Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/q89QJtHHmXnhAigcqtbzFtx6C1M.roa
File:                     q89QJtHHmXnhAigcqtbzFtx6C1M.roa (raw, json)
Hash identifier:          loY0HF8avLCwfiugLfjQZRVIrjtQul45fabi0RCTt2g=
Subject key identifier:   AB:CF:50:26:D1:C7:99:79:E1:02:28:1C:AA:D6:F3:16:DC:7A:0B:53
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       01941FFA8C290894F6B2151FFFBB0BBEFCCF
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/q89QJtHHmXnhAigcqtbzFtx6C1M.roa
Signing time:             Wed 01 Jan 2025 03:48:21 +0000
ROA not before:           Wed 01 Jan 2025 03:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138997
IP address blocks:        37.128.250.0/23 maxlen: 24
                          176.221.16.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:8c:29:08:94:f6:b2:15:1f:ff:bb:0b:be:fc:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Jan  1 03:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abcf5026d1c79979e102281caad6f316dc7a0b53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:55:c5:a5:b5:95:bb:30:76:6d:80:af:88:4c:
                    07:3c:17:55:d1:67:44:f1:f5:30:c3:26:76:30:33:
                    3c:b1:22:50:64:1a:ca:61:42:32:87:6e:96:d9:0d:
                    f1:21:6a:b1:80:97:76:3d:5e:92:b4:75:35:e4:ef:
                    06:53:50:52:d3:f7:c8:f1:d0:9c:70:87:48:a5:4e:
                    fe:45:38:86:bd:f6:dd:59:b9:04:df:85:ce:96:81:
                    65:66:f4:8a:0b:ff:bb:57:81:43:85:3c:e7:b2:a8:
                    8c:80:9b:57:0a:1d:32:92:f4:04:bf:8e:4e:7b:c4:
                    02:00:50:67:3d:91:4e:15:d0:ee:2f:a1:3f:6d:1d:
                    9f:24:7a:b1:74:bf:65:f2:56:cf:a3:1a:bd:b0:d9:
                    33:47:4e:ad:f8:5e:d0:90:52:c8:76:fe:1e:16:e4:
                    b7:dc:07:32:b0:b4:51:f5:ea:c4:73:29:e8:78:1e:
                    e5:c6:8f:e9:52:3d:87:2b:9f:14:65:00:de:e6:21:
                    55:02:72:8f:59:83:99:00:17:a9:0b:ba:ae:5e:9e:
                    90:82:e3:70:e8:9f:4d:14:50:82:73:59:7a:77:75:
                    0e:79:b8:98:cd:60:6f:80:39:1d:31:82:86:55:3e:
                    be:26:d8:ca:08:de:08:ef:49:b7:c2:cc:ba:af:fb:
                    89:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:CF:50:26:D1:C7:99:79:E1:02:28:1C:AA:D6:F3:16:DC:7A:0B:53
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/q89QJtHHmXnhAigcqtbzFtx6C1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.128.250.0/23
                  176.221.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:ad:88:87:2b:56:88:5e:32:a1:ca:2d:30:47:bd:50:48:a1:
         b5:38:d3:32:58:ab:c1:31:7d:9a:30:0d:a1:5d:21:a4:b5:6d:
         26:6e:13:89:45:a4:7e:0c:b3:c0:8b:a4:68:c8:9f:bf:2b:ee:
         fe:71:de:86:cb:81:6e:63:cd:cd:9c:48:51:b8:48:ec:20:c8:
         b4:80:c8:32:d2:45:27:c4:ca:f6:6b:82:48:27:da:52:70:7d:
         cd:1f:fa:1a:3d:cf:e4:87:23:77:3f:9f:f9:bc:15:0b:be:b5:
         5a:0a:2b:32:d4:97:34:ea:09:bb:bc:b2:f9:cf:59:3a:aa:14:
         a7:54:1b:18:5d:a6:5b:6f:93:91:e8:aa:06:50:7f:65:d1:57:
         76:f5:e6:0e:ab:a9:cb:4d:a8:2b:65:51:3e:61:1c:c3:44:ef:
         4c:59:a0:78:33:ed:95:dc:f1:51:c0:5c:b6:9f:1e:08:1b:0c:
         e8:22:60:6a:95:f0:a4:06:d5:1f:8f:35:ee:b0:1a:39:37:a2:
         61:04:b7:10:be:b7:5d:ed:6e:94:91:bb:5b:a2:58:eb:30:05:
         1c:45:a1:60:c5:fe:2c:a8:d0:9a:f8:29:81:88:27:3e:b4:e7:
         84:86:b8:f3:14:1e:3c:07:aa:b8:0f:03:0b:6b:59:ef:d0:e1:
         8d:92:98:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+owpCJT2shUf/7sLvvzPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwMTAxMDM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmNmNTAyNmQxYzc5OTc5ZTEwMjI4MWNhYWQ2ZjMxNmRjN2EwYjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVXFpbWVuzB2bYCviEwHPBdV0WdE
8fUwwyZ2MDM8sSJQZBrKYUIyh26W2Q3xIWqxgJd2PV6StHU15O8GU1BS0/fI8dCc
cIdIpU7+RTiGvfbdWbkE34XOloFlZvSKC/+7V4FDhTznsqiMgJtXCh0ykvQEv45O
e8QCAFBnPZFOFdDuL6E/bR2fJHqxdL9l8lbPoxq9sNkzR06t+F7QkFLIdv4eFuS3
3AcysLRR9erEcynoeB7lxo/pUj2HK58UZQDe5iFVAnKPWYOZABepC7quXp6QguNw
6J9NFFCCc1l6d3UOebiYzWBvgDkdMYKGVT6+JtjKCN4I70m3wsy6r/uJgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKvPUCbRx5l54QIoHKrW8xbcegtTMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvcTg5UUp0SEhtWG5oQWlnY3F0YnpGdHg2QzFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBJYD6AwQC
sN0QMA0GCSqGSIb3DQEBCwUAA4IBAQBbrYiHK1aIXjKhyi0wR71QSKG1ONMyWKvB
MX2aMA2hXSGktW0mbhOJRaR+DLPAi6RoyJ+/K+7+cd6Gy4FuY83NnEhRuEjsIMi0
gMgy0kUnxMr2a4JIJ9pScH3NH/oaPc/khyN3P5/5vBULvrVaCisy1Jc06gm7vLL5
z1k6qhSnVBsYXaZbb5OR6KoGUH9l0Vd29eYOq6nLTagrZVE+YRzDRO9MWaB4M+2V
3PFRwFy2nx4IGwzoImBqlfCkBtUfjzXusBo5N6JhBLcQvrdd7W6UkbtboljrMAUc
RaFgxf4sqNCa+CmBiCc+tOeEhrjzFB48B6q4DwMLa1nv0OGNkpg2
-----END CERTIFICATE-----