Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/qUqbG1fI6WnBp5sF-Oa70_Lholo.roa
File:                     qUqbG1fI6WnBp5sF-Oa70_Lholo.roa (raw, json)
Hash identifier:          Onc/iKE+MBUdx68cwO8V8LQmCLrY9+uNfRvlbv3SVUg=
Subject key identifier:   A9:4A:9B:1B:57:C8:E9:69:C1:A7:9B:05:F8:E6:BB:D3:F2:E1:A2:5A
Certificate issuer:       /CN=f1a06c6c108e9419b2cdb21d48b49a6bbd6c16df
Certificate serial:       01942747E16264F13F2379E9C74EBFCDF416
Authority key identifier: F1:A0:6C:6C:10:8E:94:19:B2:CD:B2:1D:48:B4:9A:6B:BD:6C:16:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8aBsbBCOlBmyzbIdSLSaa71sFt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/qUqbG1fI6WnBp5sF-Oa70_Lholo.roa
Signing time:             Thu 02 Jan 2025 13:50:09 +0000
ROA not before:           Thu 02 Jan 2025 13:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20570
IP address blocks:        194.127.208.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/8aBsbBCOlBmyzbIdSLSaa71sFt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/8aBsbBCOlBmyzbIdSLSaa71sFt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8aBsbBCOlBmyzbIdSLSaa71sFt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 19:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e1:62:64:f1:3f:23:79:e9:c7:4e:bf:cd:f4:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1a06c6c108e9419b2cdb21d48b49a6bbd6c16df
        Validity
            Not Before: Jan  2 13:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a94a9b1b57c8e969c1a79b05f8e6bbd3f2e1a25a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0e:2d:87:5c:d8:eb:58:8e:65:17:e6:51:fe:
                    41:54:ab:4a:89:73:b6:10:4c:2d:f4:5c:c5:c7:d9:
                    f7:67:bc:0b:6f:ad:ca:2f:43:68:d2:74:cf:a2:af:
                    95:64:97:43:89:05:3d:db:c4:bf:e1:a7:b7:0f:92:
                    99:b1:6b:c5:42:12:f0:b9:56:08:63:b1:bf:80:24:
                    be:c9:01:a4:0d:63:98:29:15:ab:11:0c:3b:f3:4a:
                    8d:66:b6:09:93:e7:51:5e:58:58:c2:64:32:f8:c5:
                    5d:cb:3c:13:e6:01:c2:5f:dc:9f:13:d0:69:8b:0d:
                    09:77:cb:83:bc:b4:58:0c:e7:19:a0:1e:3e:ec:ec:
                    e3:5b:5b:c0:aa:56:ff:15:df:05:de:4a:a6:52:91:
                    cb:19:2c:bd:ed:7a:ba:af:1a:12:02:6c:34:96:c0:
                    ed:3e:67:e6:d6:61:0d:7b:25:0a:d2:d0:93:2c:76:
                    16:e1:26:63:e0:61:ca:61:c6:dd:87:61:f3:b5:9b:
                    12:90:86:2b:07:5f:ee:66:7a:16:45:71:f0:ab:5a:
                    5f:52:c0:53:c3:23:5a:e5:0c:13:b7:f8:3f:ab:6a:
                    32:cd:f5:cb:71:57:20:05:82:4e:32:70:fc:1c:1b:
                    0f:3b:af:87:40:ef:9d:ff:91:08:e0:8b:67:3e:13:
                    d7:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:4A:9B:1B:57:C8:E9:69:C1:A7:9B:05:F8:E6:BB:D3:F2:E1:A2:5A
            X509v3 Authority Key Identifier:
