Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/qgj31LRN4cWBU3Ai7i2PLzFRJvY.roa
File:                     qgj31LRN4cWBU3Ai7i2PLzFRJvY.roa (raw, json)
Hash identifier:          uHmLYi1uCCoCGb9+gbErKo7gEZkoZurGlEJ/eIy9P8I=
Subject key identifier:   AA:08:F7:D4:B4:4D:E1:C5:81:53:70:22:EE:2D:8F:2F:31:51:26:F6
Certificate issuer:       /CN=13ea78b28f054f72f5226ae3ec454980ed2a10c9
Certificate serial:       019420D66238EA4FA4D302F2666750AF77B9
Authority key identifier: 13:EA:78:B2:8F:05:4F:72:F5:22:6A:E3:EC:45:49:80:ED:2A:10:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/qgj31LRN4cWBU3Ai7i2PLzFRJvY.roa
Signing time:             Wed 01 Jan 2025 07:48:28 +0000
ROA not before:           Wed 01 Jan 2025 07:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8517
IP address blocks:        161.9.128.0/17 maxlen: 24
                          161.9.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:62:38:ea:4f:a4:d3:02:f2:66:67:50:af:77:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13ea78b28f054f72f5226ae3ec454980ed2a10c9
        Validity
            Not Before: Jan  1 07:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa08f7d4b44de1c581537022ee2d8f2f315126f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:d8:8d:df:42:46:31:bf:a9:1c:00:53:ae:59:
                    dc:cf:88:b9:75:c6:6b:9e:57:62:57:41:36:bf:f4:
                    f3:6d:cc:de:31:bc:f3:a2:34:78:ba:0c:1d:42:95:
                    7c:15:f4:20:89:0d:01:e0:35:4c:20:3b:a9:27:de:
                    ee:13:b8:83:32:72:65:a2:6d:8b:6e:b0:f6:8d:73:
                    99:8e:eb:66:ce:8b:43:17:c0:fb:78:c6:a9:1d:15:
                    99:e4:56:27:c2:4b:63:57:02:ba:81:af:1d:d1:0e:
                    d0:96:a5:55:28:d5:e5:cb:a8:b4:07:68:76:17:38:
                    6c:62:8a:d0:4f:f5:7f:8c:fd:66:11:14:7a:76:d7:
                    28:df:32:35:75:90:19:9b:97:e1:a6:74:ac:93:30:
                    e4:30:23:a3:af:d9:0f:5b:b6:04:97:57:48:2a:b4:
                    b3:95:02:ee:25:04:c6:ce:c0:7f:80:14:fe:d0:46:
                    28:ff:55:71:4c:18:92:7d:5d:a8:d1:41:12:dc:78:
                    d5:ff:57:c3:95:3e:37:59:c6:e1:9b:77:2a:4d:ce:
                    d0:46:88:cc:4a:ad:8a:35:97:21:d4:91:22:2c:3f:
                    6f:d6:ef:ea:40:95:18:6b:68:57:62:1d:35:61:2a:
                    1f:62:27:4a:b1:68:f2:44:6e:83:75:fd:21:5c:15:
                    55:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:08:F7:D4:B4:4D:E1:C5:81:53:70:22:EE:2D:8F:2F:31:51:26:F6
            X509v3 Authority Key Identifier:
