Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/QQQnQcpvGBf2C-BzCpjUlxD_kV0.roa
File:                     QQQnQcpvGBf2C-BzCpjUlxD_kV0.roa (raw, json)
Hash identifier:          3oCmUMut8zjGqT5v8Ibyl5GG5ZNBsCX2Q1FPnCYPFwc=
Subject key identifier:   41:04:27:41:CA:6F:18:17:F6:0B:E0:73:0A:98:D4:97:10:FF:91:5D
Certificate issuer:       /CN=ff44dbaca56dac319401f68a50d917f5424611ad
Certificate serial:       019421438A284D5CC2D27647650D576B218C
Authority key identifier: FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/QQQnQcpvGBf2C-BzCpjUlxD_kV0.roa
Signing time:             Wed 01 Jan 2025 09:47:41 +0000
ROA not before:           Wed 01 Jan 2025 09:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200435
IP address blocks:        94.143.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:8a:28:4d:5c:c2:d2:76:47:65:0d:57:6b:21:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff44dbaca56dac319401f68a50d917f5424611ad
        Validity
            Not Before: Jan  1 09:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41042741ca6f1817f60be0730a98d49710ff915d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:33:61:9b:7b:6a:2f:db:7f:8d:09:ee:3e:2a:
                    f8:97:08:27:91:5c:45:95:81:8b:0d:a2:a5:1a:ca:
                    b1:f8:38:50:27:cd:0b:5b:dc:ca:8f:1b:b2:d4:04:
                    07:23:03:1d:ce:d6:00:d5:8a:af:16:83:26:ad:e8:
                    92:49:49:51:da:92:08:ac:20:bb:01:58:c5:10:bf:
                    0b:11:6f:94:75:28:8b:88:da:2d:1b:92:4a:eb:e1:
                    be:8f:5b:36:95:05:b4:e1:2d:17:48:ee:a1:29:5a:
                    8b:5d:d1:68:e6:00:68:25:e2:80:c1:c5:ba:c9:fc:
                    01:5d:3e:55:0d:9e:07:af:24:78:c8:be:12:3e:ec:
                    01:33:9f:ad:24:93:50:47:73:eb:a4:0c:3a:41:80:
                    d0:dd:58:2a:92:35:e8:01:3c:d4:9f:54:3f:68:71:
                    0b:c2:cf:4f:56:87:55:3f:54:88:84:ab:c7:7a:18:
                    90:af:8d:39:78:a7:5e:80:71:c3:e5:cd:06:a2:89:
                    c7:c4:a3:eb:54:a6:ab:2a:69:7f:7f:40:b8:77:81:
                    92:ad:41:a8:33:da:e0:8b:3f:f3:3d:94:6f:b0:ad:
                    e1:ed:11:48:5b:a5:d4:c4:dc:35:0e:9d:cc:fb:2e:
                    c7:e3:d9:a0:4c:a8:b3:ae:51:17:a9:57:56:a7:2b:
                    0e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:04:27:41:CA:6F:18:17:F6:0B:E0:73:0A:98:D4:97:10:FF:91:5D
            X509v3 Authority Key Identifier:
                keyid:FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/QQQnQcpvGBf2C-BzCpjUlxD_kV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.143.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:bf:67:d7:6f:75:9e:e1:6b:8b:d8:2c:1b:04:1a:a6:03:4f:
         29:6a:13:71:23:c6:d7:35:b2:e2:f7:2f:1f:71:e9:1d:4d:d8:
         c2:1f:ab:69:47:4e:62:7c:c5:99:74:78:cb:b6:d2:be:cb:7c:
         43:98:e4:80:27:a9:34:ac:49:b3:cd:5b:81:0e:53:2e:bf:a2:
         6b:e8:f4:1a:b9:56:76:0c:6a:bf:41:dc:92:7b:91:8e:d0:c3:
         30:dc:a9:93:54:33:fd:c6:59:6d:11:25:36:e1:7f:e4:57:8e:
         7d:52:b4:00:6a:ea:e2:78:1e:c7:0b:a1:d2:2c:06:31:cc:1f:
         b3:d6:f5:d3:d1:2f:82:fa:0c:e4:fd:01:93:8d:15:f6:79:11:
         30:15:d0:52:fc:9c:38:58:63:2e:f3:33:82:b0:0a:21:31:08:
         22:b0:89:51:33:47:6c:d8:d7:8b:35:12:df:4c:16:ce:61:7b:
         9c:5c:1b:4d:7b:11:bf:27:76:ef:5f:8b:c6:49:03:39:5e:42:
         6f:4e:38:67:3c:8f:a6:fa:22:61:8a:af:6f:89:7e:64:8b:ed:
         e1:13:ed:23:29:11:78:27:f6:6e:d8:c1:a7:05:cb:b9:77:53:
         60:ad:5c:52:84:dc:79:2c:b4:45:2d:67:19:3e:1e:d1:03:d6:
         03:67:1c:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ4ooTVzC0nZHZQ1XayGMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNDRkYmFjYTU2ZGFjMzE5NDAxZjY4YTUwZDkxN2Y1NDI0
NjExYWQwHhcNMjUwMTAxMDk0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTA0Mjc0MWNhNmYxODE3ZjYwYmUwNzMwYTk4ZDQ5NzEwZmY5MTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTNhm3tqL9t/jQnuPir4lwgnkVxF
lYGLDaKlGsqx+DhQJ80LW9zKjxuy1AQHIwMdztYA1YqvFoMmreiSSUlR2pIIrCC7
AVjFEL8LEW+UdSiLiNotG5JK6+G+j1s2lQW04S0XSO6hKVqLXdFo5gBoJeKAwcW6
yfwBXT5VDZ4HryR4yL4SPuwBM5+tJJNQR3PrpAw6QYDQ3VgqkjXoATzUn1Q/aHEL
ws9PVodVP1SIhKvHehiQr405eKdegHHD5c0GoonHxKPrVKarKml/f0C4d4GSrUGo
M9rgiz/zPZRvsK3h7RFIW6XUxNw1Dp3M+y7H49mgTKizrlEXqVdWpysO+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEEEJ0HKbxgX9gvgcwqY1JcQ/5FdMB8GA1UdIwQY
MBaAFP9E26ylbawxlAH2ilDZF/VCRhGtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4Mjct
YzVkODk1MDgxOGVjLzEvUVFRblFjcHZHQmYyQy1CekNwalVseERfa1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4MjctYzVkODk1MDgxOGVj
LzEvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXo/hMA0G
CSqGSIb3DQEBCwUAA4IBAQBCv2fXb3We4WuL2CwbBBqmA08pahNxI8bXNbLi9y8f
cekdTdjCH6tpR05ifMWZdHjLttK+y3xDmOSAJ6k0rEmzzVuBDlMuv6Jr6PQauVZ2
DGq/QdySe5GO0MMw3KmTVDP9xlltESU24X/kV459UrQAaurieB7HC6HSLAYxzB+z
1vXT0S+C+gzk/QGTjRX2eREwFdBS/Jw4WGMu8zOCsAohMQgisIlRM0ds2NeLNRLf
TBbOYXucXBtNexG/J3bvX4vGSQM5XkJvTjhnPI+m+iJhiq9viX5ki+3hE+0jKRF4
J/Zu2MGnBcu5d1NgrVxShNx5LLRFLWcZPh7RA9YDZxxt
-----END CERTIFICATE-----