Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/STqApr7X1ug1uqSaDPqxzAwqcYs.roa
File:                     STqApr7X1ug1uqSaDPqxzAwqcYs.roa (raw, json)
Hash identifier:          EiNnN4KMS8MWRBeApq2yhm40SJvdY76bImhzgcNjTV0=
Subject key identifier:   49:3A:80:A6:BE:D7:D6:E8:35:BA:A4:9A:0C:FA:B1:CC:0C:2A:71:8B
Certificate issuer:       /CN=21a717361309d2939351c9d8ba2173db8319a88f
Certificate serial:       018CC493943A337EE88912795134AF2D10EB
Authority key identifier: 21:A7:17:36:13:09:D2:93:93:51:C9:D8:BA:21:73:DB:83:19:A8:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IacXNhMJ0pOTUcnYuiFz24MZqI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/STqApr7X1ug1uqSaDPqxzAwqcYs.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29480
IP address blocks:        195.149.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/IacXNhMJ0pOTUcnYuiFz24MZqI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/IacXNhMJ0pOTUcnYuiFz24MZqI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IacXNhMJ0pOTUcnYuiFz24MZqI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 04:03:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:94:3a:33:7e:e8:89:12:79:51:34:af:2d:10:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21a717361309d2939351c9d8ba2173db8319a88f
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=493a80a6bed7d6e835baa49a0cfab1cc0c2a718b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:8c:99:42:a4:f7:e4:60:24:0d:b6:b1:a8:4e:
                    00:da:22:8e:70:6e:c4:17:00:5b:40:08:01:de:2c:
                    2a:50:03:2e:cb:b5:f2:f0:3c:44:83:51:a9:02:4d:
                    ee:51:26:dd:c4:a9:10:70:c0:56:35:8f:8d:a4:df:
                    b7:e4:06:41:91:e0:6b:0d:5f:f6:b3:03:6e:1a:a5:
                    ea:67:9d:d3:18:a6:75:a7:e3:0b:b2:1c:32:3a:46:
                    76:a7:2c:5d:37:ed:3a:1a:4d:d8:8f:90:22:9b:60:
                    4f:17:4f:35:58:8b:7a:47:98:4b:21:70:c3:b7:06:
                    1a:a9:06:ba:98:15:fd:4a:15:0f:f8:da:db:ea:66:
                    7d:1a:7e:1b:2a:3d:6e:89:98:b0:46:c3:3d:9e:35:
                    c2:45:60:0a:fc:5a:91:e3:25:bd:d0:49:f4:d1:ea:
                    57:b5:63:b0:c7:2d:04:a1:01:bb:a0:16:ec:c3:36:
                    29:3b:be:fa:9e:03:b7:42:54:b2:99:07:f1:30:d7:
                    1f:d0:ff:c0:d9:9d:bf:3d:b3:d2:7c:a0:18:87:5f:
                    be:0a:3a:4d:8e:cf:d3:c4:fc:3b:bc:e0:78:10:0c:
                    e1:6a:7a:d8:06:c3:18:59:3f:f4:01:80:02:5b:dd:
                    c2:18:10:2f:cb:e4:2d:42:32:fc:77:99:39:5b:1a:
                    a7:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:3A:80:A6:BE:D7:D6:E8:35:BA:A4:9A:0C:FA:B1:CC:0C:2A:71:8B
            X509v3 Authority Key Identifier:
