Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/qwmmpmJft8mwuiEXYTlzhJQuep0.roa
File:                     qwmmpmJft8mwuiEXYTlzhJQuep0.roa (raw, json)
Hash identifier:          Q0Z/E8v8Q7W2fm0rXhwdPc4pFVbeDlufQTIsqxx5ZeE=
Subject key identifier:   AB:09:A6:A6:62:5F:B7:C9:B0:BA:21:17:61:39:73:84:94:2E:7A:9D
Certificate issuer:       /CN=21a717361309d2939351c9d8ba2173db8319a88f
Certificate serial:       019425FD34692E922C66EB49D139B721ABA3
Authority key identifier: 21:A7:17:36:13:09:D2:93:93:51:C9:D8:BA:21:73:DB:83:19:A8:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IacXNhMJ0pOTUcnYuiFz24MZqI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/qwmmpmJft8mwuiEXYTlzhJQuep0.roa
Signing time:             Thu 02 Jan 2025 07:48:58 +0000
ROA not before:           Thu 02 Jan 2025 07:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        195.149.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/IacXNhMJ0pOTUcnYuiFz24MZqI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/IacXNhMJ0pOTUcnYuiFz24MZqI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IacXNhMJ0pOTUcnYuiFz24MZqI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 13:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:34:69:2e:92:2c:66:eb:49:d1:39:b7:21:ab:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21a717361309d2939351c9d8ba2173db8319a88f
        Validity
            Not Before: Jan  2 07:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab09a6a6625fb7c9b0ba211761397384942e7a9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e1:d3:b9:d8:13:0a:31:ed:d3:9d:6b:63:20:
                    db:ac:73:73:ee:ea:1e:a8:0c:7b:51:bf:4c:e3:ae:
                    38:e5:52:26:93:c8:be:f5:47:14:8d:9b:c9:89:27:
                    22:15:ee:31:be:33:c4:df:12:e3:81:00:99:2f:98:
                    21:86:dc:08:a2:14:72:09:dc:f6:1d:92:a3:19:9e:
                    94:c3:25:59:24:f8:9e:31:76:08:5a:5f:34:7b:d0:
                    4d:9a:ee:10:f4:32:d5:04:0f:15:9e:fa:3e:23:c9:
                    24:73:50:97:03:23:cf:08:7c:bf:d6:2d:e3:84:27:
                    7c:d0:54:f0:d2:cb:af:3d:39:14:38:0f:76:54:a7:
                    ea:29:7d:45:36:bb:62:d3:66:49:f1:61:d0:52:24:
                    98:86:7b:ab:73:62:d7:64:db:c6:ae:47:46:91:f1:
                    91:75:9d:c4:9e:24:67:8b:2d:57:b9:9f:6c:61:1e:
                    3b:5d:4c:a9:cc:c5:02:aa:18:14:67:bc:c9:93:b4:
                    f1:58:5f:69:ab:89:c7:d5:4e:4d:8d:a3:e7:d4:cf:
                    93:52:5c:15:9d:68:38:cd:b1:ac:52:11:b7:72:02:
                    b1:45:fe:1e:74:f0:79:fb:fd:17:85:7e:b9:9b:40:
                    3a:95:47:92:3d:ec:29:49:f9:d9:45:ba:88:5a:5d:
                    45:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:09:A6:A6:62:5F:B7:C9:B0:BA:21:17:61:39:73:84:94:2E:7A:9D
            X509v3 Authority Key Identifier:
