Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/QMcTdykG0ujRN-lT7sDve7GoyMU.roa
File:                     QMcTdykG0ujRN-lT7sDve7GoyMU.roa (raw, json)
Hash identifier:          DRO4xY5c/+WBCyleOl1c40xAI4XN43abflVPl0TRjew=
Subject key identifier:   40:C7:13:77:29:06:D2:E8:D1:37:E9:53:EE:C0:EF:7B:B1:A8:C8:C5
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019421B21D4467EF5A04375C55235A1BC88B
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/QMcTdykG0ujRN-lT7sDve7GoyMU.roa
Signing time:             Wed 01 Jan 2025 11:48:28 +0000
ROA not before:           Wed 01 Jan 2025 11:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50830
IP address blocks:        81.15.243.0/24 maxlen: 24
                          82.177.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:1d:44:67:ef:5a:04:37:5c:55:23:5a:1b:c8:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 11:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40c713772906d2e8d137e953eec0ef7bb1a8c8c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:fc:51:04:2f:04:eb:8f:d6:6e:a1:89:19:43:
                    15:f2:0c:21:b2:3c:64:c4:b1:3d:1a:13:1d:b1:18:
                    78:00:a0:e4:45:9b:11:7f:71:77:c2:64:59:41:7b:
                    ed:98:90:c3:3f:00:c0:6c:93:2b:f9:5f:0c:8a:de:
                    d0:99:40:76:a2:ab:dd:88:b3:5d:bf:f1:e7:ee:97:
                    f8:98:fe:ce:eb:f9:73:c8:69:8a:86:f0:50:ed:1a:
                    1a:05:b5:d1:55:d1:fa:53:8b:05:43:c4:2e:f0:c0:
                    cf:22:bb:ec:02:41:43:b0:13:45:52:d9:2a:5c:ff:
                    7b:51:77:bc:0f:3e:92:9b:3d:b2:2c:21:85:b6:80:
                    0f:12:d6:6d:34:56:98:02:2b:56:5e:ed:6c:96:7b:
                    e2:e3:8a:38:56:e2:85:65:42:25:d3:a3:5c:94:d5:
                    54:b0:23:18:03:a7:8b:44:9c:3f:cd:9d:48:d6:ae:
                    5b:58:a3:55:f0:ac:79:89:1c:56:ba:36:ce:c3:2d:
                    c5:6d:d4:52:d4:7b:1d:95:99:10:9e:41:b6:48:88:
                    bd:c9:93:89:42:9a:63:53:8d:3e:32:49:f1:fc:47:
                    e4:71:e9:ac:35:4c:d7:ea:9a:85:dc:92:cb:c4:9d:
                    5b:88:61:06:59:8d:a1:1b:21:41:76:3c:60:07:34:
                    c3:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:C7:13:77:29:06:D2:E8:D1:37:E9:53:EE:C0:EF:7B:B1:A8:C8:C5
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/QMcTdykG0ujRN-lT7sDve7GoyMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.15.243.0/24
                  82.177.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:0e:77:66:bb:44:83:a9:da:7b:06:2b:0d:77:f9:a7:f7:d7:
         96:7b:49:07:6a:c8:dd:fa:4a:d8:56:1d:56:3e:05:20:71:c7:
         90:da:dd:ad:c6:cf:f1:28:ea:bd:75:6d:60:de:a6:32:86:81:
         89:1f:bb:67:f4:66:f0:c3:d6:15:50:c0:54:7a:9f:2f:a3:9a:
         a7:05:3c:19:ba:59:f8:9f:9c:3b:64:e0:93:d4:5c:e3:bf:28:
         41:04:c5:03:da:6e:84:38:7f:f8:00:6d:66:84:24:93:d7:3d:
         cd:2b:6b:71:18:89:95:5d:1c:56:d3:8b:58:10:61:31:86:48:
         15:e3:88:f1:48:4a:65:d4:54:b6:b4:d2:18:62:c3:75:df:9b:
         53:24:35:1b:05:7f:36:55:84:fa:b0:40:8f:77:35:ce:f4:15:
         69:d4:e6:f3:7c:f9:62:87:93:b4:34:27:24:3c:37:d9:24:59:
         89:6b:56:c7:af:12:4e:9c:41:a5:4a:e9:e3:d2:06:8e:5e:9d:
         35:34:72:77:93:1d:0f:d9:89:69:75:87:cf:ab:19:5e:af:5a:
         5c:92:17:c0:0b:a3:b0:2c:dd:6f:55:35:dc:22:72:fd:39:4f:
         d1:5b:31:7d:97:e4:be:b9:b9:7a:20:2f:d1:c0:ef:ad:e1:ac:
         57:43:4e:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsh1EZ+9aBDdcVSNaG8iLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwMTAxMTE0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGM3MTM3NzI5MDZkMmU4ZDEzN2U5NTNlZWMwZWY3YmIxYThjOGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvxRBC8E64/WbqGJGUMV8gwhsjxk
xLE9GhMdsRh4AKDkRZsRf3F3wmRZQXvtmJDDPwDAbJMr+V8Mit7QmUB2oqvdiLNd
v/Hn7pf4mP7O6/lzyGmKhvBQ7RoaBbXRVdH6U4sFQ8Qu8MDPIrvsAkFDsBNFUtkq
XP97UXe8Dz6Smz2yLCGFtoAPEtZtNFaYAitWXu1slnvi44o4VuKFZUIl06NclNVU
sCMYA6eLRJw/zZ1I1q5bWKNV8Kx5iRxWujbOwy3FbdRS1HsdlZkQnkG2SIi9yZOJ
QppjU40+Mknx/EfkcemsNUzX6pqF3JLLxJ1biGEGWY2hGyFBdjxgBzTD0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEDHE3cpBtLo0TfpU+7A73uxqMjFMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvUU1jVGR5a0cwdWpSTi1sVDdzRHZlN0dveU1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUQ/zAwQA
UrERMA0GCSqGSIb3DQEBCwUAA4IBAQCJDndmu0SDqdp7BisNd/mn99eWe0kHasjd
+krYVh1WPgUgcceQ2t2txs/xKOq9dW1g3qYyhoGJH7tn9Gbww9YVUMBUep8vo5qn
BTwZuln4n5w7ZOCT1FzjvyhBBMUD2m6EOH/4AG1mhCST1z3NK2txGImVXRxW04tY
EGExhkgV44jxSEpl1FS2tNIYYsN135tTJDUbBX82VYT6sECPdzXO9BVp1ObzfPli
h5O0NCckPDfZJFmJa1bHrxJOnEGlSunj0gaOXp01NHJ3kx0P2YlpdYfPqxler1pc
khfAC6OwLN1vVTXcInL9OU/RWzF9l+S+ubl6IC/RwO+t4axXQ07+
-----END CERTIFICATE-----