                keyid:13:EA:78:B2:8F:05:4F:72:F5:22:6A:E3:EC:45:49:80:ED:2A:10:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/qgj31LRN4cWBU3Ai7i2PLzFRJvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.9.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         0b:e9:ae:36:7f:d0:6e:dd:71:7a:41:8f:46:db:10:ed:90:d9:
         7f:ab:cf:3b:6e:23:88:be:e6:86:22:28:1e:9a:9f:b9:57:37:
         9a:d9:4d:38:68:30:aa:c8:c5:91:35:35:dd:af:9b:f2:e7:c3:
         51:51:fd:ac:c1:ca:09:2c:44:b4:75:40:00:5d:85:41:d4:77:
         e2:98:21:3d:56:d6:6b:d2:63:d7:26:61:b0:b7:86:55:99:16:
         5f:20:fa:94:a0:ae:c8:c4:dc:5f:ba:2e:85:2f:1e:c9:81:95:
         a4:fd:78:0c:67:13:c1:ae:e0:d7:c4:07:bb:43:69:97:1e:6d:
         17:69:cf:d3:6f:7a:b4:e8:3d:ba:3c:fb:da:f5:de:d1:f9:00:
         b4:3c:cb:6d:2f:7b:f2:3c:1e:60:38:0c:57:e9:5e:d0:9b:46:
         0a:4e:1f:b8:de:b3:ec:95:20:4e:ec:02:aa:c4:58:b8:f5:f2:
         b5:ce:ae:16:09:16:01:af:6d:25:d3:d8:26:f0:d0:6a:a8:9c:
         82:07:54:0c:df:e4:df:00:0a:6a:5f:2d:59:28:84:70:01:77:
         84:6e:aa:97:8d:c2:ed:53:f3:f0:1a:88:66:9d:6c:59:1c:c1:
         6b:34:f3:f7:8b:1d:79:6d:00:2f:d5:78:57:08:cc:bd:a2:de:
         42:2d:6b:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1mI46k+k0wLyZmdQr3e5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZWE3OGIyOGYwNTRmNzJmNTIyNmFlM2VjNDU0OTgwZWQy
YTEwYzkwHhcNMjUwMTAxMDc0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTA4ZjdkNGI0NGRlMWM1ODE1MzcwMjJlZTJkOGYyZjMxNTEyNmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4tiN30JGMb+pHABTrlncz4i5dcZr
nldiV0E2v/TzbczeMbzzojR4ugwdQpV8FfQgiQ0B4DVMIDupJ97uE7iDMnJlom2L
brD2jXOZjutmzotDF8D7eMapHRWZ5FYnwktjVwK6ga8d0Q7QlqVVKNXly6i0B2h2
FzhsYorQT/V/jP1mERR6dtco3zI1dZAZm5fhpnSskzDkMCOjr9kPW7YEl1dIKrSz
lQLuJQTGzsB/gBT+0EYo/1VxTBiSfV2o0UES3HjV/1fDlT43Wcbhm3cqTc7QRojM
Sq2KNZch1JEiLD9v1u/qQJUYa2hXYh01YSofYidKsWjyRG6Ddf0hXBVV2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKoI99S0TeHFgVNwIu4tjy8xUSb2MB8GA1UdIwQY
MBaAFBPqeLKPBU9y9SJq4+xFSYDtKhDJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRS1wNHNvOEZUM0wxSW1yajdFVkpnTzBxRU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9iOTcyOTQtMjgwMi00ZDA1LTkxNTUt
MTA5OGQ2ZDg4ZGU4LzEvcWdqMzFMUk40Y1dCVTNBaTdpMlBMekZSSnZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9iOTcyOTQtMjgwMi00ZDA1LTkxNTUtMTA5OGQ2ZDg4ZGU4
LzEvRS1wNHNvOEZUM0wxSW1yajdFVkpnTzBxRU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHoQmAMA0G
CSqGSIb3DQEBCwUAA4IBAQAL6a42f9Bu3XF6QY9G2xDtkNl/q887biOIvuaGIige
mp+5Vzea2U04aDCqyMWRNTXdr5vy58NRUf2swcoJLES0dUAAXYVB1HfimCE9VtZr
0mPXJmGwt4ZVmRZfIPqUoK7IxNxfui6FLx7JgZWk/XgMZxPBruDXxAe7Q2mXHm0X
ac/Tb3q06D26PPva9d7R+QC0PMttL3vyPB5gOAxX6V7Qm0YKTh+43rPslSBO7AKq
xFi49fK1zq4WCRYBr20l09gm8NBqqJyCB1QM3+TfAApqXy1ZKIRwAXeEbqqXjcLt
U/PwGohmnWxZHMFrNPP3ix15bQAv1XhXCMy9ot5CLWvn
-----END CERTIFICATE-----