Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/7d64f1-3d64-42eb-a275-2179644f3788/1/qjNgLrezTzPzPZHoRa0PyC-9c_E.roa
File:                     qjNgLrezTzPzPZHoRa0PyC-9c_E.roa (raw, json)
Hash identifier:          gjQzNWtyWkBxUXT4We5fyARX6Waght/4yDMrIeCr6j8=
Subject key identifier:   AA:33:60:2E:B7:B3:4F:33:F3:3D:91:E8:45:AD:0F:C8:2F:BD:73:F1
Certificate issuer:       /CN=a5bec32d6c64ffb601e270cedbcd3efff5ce7a40
Certificate serial:       019425FDE7D71F5ACC5C1A15613C79C2E26E
Authority key identifier: A5:BE:C3:2D:6C:64:FF:B6:01:E2:70:CE:DB:CD:3E:FF:F5:CE:7A:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pb7DLWxk_7YB4nDO280-__XOekA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/7d64f1-3d64-42eb-a275-2179644f3788/1/qjNgLrezTzPzPZHoRa0PyC-9c_E.roa
Signing time:             Thu 02 Jan 2025 07:49:44 +0000
ROA not before:           Thu 02 Jan 2025 07:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137
IP address blocks:        156.14.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/7d64f1-3d64-42eb-a275-2179644f3788/1/pb7DLWxk_7YB4nDO280-__XOekA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/7d64f1-3d64-42eb-a275-2179644f3788/1/pb7DLWxk_7YB4nDO280-__XOekA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pb7DLWxk_7YB4nDO280-__XOekA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 22:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e7:d7:1f:5a:cc:5c:1a:15:61:3c:79:c2:e2:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5bec32d6c64ffb601e270cedbcd3efff5ce7a40
        Validity
            Not Before: Jan  2 07:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa33602eb7b34f33f33d91e845ad0fc82fbd73f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a9:91:cd:37:b5:df:fe:bd:d8:72:41:2d:8b:
                    a6:23:26:11:b2:b4:af:6b:da:f1:a9:f4:e8:6f:d0:
                    72:49:26:8d:f7:38:4b:7d:4a:93:36:5b:66:29:95:
                    a4:00:12:42:6c:f3:dc:d7:c1:c0:5b:79:e3:04:aa:
                    87:61:d6:10:ab:79:b2:50:1a:e5:d2:d6:79:58:23:
                    e5:3f:73:91:ee:80:0e:f1:ec:15:fc:0f:d8:d0:50:
                    91:b8:a2:2e:e6:98:b6:cc:40:cd:dd:30:32:a2:16:
                    42:fb:92:2b:95:87:77:35:20:be:0b:97:45:29:db:
                    61:35:b4:d0:7b:ed:ce:f8:3f:8a:64:5f:82:84:ec:
                    7e:7a:34:3d:7d:55:c9:4d:f8:47:da:31:92:e9:50:
                    8d:9a:13:9d:28:d0:90:f7:31:fe:bb:03:cc:88:6a:
                    c6:6a:46:c9:b2:bc:32:42:8f:cd:19:c9:00:c0:18:
                    17:c7:48:ab:ac:de:2f:85:3d:66:4a:7b:e0:b9:78:
                    69:15:ee:b7:33:58:ef:c7:40:5e:53:ca:cd:a0:26:
                    27:b8:7b:bc:3f:78:ff:d9:4a:3f:cf:c7:09:95:17:
                    3f:38:9a:82:a9:24:b1:fb:69:34:3e:62:e8:6b:83:
                    33:ec:45:1f:21:e2:40:8f:6a:b3:e9:6e:a7:ef:bf:
                    c6:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:33:60:2E:B7:B3:4F:33:F3:3D:91:E8:45:AD:0F:C8:2F:BD:73:F1
            X509v3 Authority Key Identifier:
