Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/qO2F63snosgQCd-tQ25OAd4civA.roa
File:                     qO2F63snosgQCd-tQ25OAd4civA.roa (raw, json)
Hash identifier:          KELhV9b4nDo2k2LkjCvA0ufUmi/5QZ+HPUiWXl9d83Q=
Subject key identifier:   A8:ED:85:EB:7B:27:A2:C8:10:09:DF:AD:43:6E:4E:01:DE:1C:8A:F0
Certificate issuer:       /CN=9d3d627c297fe542d8359a86d8e2f9ebd9565a81
Certificate serial:       01941F8C511939841A100DBE19714C9F99A8
Authority key identifier: 9D:3D:62:7C:29:7F:E5:42:D8:35:9A:86:D8:E2:F9:EB:D9:56:5A:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nT1ifCl_5ULYNZqG2OL569lWWoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/qO2F63snosgQCd-tQ25OAd4civA.roa
Signing time:             Wed 01 Jan 2025 01:47:56 +0000
ROA not before:           Wed 01 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        94.231.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/nT1ifCl_5ULYNZqG2OL569lWWoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/nT1ifCl_5ULYNZqG2OL569lWWoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nT1ifCl_5ULYNZqG2OL569lWWoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:51:19:39:84:1a:10:0d:be:19:71:4c:9f:99:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d3d627c297fe542d8359a86d8e2f9ebd9565a81
        Validity
            Not Before: Jan  1 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8ed85eb7b27a2c81009dfad436e4e01de1c8af0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:7c:0e:28:ea:c0:64:8b:d1:4e:ca:c0:79:d1:
                    03:fa:f3:f7:78:ee:a1:3f:87:1d:b0:16:24:59:d6:
                    bf:92:c6:38:eb:cc:5e:6c:88:16:f5:d5:9f:76:63:
                    84:03:a5:3a:1b:55:df:98:32:f6:62:39:cc:99:8b:
                    52:57:9c:a2:c1:24:20:ae:ca:f2:33:0a:46:67:d7:
                    bf:b8:bd:0a:f2:09:c6:07:a3:5e:e8:b6:26:4e:28:
                    f9:7b:d6:24:52:1f:2e:bd:91:e5:38:8a:61:fc:3d:
                    37:00:e8:a6:4e:87:00:1e:f5:fb:cf:9e:d7:9d:bd:
                    aa:a5:18:26:4f:ab:33:0e:0c:f5:30:91:26:f6:95:
                    36:11:e6:e0:ba:62:dd:3a:f5:74:fe:f7:a4:15:9c:
                    24:4d:4b:f0:df:ba:44:95:cd:cf:4b:ad:b3:2a:85:
                    ee:7d:48:72:fa:43:bb:67:42:ed:54:ec:fe:5d:b4:
                    14:4a:3f:ad:aa:80:ab:ef:65:eb:26:bb:c2:9b:f6:
                    28:bd:13:b0:e5:0e:a7:e1:11:9a:bb:22:5c:42:10:
                    90:ec:b2:38:cf:89:17:3e:4d:f8:29:06:a2:d8:21:
                    23:fc:5f:fa:1c:30:02:38:58:04:8e:7d:a4:55:dd:
                    5d:0a:4a:13:ab:1d:57:79:00:d1:6e:71:e0:64:b0:
                    63:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:ED:85:EB:7B:27:A2:C8:10:09:DF:AD:43:6E:4E:01:DE:1C:8A:F0
            X509v3 Authority Key Identifier:
                keyid:9D:3D:62:7C:29:7F:E5:42:D8:35:9A:86:D8:E2:F9:EB:D9:56:5A:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nT1ifCl_5ULYNZqG2OL569lWWoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/qO2F63snosgQCd-tQ25OAd4civA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/nT1ifCl_5ULYNZqG2OL569lWWoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:5a:81:6e:eb:de:ab:30:85:ce:9a:19:98:7b:0a:c8:de:6c:
         ec:f8:13:63:38:4e:c2:23:48:ba:10:3e:84:f1:aa:a0:b4:43:
         8a:b2:6d:af:d8:41:9f:58:01:d4:ec:43:cd:7f:fb:df:1e:b6:
         8e:df:95:57:38:99:43:39:7f:6f:96:d9:14:7e:6c:15:89:e4:
         17:ca:56:c9:51:30:af:f0:35:dc:6f:f0:5d:b4:39:0a:4c:68:
         f1:20:f4:0f:c7:39:5d:04:68:4e:70:bb:77:86:6d:ac:24:8a:
         f3:70:e4:9b:f6:e1:69:69:09:fe:74:a4:26:65:96:f1:07:35:
         a7:12:f9:2c:93:94:f2:3c:f4:e4:27:aa:19:60:b8:5b:82:ef:
         55:9b:d7:06:59:41:ae:d3:cf:35:13:86:0b:d0:8e:fa:94:7b:
         20:63:08:af:25:04:54:c9:df:d8:97:5e:61:9e:b0:53:04:b8:
         f3:7e:46:eb:50:68:ff:7d:ca:8a:34:e9:62:2a:a9:5d:55:59:
         a4:29:ef:b6:ff:de:3b:51:2a:a1:e0:24:77:63:d9:5a:71:c3:
         37:1f:82:4f:2e:ef:c1:95:eb:b6:89:74:64:08:0e:f1:1e:3a:
         34:59:1d:91:77:22:71:3e:b2:83:95:02:98:41:78:44:33:3c:
         d5:c0:30:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjFEZOYQaEA2+GXFMn5moMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkM2Q2MjdjMjk3ZmU1NDJkODM1OWE4NmQ4ZTJmOWViZDk1
NjVhODEwHhcNMjUwMTAxMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGVkODVlYjdiMjdhMmM4MTAwOWRmYWQ0MzZlNGUwMWRlMWM4YWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXwOKOrAZIvRTsrAedED+vP3eO6h
P4cdsBYkWda/ksY468xebIgW9dWfdmOEA6U6G1XfmDL2YjnMmYtSV5yiwSQgrsry
MwpGZ9e/uL0K8gnGB6Ne6LYmTij5e9YkUh8uvZHlOIph/D03AOimTocAHvX7z57X
nb2qpRgmT6szDgz1MJEm9pU2EebgumLdOvV0/vekFZwkTUvw37pElc3PS62zKoXu
fUhy+kO7Z0LtVOz+XbQUSj+tqoCr72XrJrvCm/YovROw5Q6n4RGauyJcQhCQ7LI4
z4kXPk34KQai2CEj/F/6HDACOFgEjn2kVd1dCkoTqx1XeQDRbnHgZLBjSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjthet7J6LIEAnfrUNuTgHeHIrwMB8GA1UdIwQY
MBaAFJ09Ynwpf+VC2DWahtji+evZVlqBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblQxaWZDbF81VUxZTlpxRzJPTDU2OWxXV29FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9kZGMxYWEtNWEzYS00MTYzLWI1ZTgt
MTVlYTMzN2E3ODQwLzEvcU8yRjYzc25vc2dRQ2QtdFEyNU9BZDRjaXZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9kZGMxYWEtNWEzYS00MTYzLWI1ZTgtMTVlYTMzN2E3ODQw
LzEvblQxaWZDbF81VUxZTlpxRzJPTDU2OWxXV29FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXufHMA0G
CSqGSIb3DQEBCwUAA4IBAQAkWoFu696rMIXOmhmYewrI3mzs+BNjOE7CI0i6ED6E
8aqgtEOKsm2v2EGfWAHU7EPNf/vfHraO35VXOJlDOX9vltkUfmwVieQXylbJUTCv
8DXcb/BdtDkKTGjxIPQPxzldBGhOcLt3hm2sJIrzcOSb9uFpaQn+dKQmZZbxBzWn
Evksk5TyPPTkJ6oZYLhbgu9Vm9cGWUGu0881E4YL0I76lHsgYwivJQRUyd/Yl15h
nrBTBLjzfkbrUGj/fcqKNOliKqldVVmkKe+2/947USqh4CR3Y9laccM3H4JPLu/B
leu2iXRkCA7xHjo0WR2RdyJxPrKDlQKYQXhEMzzVwDA4
-----END CERTIFICATE-----