Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/QNGb0gtG4GRClc-idD7pOZ3NKu4.roa
File:                     QNGb0gtG4GRClc-idD7pOZ3NKu4.roa (raw, json)
Hash identifier:          RBMmyAJB99vMalTNtIMZJrCnoBdNekiveW7iLd5Zyt4=
Subject key identifier:   40:D1:9B:D2:0B:46:E0:64:42:95:CF:A2:74:3E:E9:39:9D:CD:2A:EE
Certificate issuer:       /CN=4dc391dc615fd4a3ad10c0f2ab8b0a506d039ed8
Certificate serial:       01942521FADC91F7387DFE843C1600A3AC74
Authority key identifier: 4D:C3:91:DC:61:5F:D4:A3:AD:10:C0:F2:AB:8B:0A:50:6D:03:9E:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TcOR3GFf1KOtEMDyq4sKUG0Dntg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/QNGb0gtG4GRClc-idD7pOZ3NKu4.roa
Signing time:             Thu 02 Jan 2025 03:49:31 +0000
ROA not before:           Thu 02 Jan 2025 03:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1241
IP address blocks:        185.117.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/TcOR3GFf1KOtEMDyq4sKUG0Dntg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/TcOR3GFf1KOtEMDyq4sKUG0Dntg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TcOR3GFf1KOtEMDyq4sKUG0Dntg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:fa:dc:91:f7:38:7d:fe:84:3c:16:00:a3:ac:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dc391dc615fd4a3ad10c0f2ab8b0a506d039ed8
        Validity
            Not Before: Jan  2 03:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40d19bd20b46e0644295cfa2743ee9399dcd2aee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:75:c4:9c:9f:3e:c7:bc:7a:59:c7:75:aa:8c:
                    fc:e1:16:c5:6e:72:89:01:96:ad:bd:e7:a0:43:b6:
                    23:b0:ff:05:a7:e6:22:20:b6:73:37:3e:44:c0:ea:
                    1c:cc:d4:b9:8c:9b:7e:46:9c:2e:df:3e:71:60:1b:
                    ad:c5:d2:a0:22:4b:90:65:e4:21:a4:b4:40:61:84:
                    77:2c:94:26:54:55:60:c5:dd:79:8d:8e:42:e7:d4:
                    ab:74:0e:be:30:e7:f4:2a:0a:47:a6:b7:d2:2e:fc:
                    aa:0f:cd:d0:af:91:07:df:60:e9:ff:fe:ec:83:18:
                    5e:01:a6:05:c3:85:50:f2:8b:c5:2c:08:68:5a:31:
                    bf:7f:aa:bb:f4:fc:e0:b9:28:27:21:25:04:9a:4c:
                    1e:39:ed:21:4e:a9:a9:c5:0c:f4:32:a9:13:ee:84:
                    30:ef:cd:a5:10:7e:af:37:a0:bf:cd:f6:f4:50:92:
                    d0:f7:ee:7f:e6:d8:8c:e5:8f:6e:03:80:9c:0a:87:
                    84:03:12:51:f1:d4:de:a3:df:3b:63:70:16:db:7e:
                    ae:c4:f0:b6:f0:5f:13:f2:50:ba:e4:0e:38:26:a5:
                    29:51:24:52:dd:52:88:f2:7b:d1:55:de:d2:fa:47:
                    e2:7f:db:f9:bd:8b:17:a0:b3:41:ff:d4:3e:cb:4c:
                    f7:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:D1:9B:D2:0B:46:E0:64:42:95:CF:A2:74:3E:E9:39:9D:CD:2A:EE
            X509v3 Authority Key Identifier:
