Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/fc7aee-233c-4d64-9293-05978a5a1d69/1/QxahHBF5SSiTCKjSwe1FlEjpjhQ.roa
File:                     QxahHBF5SSiTCKjSwe1FlEjpjhQ.roa (raw, json)
Hash identifier:          d1pnjZFtEihgfo0iFcK4wvbFSZ9uzn9ZUOrv5mZKK8Y=
Subject key identifier:   43:16:A1:1C:11:79:49:28:93:08:A8:D2:C1:ED:45:94:48:E9:8E:14
Certificate issuer:       /CN=3f46c351ee89c9f5558167530704885b8be46eaa
Certificate serial:       019426D9DD3CF163D5CFB79D841C7EAAAD20
Authority key identifier: 3F:46:C3:51:EE:89:C9:F5:55:81:67:53:07:04:88:5B:8B:E4:6E:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P0bDUe6JyfVVgWdTBwSIW4vkbqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/fc7aee-233c-4d64-9293-05978a5a1d69/1/QxahHBF5SSiTCKjSwe1FlEjpjhQ.roa
Signing time:             Thu 02 Jan 2025 11:49:59 +0000
ROA not before:           Thu 02 Jan 2025 11:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205930
IP address blocks:        185.169.68.0/22 maxlen: 22
                          2a0b:40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/fc7aee-233c-4d64-9293-05978a5a1d69/1/P0bDUe6JyfVVgWdTBwSIW4vkbqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/fc7aee-233c-4d64-9293-05978a5a1d69/1/P0bDUe6JyfVVgWdTBwSIW4vkbqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P0bDUe6JyfVVgWdTBwSIW4vkbqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:dd:3c:f1:63:d5:cf:b7:9d:84:1c:7e:aa:ad:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f46c351ee89c9f5558167530704885b8be46eaa
        Validity
            Not Before: Jan  2 11:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4316a11c117949289308a8d2c1ed459448e98e14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:40:b9:c5:0a:24:b7:53:0d:b7:40:a1:ef:bf:
                    e5:01:03:29:c5:c8:b9:fc:2b:37:21:91:52:e1:44:
                    42:90:fe:a9:f6:ab:fd:1f:90:7f:e4:08:65:7f:6a:
                    22:94:79:19:83:2a:55:be:ec:cb:ea:99:72:9f:c9:
                    57:e2:af:4e:46:19:94:ff:b2:64:8c:3b:29:a7:6a:
                    89:d4:3c:c6:49:d6:0d:a1:f2:cf:08:3f:cb:6c:b3:
                    f3:2b:43:c4:ea:aa:b5:1e:f1:8e:5b:0c:68:04:ee:
                    75:36:0b:06:a1:fc:82:be:3e:e2:32:15:c2:da:ad:
                    3d:44:58:02:75:ae:a3:f0:02:16:11:c1:2b:ce:c4:
                    91:f0:d0:b1:a3:3c:58:18:3f:6c:e6:2b:3c:5c:83:
                    d5:e8:30:30:d0:97:6b:90:1e:11:45:25:03:a5:7e:
                    3d:35:03:db:64:e3:fa:74:6d:bd:a3:f6:a0:2f:e5:
                    b8:90:e5:21:3e:12:cf:39:34:de:19:57:94:13:5a:
                    2c:9d:97:11:9d:61:59:f1:d2:11:1d:5d:d0:f9:34:
                    fb:63:0f:17:3c:7d:6b:46:b1:08:ca:1e:57:50:49:
                    6a:34:ea:bf:5a:b0:c9:01:57:b3:ac:34:82:7a:8d:
                    fd:b5:20:b2:48:7c:f5:1f:e6:9f:8c:25:ad:21:1c:
                    7b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:16:A1:1C:11:79:49:28:93:08:A8:D2:C1:ED:45:94:48:E9:8E:14
            X509v3 Authority Key Identifier:
