Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/912110-6fc2-424a-a955-da621cd756d7/1/BQDPXa-JspTpWAu0NOuuEpF8Tl4.roa
File:                     BQDPXa-JspTpWAu0NOuuEpF8Tl4.roa (raw, json)
Hash identifier:          JodgHJErZyoC9ynFj9T5piHNxrWL50pmvjPIJHYGhbY=
Subject key identifier:   05:00:CF:5D:AF:89:B2:94:E9:58:0B:B4:34:EB:AE:12:91:7C:4E:5E
Certificate issuer:       /CN=fa4f44ba814b8c94b7afe3022ee01462f513bff7
Certificate serial:       019427488C9DECAACFF361153F03EB9D54BC
Authority key identifier: FA:4F:44:BA:81:4B:8C:94:B7:AF:E3:02:2E:E0:14:62:F5:13:BF:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-k9EuoFLjJS3r-MCLuAUYvUTv_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/912110-6fc2-424a-a955-da621cd756d7/1/BQDPXa-JspTpWAu0NOuuEpF8Tl4.roa
Signing time:             Thu 02 Jan 2025 13:50:53 +0000
ROA not before:           Thu 02 Jan 2025 13:50:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198031
IP address blocks:        91.146.120.0/21 maxlen: 21
                          2a03:a780::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/912110-6fc2-424a-a955-da621cd756d7/1/1-k9EuoFLjJS3r-MCLuAUYvUTv_c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/912110-6fc2-424a-a955-da621cd756d7/1/1-k9EuoFLjJS3r-MCLuAUYvUTv_c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-k9EuoFLjJS3r-MCLuAUYvUTv_c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 10:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:8c:9d:ec:aa:cf:f3:61:15:3f:03:eb:9d:54:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa4f44ba814b8c94b7afe3022ee01462f513bff7
        Validity
            Not Before: Jan  2 13:50:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0500cf5daf89b294e9580bb434ebae12917c4e5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b4:8d:e0:83:dd:b9:a4:cf:5f:59:12:fe:fd:
                    43:77:bc:b7:75:7d:1a:3f:c9:13:4a:54:05:e6:f3:
                    fd:59:46:cf:35:59:be:dc:ad:4a:1a:2e:ac:b3:2a:
                    56:7c:41:51:e8:83:bc:75:90:74:33:44:fa:85:2c:
                    09:f5:a3:b3:43:78:9e:6b:7a:9d:11:dd:27:a0:27:
                    5c:b9:1f:76:d7:50:c4:0a:49:a2:6f:eb:04:9c:02:
                    7d:60:d7:a8:b9:e0:da:63:9e:5c:66:66:77:40:49:
                    85:96:0f:15:f2:d5:cf:03:6f:7a:a3:70:7c:f7:99:
                    22:e4:78:a8:ee:0c:83:47:39:b0:4c:16:0c:80:fc:
                    d7:eb:10:89:a2:88:22:2c:a2:72:91:41:2d:7a:62:
                    83:0f:65:fb:16:36:54:1e:fe:40:d1:cf:04:6b:4e:
                    38:5b:a7:8c:c9:00:9f:44:d0:f1:ee:f6:f7:90:02:
                    27:5e:dd:79:33:9b:e9:a2:7b:bd:2b:15:e2:f0:32:
                    89:6d:e4:94:a5:9b:0a:cb:c5:b5:25:4d:aa:e1:94:
                    dc:61:fd:4b:66:04:1c:8e:64:b3:4d:65:ee:46:11:
                    18:78:b7:d1:0d:57:37:a7:7a:57:87:4b:77:fb:13:
                    72:24:01:18:33:98:3b:23:91:dc:ff:48:13:98:1e:
                    da:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:00:CF:5D:AF:89:B2:94:E9:58:0B:B4:34:EB:AE:12:91:7C:4E:5E
            X509v3 Authority Key Identifier:
