Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/TQNP6hoAf66GZWfHy5k78DAiiCU.roa
File:                     TQNP6hoAf66GZWfHy5k78DAiiCU.roa (raw, json)
Hash identifier:          uABddS+djXpmQc7iz2KFGbyJ5oeYnTC/ey9Ec918mow=
Subject key identifier:   4D:03:4F:EA:1A:00:7F:AE:86:65:67:C7:CB:99:3B:F0:30:22:88:25
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019423D7EB3198E078A15ED093C3804ACB41
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/TQNP6hoAf66GZWfHy5k78DAiiCU.roa
Signing time:             Wed 01 Jan 2025 21:49:00 +0000
ROA not before:           Wed 01 Jan 2025 21:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211712
IP address blocks:        212.22.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 06:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:eb:31:98:e0:78:a1:5e:d0:93:c3:80:4a:cb:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 21:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d034fea1a007fae866567c7cb993bf030228825
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:af:3c:68:42:30:e8:d9:a8:83:c3:24:6d:78:
                    31:df:78:ff:cd:f7:a9:59:e2:73:8c:e4:57:19:b2:
                    35:19:5a:68:a2:b0:db:71:e4:1c:5e:48:11:6a:10:
                    49:30:0c:ea:23:9c:93:4d:41:51:f3:1c:30:03:a9:
                    bd:50:81:be:a4:5b:22:2f:c3:ce:5b:50:09:f6:55:
                    0b:42:c7:77:d9:d9:a7:eb:e9:97:b3:63:be:bf:52:
                    3a:f8:6c:da:97:93:1e:64:50:bf:cd:7a:c9:10:fd:
                    e6:9e:bc:fb:a9:71:37:94:ed:36:ba:5e:95:df:39:
                    d3:b3:90:c1:e7:0b:9e:63:7d:bd:ba:e8:a2:bb:b2:
                    1e:49:95:41:3d:f6:4e:88:1c:a3:60:23:15:d5:b0:
                    65:46:be:35:bd:22:f9:52:3f:07:90:6b:12:d7:2f:
                    b7:aa:3c:84:f1:98:62:3f:1d:d7:ac:81:a3:ce:8d:
                    a3:d7:bd:02:c7:93:bd:4c:da:3f:52:95:7d:d5:c5:
                    38:9c:08:70:fe:d9:fc:2f:2e:d6:39:dd:8c:16:a1:
                    13:f5:7c:8e:02:39:b5:91:d6:77:f3:a5:da:48:37:
                    e0:56:38:48:76:6e:2c:50:00:74:da:7d:a0:03:e6:
                    dd:c1:07:b2:2c:3e:a1:53:b5:0a:1a:d0:a0:ff:63:
                    f4:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:03:4F:EA:1A:00:7F:AE:86:65:67:C7:CB:99:3B:F0:30:22:88:25
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/TQNP6hoAf66GZWfHy5k78DAiiCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:79:06:12:2e:aa:b3:bd:62:ad:1d:71:1c:77:65:cf:e0:91:
         ee:28:6b:f1:1f:15:7b:69:3c:e4:44:1e:3b:75:6f:16:dc:49:
         c8:17:34:b1:61:51:44:ae:f9:dc:53:3f:ee:a7:a7:c1:94:f9:
         41:ed:a7:32:88:8b:7e:37:72:71:73:34:78:b5:3e:c4:34:b9:
         83:70:55:0f:78:5e:30:bc:9b:eb:91:8e:e4:78:c7:7a:50:1a:
         f2:25:59:c5:3d:71:75:07:59:a2:4f:33:a5:82:8d:4d:49:33:
         96:06:d7:c6:6e:a1:44:49:1b:3b:4e:b5:d0:ba:85:1c:43:18:
         1e:bd:2e:0b:06:eb:97:e2:19:9c:12:3d:7c:ef:db:36:11:11:
         1a:78:95:f1:e5:54:8f:e6:c7:e0:06:e0:45:96:a9:2c:a2:bb:
         5c:13:59:7e:3a:90:5e:63:45:ff:6c:dc:89:b0:66:a4:5a:fc:
         7c:f4:c2:4f:3e:a0:a8:bc:59:f6:0d:ab:50:0d:eb:b5:58:b0:
         42:e7:f9:60:db:84:9a:0d:df:2b:7a:7b:f5:b3:6d:3f:e9:0e:
         17:22:bb:e9:0a:5d:04:b3:0b:1f:c8:a0:59:7a:63:da:f9:ef:
         de:8a:9b:8f:ca:74:37:da:e5:af:05:20:3b:9a:29:a6:05:34:
         73:cd:0b:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1+sxmOB4oV7Qk8OASstBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjUwMTAxMjE0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDAzNGZlYTFhMDA3ZmFlODY2NTY3YzdjYjk5M2JmMDMwMjI4ODI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlq88aEIw6Nmog8MkbXgx33j/zfep
WeJzjORXGbI1GVpoorDbceQcXkgRahBJMAzqI5yTTUFR8xwwA6m9UIG+pFsiL8PO
W1AJ9lULQsd32dmn6+mXs2O+v1I6+Gzal5MeZFC/zXrJEP3mnrz7qXE3lO02ul6V
3znTs5DB5wueY329uuiiu7IeSZVBPfZOiByjYCMV1bBlRr41vSL5Uj8HkGsS1y+3
qjyE8ZhiPx3XrIGjzo2j170Cx5O9TNo/UpV91cU4nAhw/tn8Ly7WOd2MFqET9XyO
Ajm1kdZ386XaSDfgVjhIdm4sUAB02n2gA+bdwQeyLD6hU7UKGtCg/2P0mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0DT+oaAH+uhmVnx8uZO/AwIoglMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvVFFOUDZob0FmNjZHWldmSHk1azc4REFpaUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BZZMA0G
CSqGSIb3DQEBCwUAA4IBAQCSeQYSLqqzvWKtHXEcd2XP4JHuKGvxHxV7aTzkRB47
dW8W3EnIFzSxYVFErvncUz/up6fBlPlB7acyiIt+N3JxczR4tT7ENLmDcFUPeF4w
vJvrkY7keMd6UBryJVnFPXF1B1miTzOlgo1NSTOWBtfGbqFESRs7TrXQuoUcQxge
vS4LBuuX4hmcEj1879s2EREaeJXx5VSP5sfgBuBFlqksortcE1l+OpBeY0X/bNyJ
sGakWvx89MJPPqCovFn2DatQDeu1WLBC5/lg24SaDd8renv1s20/6Q4XIrvpCl0E
swsfyKBZemPa+e/eipuPynQ32uWvBSA7mimmBTRzzQuK
-----END CERTIFICATE-----