Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/qLpskkGdWMp75uesslOqcJ0MWnE.roa
File:                     qLpskkGdWMp75uesslOqcJ0MWnE.roa (raw, json)
Hash identifier:          X4MuNwdwba0DvT/WVM9tY1i1XGTLnQOuEconDao1Nw4=
Subject key identifier:   A8:BA:6C:92:41:9D:58:CA:7B:E6:E7:AC:B2:53:AA:70:9D:0C:5A:71
Certificate issuer:       /CN=0c86662b752c8a3be72e8544394ff926f68fbf7e
Certificate serial:       019425FCD3B0F1A2E532E7261C75362B41B2
Authority key identifier: 0C:86:66:2B:75:2C:8A:3B:E7:2E:85:44:39:4F:F9:26:F6:8F:BF:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DIZmK3UsijvnLoVEOU_5JvaPv34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/qLpskkGdWMp75uesslOqcJ0MWnE.roa
Signing time:             Thu 02 Jan 2025 07:48:33 +0000
ROA not before:           Thu 02 Jan 2025 07:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31424
IP address blocks:        193.9.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/DIZmK3UsijvnLoVEOU_5JvaPv34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/DIZmK3UsijvnLoVEOU_5JvaPv34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DIZmK3UsijvnLoVEOU_5JvaPv34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:d3:b0:f1:a2:e5:32:e7:26:1c:75:36:2b:41:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c86662b752c8a3be72e8544394ff926f68fbf7e
        Validity
            Not Before: Jan  2 07:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8ba6c92419d58ca7be6e7acb253aa709d0c5a71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:72:12:51:ab:c4:08:1d:a0:da:08:7d:e5:7c:
                    ac:c4:cf:86:a2:10:b5:65:0d:a2:2e:76:ea:ce:47:
                    66:03:60:17:9e:eb:84:1a:04:b7:f9:99:87:5d:73:
                    fc:5b:6d:c8:d6:65:f6:4f:4f:06:84:fd:53:e6:a5:
                    92:15:c2:a2:2e:d4:50:b7:55:af:6e:99:a3:b3:01:
                    da:60:1c:aa:47:31:12:a7:b7:ca:55:95:f6:cb:56:
                    cf:61:d2:7c:a6:e8:29:2d:08:50:44:ab:e4:9f:e4:
                    6f:f3:17:b0:7e:a9:05:b2:36:af:d3:0e:d6:fa:9e:
                    0a:00:68:d5:0d:25:23:d0:2c:9d:62:c0:a8:e4:cf:
                    1d:e6:91:b0:66:79:89:18:6a:98:12:47:fb:55:38:
                    1d:59:79:ee:15:68:55:0e:7c:77:71:6d:1a:66:c1:
                    03:58:1c:e3:3d:3a:17:f2:37:84:2f:43:2a:57:16:
                    74:ef:f4:9c:c4:4d:9c:3a:10:ee:9b:f3:0f:69:b7:
                    f8:c5:6e:87:a6:73:ab:98:e7:27:e8:01:46:1e:2d:
                    0b:9b:bf:1e:13:38:3f:2d:98:09:f6:db:9d:b2:d4:
                    54:be:1c:52:5e:cf:69:8d:0a:35:3f:52:d6:ee:22:
                    25:34:11:93:1c:4b:47:c7:8d:24:06:9f:ea:59:70:
                    d5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:BA:6C:92:41:9D:58:CA:7B:E6:E7:AC:B2:53:AA:70:9D:0C:5A:71
            X509v3 Authority Key Identifier:
                keyid:0C:86:66:2B:75:2C:8A:3B:E7:2E:85:44:39:4F:F9:26:F6:8F:BF:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DIZmK3UsijvnLoVEOU_5JvaPv34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/qLpskkGdWMp75uesslOqcJ0MWnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/09c4b2-46a9-4f88-99b8-1ccc9c295e8e/1/DIZmK3UsijvnLoVEOU_5JvaPv34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:a0:35:83:71:26:36:89:5f:c0:52:f4:21:ba:85:3c:4c:4a:
         fe:da:6b:1b:f7:ab:ff:31:9f:e3:4c:73:e0:b4:5b:9e:75:af:
         91:fa:c5:76:6b:e7:85:23:22:78:54:01:8b:86:39:3e:98:3d:
         0f:59:3d:bc:9a:0d:29:98:06:8b:46:01:3f:04:05:09:c8:87:
         2f:a6:1a:4c:cf:52:44:3b:c8:58:b2:1b:61:8f:4b:ca:f6:c6:
         0d:a2:b0:f8:ca:9b:90:73:e3:4e:c3:4a:a5:33:2b:17:32:39:
         d4:e1:44:5e:6c:10:70:59:e1:2a:7a:58:29:17:07:8f:53:51:
         30:63:c2:54:c8:fe:a7:60:a3:19:cd:b7:d2:20:11:ec:2d:ef:
         0b:c1:89:01:57:70:e0:ad:f8:02:18:a2:82:b1:69:32:01:80:
         db:93:f5:02:3d:18:93:1b:c3:6c:6c:a2:29:43:a9:62:38:42:
         6b:48:d1:23:5e:9f:a8:97:bb:01:de:5a:0f:68:b8:6f:71:c0:
         46:c3:27:b4:14:be:55:d8:d8:3f:43:df:61:44:41:95:1b:e0:
         7f:4e:a5:0d:e0:bf:52:da:fb:ca:6e:4c:86:ef:a9:b9:5d:8a:
         b7:0b:38:8f:fa:ae:08:29:a4:f0:ac:93:58:e6:04:bf:96:40:
         b6:d7:29:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/NOw8aLlMucmHHU2K0GyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjODY2NjJiNzUyYzhhM2JlNzJlODU0NDM5NGZmOTI2ZjY4
ZmJmN2UwHhcNMjUwMTAyMDc0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGJhNmM5MjQxOWQ1OGNhN2JlNmU3YWNiMjUzYWE3MDlkMGM1YTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHISUavECB2g2gh95XysxM+GohC1
ZQ2iLnbqzkdmA2AXnuuEGgS3+ZmHXXP8W23I1mX2T08GhP1T5qWSFcKiLtRQt1Wv
bpmjswHaYByqRzESp7fKVZX2y1bPYdJ8pugpLQhQRKvkn+Rv8xewfqkFsjav0w7W
+p4KAGjVDSUj0CydYsCo5M8d5pGwZnmJGGqYEkf7VTgdWXnuFWhVDnx3cW0aZsED
WBzjPToX8jeEL0MqVxZ07/ScxE2cOhDum/MPabf4xW6HpnOrmOcn6AFGHi0Lm78e
Ezg/LZgJ9tudstRUvhxSXs9pjQo1P1LW7iIlNBGTHEtHx40kBp/qWXDVVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKi6bJJBnVjKe+bnrLJTqnCdDFpxMB8GA1UdIwQY
MBaAFAyGZit1LIo75y6FRDlP+Sb2j79+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRElabUszVXNpanZuTG9WRU9VXzVKdmFQdjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8wOWM0YjItNDZhOS00Zjg4LTk5Yjgt
MWNjYzljMjk1ZThlLzEvcUxwc2trR2RXTXA3NXVlc3NsT3FjSjBNV25FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8wOWM0YjItNDZhOS00Zjg4LTk5YjgtMWNjYzljMjk1ZThl
LzEvRElabUszVXNpanZuTG9WRU9VXzVKdmFQdjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQl6MA0G
CSqGSIb3DQEBCwUAA4IBAQAPoDWDcSY2iV/AUvQhuoU8TEr+2msb96v/MZ/jTHPg
tFueda+R+sV2a+eFIyJ4VAGLhjk+mD0PWT28mg0pmAaLRgE/BAUJyIcvphpMz1JE
O8hYshthj0vK9sYNorD4ypuQc+NOw0qlMysXMjnU4URebBBwWeEqelgpFwePU1Ew
Y8JUyP6nYKMZzbfSIBHsLe8LwYkBV3DgrfgCGKKCsWkyAYDbk/UCPRiTG8NsbKIp
Q6liOEJrSNEjXp+ol7sB3loPaLhvccBGwye0FL5V2Ng/Q99hREGVG+B/TqUN4L9S
2vvKbkyG76m5XYq3CziP+q4IKaTwrJNY5gS/lkC21ykK
-----END CERTIFICATE-----