                keyid:A5:BE:C3:2D:6C:64:FF:B6:01:E2:70:CE:DB:CD:3E:FF:F5:CE:7A:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pb7DLWxk_7YB4nDO280-__XOekA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/7d64f1-3d64-42eb-a275-2179644f3788/1/qjNgLrezTzPzPZHoRa0PyC-9c_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/7d64f1-3d64-42eb-a275-2179644f3788/1/pb7DLWxk_7YB4nDO280-__XOekA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.14.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         32:3a:a4:97:be:74:97:4a:82:fa:4c:6d:05:22:6a:bc:07:72:
         14:43:10:4f:82:b0:17:6b:f3:a2:96:a0:2b:4c:d2:01:71:21:
         70:01:ea:ba:51:49:84:90:d6:41:92:82:ff:79:45:aa:88:7a:
         b6:f1:15:6e:87:3a:3b:01:d0:24:bb:1a:a8:74:17:e0:0f:cd:
         42:d9:3f:32:75:69:b3:68:ac:0d:81:c0:d2:94:8a:12:3e:d6:
         9a:d0:7a:2b:28:ca:65:3c:8f:0d:1d:5a:9f:65:04:d9:4c:9f:
         fe:f5:ea:a0:25:bf:b7:c2:d1:95:e4:cf:b6:17:c1:11:2d:be:
         0b:27:a8:da:6d:20:2b:46:d3:84:e5:bb:62:2e:67:8b:7a:ad:
         db:6a:c6:2f:ab:13:c5:fb:07:cf:26:b4:f6:c3:4f:21:96:d2:
         e6:4a:97:b0:a5:8c:cd:98:de:60:60:bd:1c:06:0c:87:eb:bf:
         f0:fb:b3:62:a6:c9:93:45:07:54:d7:dc:0a:9f:5e:3c:78:0e:
         12:45:84:cc:fa:21:8e:1d:24:ce:87:ff:87:44:07:93:75:bf:
         a8:41:bb:c1:31:3b:8f:b7:c4:15:cb:0d:00:f7:1f:38:d6:64:
         c1:f3:10:f0:c0:40:64:77:00:52:6c:ab:c9:ab:0f:fe:4c:e8:
         98:40:de:8b
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQl/efXH1rMXBoVYTx5wuJuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YmVjMzJkNmM2NGZmYjYwMWUyNzBjZWRiY2QzZWZmZjVj
ZTdhNDAwHhcNMjUwMTAyMDc0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTMzNjAyZWI3YjM0ZjMzZjMzZDkxZTg0NWFkMGZjODJmYmQ3M2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6mRzTe13/692HJBLYumIyYRsrSv
a9rxqfTob9BySSaN9zhLfUqTNltmKZWkABJCbPPc18HAW3njBKqHYdYQq3myUBrl
0tZ5WCPlP3OR7oAO8ewV/A/Y0FCRuKIu5pi2zEDN3TAyohZC+5IrlYd3NSC+C5dF
KdthNbTQe+3O+D+KZF+ChOx+ejQ9fVXJTfhH2jGS6VCNmhOdKNCQ9zH+uwPMiGrG
akbJsrwyQo/NGckAwBgXx0irrN4vhT1mSnvguXhpFe63M1jvx0BeU8rNoCYnuHu8
P3j/2Uo/z8cJlRc/OJqCqSSx+2k0PmLoa4Mz7EUfIeJAj2qz6W6n77/GWQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFKozYC63s08z8z2R6EWtD8gvvXPxMB8GA1UdIwQY
MBaAFKW+wy1sZP+2AeJwztvNPv/1znpAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGI3RExXeGtfN1lCNG5ETzI4MC1fX1hPZWtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi83ZDY0ZjEtM2Q2NC00MmViLWEyNzUt
MjE3OTY0NGYzNzg4LzEvcWpOZ0xyZXpUelB6UFpIb1JhMFB5Qy05Y19FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi83ZDY0ZjEtM2Q2NC00MmViLWEyNzUtMjE3OTY0NGYzNzg4
LzEvcGI3RExXeGtfN1lCNG5ETzI4MC1fX1hPZWtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnA4wDQYJ
KoZIhvcNAQELBQADggEBADI6pJe+dJdKgvpMbQUiarwHchRDEE+CsBdr86KWoCtM
0gFxIXAB6rpRSYSQ1kGSgv95RaqIerbxFW6HOjsB0CS7Gqh0F+APzULZPzJ1abNo
rA2BwNKUihI+1prQeisoymU8jw0dWp9lBNlMn/716qAlv7fC0ZXkz7YXwREtvgsn
qNptICtG04Tlu2IuZ4t6rdtqxi+rE8X7B88mtPbDTyGW0uZKl7CljM2Y3mBgvRwG
DIfrv/D7s2KmyZNFB1TX3AqfXjx4DhJFhMz6IY4dJM6H/4dEB5N1v6hBu8ExO4+3
xBXLDQD3HzjWZMHzEPDAQGR3AFJsq8mrD/5M6JhA3os=
-----END CERTIFICATE-----