Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/qYy8XmUApmSr7E4zGQ4BdVZDGb4.roa
File:                     qYy8XmUApmSr7E4zGQ4BdVZDGb4.roa (raw, json)
Hash identifier:          Fn2Mqkncw63T9+361k6HpXw83uUzWzsG0tY0nJ1gyjM=
Subject key identifier:   A9:8C:BC:5E:65:00:A6:64:AB:EC:4E:33:19:0E:01:75:56:43:19:BE
Certificate issuer:       /CN=c11909548695f18c04cb895e2aceeb1103e03e12
Certificate serial:       0194266C13DE019272CF84CA281D935856A3
Authority key identifier: C1:19:09:54:86:95:F1:8C:04:CB:89:5E:2A:CE:EB:11:03:E0:3E:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wRkJVIaV8YwEy4leKs7rEQPgPhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/qYy8XmUApmSr7E4zGQ4BdVZDGb4.roa
Signing time:             Thu 02 Jan 2025 09:50:04 +0000
ROA not before:           Thu 02 Jan 2025 09:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        84.252.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/wRkJVIaV8YwEy4leKs7rEQPgPhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/wRkJVIaV8YwEy4leKs7rEQPgPhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wRkJVIaV8YwEy4leKs7rEQPgPhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 18:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:13:de:01:92:72:cf:84:ca:28:1d:93:58:56:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c11909548695f18c04cb895e2aceeb1103e03e12
        Validity
            Not Before: Jan  2 09:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a98cbc5e6500a664abec4e33190e0175564319be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:61:32:d2:e0:c9:ad:f4:e7:ba:ef:81:04:7b:
                    7b:3b:51:45:26:f0:8d:e8:e7:59:bc:40:30:4d:35:
                    dd:e3:3f:3b:23:1b:c8:e4:33:f7:0b:6a:c6:fd:1b:
                    b7:31:75:20:66:4b:f2:b8:a4:c6:80:66:2b:ee:3e:
                    fb:e9:ac:85:d2:75:bb:76:d4:0b:84:76:31:36:ca:
                    e1:63:be:a8:c9:96:1d:66:7b:7f:d7:1e:b1:e1:c6:
                    05:9c:e7:3d:13:45:cd:a8:a0:33:2b:fd:7e:7b:06:
                    9f:51:da:2c:03:4c:64:98:c1:b8:91:1a:b7:a1:46:
                    15:d3:2b:c2:5b:ee:ef:46:a3:ee:58:56:a6:f9:45:
                    b5:a1:cf:28:70:9d:02:04:03:dc:d4:46:25:ab:66:
                    1d:79:ec:c4:7c:78:48:91:b9:0f:9f:93:1e:6d:f1:
                    b4:7b:d7:44:41:e4:25:8d:06:47:1c:2c:fe:cb:96:
                    ea:12:7b:34:79:66:4a:07:a7:e8:5c:cb:83:af:05:
                    0e:57:39:8e:df:d5:e8:5d:ba:f6:ee:2c:b3:0e:07:
                    63:cf:cb:24:32:45:ef:c3:5d:4d:14:cb:0a:1a:2c:
                    3b:53:f4:17:5e:5e:f3:29:81:e8:80:fc:64:02:e6:
                    4d:f3:c4:ae:ba:c8:63:41:a5:86:c9:c8:d7:6d:58:
                    8b:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:8C:BC:5E:65:00:A6:64:AB:EC:4E:33:19:0E:01:75:56:43:19:BE
            X509v3 Authority Key Identifier:
