Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/XQLqdml-mlBf3Z-90xd5Tk9chkc.roa
File:                     XQLqdml-mlBf3Z-90xd5Tk9chkc.roa (raw, json)
Hash identifier:          nSfERnt4sWaMf0P1jQhY7bLFNZayDQ04cDYTAEFX1MA=
Subject key identifier:   5D:02:EA:76:69:7E:9A:50:5F:DD:9F:BD:D3:17:79:4E:4F:5C:86:47
Certificate issuer:       /CN=435e41960d590e99804e90b9af0365584c712c72
Certificate serial:       019427B575E542549BDEEE729F60B506EB4A
Authority key identifier: 43:5E:41:96:0D:59:0E:99:80:4E:90:B9:AF:03:65:58:4C:71:2C:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q15Blg1ZDpmATpC5rwNlWExxLHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/XQLqdml-mlBf3Z-90xd5Tk9chkc.roa
Signing time:             Thu 02 Jan 2025 15:49:51 +0000
ROA not before:           Thu 02 Jan 2025 15:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209462
IP address blocks:        185.196.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/Q15Blg1ZDpmATpC5rwNlWExxLHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/Q15Blg1ZDpmATpC5rwNlWExxLHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q15Blg1ZDpmATpC5rwNlWExxLHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:75:e5:42:54:9b:de:ee:72:9f:60:b5:06:eb:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=435e41960d590e99804e90b9af0365584c712c72
        Validity
            Not Before: Jan  2 15:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d02ea76697e9a505fdd9fbdd317794e4f5c8647
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:fd:1c:79:ea:da:bb:d4:61:73:e8:fc:aa:f6:
                    83:80:f4:46:ef:61:a2:82:37:6c:6e:48:d3:15:34:
                    50:11:9d:f9:a6:89:8c:a5:e0:bf:a3:70:4a:74:c9:
                    ad:05:77:2d:4a:12:2a:5b:3e:f8:9f:e1:ab:b4:df:
                    46:43:71:62:98:4f:e8:5d:57:d0:c9:ae:7a:37:ac:
                    bf:34:d0:9a:53:93:51:d7:cb:9a:6d:3c:37:94:ee:
                    7d:05:29:68:8a:bc:e7:ee:5e:81:69:10:f4:5e:f9:
                    5a:fd:16:2e:01:07:95:fe:dc:48:8a:7b:56:ab:49:
                    f4:0b:42:45:05:26:40:29:55:5e:89:41:4e:eb:46:
                    c9:aa:45:8a:83:08:eb:30:92:a2:2b:6c:63:7b:e6:
                    a8:72:aa:77:50:4a:bc:15:e2:5c:3a:01:dc:25:6e:
                    69:5f:3c:a7:02:91:14:0a:9f:d1:7d:78:8e:16:2e:
                    5c:1e:cf:83:1d:55:0b:d5:45:ec:49:4e:39:84:ee:
                    54:7e:02:22:bd:8c:8e:ba:f4:ae:38:64:83:e5:1c:
                    e6:f0:3a:2c:ca:af:6f:ca:75:c8:c0:6c:f5:60:6b:
                    37:54:2a:ec:72:1f:dc:10:a0:0b:a3:67:85:92:7c:
                    a3:d2:08:47:6f:3b:c1:c8:5a:8f:f0:51:95:18:13:
                    55:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:02:EA:76:69:7E:9A:50:5F:DD:9F:BD:D3:17:79:4E:4F:5C:86:47
            X509v3 Authority Key Identifier:
