Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/QOBXUK2eWdi2Xs0eVrU9f29djBA.roa
File:                     QOBXUK2eWdi2Xs0eVrU9f29djBA.roa (raw, json)
Hash identifier:          FlnZK78Kp47RPmgz3alOCKMVyfm/4WPjMFqp9esIgFA=
Subject key identifier:   40:E0:57:50:AD:9E:59:D8:B6:5E:CD:1E:56:B5:3D:7F:6F:5D:8C:10
Certificate issuer:       /CN=05b3017c1693b945b5eda091ec93f85c1be1df36
Certificate serial:       0194228E28C627244DC406BFC091101AC1C4
Authority key identifier: 05:B3:01:7C:16:93:B9:45:B5:ED:A0:91:EC:93:F8:5C:1B:E1:DF:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbMBfBaTuUW17aCR7JP4XBvh3zY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/QOBXUK2eWdi2Xs0eVrU9f29djBA.roa
Signing time:             Wed 01 Jan 2025 15:48:49 +0000
ROA not before:           Wed 01 Jan 2025 15:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     46235
IP address blocks:        195.60.208.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/BbMBfBaTuUW17aCR7JP4XBvh3zY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/BbMBfBaTuUW17aCR7JP4XBvh3zY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbMBfBaTuUW17aCR7JP4XBvh3zY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:28:c6:27:24:4d:c4:06:bf:c0:91:10:1a:c1:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b3017c1693b945b5eda091ec93f85c1be1df36
        Validity
            Not Before: Jan  1 15:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40e05750ad9e59d8b65ecd1e56b53d7f6f5d8c10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:6d:e4:5a:3b:a0:d3:23:0c:6a:96:34:34:bc:
                    c5:c7:61:e2:26:1a:34:36:b3:ff:1c:14:b6:4a:2d:
                    ac:d7:5c:4c:35:09:ad:42:da:99:94:fd:5d:13:d0:
                    19:3e:71:22:81:2d:7f:7b:1f:bc:f0:df:f1:2f:de:
                    a8:18:5b:36:bc:88:3d:81:f4:1b:85:aa:02:68:8a:
                    4b:08:22:40:14:37:f8:97:fc:f6:33:6c:f5:f8:d5:
                    b8:41:7d:d1:d0:96:b1:bf:88:62:e5:1c:a0:9a:2e:
                    b5:84:5f:69:bf:48:5c:2e:0a:ed:fa:a4:0a:3e:4a:
                    e9:1c:49:54:b3:91:dc:7e:22:99:7e:ef:2a:30:f7:
                    44:2b:f2:90:b7:a2:0b:50:6e:b4:0e:c5:9f:04:5f:
                    ff:9d:ce:a4:d8:1c:c5:29:48:61:b6:4a:ab:9e:9a:
                    6f:f7:44:48:5c:86:d9:a2:2a:92:f6:47:18:6a:11:
                    dd:ff:0c:35:5e:bf:81:8d:d8:0f:9b:85:05:db:f9:
                    a3:53:32:bf:4b:7f:3a:0c:24:ba:e3:02:4d:8f:5a:
                    c8:80:27:c1:8c:5b:0d:39:32:05:f2:be:52:f3:6a:
                    ee:c3:14:b0:0d:c7:a2:58:36:1b:ca:7b:c0:db:4d:
                    1c:f1:d4:46:7c:06:ea:7b:b2:97:5a:96:27:0f:ad:
                    62:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:E0:57:50:AD:9E:59:D8:B6:5E:CD:1E:56:B5:3D:7F:6F:5D:8C:10
            X509v3 Authority Key Identifier:
                keyid:05:B3:01:7C:16:93:B9:45:B5:ED:A0:91:EC:93:F8:5C:1B:E1:DF:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbMBfBaTuUW17aCR7JP4XBvh3zY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/QOBXUK2eWdi2Xs0eVrU9f29djBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/BbMBfBaTuUW17aCR7JP4XBvh3zY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:1d:f2:37:e0:83:b3:b5:89:e9:cc:6d:36:01:58:ff:19:49:
         d4:e8:5e:67:d0:ee:14:11:3a:41:42:f8:dc:af:eb:c8:0c:f3:
         b4:ac:e3:16:37:8e:93:b1:0d:48:dc:52:41:17:94:3f:ea:58:
         8e:e9:7e:01:55:7c:30:7e:b8:08:c4:03:67:22:2e:2f:47:5d:
         4d:2e:fa:12:07:62:8b:5e:0f:f1:0f:ec:4e:09:98:5b:3b:5c:
         6c:b9:53:94:d3:c3:26:24:8d:fd:a0:21:9b:5c:c1:b6:b9:6c:
         8e:2d:c1:a4:35:e8:e1:8b:aa:db:14:b7:fc:2d:da:ac:ff:80:
         4c:75:e8:f0:e3:0b:6e:eb:0f:4e:19:66:00:b4:a8:7e:17:9c:
         1e:ac:91:68:6f:0b:25:d8:0c:d9:cd:c9:61:b6:d7:d6:23:6d:
         f1:9e:40:7c:6d:ef:1e:d9:46:14:3b:99:90:3b:0a:b1:d8:2c:
         d3:77:94:1b:77:3d:0b:f3:ee:fd:2e:c4:84:b9:22:40:91:d0:
         af:b8:a1:1e:de:43:32:1e:4c:dd:f2:ec:c0:66:de:6a:63:f1:
         93:66:6e:97:be:4b:56:3a:a8:fa:78:20:10:9e:fd:6b:b5:9c:
         5a:55:db:16:5e:7f:ff:b2:80:5b:8d:0a:61:66:8f:4d:c8:60:
         ea:87:2b:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijijGJyRNxAa/wJEQGsHEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjMwMTdjMTY5M2I5NDViNWVkYTA5MWVjOTNmODVjMWJl
MWRmMzYwHhcNMjUwMTAxMTU0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGUwNTc1MGFkOWU1OWQ4YjY1ZWNkMWU1NmI1M2Q3ZjZmNWQ4YzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2G3kWjug0yMMapY0NLzFx2HiJho0
NrP/HBS2Si2s11xMNQmtQtqZlP1dE9AZPnEigS1/ex+88N/xL96oGFs2vIg9gfQb
haoCaIpLCCJAFDf4l/z2M2z1+NW4QX3R0Jaxv4hi5Rygmi61hF9pv0hcLgrt+qQK
PkrpHElUs5HcfiKZfu8qMPdEK/KQt6ILUG60DsWfBF//nc6k2BzFKUhhtkqrnppv
90RIXIbZoiqS9kcYahHd/ww1Xr+BjdgPm4UF2/mjUzK/S386DCS64wJNj1rIgCfB
jFsNOTIF8r5S82ruwxSwDceiWDYbynvA200c8dRGfAbqe7KXWpYnD61ilwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDgV1CtnlnYtl7NHla1PX9vXYwQMB8GA1UdIwQY
MBaAFAWzAXwWk7lFte2gkeyT+Fwb4d82MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJNQmZCYVR1VVcxN2FDUjdKUDRYQnZoM3pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC81Zjc1YWQtODNhNi00OTg0LTg2ZmQt
YWEyNzdlMzg5ZmRjLzEvUU9CWFVLMmVXZGkyWHMwZVZyVTlmMjlkakJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC81Zjc1YWQtODNhNi00OTg0LTg2ZmQtYWEyNzdlMzg5ZmRj
LzEvQmJNQmZCYVR1VVcxN2FDUjdKUDRYQnZoM3pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwzzQMA0G
CSqGSIb3DQEBCwUAA4IBAQBsHfI34IOztYnpzG02AVj/GUnU6F5n0O4UETpBQvjc
r+vIDPO0rOMWN46TsQ1I3FJBF5Q/6liO6X4BVXwwfrgIxANnIi4vR11NLvoSB2KL
Xg/xD+xOCZhbO1xsuVOU08MmJI39oCGbXMG2uWyOLcGkNejhi6rbFLf8Ldqs/4BM
dejw4wtu6w9OGWYAtKh+F5werJFobwsl2AzZzclhttfWI23xnkB8be8e2UYUO5mQ
Owqx2CzTd5Qbdz0L8+79LsSEuSJAkdCvuKEe3kMyHkzd8uzAZt5qY/GTZm6XvktW
Oqj6eCAQnv1rtZxaVdsWXn//soBbjQphZo9NyGDqhysW
-----END CERTIFICATE-----