                keyid:C1:19:09:54:86:95:F1:8C:04:CB:89:5E:2A:CE:EB:11:03:E0:3E:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wRkJVIaV8YwEy4leKs7rEQPgPhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/qYy8XmUApmSr7E4zGQ4BdVZDGb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/wRkJVIaV8YwEy4leKs7rEQPgPhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:05:84:79:28:4c:dd:ba:2b:50:e4:74:d1:a4:bd:d7:8e:21:
         7f:a3:d4:0d:67:30:bd:56:2e:54:b9:a4:b3:b8:f0:e6:1a:96:
         9f:27:f2:69:41:a0:c9:0a:48:8c:7f:50:ef:57:4c:d2:0e:63:
         ee:6e:58:18:79:88:30:fa:eb:07:a9:55:d8:a9:87:e0:48:9c:
         3e:8c:5c:b3:08:4f:fd:71:a5:b5:c2:18:36:65:7e:1d:4e:e7:
         eb:1b:0d:30:69:e1:6b:b5:8e:db:ab:99:21:03:74:60:2d:8d:
         7d:10:61:dd:3b:68:d8:86:4e:86:43:58:25:6f:55:40:72:e7:
         87:2a:0b:73:99:87:e2:ef:22:9d:e6:61:05:8c:f1:9f:0e:cd:
         20:77:6e:75:7a:fe:f5:cd:cb:b5:2c:3a:92:6e:f1:6e:29:1f:
         cc:15:80:8b:4d:8d:63:58:53:e8:d2:94:54:29:14:de:cb:b5:
         b8:02:3e:e7:75:e1:64:6e:90:4c:1f:8d:d0:bb:7a:cc:13:94:
         17:5c:5d:75:7a:58:49:f1:6d:ac:08:65:f0:80:0e:1a:e4:dc:
         1e:26:68:f0:4c:3d:f8:cb:f5:a3:98:d4:17:93:2f:d6:8a:11:
         4d:f9:1a:eb:b7:4c:84:28:92:8f:e3:3e:7f:ee:5d:6d:3f:82:
         17:01:db:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbBPeAZJyz4TKKB2TWFajMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMTkwOTU0ODY5NWYxOGMwNGNiODk1ZTJhY2VlYjExMDNl
MDNlMTIwHhcNMjUwMTAyMDk1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOThjYmM1ZTY1MDBhNjY0YWJlYzRlMzMxOTBlMDE3NTU2NDMxOWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2Ey0uDJrfTnuu+BBHt7O1FFJvCN
6OdZvEAwTTXd4z87IxvI5DP3C2rG/Ru3MXUgZkvyuKTGgGYr7j776ayF0nW7dtQL
hHYxNsrhY76oyZYdZnt/1x6x4cYFnOc9E0XNqKAzK/1+ewafUdosA0xkmMG4kRq3
oUYV0yvCW+7vRqPuWFam+UW1oc8ocJ0CBAPc1EYlq2YdeezEfHhIkbkPn5MebfG0
e9dEQeQljQZHHCz+y5bqEns0eWZKB6foXMuDrwUOVzmO39XoXbr27iyzDgdjz8sk
MkXvw11NFMsKGiw7U/QXXl7zKYHogPxkAuZN88SuushjQaWGycjXbViLpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKmMvF5lAKZkq+xOMxkOAXVWQxm+MB8GA1UdIwQY
MBaAFMEZCVSGlfGMBMuJXirO6xED4D4SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1JrSlZJYVY4WXdFeTRsZUtzN3JFUVBnUGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8zYjMzZTctMzBiNC00MTQ5LTkwNDUt
YTA1NjRjOWQ2ZmRlLzEvcVl5OFhtVUFwbVNyN0U0ekdRNEJkVlpER2I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8zYjMzZTctMzBiNC00MTQ5LTkwNDUtYTA1NjRjOWQ2ZmRl
LzEvd1JrSlZJYVY4WXdFeTRsZUtzN3JFUVBnUGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPxqMA0G
CSqGSIb3DQEBCwUAA4IBAQBYBYR5KEzduitQ5HTRpL3XjiF/o9QNZzC9Vi5UuaSz
uPDmGpafJ/JpQaDJCkiMf1DvV0zSDmPublgYeYgw+usHqVXYqYfgSJw+jFyzCE/9
caW1whg2ZX4dTufrGw0waeFrtY7bq5khA3RgLY19EGHdO2jYhk6GQ1glb1VAcueH
KgtzmYfi7yKd5mEFjPGfDs0gd251ev71zcu1LDqSbvFuKR/MFYCLTY1jWFPo0pRU
KRTey7W4Aj7ndeFkbpBMH43Qu3rME5QXXF11elhJ8W2sCGXwgA4a5NweJmjwTD34
y/WjmNQXky/WihFN+Rrrt0yEKJKP4z5/7l1tP4IXAdua
-----END CERTIFICATE-----