                keyid:3F:46:C3:51:EE:89:C9:F5:55:81:67:53:07:04:88:5B:8B:E4:6E:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P0bDUe6JyfVVgWdTBwSIW4vkbqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/fc7aee-233c-4d64-9293-05978a5a1d69/1/QxahHBF5SSiTCKjSwe1FlEjpjhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/fc7aee-233c-4d64-9293-05978a5a1d69/1/P0bDUe6JyfVVgWdTBwSIW4vkbqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.68.0/22
                IPv6:
                  2a0b:40::/29

    Signature Algorithm: sha256WithRSAEncryption
         51:75:f8:ea:ee:a9:e9:7a:d1:19:ad:13:fb:26:31:73:11:da:
         81:a4:87:a7:cc:a6:8f:40:5e:88:3f:30:a5:bf:09:fe:3a:97:
         58:b3:ed:a8:ea:24:2c:6b:56:8c:16:76:5b:86:3a:e0:68:19:
         db:94:e5:8f:f4:9f:b3:4a:33:40:22:88:1f:f9:08:e6:4f:f2:
         72:09:13:11:a2:24:2a:3d:af:30:92:bd:59:58:6c:f6:b8:95:
         a6:a9:f5:4d:fa:4d:4f:e7:0f:0b:fa:0e:2a:cc:99:0e:4f:a0:
         db:57:08:b4:da:46:7e:f7:75:c8:b5:10:71:e7:b3:c6:4f:2f:
         45:00:d4:bc:25:73:3c:f2:3e:c0:f7:e9:f3:40:60:be:4a:1f:
         f8:72:d1:7b:5f:8a:ed:90:ca:12:85:36:8f:68:96:8e:c9:fb:
         8e:78:b7:0a:0d:52:8b:0d:5e:b5:0b:20:25:ae:7e:c8:b8:97:
         01:d8:20:ba:7a:cf:8c:b6:ff:ea:2e:5f:d5:b5:6b:cd:5d:f5:
         6d:20:4b:24:33:07:4d:f3:72:3f:fd:8c:bd:00:aa:cb:00:ba:
         37:d2:24:10:5a:54:aa:b7:b5:c4:49:2c:63:5f:92:c9:0f:b5:
         f9:9e:46:e0:7a:20:45:4d:41:6f:28:df:ed:3f:6d:89:9e:44:
         8d:df:7d:a5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2d088WPVz7edhBx+qq0gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmNDZjMzUxZWU4OWM5ZjU1NTgxNjc1MzA3MDQ4ODViOGJl
NDZlYWEwHhcNMjUwMTAyMTE0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzE2YTExYzExNzk0OTI4OTMwOGE4ZDJjMWVkNDU5NDQ4ZTk4ZTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkC5xQokt1MNt0Ch77/lAQMpxci5
/Cs3IZFS4URCkP6p9qv9H5B/5Ahlf2oilHkZgypVvuzL6plyn8lX4q9ORhmU/7Jk
jDspp2qJ1DzGSdYNofLPCD/LbLPzK0PE6qq1HvGOWwxoBO51NgsGofyCvj7iMhXC
2q09RFgCda6j8AIWEcErzsSR8NCxozxYGD9s5is8XIPV6DAw0JdrkB4RRSUDpX49
NQPbZOP6dG29o/agL+W4kOUhPhLPOTTeGVeUE1osnZcRnWFZ8dIRHV3Q+TT7Yw8X
PH1rRrEIyh5XUElqNOq/WrDJAVezrDSCeo39tSCySHz1H+afjCWtIRx7IQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEMWoRwReUkokwio0sHtRZRI6Y4UMB8GA1UdIwQY
MBaAFD9Gw1Huicn1VYFnUwcEiFuL5G6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDBiRFVlNkp5ZlZWZ1dkVEJ3U0lXNHZrYnFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9mYzdhZWUtMjMzYy00ZDY0LTkyOTMt
MDU5NzhhNWExZDY5LzEvUXhhaEhCRjVTU2lUQ0tqU3dlMUZsRWpwamhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9mYzdhZWUtMjMzYy00ZDY0LTkyOTMtMDU5NzhhNWExZDY5
LzEvUDBiRFVlNkp5ZlZWZ1dkVEJ3U0lXNHZrYnFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCualEMA0E
AgACMAcDBQMqCwBAMA0GCSqGSIb3DQEBCwUAA4IBAQBRdfjq7qnpetEZrRP7JjFz
EdqBpIenzKaPQF6IPzClvwn+OpdYs+2o6iQsa1aMFnZbhjrgaBnblOWP9J+zSjNA
Iogf+QjmT/JyCRMRoiQqPa8wkr1ZWGz2uJWmqfVN+k1P5w8L+g4qzJkOT6DbVwi0
2kZ+93XItRBx57PGTy9FANS8JXM88j7A9+nzQGC+Sh/4ctF7X4rtkMoShTaPaJaO
yfuOeLcKDVKLDV61CyAlrn7IuJcB2CC6es+Mtv/qLl/VtWvNXfVtIEskMwdN83I/
/Yy9AKrLALo30iQQWlSqt7XESSxjX5LJD7X5nkbgeiBFTUFvKN/tP22JnkSN332l
-----END CERTIFICATE-----