Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/QfpzoDGYEHVJ7tPPLI83jP9QxD8.roa
File:                     QfpzoDGYEHVJ7tPPLI83jP9QxD8.roa (raw, json)
Hash identifier:          P1/MsYET87iJ1MBAfrhs4Z/tB2ahU1TEqCZIyTurxIs=
Subject key identifier:   41:FA:73:A0:31:98:10:75:49:EE:D3:CF:2C:8F:37:8C:FF:50:C4:3F
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       0190A10E1A44254284882E3322B84E390A73
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/QfpzoDGYEHVJ7tPPLI83jP9QxD8.roa
Signing time:             Thu 11 Jul 2024 09:09:34 +0000
ROA not before:           Thu 11 Jul 2024 09:09:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25462
IP address blocks:        87.245.216.0/21 maxlen: 21
                          149.255.128.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a1:0e:1a:44:25:42:84:88:2e:33:22:b8:4e:39:0a:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jul 11 09:09:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41fa73a03198107549eed3cf2c8f378cff50c43f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:00:a0:80:cb:7b:aa:6a:b6:a9:63:a3:d0:7d:
                    b1:4a:da:33:44:fa:56:39:2a:3b:a6:14:7d:67:f9:
                    fa:f9:b0:8f:a8:5f:e6:08:d0:a5:5d:53:2e:23:7d:
                    94:85:1c:6c:6d:a5:05:c8:5c:8d:70:38:7f:9f:07:
                    aa:a6:cc:7a:f7:42:50:5c:f1:8d:d3:56:c1:7f:87:
                    d5:4d:2b:a9:a4:f3:46:7b:48:31:a3:22:a4:b9:5a:
                    91:86:42:1c:00:f0:88:81:67:1e:10:0c:cb:bd:88:
                    58:cc:4a:93:7f:ba:5e:7d:eb:44:fe:eb:b9:09:63:
                    f2:d6:b8:de:5f:49:8d:ad:f8:94:b8:eb:71:6d:9a:
                    30:a9:fc:f0:e8:7f:6e:57:65:36:2e:dc:ce:4d:1d:
                    12:72:29:bd:b3:73:60:25:35:c1:8a:a1:20:87:9b:
                    18:37:0e:fa:98:de:0d:bf:a5:64:58:6a:4e:64:1e:
                    20:04:3f:b7:c4:83:55:64:90:78:b4:ca:1b:74:77:
                    78:ae:0b:73:e8:45:b3:e6:97:2b:57:86:0a:e8:a0:
                    01:b8:37:61:17:c6:bf:e6:3a:7c:b6:85:df:80:f3:
                    af:31:4e:73:e6:28:ed:4f:e4:f2:b4:21:ee:b7:ed:
                    63:52:25:8f:be:df:ad:a7:27:a0:e1:3e:2e:5f:ef:
                    f4:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:FA:73:A0:31:98:10:75:49:EE:D3:CF:2C:8F:37:8C:FF:50:C4:3F
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/QfpzoDGYEHVJ7tPPLI83jP9QxD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.245.216.0/21
                  149.255.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:ec:ae:26:c8:85:ba:e3:53:42:59:81:2e:6c:16:0c:94:f2:
         e8:df:86:cd:91:e7:f2:c6:52:e0:07:94:37:05:dc:5b:ce:c0:
         65:c7:22:cf:d8:74:ad:94:3a:66:3f:bb:1a:2d:96:52:85:70:
         46:e9:84:84:7b:71:6f:be:be:9a:7d:c1:1d:03:cd:ea:d0:d7:
         27:51:cd:e2:0a:16:93:a6:52:d4:14:99:9a:ce:ca:60:ba:51:
         f3:32:ad:ce:dc:b6:ec:46:96:32:98:01:cb:49:ce:18:df:a0:
         22:88:eb:f3:87:6c:a8:a9:77:05:53:52:dd:d0:fb:0f:77:da:
         1e:5f:c5:3e:4f:ce:ba:5f:5b:40:67:43:90:8f:8f:74:05:df:
         0e:c7:ac:72:6b:f3:c6:0d:a6:ee:4f:4f:7c:d4:17:38:62:af:
         5e:1f:82:34:af:87:50:52:71:bd:e8:25:04:28:c9:11:4f:fe:
         50:07:0c:0f:93:bd:c5:5a:df:6d:de:c7:12:9b:14:86:69:83:
         7e:07:65:ed:71:c3:06:6a:51:25:9d:58:3f:b2:61:f8:ac:c4:
         92:31:e1:f6:5e:0c:56:91:3f:a9:66:d8:7a:e3:d6:69:05:99:
         94:3c:18:05:7b:43:09:ba:25:23:38:4b:75:32:e3:97:ad:4d:
         8d:4f:f7:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZChDhpEJUKEiC4zIrhOOQpzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjQwNzExMDkwOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWZhNzNhMDMxOTgxMDc1NDllZWQzY2YyYzhmMzc4Y2ZmNTBjNDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ACggMt7qmq2qWOj0H2xStozRPpW
OSo7phR9Z/n6+bCPqF/mCNClXVMuI32UhRxsbaUFyFyNcDh/nweqpsx690JQXPGN
01bBf4fVTSuppPNGe0gxoyKkuVqRhkIcAPCIgWceEAzLvYhYzEqTf7pefetE/uu5
CWPy1rjeX0mNrfiUuOtxbZowqfzw6H9uV2U2LtzOTR0Scim9s3NgJTXBiqEgh5sY
Nw76mN4Nv6VkWGpOZB4gBD+3xINVZJB4tMobdHd4rgtz6EWz5pcrV4YK6KABuDdh
F8a/5jp8toXfgPOvMU5z5ijtT+TytCHut+1jUiWPvt+tpyeg4T4uX+/0rQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEH6c6AxmBB1Se7TzyyPN4z/UMQ/MB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvUWZwem9ER1lFSFZKN3RQUExJODNqUDlReEQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDV/XYAwQC
lf+AMA0GCSqGSIb3DQEBCwUAA4IBAQAp7K4myIW641NCWYEubBYMlPLo34bNkefy
xlLgB5Q3BdxbzsBlxyLP2HStlDpmP7saLZZShXBG6YSEe3Fvvr6afcEdA83q0Ncn
Uc3iChaTplLUFJmazspgulHzMq3O3LbsRpYymAHLSc4Y36AiiOvzh2yoqXcFU1Ld
0PsPd9oeX8U+T866X1tAZ0OQj490Bd8Ox6xya/PGDabuT0981Bc4Yq9eH4I0r4dQ
UnG96CUEKMkRT/5QBwwPk73FWt9t3scSmxSGaYN+B2XtccMGalElnVg/smH4rMSS
MeH2XgxWkT+pZth649ZpBZmUPBgFe0MJuiUjOEt1MuOXrU2NT/eQ
-----END CERTIFICATE-----