Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/qtuqIB5CtIi31UAhEs4p3pi5c2Y.roa
File:                     qtuqIB5CtIi31UAhEs4p3pi5c2Y.roa (raw, json)
Hash identifier:          /hLyLmNfmw61h29Ovfaz4hXm3fgjqU+pple47V8gAy8=
Subject key identifier:   AA:DB:AA:20:1E:42:B4:88:B7:D5:40:21:12:CE:29:DE:98:B9:73:66
Certificate issuer:       /CN=e9accfd21abd7fe3fa0d6bb31df4820bfb5a4188
Certificate serial:       01941F8C6AA6E78E09C36EB36F504CEF2C25
Authority key identifier: E9:AC:CF:D2:1A:BD:7F:E3:FA:0D:6B:B3:1D:F4:82:0B:FB:5A:41:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6azP0hq9f-P6DWuzHfSCC_taQYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/qtuqIB5CtIi31UAhEs4p3pi5c2Y.roa
Signing time:             Wed 01 Jan 2025 01:48:03 +0000
ROA not before:           Wed 01 Jan 2025 01:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6730
IP address blocks:        194.147.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/6azP0hq9f-P6DWuzHfSCC_taQYg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/6azP0hq9f-P6DWuzHfSCC_taQYg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6azP0hq9f-P6DWuzHfSCC_taQYg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:6a:a6:e7:8e:09:c3:6e:b3:6f:50:4c:ef:2c:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9accfd21abd7fe3fa0d6bb31df4820bfb5a4188
        Validity
            Not Before: Jan  1 01:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aadbaa201e42b488b7d5402112ce29de98b97366
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:9c:f5:cc:df:c1:28:2a:0e:9e:5d:af:e3:e8:
                    a0:23:03:8f:6a:ba:1c:d7:11:50:07:75:d3:76:84:
                    7d:fb:0c:5f:92:e0:20:ce:ca:6b:ad:96:f2:27:3c:
                    40:c9:cd:56:8b:f9:f4:cc:3d:38:aa:a7:bc:8d:44:
                    ce:64:65:c4:d9:4e:8c:75:eb:1d:0d:49:f1:02:5a:
                    80:50:12:83:49:27:2f:80:6f:bd:a3:96:ac:c4:fe:
                    96:a7:b1:b3:66:84:ae:41:d3:d1:f2:64:a1:39:1d:
                    a6:10:2b:ef:41:64:54:23:51:6f:5b:61:85:d4:b4:
                    38:17:9c:88:95:56:d5:6d:f5:b0:01:b1:20:e2:39:
                    44:a2:16:df:bf:38:6c:9b:70:23:97:c2:61:01:27:
                    c9:1f:13:7d:cd:af:88:63:6e:82:d3:e3:98:75:72:
                    3f:d0:74:47:5d:6b:aa:22:6c:9e:e6:b8:6a:63:ff:
                    e8:52:6e:10:ee:e5:1f:cc:9b:26:c7:e4:dc:62:20:
                    55:74:27:a7:5a:90:6a:4b:47:b4:61:67:d4:07:dd:
                    12:be:ed:ed:01:13:b8:1f:89:30:d6:45:18:52:78:
                    5a:78:11:00:b2:2e:bd:78:fb:17:a0:dc:ce:3c:63:
                    d3:0b:5f:a7:b8:38:c8:d3:c1:92:54:48:55:c0:a4:
                    f9:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:DB:AA:20:1E:42:B4:88:B7:D5:40:21:12:CE:29:DE:98:B9:73:66
            X509v3 Authority Key Identifier:
                keyid:E9:AC:CF:D2:1A:BD:7F:E3:FA:0D:6B:B3:1D:F4:82:0B:FB:5A:41:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6azP0hq9f-P6DWuzHfSCC_taQYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/qtuqIB5CtIi31UAhEs4p3pi5c2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/6azP0hq9f-P6DWuzHfSCC_taQYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:7a:5c:3b:4d:dd:ac:e2:f3:7e:24:8b:52:3e:2c:1e:ea:fb:
         86:1d:c9:cd:61:96:29:cd:c0:f2:03:f1:c4:f1:af:b0:f8:03:
         14:59:40:78:bc:a0:d7:54:6c:b9:c8:31:fe:57:a6:91:34:5f:
         f5:69:37:57:82:9d:63:19:02:fb:d0:7d:f2:7e:7c:b6:be:83:
         fc:4b:5d:d7:d6:e6:e6:70:72:4d:9f:15:81:96:c6:78:1e:1d:
         0d:1c:9d:7a:0b:43:a0:3e:61:d1:d0:a3:0f:d9:0a:a4:81:f0:
         1d:24:02:75:b0:18:82:3a:a9:58:49:17:66:56:0a:a6:18:af:
         eb:e1:a0:6e:26:d8:81:6a:df:67:05:34:14:b4:0f:96:f8:54:
         29:75:2f:3d:9f:06:cb:48:7e:ad:77:62:f0:4d:e0:30:50:96:
         0d:ec:8d:07:3e:d1:1c:b6:49:5a:6e:09:05:63:7e:4e:7a:19:
         a7:41:ba:e9:b2:84:fa:36:ea:52:e9:36:ff:44:d4:15:02:ec:
         1f:69:bc:40:c5:55:96:df:e4:d5:1c:47:7c:07:be:db:a4:58:
         3b:97:13:ca:70:7e:25:e2:14:ce:d8:27:73:e0:46:b7:ec:80:
         24:b1:4c:8a:33:22:1a:55:c2:57:f2:ed:ae:7a:43:65:16:78:
         a0:29:50:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjGqm544Jw26zb1BM7ywlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YWNjZmQyMWFiZDdmZTNmYTBkNmJiMzFkZjQ4MjBiZmI1
YTQxODgwHhcNMjUwMTAxMDE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWRiYWEyMDFlNDJiNDg4YjdkNTQwMjExMmNlMjlkZTk4Yjk3MzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Jz1zN/BKCoOnl2v4+igIwOParoc
1xFQB3XTdoR9+wxfkuAgzsprrZbyJzxAyc1Wi/n0zD04qqe8jUTOZGXE2U6Mdesd
DUnxAlqAUBKDSScvgG+9o5asxP6Wp7GzZoSuQdPR8mShOR2mECvvQWRUI1FvW2GF
1LQ4F5yIlVbVbfWwAbEg4jlEohbfvzhsm3Ajl8JhASfJHxN9za+IY26C0+OYdXI/
0HRHXWuqImye5rhqY//oUm4Q7uUfzJsmx+TcYiBVdCenWpBqS0e0YWfUB90Svu3t
ARO4H4kw1kUYUnhaeBEAsi69ePsXoNzOPGPTC1+nuDjI08GSVEhVwKT5MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKrbqiAeQrSIt9VAIRLOKd6YuXNmMB8GA1UdIwQY
MBaAFOmsz9IavX/j+g1rsx30ggv7WkGIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmF6UDBocTlmLVA2RFd1ekhmU0NDX3RhUVlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC82ZjI4ODYtMmZmNy00MGIwLTk2NzMt
NzViNjg0Zjg5MGI0LzEvcXR1cUlCNUN0SWkzMVVBaEVzNHAzcGk1YzJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC82ZjI4ODYtMmZmNy00MGIwLTk2NzMtNzViNjg0Zjg5MGI0
LzEvNmF6UDBocTlmLVA2RFd1ekhmU0NDX3RhUVlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpNwMA0G
CSqGSIb3DQEBCwUAA4IBAQAbelw7Td2s4vN+JItSPiwe6vuGHcnNYZYpzcDyA/HE
8a+w+AMUWUB4vKDXVGy5yDH+V6aRNF/1aTdXgp1jGQL70H3yfny2voP8S13X1ubm
cHJNnxWBlsZ4Hh0NHJ16C0OgPmHR0KMP2QqkgfAdJAJ1sBiCOqlYSRdmVgqmGK/r
4aBuJtiBat9nBTQUtA+W+FQpdS89nwbLSH6td2LwTeAwUJYN7I0HPtEctklabgkF
Y35OehmnQbrpsoT6NupS6Tb/RNQVAuwfabxAxVWW3+TVHEd8B77bpFg7lxPKcH4l
4hTO2Cdz4Ea37IAksUyKMyIaVcJX8u2uekNlFnigKVCW
-----END CERTIFICATE-----