Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/Qgkf9isvn9G1i53cocvwB25dPG0.roa
File:                     Qgkf9isvn9G1i53cocvwB25dPG0.roa (raw, json)
Hash identifier:          7pOvhNxITVVpr4C2N2+h/b2aAgFP8cFKYE5FjzDD/YQ=
Subject key identifier:   42:09:1F:F6:2B:2F:9F:D1:B5:8B:9D:DC:A1:CB:F0:07:6E:5D:3C:6D
Certificate issuer:       /CN=435e41960d590e99804e90b9af0365584c712c72
Certificate serial:       019427B574E97220715A3D29572C4D08D116
Authority key identifier: 43:5E:41:96:0D:59:0E:99:80:4E:90:B9:AF:03:65:58:4C:71:2C:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q15Blg1ZDpmATpC5rwNlWExxLHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/Qgkf9isvn9G1i53cocvwB25dPG0.roa
Signing time:             Thu 02 Jan 2025 15:49:50 +0000
ROA not before:           Thu 02 Jan 2025 15:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60887
IP address blocks:        185.196.148.0/24 maxlen: 24
                          185.196.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/Q15Blg1ZDpmATpC5rwNlWExxLHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/Q15Blg1ZDpmATpC5rwNlWExxLHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q15Blg1ZDpmATpC5rwNlWExxLHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:74:e9:72:20:71:5a:3d:29:57:2c:4d:08:d1:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=435e41960d590e99804e90b9af0365584c712c72
        Validity
            Not Before: Jan  2 15:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42091ff62b2f9fd1b58b9ddca1cbf0076e5d3c6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b1:77:1a:44:e6:3e:47:3e:27:b9:61:77:4a:
                    09:03:f8:f2:95:9f:fe:63:5c:f1:4b:89:87:de:53:
                    14:10:1a:b8:c1:f4:51:b3:9a:a6:e7:9d:5e:71:9c:
                    f6:f1:42:4e:1b:34:61:d4:9f:a3:7d:77:f1:60:65:
                    55:7a:25:d0:83:da:5b:30:08:e2:b7:b6:a6:cb:c3:
                    45:4e:4d:19:a6:6a:3a:01:2f:a8:d9:b0:fe:1f:91:
                    64:47:fb:15:d7:38:6b:a8:51:2c:ee:da:88:47:65:
                    e1:64:b4:94:33:8c:d6:a3:1d:71:5c:4f:37:3b:7c:
                    7f:a8:63:11:ae:e4:c3:c4:55:2c:90:3e:e1:f9:c2:
                    c0:67:8c:98:76:64:eb:b3:65:20:ee:5a:9c:eb:c4:
                    77:2a:3b:3f:ba:0f:00:fa:66:ce:9b:64:60:d9:1a:
                    6b:97:9e:cd:51:39:e7:81:99:b1:be:84:ec:8d:d4:
                    e1:3d:c9:f9:88:19:32:12:ee:41:cb:21:17:18:c3:
                    b4:1a:b1:09:6d:cb:5b:12:a5:13:3d:b0:8d:d5:ef:
                    a4:57:bc:a1:af:e5:2d:5c:02:03:71:d7:34:e0:7e:
                    ac:fd:a7:89:53:bb:13:64:24:2f:c8:9f:0f:88:14:
                    12:23:5e:79:53:4f:af:cc:a3:96:c7:7c:40:42:5d:
                    53:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:09:1F:F6:2B:2F:9F:D1:B5:8B:9D:DC:A1:CB:F0:07:6E:5D:3C:6D
            X509v3 Authority Key Identifier:
                keyid:43:5E:41:96:0D:59:0E:99:80:4E:90:B9:AF:03:65:58:4C:71:2C:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q15Blg1ZDpmATpC5rwNlWExxLHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/Qgkf9isvn9G1i53cocvwB25dPG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/Q15Blg1ZDpmATpC5rwNlWExxLHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:48:9a:b5:b8:bd:2f:90:65:75:4f:5b:87:01:8b:71:cb:2e:
         cf:7f:9c:0d:fb:27:1f:b8:d0:26:17:f2:3c:07:29:6c:80:8f:
         ce:ba:44:93:32:14:10:95:1c:f4:c0:93:40:a1:72:fd:ab:be:
         55:39:ab:a3:01:df:82:1c:56:e3:32:7a:20:e0:7f:54:9d:32:
         84:6d:92:32:0b:d2:d5:da:10:48:a2:27:21:38:08:c6:43:d1:
         80:23:55:b2:58:db:11:ac:45:22:7c:4f:4e:5a:a4:bc:85:01:
         7c:29:7e:61:fb:43:58:c6:ae:09:d9:df:7c:58:3f:8d:db:d0:
         11:d5:56:cc:50:5b:db:cd:4c:43:f0:54:30:68:26:a0:74:62:
         df:a0:9d:35:63:95:b9:49:f4:4c:f0:41:f1:91:ad:84:26:c2:
         39:18:60:06:7c:d3:c2:62:7a:f0:57:eb:6c:f0:a8:9f:8e:5a:
         fe:94:32:10:1c:3d:8f:25:4e:b2:e5:0e:55:99:5d:8e:df:95:
         ca:09:91:aa:f3:52:f9:5e:a4:50:58:5d:c1:d0:e2:41:85:ed:
         f4:34:d1:10:46:84:ae:42:00:5a:53:9b:57:e4:d7:50:45:67:
         a6:ee:fc:d5:6f:e5:29:b5:e8:69:4a:ee:2d:b9:aa:e0:88:51:
         a5:39:c5:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntXTpciBxWj0pVyxNCNEWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNWU0MTk2MGQ1OTBlOTk4MDRlOTBiOWFmMDM2NTU4NGM3
MTJjNzIwHhcNMjUwMTAyMTU0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjA5MWZmNjJiMmY5ZmQxYjU4YjlkZGNhMWNiZjAwNzZlNWQzYzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLF3GkTmPkc+J7lhd0oJA/jylZ/+
Y1zxS4mH3lMUEBq4wfRRs5qm551ecZz28UJOGzRh1J+jfXfxYGVVeiXQg9pbMAji
t7amy8NFTk0Zpmo6AS+o2bD+H5FkR/sV1zhrqFEs7tqIR2XhZLSUM4zWox1xXE83
O3x/qGMRruTDxFUskD7h+cLAZ4yYdmTrs2Ug7lqc68R3Kjs/ug8A+mbOm2Rg2Rpr
l57NUTnngZmxvoTsjdThPcn5iBkyEu5ByyEXGMO0GrEJbctbEqUTPbCN1e+kV7yh
r+UtXAIDcdc04H6s/aeJU7sTZCQvyJ8PiBQSI155U0+vzKOWx3xAQl1T/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIJH/YrL5/RtYud3KHL8AduXTxtMB8GA1UdIwQY
MBaAFENeQZYNWQ6ZgE6Qua8DZVhMcSxyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTE1QmxnMVpEcG1BVHBDNXJ3TmxXRXh4TEhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83ZTJmMjgtNWNhZS00ZTZmLWE1ZjAt
MDFiYjVmZDUzNGY1LzEvUWdrZjlpc3ZuOUcxaTUzY29jdndCMjVkUEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83ZTJmMjgtNWNhZS00ZTZmLWE1ZjAtMDFiYjVmZDUzNGY1
LzEvUTE1QmxnMVpEcG1BVHBDNXJ3TmxXRXh4TEhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucSUMA0G
CSqGSIb3DQEBCwUAA4IBAQAdSJq1uL0vkGV1T1uHAYtxyy7Pf5wN+ycfuNAmF/I8
BylsgI/OukSTMhQQlRz0wJNAoXL9q75VOaujAd+CHFbjMnog4H9UnTKEbZIyC9LV
2hBIoichOAjGQ9GAI1WyWNsRrEUifE9OWqS8hQF8KX5h+0NYxq4J2d98WD+N29AR
1VbMUFvbzUxD8FQwaCagdGLfoJ01Y5W5SfRM8EHxka2EJsI5GGAGfNPCYnrwV+ts
8Kifjlr+lDIQHD2PJU6y5Q5VmV2O35XKCZGq81L5XqRQWF3B0OJBhe30NNEQRoSu
QgBaU5tX5NdQRWem7vzVb+UptehpSu4tuargiFGlOcWb
-----END CERTIFICATE-----