                keyid:FA:4F:44:BA:81:4B:8C:94:B7:AF:E3:02:2E:E0:14:62:F5:13:BF:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-k9EuoFLjJS3r-MCLuAUYvUTv_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/912110-6fc2-424a-a955-da621cd756d7/1/BQDPXa-JspTpWAu0NOuuEpF8Tl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/912110-6fc2-424a-a955-da621cd756d7/1/1-k9EuoFLjJS3r-MCLuAUYvUTv_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.146.120.0/21
                IPv6:
                  2a03:a780::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:de:f7:71:30:c2:cd:f4:06:65:de:1a:a1:3e:45:e0:bf:6d:
         19:70:17:5c:e2:8c:ca:7b:6f:75:90:82:68:af:b7:02:fd:d6:
         e3:f3:73:ab:ab:75:a2:27:13:4b:d1:c7:74:29:34:04:c8:c6:
         bd:0e:4a:fe:75:82:fb:e4:b6:1f:6d:07:7a:bf:f7:66:9d:25:
         cb:29:d9:11:36:67:da:19:c9:b3:a9:a1:40:45:74:69:5c:18:
         7e:e0:6f:c2:b5:c8:c7:74:6d:80:ce:97:3e:0e:ba:fa:85:20:
         8d:71:fb:7a:3d:06:e7:a9:75:77:70:cc:c4:d1:6e:8c:11:39:
         3e:06:2c:cf:b4:81:08:ef:3f:88:cf:33:6a:04:1e:cf:1e:03:
         b2:f5:15:5d:f5:b9:bb:87:4e:04:20:ed:9f:5d:5e:68:8a:6f:
         87:83:ad:9b:28:97:5b:d4:0c:c0:ec:6b:a1:cf:5a:b6:91:60:
         68:94:1b:5e:fb:95:04:3b:f3:e8:66:02:f4:d0:3a:2a:62:f1:
         fe:0c:aa:76:22:c7:ff:b7:58:66:f3:0f:67:53:0b:95:01:6c:
         9e:bb:b3:34:1a:a7:9d:c2:ca:e6:ab:c5:df:cb:d5:4c:5e:a3:
         9a:b0:46:48:84:aa:2c:8c:0e:9c:a4:36:c3:cb:a1:9f:59:c6:
         64:80:11:f6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQnSIyd7KrP82EVPwPrnVS8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhNGY0NGJhODE0YjhjOTRiN2FmZTMwMjJlZTAxNDYyZjUx
M2JmZjcwHhcNMjUwMTAyMTM1MDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTAwY2Y1ZGFmODliMjk0ZTk1ODBiYjQzNGViYWUxMjkxN2M0ZTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrSN4IPduaTPX1kS/v1Dd7y3dX0a
P8kTSlQF5vP9WUbPNVm+3K1KGi6ssypWfEFR6IO8dZB0M0T6hSwJ9aOzQ3iea3qd
Ed0noCdcuR9211DECkmib+sEnAJ9YNeoueDaY55cZmZ3QEmFlg8V8tXPA296o3B8
95ki5Hio7gyDRzmwTBYMgPzX6xCJoogiLKJykUEtemKDD2X7FjZUHv5A0c8Ea044
W6eMyQCfRNDx7vb3kAInXt15M5vponu9KxXi8DKJbeSUpZsKy8W1JU2q4ZTcYf1L
ZgQcjmSzTWXuRhEYeLfRDVc3p3pXh0t3+xNyJAEYM5g7I5Hc/0gTmB7aCwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAUAz12vibKU6VgLtDTrrhKRfE5eMB8GA1UdIwQY
MBaAFPpPRLqBS4yUt6/jAi7gFGL1E7/3MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1rOUV1b0ZMakpTM3ItTUNMdUFVWXZVVHZfYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvOTEyMTEwLTZmYzItNDI0YS1hOTU1
LWRhNjIxY2Q3NTZkNy8xL0JRRFBYYS1Kc3BUcFdBdTBOT3V1RXBGOFRsNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDUvOTEyMTEwLTZmYzItNDI0YS1hOTU1LWRhNjIxY2Q3NTZk
Ny8xLzEtazlFdW9GTGpKUzNyLU1DTHVBVVl2VVR2X2MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBANbkngw
DQQCAAIwBwMFACoDp4AwDQYJKoZIhvcNAQELBQADggEBAJve93Ewws30BmXeGqE+
ReC/bRlwF1zijMp7b3WQgmivtwL91uPzc6urdaInE0vRx3QpNATIxr0OSv51gvvk
th9tB3q/92adJcsp2RE2Z9oZybOpoUBFdGlcGH7gb8K1yMd0bYDOlz4OuvqFII1x
+3o9BuepdXdwzMTRbowROT4GLM+0gQjvP4jPM2oEHs8eA7L1FV31ubuHTgQg7Z9d
XmiKb4eDrZsol1vUDMDsa6HPWraRYGiUG177lQQ78+hmAvTQOipi8f4MqnYix/+3
WGbzD2dTC5UBbJ67szQap53Cyuarxd/L1Uxeo5qwRkiEqiyMDpykNsPLoZ9ZxmSA
EfY=
-----END CERTIFICATE-----