNpgpfO
-----END CERTIFICATE-----