Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/QeSIuOFJItGj6G_GwvXYtJ8OE00.roa
File:                     QeSIuOFJItGj6G_GwvXYtJ8OE00.roa (raw, json)
Hash identifier:          KiiB1EKuRdJe5dzDBAgjP5GXIRWuKRwsEhBNtt/f8kU=
Subject key identifier:   41:E4:88:B8:E1:49:22:D1:A3:E8:6F:C6:C2:F5:D8:B4:9F:0E:13:4D
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       0197019952F4E7C8A4F121C466338868FC7B
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/QeSIuOFJItGj6G_GwvXYtJ8OE00.roa
Signing time:             Sat 24 May 2025 09:21:54 +0000
ROA not before:           Sat 24 May 2025 09:21:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214419
IP address blocks:        109.94.165.0/24 maxlen: 24
                          212.16.71.0/24 maxlen: 24
                          2a00:7d80:11::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 03:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:01:99:52:f4:e7:c8:a4:f1:21:c4:66:33:88:68:fc:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: May 24 09:21:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41e488b8e14922d1a3e86fc6c2f5d8b49f0e134d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:6a:0b:10:e1:47:d2:e9:cd:99:55:87:2c:bc:
                    3a:ea:3a:e8:fc:88:76:35:77:9b:54:1f:2c:84:4a:
                    01:f6:93:a2:e2:21:f3:b9:ff:34:99:58:e5:a6:51:
                    05:c2:c8:b3:ee:87:4b:fc:61:c3:c3:41:46:10:b3:
                    59:c6:b5:74:8d:7f:f5:7d:cd:0f:51:71:56:57:d4:
                    19:b6:50:e0:5b:3b:3b:db:41:2f:c8:d0:32:52:e7:
                    0a:43:42:d1:1f:64:d3:a1:4b:44:d9:ba:47:96:ec:
                    f0:c4:49:27:cf:b0:e3:c0:19:e4:dc:b6:80:94:6d:
                    7b:a5:3c:2e:42:cf:c0:ac:bf:da:05:a0:53:c5:d7:
                    84:e3:d8:e0:17:19:20:e9:7b:7b:fd:9e:3b:a9:39:
                    64:c0:65:fa:4e:16:ef:ff:3b:b5:bd:6c:cb:63:82:
                    91:0b:54:46:93:89:4c:72:6d:94:89:0c:29:d8:3c:
                    0c:70:0a:08:8d:26:01:8e:63:ed:b9:c0:44:9e:78:
                    f4:4d:42:37:79:17:68:03:9a:be:78:24:b3:82:d1:
                    a6:e1:86:de:d8:c8:7b:da:4f:a9:97:70:ea:37:72:
                    f9:e6:16:f1:0b:86:71:78:87:e6:d0:d0:0a:84:48:
                    e7:cf:9c:ca:9a:6e:06:d1:2e:58:92:67:8c:58:9d:
                    13:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:E4:88:B8:E1:49:22:D1:A3:E8:6F:C6:C2:F5:D8:B4:9F:0E:13:4D
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/QeSIuOFJItGj6G_GwvXYtJ8OE00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.94.165.0/24
                  212.16.71.0/24
                IPv6:
                  2a00:7d80:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:a3:fd:d1:8f:e2:b0:d7:7a:e5:70:81:24:9e:86:02:8d:0d:
         ff:fd:48:bc:c8:ac:99:36:a1:70:57:7a:2f:e8:a2:fd:99:53:
         da:8c:8f:94:1b:3f:15:1f:1c:2f:3d:f7:07:82:57:bf:b9:3b:
         64:77:24:00:f3:a1:92:5c:58:aa:b9:8d:b4:2d:45:55:fd:29:
         7c:65:3a:b1:89:16:b5:4a:d9:52:da:06:52:94:84:0b:c1:4d:
         f9:8f:e1:bf:e9:9b:05:f5:e7:79:27:17:cd:4f:de:c0:c4:44:
         99:1e:ce:45:a6:55:e8:c1:30:34:7f:09:0c:40:ec:b9:0b:24:
         a3:bd:a8:d4:c8:89:64:b0:bd:57:35:cc:58:90:c3:b1:68:16:
         26:7c:a3:f2:49:0b:8a:73:61:b8:b9:d6:ba:c8:a3:8c:22:17:
         88:76:01:98:c1:dd:ef:05:02:cd:8a:a2:35:c0:58:d5:7c:0e:
         80:fa:53:b9:c4:99:cc:3c:4f:d6:a8:38:31:e4:c8:03:c0:70:
         0f:04:d5:67:4e:9a:b4:19:f3:26:e4:5d:b9:b7:45:93:54:d2:
         ea:9f:09:4c:e5:87:97:9c:a2:2d:19:3f:ea:74:b3:2f:49:14:
         dd:d7:e0:d5:01:54:78:03:9a:ec:83:82:03:f3:55:3f:f3:99:
         ba:45:1a:ef
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZcBmVL058ik8SHEZjOIaPx7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwNTI0MDkyMTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWU0ODhiOGUxNDkyMmQxYTNlODZmYzZjMmY1ZDhiNDlmMGUxMzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmoLEOFH0unNmVWHLLw66jro/Ih2
NXebVB8shEoB9pOi4iHzuf80mVjlplEFwsiz7odL/GHDw0FGELNZxrV0jX/1fc0P
UXFWV9QZtlDgWzs720EvyNAyUucKQ0LRH2TToUtE2bpHluzwxEknz7DjwBnk3LaA
lG17pTwuQs/ArL/aBaBTxdeE49jgFxkg6Xt7/Z47qTlkwGX6Thbv/zu1vWzLY4KR
C1RGk4lMcm2UiQwp2DwMcAoIjSYBjmPtucBEnnj0TUI3eRdoA5q+eCSzgtGm4Ybe
2Mh72k+pl3DqN3L55hbxC4ZxeIfm0NAKhEjnz5zKmm4G0S5YkmeMWJ0TbQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFEHkiLjhSSLRo+hvxsL12LSfDhNNMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvUWVTSXVPRkpJdEdqNkdfR3d2WFl0SjhPRTAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAbV6lAwQA
1BBHMA8EAgACMAkDBwAqAH2AABEwDQYJKoZIhvcNAQELBQADggEBAKSj/dGP4rDX
euVwgSSehgKNDf/9SLzIrJk2oXBXei/oov2ZU9qMj5QbPxUfHC899weCV7+5O2R3
JADzoZJcWKq5jbQtRVX9KXxlOrGJFrVK2VLaBlKUhAvBTfmP4b/pmwX153knF81P
3sDERJkezkWmVejBMDR/CQxA7LkLJKO9qNTIiWSwvVc1zFiQw7FoFiZ8o/JJC4pz
Ybi51rrIo4wiF4h2AZjB3e8FAs2KojXAWNV8DoD6U7nEmcw8T9aoODHkyAPAcA8E
1WdOmrQZ8ybkXbm3RZNU0uqfCUzlh5ecoi0ZP+p0sy9JFN3X4NUBVHgDmuyDggPz
VT/zmbpFGu8=
-----END CERTIFICATE-----