Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/QDVQDZEiRdtlUAs74M2Y0zTurSs.roa
File:                     QDVQDZEiRdtlUAs74M2Y0zTurSs.roa (raw, json)
Hash identifier:          p+6QjjtW4HC860YX23jEot2mgfPQ7ulucgkdMkJzPZo=
Subject key identifier:   40:35:50:0D:91:22:45:DB:65:50:0B:3B:E0:CD:98:D3:34:EE:AD:2B
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01942747CEEA37BE32BD90060704C95D6105
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/QDVQDZEiRdtlUAs74M2Y0zTurSs.roa
Signing time:             Thu 02 Jan 2025 13:50:04 +0000
ROA not before:           Thu 02 Jan 2025 13:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201746
IP address blocks:        46.8.160.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ce:ea:37:be:32:bd:90:06:07:04:c9:5d:61:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 13:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4035500d912245db65500b3be0cd98d334eead2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c7:94:ec:dd:fe:e9:17:ad:70:6b:3f:7f:19:
                    60:71:da:d6:6b:1b:7a:97:01:af:a5:17:ad:b7:fd:
                    b7:45:cd:13:86:96:5b:75:db:6c:a5:fb:30:d7:66:
                    58:f7:cb:e3:35:3f:13:b3:d9:fb:ff:41:c0:bd:99:
                    fb:c4:92:3c:38:47:66:ea:33:09:53:d9:f1:30:18:
                    1e:b2:5e:73:75:a4:fd:2a:63:1b:c5:ea:ee:02:17:
                    22:68:62:08:02:43:ff:ac:8e:67:41:7d:11:bb:02:
                    ff:1c:8f:9a:80:96:3a:f0:5c:b6:c4:a5:35:3b:64:
                    7d:cd:26:21:f0:72:8b:ca:c6:fc:e5:e6:23:75:6b:
                    83:cd:e8:7c:71:51:82:40:9e:2f:2d:7e:16:fc:93:
                    5b:c0:d0:b1:94:61:72:4d:8f:bd:da:bd:eb:d2:68:
                    03:4c:85:d5:04:49:d9:fe:b2:ce:c4:04:07:e2:8b:
                    8c:51:08:84:a5:5d:46:05:04:5c:fd:2c:67:d4:91:
                    82:45:c5:0d:06:2c:0a:c0:d6:fe:58:50:d9:f2:20:
                    b1:bc:a1:ed:8f:45:74:e4:f9:6d:32:4d:ac:ce:56:
                    c3:f3:11:13:e1:80:48:bc:50:e6:04:4d:41:1b:17:
                    6d:e6:a3:89:b3:04:1a:36:15:60:b4:ab:e2:6e:0e:
                    bf:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:35:50:0D:91:22:45:DB:65:50:0B:3B:E0:CD:98:D3:34:EE:AD:2B
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/QDVQDZEiRdtlUAs74M2Y0zTurSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5a:f2:50:00:c8:a6:34:8d:5d:cb:8b:eb:36:fa:05:2a:86:e5:
         a4:e5:b3:b4:23:b4:fa:9d:46:d5:f3:de:93:8d:86:20:0f:fc:
         4c:d4:60:0e:72:50:79:af:d2:fe:f9:f2:1f:f7:98:c0:6c:57:
         bd:26:87:06:47:df:d5:e2:a6:f0:0a:f4:5f:ee:9a:8e:63:d4:
         f1:8e:52:8e:6d:99:bb:5f:49:7c:f3:73:69:a6:40:95:4d:26:
         ed:76:01:c6:48:f8:a4:fc:d1:f2:22:eb:1d:d8:13:30:0a:43:
         7f:5e:32:24:a3:aa:7f:1b:cd:f5:27:1d:48:d5:da:2f:e6:6f:
         f1:27:dc:0d:f1:73:a2:02:8a:4d:56:8e:3a:0f:df:f5:0f:d9:
         ca:c6:cc:cf:76:9f:10:91:18:22:1c:cf:58:1c:da:bd:cd:ac:
         e6:3a:33:39:f0:c1:d3:be:da:3b:90:d8:59:d3:78:c0:c2:e7:
         31:3b:42:8e:e9:0d:60:6d:aa:03:d4:c5:63:c1:a4:f2:e4:69:
         d6:95:85:f0:60:52:1b:8d:eb:78:02:b2:7f:40:54:60:90:ae:
         13:21:00:79:be:80:46:b6:1a:b9:d8:46:d3:0f:fd:91:20:10:
         2f:5b:54:8d:bf:2e:8b:94:4d:0f:71:4a:e7:27:ed:fb:78:a2:
         dc:45:58:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR87qN74yvZAGBwTJXWEFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwMTAyMTM1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDM1NTAwZDkxMjI0NWRiNjU1MDBiM2JlMGNkOThkMzM0ZWVhZDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMeU7N3+6RetcGs/fxlgcdrWaxt6
lwGvpRett/23Rc0ThpZbddtspfsw12ZY98vjNT8Ts9n7/0HAvZn7xJI8OEdm6jMJ
U9nxMBgesl5zdaT9KmMbxeruAhciaGIIAkP/rI5nQX0RuwL/HI+agJY68Fy2xKU1
O2R9zSYh8HKLysb85eYjdWuDzeh8cVGCQJ4vLX4W/JNbwNCxlGFyTY+92r3r0mgD
TIXVBEnZ/rLOxAQH4ouMUQiEpV1GBQRc/Sxn1JGCRcUNBiwKwNb+WFDZ8iCxvKHt
j0V05PltMk2szlbD8xET4YBIvFDmBE1BGxdt5qOJswQaNhVgtKvibg6/yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEA1UA2RIkXbZVALO+DNmNM07q0rMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvUURWUURaRWlSZHRsVUFzNzRNMlkwelR1clNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQELgigMA0G
CSqGSIb3DQEBCwUAA4IBAQBa8lAAyKY0jV3Li+s2+gUqhuWk5bO0I7T6nUbV896T
jYYgD/xM1GAOclB5r9L++fIf95jAbFe9JocGR9/V4qbwCvRf7pqOY9TxjlKObZm7
X0l883NppkCVTSbtdgHGSPik/NHyIusd2BMwCkN/XjIko6p/G831Jx1I1dov5m/x
J9wN8XOiAopNVo46D9/1D9nKxszPdp8QkRgiHM9YHNq9zazmOjM58MHTvto7kNhZ
03jAwucxO0KO6Q1gbaoD1MVjwaTy5GnWlYXwYFIbjet4ArJ/QFRgkK4TIQB5voBG
thq52EbTD/2RIBAvW1SNvy6LlE0PcUrnJ+37eKLcRVjx
-----END CERTIFICATE-----