                keyid:4D:C3:91:DC:61:5F:D4:A3:AD:10:C0:F2:AB:8B:0A:50:6D:03:9E:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TcOR3GFf1KOtEMDyq4sKUG0Dntg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/QNGb0gtG4GRClc-idD7pOZ3NKu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/d66a58-fdf5-491e-b511-fd2915d4cd5a/1/TcOR3GFf1KOtEMDyq4sKUG0Dntg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:ae:6b:f6:4d:0c:bf:4d:62:87:7a:14:f4:cd:b6:81:ef:7b:
         6f:b1:47:4c:b7:97:e4:7b:6e:49:40:31:60:db:7c:81:f2:5f:
         0d:8a:8b:ce:1b:5e:2e:3f:2f:2f:6d:ac:f2:c0:ae:16:77:3b:
         b5:c1:30:a2:b9:fd:56:9a:af:ff:8d:ca:9c:b2:3b:72:44:ab:
         f2:05:13:24:71:a3:eb:be:5d:46:96:df:8a:7c:84:d8:ef:9c:
         aa:b3:0c:35:c8:4a:0a:89:f7:0e:66:5d:7f:63:7d:0a:03:b1:
         70:00:40:f3:80:4e:0b:9e:8e:00:0d:81:0b:c9:a5:96:ea:9d:
         69:78:95:f0:9b:71:c7:3a:ed:da:0c:8b:84:e7:7e:87:02:5d:
         a9:19:b2:8a:c9:48:0a:f8:bb:bf:28:96:fd:89:52:0b:17:18:
         09:2d:78:f0:da:ee:41:37:5e:20:f4:24:37:14:2e:4b:f6:be:
         0a:13:eb:c2:7d:2d:c6:f2:84:13:ff:32:19:8d:cc:68:03:b0:
         ac:88:05:72:76:7c:dd:96:49:fd:75:f4:83:70:20:d6:5c:f0:
         2a:f0:70:2e:e4:5e:24:ef:55:c0:f5:de:e0:b3:72:f4:c1:1f:
         11:ab:ee:67:84:59:7f:e7:77:50:39:de:17:5d:74:f7:06:34:
         b8:3d:05:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIfrckfc4ff6EPBYAo6x0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYzM5MWRjNjE1ZmQ0YTNhZDEwYzBmMmFiOGIwYTUwNmQw
MzllZDgwHhcNMjUwMTAyMDM0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGQxOWJkMjBiNDZlMDY0NDI5NWNmYTI3NDNlZTkzOTlkY2QyYWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnXEnJ8+x7x6Wcd1qoz84RbFbnKJ
AZatveegQ7YjsP8Fp+YiILZzNz5EwOoczNS5jJt+Rpwu3z5xYButxdKgIkuQZeQh
pLRAYYR3LJQmVFVgxd15jY5C59SrdA6+MOf0KgpHprfSLvyqD83Qr5EH32Dp//7s
gxheAaYFw4VQ8ovFLAhoWjG/f6q79PzguSgnISUEmkweOe0hTqmpxQz0MqkT7oQw
782lEH6vN6C/zfb0UJLQ9+5/5tiM5Y9uA4CcCoeEAxJR8dTeo987Y3AW236uxPC2
8F8T8lC65A44JqUpUSRS3VKI8nvRVd7S+kfif9v5vYsXoLNB/9Q+y0z3EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDRm9ILRuBkQpXPonQ+6TmdzSruMB8GA1UdIwQY
MBaAFE3DkdxhX9SjrRDA8quLClBtA57YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGNPUjNHRmYxS090RU1EeXE0c0tVRzBEbnRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9kNjZhNTgtZmRmNS00OTFlLWI1MTEt
ZmQyOTE1ZDRjZDVhLzEvUU5HYjBndEc0R1JDbGMtaWREN3BPWjNOS3U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9kNjZhNTgtZmRmNS00OTFlLWI1MTEtZmQyOTE1ZDRjZDVh
LzEvVGNPUjNHRmYxS090RU1EeXE0c0tVRzBEbnRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXXlMA0G
CSqGSIb3DQEBCwUAA4IBAQAbrmv2TQy/TWKHehT0zbaB73tvsUdMt5fke25JQDFg
23yB8l8NiovOG14uPy8vbazywK4Wdzu1wTCiuf1Wmq//jcqcsjtyRKvyBRMkcaPr
vl1Glt+KfITY75yqsww1yEoKifcOZl1/Y30KA7FwAEDzgE4Lno4ADYELyaWW6p1p
eJXwm3HHOu3aDIuE536HAl2pGbKKyUgK+Lu/KJb9iVILFxgJLXjw2u5BN14g9CQ3
FC5L9r4KE+vCfS3G8oQT/zIZjcxoA7CsiAVydnzdlkn9dfSDcCDWXPAq8HAu5F4k
71XA9d7gs3L0wR8Rq+5nhFl/53dQOd4XXXT3BjS4PQXF
-----END CERTIFICATE-----