                keyid:21:A7:17:36:13:09:D2:93:93:51:C9:D8:BA:21:73:DB:83:19:A8:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IacXNhMJ0pOTUcnYuiFz24MZqI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/qwmmpmJft8mwuiEXYTlzhJQuep0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/7fb381-fc44-44f6-a385-f8a469d4e2b2/1/IacXNhMJ0pOTUcnYuiFz24MZqI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:f1:00:d0:43:10:3c:f2:9f:89:11:e8:35:06:85:4d:c5:fa:
         22:3a:c3:06:44:86:9f:e6:3e:1b:79:ff:d4:e1:42:af:4e:22:
         56:d5:45:da:bb:e9:9f:a5:d2:ef:3a:eb:b2:09:07:1d:b0:37:
         26:cf:08:24:f7:8e:f3:d3:ce:a1:ec:6b:21:4b:81:da:d7:94:
         1d:25:47:a4:f7:cf:a1:e1:b0:aa:23:f7:64:3d:92:ba:a6:d7:
         1e:01:3e:5a:b3:0b:93:8c:45:6e:53:b6:6f:b9:eb:6f:65:b2:
         75:30:8b:83:89:07:02:37:c1:f5:64:b3:7d:7f:e4:3c:e7:09:
         92:81:42:d6:5b:87:c8:34:f3:de:bb:50:d4:d2:24:6d:39:6a:
         92:81:4e:37:42:48:f8:de:0b:0b:d5:e3:94:5f:98:47:cf:9f:
         48:62:43:7b:c5:c0:a4:42:64:79:d2:ca:1c:e6:49:02:0b:3e:
         96:2e:40:a5:75:99:35:8e:92:6e:94:55:33:36:fd:a9:81:af:
         47:0c:d3:9b:5e:3b:62:79:c1:02:e1:fb:d6:2b:79:06:e9:58:
         7b:99:5f:44:ae:35:22:06:0f:8b:8e:56:ce:5c:5a:2a:01:c2:
         8f:b0:96:15:d0:72:30:6a:0b:b4:04:2b:7e:e6:a8:52:39:46:
         a8:44:82:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/TRpLpIsZutJ0Tm3IaujMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYTcxNzM2MTMwOWQyOTM5MzUxYzlkOGJhMjE3M2RiODMx
OWE4OGYwHhcNMjUwMTAyMDc0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjA5YTZhNjYyNWZiN2M5YjBiYTIxMTc2MTM5NzM4NDk0MmU3YTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOHTudgTCjHt051rYyDbrHNz7uoe
qAx7Ub9M46445VImk8i+9UcUjZvJiSciFe4xvjPE3xLjgQCZL5ghhtwIohRyCdz2
HZKjGZ6UwyVZJPieMXYIWl80e9BNmu4Q9DLVBA8Vnvo+I8kkc1CXAyPPCHy/1i3j
hCd80FTw0suvPTkUOA92VKfqKX1FNrti02ZJ8WHQUiSYhnurc2LXZNvGrkdGkfGR
dZ3EniRniy1XuZ9sYR47XUypzMUCqhgUZ7zJk7TxWF9pq4nH1U5NjaPn1M+TUlwV
nWg4zbGsUhG3cgKxRf4edPB5+/0XhX65m0A6lUeSPewpSfnZRbqIWl1FkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsJpqZiX7fJsLohF2E5c4SULnqdMB8GA1UdIwQY
MBaAFCGnFzYTCdKTk1HJ2Lohc9uDGaiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWFjWE5oTUowcE9UVWNuWXVpRnoyNE1acUk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83ZmIzODEtZmM0NC00NGY2LWEzODUt
ZjhhNDY5ZDRlMmIyLzEvcXdtbXBtSmZ0OG13dWlFWFlUbHpoSlF1ZXAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83ZmIzODEtZmM0NC00NGY2LWEzODUtZjhhNDY5ZDRlMmIy
LzEvSWFjWE5oTUowcE9UVWNuWXVpRnoyNE1acUk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5V+MA0G
CSqGSIb3DQEBCwUAA4IBAQCw8QDQQxA88p+JEeg1BoVNxfoiOsMGRIaf5j4bef/U
4UKvTiJW1UXau+mfpdLvOuuyCQcdsDcmzwgk947z086h7GshS4Ha15QdJUek98+h
4bCqI/dkPZK6ptceAT5aswuTjEVuU7ZvuetvZbJ1MIuDiQcCN8H1ZLN9f+Q85wmS
gULWW4fINPPeu1DU0iRtOWqSgU43Qkj43gsL1eOUX5hHz59IYkN7xcCkQmR50soc
5kkCCz6WLkCldZk1jpJulFUzNv2pga9HDNObXjtiecEC4fvWK3kG6Vh7mV9ErjUi
Bg+LjlbOXFoqAcKPsJYV0HIwagu0BCt+5qhSOUaoRIK7
-----END CERTIFICATE-----