                keyid:F1:A0:6C:6C:10:8E:94:19:B2:CD:B2:1D:48:B4:9A:6B:BD:6C:16:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8aBsbBCOlBmyzbIdSLSaa71sFt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/qUqbG1fI6WnBp5sF-Oa70_Lholo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/8aBsbBCOlBmyzbIdSLSaa71sFt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:3f:79:bd:4e:ef:bc:99:d6:0d:29:a5:e9:62:ac:21:6e:4a:
         79:0b:f3:94:50:17:c0:e9:d4:75:da:3c:0c:7b:b0:ed:37:69:
         ca:f8:fe:3d:de:88:74:4c:b8:ac:31:72:60:dc:28:71:69:9c:
         7c:b8:cf:68:15:f9:1a:e6:41:a4:76:c0:51:26:72:53:52:90:
         05:7b:c0:cf:af:31:fa:34:8a:e0:f5:77:f3:5d:b9:f0:f7:f8:
         3f:c1:65:ab:9f:9c:ad:25:c6:61:52:14:dc:03:89:0e:5d:9a:
         51:0b:21:db:cb:19:5b:25:28:a9:44:6e:dd:ec:74:b3:75:f8:
         56:ab:70:a9:7c:ad:76:5b:6b:e1:c5:28:ca:2f:a5:59:9d:12:
         d2:9f:f4:f9:cb:7e:ad:56:aa:5c:c8:bd:9c:7a:ef:bd:a9:ed:
         bb:2d:94:cd:22:27:ff:d8:c1:bf:4a:a7:b2:7b:6e:08:6b:66:
         c8:c5:96:6e:47:9f:6e:bb:cb:1c:91:c8:16:33:d5:fe:e9:be:
         07:86:73:31:d8:88:7b:7e:f4:e8:c3:e6:cc:ff:2b:ee:ce:01:
         b1:e7:d2:37:5d:c6:58:f8:c6:d3:8f:bf:97:e9:ba:ee:f4:91:
         bd:70:66:39:d5:dd:58:80:0f:eb:64:15:4e:96:43:63:54:d8:
         8e:ba:82:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+FiZPE/I3npx06/zfQWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYTA2YzZjMTA4ZTk0MTliMmNkYjIxZDQ4YjQ5YTZiYmQ2
YzE2ZGYwHhcNMjUwMTAyMTM1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTRhOWIxYjU3YzhlOTY5YzFhNzliMDVmOGU2YmJkM2YyZTFhMjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsg4th1zY61iOZRfmUf5BVKtKiXO2
EEwt9FzFx9n3Z7wLb63KL0No0nTPoq+VZJdDiQU928S/4ae3D5KZsWvFQhLwuVYI
Y7G/gCS+yQGkDWOYKRWrEQw780qNZrYJk+dRXlhYwmQy+MVdyzwT5gHCX9yfE9Bp
iw0Jd8uDvLRYDOcZoB4+7OzjW1vAqlb/Fd8F3kqmUpHLGSy97Xq6rxoSAmw0lsDt
Pmfm1mENeyUK0tCTLHYW4SZj4GHKYcbdh2HztZsSkIYrB1/uZnoWRXHwq1pfUsBT
wyNa5QwTt/g/q2oyzfXLcVcgBYJOMnD8HBsPO6+HQO+d/5EI4ItnPhPXvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKlKmxtXyOlpwaebBfjmu9Py4aJaMB8GA1UdIwQY
MBaAFPGgbGwQjpQZss2yHUi0mmu9bBbfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGFCc2JCQ09sQm15emJJZFNMU2FhNzFzRnQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9kZWY2NDctOTE4Ni00NzI5LWJiOTkt
MTQyZWJlODY5MzE2LzEvcVVxYkcxZkk2V25CcDVzRi1PYTcwX0xob2xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9kZWY2NDctOTE4Ni00NzI5LWJiOTktMTQyZWJlODY5MzE2
LzEvOGFCc2JCQ09sQm15emJJZFNMU2FhNzFzRnQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwn/QMA0G
CSqGSIb3DQEBCwUAA4IBAQCLP3m9Tu+8mdYNKaXpYqwhbkp5C/OUUBfA6dR12jwM
e7DtN2nK+P493oh0TLisMXJg3ChxaZx8uM9oFfka5kGkdsBRJnJTUpAFe8DPrzH6
NIrg9XfzXbnw9/g/wWWrn5ytJcZhUhTcA4kOXZpRCyHbyxlbJSipRG7d7HSzdfhW
q3CpfK12W2vhxSjKL6VZnRLSn/T5y36tVqpcyL2ceu+9qe27LZTNIif/2MG/Sqey
e24Ia2bIxZZuR59uu8sckcgWM9X+6b4HhnMx2Ih7fvTow+bM/yvuzgGx59I3XcZY
+MbTj7+X6bru9JG9cGY51d1YgA/rZBVOlkNjVNiOuoI/
-----END CERTIFICATE-----