                keyid:21:A7:17:36:13:09:D2:93:93:51:C9:D8:BA:21:73:DB:83:19:A8:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IacXNhMJ0pOTUcnYuiFz24MZqI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/STqApr7X1ug1uqSaDPqxzAwqcYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/IacXNhMJ0pOTUcnYuiFz24MZqI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:5b:f9:7c:dc:91:6c:6a:8e:03:0a:4e:70:1e:fa:03:37:65:
         74:1b:30:09:1f:2b:ba:a9:25:48:7b:74:cb:99:08:8e:a3:39:
         88:d7:cd:73:df:bf:62:9e:6e:6e:c7:f0:13:12:74:aa:d4:b2:
         2f:ea:4e:09:6e:bb:ac:e5:1f:87:b6:a1:0e:96:7e:e6:71:0a:
         b9:fe:79:72:f2:4a:ff:1e:2b:e3:22:c9:63:88:89:50:d7:1f:
         26:f0:94:6a:75:2f:1c:1d:ac:cc:ce:1f:c7:d1:6a:32:b5:bf:
         b4:ae:ec:4c:56:6c:7b:8e:ca:de:5f:31:46:b1:93:9b:bd:b2:
         f0:af:d9:c6:10:29:47:bc:60:ce:dc:56:1a:da:f3:82:fc:ec:
         cc:e5:b4:50:52:ec:06:6a:66:2b:70:55:03:b9:64:fd:5e:32:
         74:df:d5:d4:47:34:0d:e2:1a:75:2b:cc:fa:40:77:c0:e0:79:
         45:47:f8:63:8a:57:bc:2d:08:8f:4a:cc:1b:bb:60:ee:01:be:
         f8:26:cf:65:67:a1:47:b6:6c:0c:02:8c:d2:9e:73:fe:7e:bf:
         1a:14:ca:8b:e1:3f:c8:c7:31:24:09:89:bc:f2:75:16:44:d4:
         c9:bd:cf:97:c3:19:e5:13:9a:23:3b:4e:41:85:9f:48:ee:68:
         f5:9a:25:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5Q6M37oiRJ5UTSvLRDrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYTcxNzM2MTMwOWQyOTM5MzUxYzlkOGJhMjE3M2RiODMx
OWE4OGYwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTNhODBhNmJlZDdkNmU4MzViYWE0OWEwY2ZhYjFjYzBjMmE3MThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYyZQqT35GAkDbaxqE4A2iKOcG7E
FwBbQAgB3iwqUAMuy7Xy8DxEg1GpAk3uUSbdxKkQcMBWNY+NpN+35AZBkeBrDV/2
swNuGqXqZ53TGKZ1p+MLshwyOkZ2pyxdN+06Gk3Yj5Aim2BPF081WIt6R5hLIXDD
twYaqQa6mBX9ShUP+Nrb6mZ9Gn4bKj1uiZiwRsM9njXCRWAK/FqR4yW90En00epX
tWOwxy0EoQG7oBbswzYpO776ngO3QlSymQfxMNcf0P/A2Z2/PbPSfKAYh1++CjpN
js/TxPw7vOB4EAzhanrYBsMYWT/0AYACW93CGBAvy+QtQjL8d5k5Wxqn3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEk6gKa+19boNbqkmgz6scwMKnGLMB8GA1UdIwQY
MBaAFCGnFzYTCdKTk1HJ2Lohc9uDGaiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWFjWE5oTUowcE9UVWNuWXVpRnoyNE1acUk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83ZmIzODEtZmM0NC00NGY2LWEzODUt
ZjhhNDY5ZDRlMmIyLzEvU1RxQXByN1gxdWcxdXFTYURQcXh6QXdxY1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83ZmIzODEtZmM0NC00NGY2LWEzODUtZjhhNDY5ZDRlMmIy
LzEvSWFjWE5oTUowcE9UVWNuWXVpRnoyNE1acUk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5V+MA0G
CSqGSIb3DQEBCwUAA4IBAQBCW/l83JFsao4DCk5wHvoDN2V0GzAJHyu6qSVIe3TL
mQiOozmI181z379inm5ux/ATEnSq1LIv6k4Jbrus5R+HtqEOln7mcQq5/nly8kr/
HivjIsljiIlQ1x8m8JRqdS8cHazMzh/H0Woytb+0ruxMVmx7jsreXzFGsZObvbLw
r9nGEClHvGDO3FYa2vOC/OzM5bRQUuwGamYrcFUDuWT9XjJ039XURzQN4hp1K8z6
QHfA4HlFR/hjile8LQiPSswbu2DuAb74Js9lZ6FHtmwMAozSnnP+fr8aFMqL4T/I
xzEkCYm88nUWRNTJvc+XwxnlE5ojO05BhZ9I7mj1miVG
-----END CERTIFICATE-----