                keyid:43:5E:41:96:0D:59:0E:99:80:4E:90:B9:AF:03:65:58:4C:71:2C:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q15Blg1ZDpmATpC5rwNlWExxLHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/XQLqdml-mlBf3Z-90xd5Tk9chkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/Q15Blg1ZDpmATpC5rwNlWExxLHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:2c:ac:69:65:40:60:c9:c3:b4:23:be:1e:16:f0:d7:b7:7d:
         f4:3f:0b:bd:ea:a0:8e:8e:83:de:b8:84:2e:3c:03:50:0e:e4:
         ef:93:bb:33:2b:ac:80:8f:9e:a5:8c:7a:f0:04:95:72:71:7c:
         87:53:18:9c:1e:4b:ab:0c:44:44:c5:f9:2c:ee:e8:4a:66:2d:
         51:0e:14:48:6d:0f:d7:ed:1e:14:d1:94:a3:ca:6e:4f:96:24:
         6f:1e:21:c3:b5:ee:8b:c3:0c:62:44:58:4e:1b:c5:d0:49:38:
         3d:ba:b0:73:93:30:b4:25:08:ab:43:10:bf:83:a7:ac:83:cd:
         d3:c7:df:71:74:51:b1:52:bd:90:34:93:ea:a1:7c:ab:7f:3a:
         f4:69:f6:cd:ff:17:75:3c:4e:3c:f8:97:75:c6:de:1c:4d:cc:
         34:8f:9b:47:ea:ed:56:ff:17:64:1c:6a:fe:81:03:a9:f2:96:
         53:f6:5f:12:27:9b:63:d5:dc:54:c5:08:78:2d:dd:6a:0d:48:
         b2:b5:15:7c:7b:88:03:51:19:2c:04:18:93:16:06:c0:4c:27:
         04:cc:96:9f:26:54:79:f8:c8:3e:3a:e2:b6:93:1e:92:e9:dd:
         b6:ab:2c:9f:80:5e:aa:59:dd:4a:90:87:9a:d0:a8:84:59:0f:
         c0:b1:99:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntXXlQlSb3u5yn2C1ButKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNWU0MTk2MGQ1OTBlOTk4MDRlOTBiOWFmMDM2NTU4NGM3
MTJjNzIwHhcNMjUwMTAyMTU0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDAyZWE3NjY5N2U5YTUwNWZkZDlmYmRkMzE3Nzk0ZTRmNWM4NjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlv0ceerau9Rhc+j8qvaDgPRG72Gi
gjdsbkjTFTRQEZ35pomMpeC/o3BKdMmtBXctShIqWz74n+GrtN9GQ3FimE/oXVfQ
ya56N6y/NNCaU5NR18uabTw3lO59BSloirzn7l6BaRD0Xvla/RYuAQeV/txIintW
q0n0C0JFBSZAKVVeiUFO60bJqkWKgwjrMJKiK2xje+aocqp3UEq8FeJcOgHcJW5p
XzynApEUCp/RfXiOFi5cHs+DHVUL1UXsSU45hO5UfgIivYyOuvSuOGSD5Rzm8Dos
yq9vynXIwGz1YGs3VCrsch/cEKALo2eFknyj0ghHbzvByFqP8FGVGBNVGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0C6nZpfppQX92fvdMXeU5PXIZHMB8GA1UdIwQY
MBaAFENeQZYNWQ6ZgE6Qua8DZVhMcSxyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTE1QmxnMVpEcG1BVHBDNXJ3TmxXRXh4TEhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83ZTJmMjgtNWNhZS00ZTZmLWE1ZjAt
MDFiYjVmZDUzNGY1LzEvWFFMcWRtbC1tbEJmM1otOTB4ZDVUazljaGtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83ZTJmMjgtNWNhZS00ZTZmLWE1ZjAtMDFiYjVmZDUzNGY1
LzEvUTE1QmxnMVpEcG1BVHBDNXJ3TmxXRXh4TEhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucSXMA0G
CSqGSIb3DQEBCwUAA4IBAQAmLKxpZUBgycO0I74eFvDXt330Pwu96qCOjoPeuIQu
PANQDuTvk7szK6yAj56ljHrwBJVycXyHUxicHkurDERExfks7uhKZi1RDhRIbQ/X
7R4U0ZSjym5PliRvHiHDte6LwwxiRFhOG8XQSTg9urBzkzC0JQirQxC/g6esg83T
x99xdFGxUr2QNJPqoXyrfzr0afbN/xd1PE48+Jd1xt4cTcw0j5tH6u1W/xdkHGr+
gQOp8pZT9l8SJ5tj1dxUxQh4Ld1qDUiytRV8e4gDURksBBiTFgbATCcEzJafJlR5
+Mg+OuK2kx6S6d22qyyfgF6qWd1KkIea0KiEWQ/AsZnC
-----END CERTIFICATE-----