Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Q1MqoNwFR_5njWMpG9w_dVHxN_U.roa
File:                     Q1MqoNwFR_5njWMpG9w_dVHxN_U.roa (raw, json)
Hash identifier:          Q0fJJ7ym6xTHtMnaOZn2Vz5+pGnexqXLR1sH/DSDNKY=
Subject key identifier:   43:53:2A:A0:DC:05:47:FE:67:8D:63:29:1B:DC:3F:75:51:F1:37:F5
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1B4A2B82D387F9186756A8326A9DB
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Q1MqoNwFR_5njWMpG9w_dVHxN_U.roa
Signing time:             Wed 01 Jan 2025 11:48:01 +0000
ROA not before:           Wed 01 Jan 2025 11:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        176.57.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:b4:a2:b8:2d:38:7f:91:86:75:6a:83:26:a9:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43532aa0dc0547fe678d63291bdc3f7551f137f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:71:1c:6b:ca:9c:78:bd:fe:a0:5e:8c:8c:f9:
                    13:b2:cd:75:ee:73:f9:7c:e2:5c:d6:42:84:a3:bc:
                    5f:a9:ef:74:0c:3f:a8:86:e9:7e:30:0a:2e:6d:cc:
                    33:c4:31:e4:1c:c3:46:a0:60:52:4e:9a:ea:da:8c:
                    e8:ef:63:29:2b:d3:ec:8f:68:78:2e:30:69:1b:fb:
                    b4:54:2b:e3:61:b8:24:fa:5f:22:98:cb:78:fb:a5:
                    5e:c7:a6:84:1d:59:f5:5b:0f:2a:3c:64:5b:23:8a:
                    4d:6d:4e:57:2a:60:94:8a:15:48:8c:1d:d1:87:90:
                    89:a0:d3:35:6b:c5:df:4e:41:af:8f:ab:cd:cc:fe:
                    69:e0:cc:14:8a:73:84:83:d4:6f:39:3d:9b:35:49:
                    d8:b2:a8:65:c6:dc:f5:88:af:b2:ce:a1:8a:a3:99:
                    6a:81:48:cb:de:37:7c:2c:88:e8:1d:3b:cf:e8:f1:
                    0b:76:04:35:28:d4:72:eb:1c:a2:95:34:ec:31:2c:
                    62:89:60:66:9a:2c:f9:2d:24:91:91:e4:d9:69:c1:
                    1c:5c:90:b6:4b:64:b9:b7:2e:d9:ec:80:44:c8:12:
                    3b:fa:0e:b3:03:91:6c:8d:2a:e1:1c:42:4a:73:57:
                    27:7f:32:20:30:0b:ca:b8:e8:9c:2f:bf:36:20:67:
                    1a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:53:2A:A0:DC:05:47:FE:67:8D:63:29:1B:DC:3F:75:51:F1:37:F5
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Q1MqoNwFR_5njWMpG9w_dVHxN_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:e1:14:f8:3c:23:a6:3f:2d:cb:4a:20:e3:e1:81:f0:a6:52:
         b2:1e:df:2c:f0:cc:f0:ad:ed:de:52:bf:e7:bf:ec:7d:87:c1:
         bb:85:17:b8:31:35:b0:71:af:16:78:c5:98:64:46:e3:43:71:
         b8:88:7f:1c:ac:21:f2:81:16:7c:b6:20:23:ed:71:af:c5:1d:
         de:41:6c:87:45:4f:90:d2:e1:cc:41:51:af:d3:d5:04:de:79:
         f2:78:08:78:65:47:7d:42:3d:e5:c1:cc:7c:01:70:3e:ac:1a:
         b5:d9:d1:c0:b5:41:ff:23:48:16:cb:2d:53:91:61:ac:4f:c1:
         d2:2a:28:33:ee:57:00:1e:59:02:d6:89:e3:40:f4:dd:f7:20:
         f6:b8:c0:a0:9b:3c:1b:42:ce:2e:1b:6a:68:f9:97:8f:e2:f3:
         e3:0f:1f:0f:77:d8:01:a8:d7:80:c1:7f:fd:06:e8:8f:f6:bf:
         69:2a:13:df:c9:a9:0c:27:be:0a:5a:01:59:8c:4f:47:cd:b1:
         a3:0f:2e:c5:cd:86:5c:50:80:c1:42:f1:bb:f6:49:5f:2b:e0:
         bf:19:12:fc:75:82:e8:e5:c5:71:74:33:a1:c9:62:0c:f3:33:
         82:db:42:26:ef:ae:a3:5e:fa:51:56:48:24:87:1e:4a:a6:e4:
         cf:31:3e:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsbSiuC04f5GGdWqDJqnbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzUzMmFhMGRjMDU0N2ZlNjc4ZDYzMjkxYmRjM2Y3NTUxZjEzN2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXEca8qceL3+oF6MjPkTss117nP5
fOJc1kKEo7xfqe90DD+ohul+MAoubcwzxDHkHMNGoGBSTprq2ozo72MpK9Psj2h4
LjBpG/u0VCvjYbgk+l8imMt4+6Vex6aEHVn1Ww8qPGRbI4pNbU5XKmCUihVIjB3R
h5CJoNM1a8XfTkGvj6vNzP5p4MwUinOEg9RvOT2bNUnYsqhlxtz1iK+yzqGKo5lq
gUjL3jd8LIjoHTvP6PELdgQ1KNRy6xyilTTsMSxiiWBmmiz5LSSRkeTZacEcXJC2
S2S5ty7Z7IBEyBI7+g6zA5FsjSrhHEJKc1cnfzIgMAvKuOicL782IGcasQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENTKqDcBUf+Z41jKRvcP3VR8Tf1MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvUTFNcW9Od0ZSXzVualdNcEc5d19kVkh4Tl9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDk3MA0G
CSqGSIb3DQEBCwUAA4IBAQAE4RT4PCOmPy3LSiDj4YHwplKyHt8s8Mzwre3eUr/n
v+x9h8G7hRe4MTWwca8WeMWYZEbjQ3G4iH8crCHygRZ8tiAj7XGvxR3eQWyHRU+Q
0uHMQVGv09UE3nnyeAh4ZUd9Qj3lwcx8AXA+rBq12dHAtUH/I0gWyy1TkWGsT8HS
Kigz7lcAHlkC1onjQPTd9yD2uMCgmzwbQs4uG2po+ZeP4vPjDx8Pd9gBqNeAwX/9
BuiP9r9pKhPfyakMJ74KWgFZjE9HzbGjDy7FzYZcUIDBQvG79klfK+C/GRL8dYLo
5cVxdDOhyWIM8zOC20Im766jXvpRVkgkhx5KpuTPMT4a
-----END CERTIFICATE-----