Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/qBWUDdq6JGEqcxPlF6Ytcy33dJA.roa
File:                     qBWUDdq6JGEqcxPlF6Ytcy33dJA.roa (raw, json)
Hash identifier:          00VI12BlUP26JR+mPLQ+RfjLscfTifDKz5JZWGxyZBQ=
Subject key identifier:   A8:15:94:0D:DA:BA:24:61:2A:73:13:E5:17:A6:2D:73:2D:F7:74:90
Certificate issuer:       /CN=b79220a805e4378547e43bac731ce86fe01145c7
Certificate serial:       0194236A0914C0178CB4165D894429AAB579
Authority key identifier: B7:92:20:A8:05:E4:37:85:47:E4:3B:AC:73:1C:E8:6F:E0:11:45:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/qBWUDdq6JGEqcxPlF6Ytcy33dJA.roa
Signing time:             Wed 01 Jan 2025 19:48:59 +0000
ROA not before:           Wed 01 Jan 2025 19:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205416
IP address blocks:        185.92.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:09:14:c0:17:8c:b4:16:5d:89:44:29:aa:b5:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b79220a805e4378547e43bac731ce86fe01145c7
        Validity
            Not Before: Jan  1 19:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a815940ddaba24612a7313e517a62d732df77490
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:26:b2:25:53:91:a0:84:76:f4:fa:7e:c3:28:
                    63:f0:d4:51:40:cd:71:52:06:5d:c8:1e:7d:95:cf:
                    bc:c8:8c:07:37:9f:ea:fc:85:a3:a3:e7:7e:40:f6:
                    6c:51:8a:7e:48:18:be:a6:99:fe:36:84:d1:10:97:
                    bd:6b:a6:74:69:74:b7:69:12:52:51:09:49:51:90:
                    6e:99:c4:9b:86:74:7c:67:50:de:d0:d7:97:d3:e1:
                    97:3a:ee:2e:23:41:ed:94:19:1b:54:46:5e:59:f6:
                    73:e3:27:bc:20:56:b7:3a:e9:9b:af:50:8d:c5:8a:
                    f9:03:36:2a:0d:48:f9:45:59:cd:03:b3:79:f2:40:
                    6e:11:1e:8d:3b:b1:51:b2:43:a3:87:40:22:a0:78:
                    66:82:c9:20:91:70:0c:18:bf:ef:78:d9:b8:5c:49:
                    7d:c3:ed:d1:dd:d1:71:a5:34:21:38:5a:af:17:d3:
                    68:82:a7:7e:56:76:ee:09:8d:a1:5d:67:ed:5b:b9:
                    cd:7b:ec:bd:13:20:f9:34:b8:d2:fe:ea:0f:84:5e:
                    3f:42:e0:92:6f:12:f5:f9:3d:d6:93:1c:4d:9a:a7:
                    b6:84:1c:b2:81:b1:f4:cc:12:d2:d5:0f:39:0e:d1:
                    1b:f3:0b:27:04:36:66:5c:66:b4:e5:90:cd:1c:58:
                    91:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:15:94:0D:DA:BA:24:61:2A:73:13:E5:17:A6:2D:73:2D:F7:74:90
            X509v3 Authority Key Identifier:
                keyid:B7:92:20:A8:05:E4:37:85:47:E4:3B:AC:73:1C:E8:6F:E0:11:45:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/qBWUDdq6JGEqcxPlF6Ytcy33dJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:b2:50:df:b1:c5:d0:09:c9:1f:43:42:14:2e:47:93:b9:43:
         8a:a1:9d:f8:4d:e7:e6:a4:a5:8e:83:af:1b:2b:a9:92:da:5f:
         e6:3b:31:ce:f3:c0:96:83:34:af:f2:eb:df:52:bf:86:4d:83:
         2c:b8:1f:0e:9b:dd:01:cd:e6:45:7f:26:91:70:d7:7f:0c:1a:
         89:53:39:de:50:60:01:3a:55:c1:c4:e7:5e:ac:24:18:e2:6d:
         85:4a:e0:9a:56:89:11:9a:c5:d5:d5:f8:7f:16:47:20:a6:6a:
         60:7f:ba:81:aa:0f:43:57:50:d6:75:6f:7d:a2:d3:b4:a4:c7:
         21:21:05:59:d9:0c:34:30:68:a9:7a:5f:07:de:31:5e:53:2e:
         39:71:47:62:41:22:7a:f9:e2:2f:f9:d8:e8:d1:0c:c8:82:ce:
         d6:41:24:29:68:53:99:59:e5:5b:57:60:b0:64:d2:20:f1:ed:
         2b:f4:e0:45:6f:e9:92:72:0f:ef:e8:39:70:ac:20:83:68:83:
         6b:71:91:3b:fa:f4:e5:07:8f:8f:37:7c:d2:c1:66:02:0f:1b:
         c6:3c:55:3c:2f:a0:81:0b:91:be:66:96:cc:40:0f:bf:f4:5f:
         00:3f:98:ff:e8:35:6d:d4:54:1b:95:7e:05:e6:f8:95:7f:77:
         57:f2:9b:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjagkUwBeMtBZdiUQpqrV5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OTIyMGE4MDVlNDM3ODU0N2U0M2JhYzczMWNlODZmZTAx
MTQ1YzcwHhcNMjUwMTAxMTk0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODE1OTQwZGRhYmEyNDYxMmE3MzEzZTUxN2E2MmQ3MzJkZjc3NDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yayJVORoIR29Pp+wyhj8NRRQM1x
UgZdyB59lc+8yIwHN5/q/IWjo+d+QPZsUYp+SBi+ppn+NoTREJe9a6Z0aXS3aRJS
UQlJUZBumcSbhnR8Z1De0NeX0+GXOu4uI0HtlBkbVEZeWfZz4ye8IFa3Oumbr1CN
xYr5AzYqDUj5RVnNA7N58kBuER6NO7FRskOjh0AioHhmgskgkXAMGL/veNm4XEl9
w+3R3dFxpTQhOFqvF9Nogqd+VnbuCY2hXWftW7nNe+y9EyD5NLjS/uoPhF4/QuCS
bxL1+T3WkxxNmqe2hByygbH0zBLS1Q85DtEb8wsnBDZmXGa05ZDNHFiRaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKgVlA3auiRhKnMT5RemLXMt93SQMB8GA1UdIwQY
MBaAFLeSIKgF5DeFR+Q7rHMc6G/gEUXHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDVJZ3FBWGtONFZINUR1c2N4em9iLUFSUmNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9lN2Y4ODQtY2Y3Yi00OTFjLTllZDkt
NDIzYWZjMmI2OGI4LzEvcUJXVURkcTZKR0VxY3hQbEY2WXRjeTMzZEpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9lN2Y4ODQtY2Y3Yi00OTFjLTllZDktNDIzYWZjMmI2OGI4
LzEvdDVJZ3FBWGtONFZINUR1c2N4em9iLUFSUmNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVzUMA0G
CSqGSIb3DQEBCwUAA4IBAQA/slDfscXQCckfQ0IULkeTuUOKoZ34TefmpKWOg68b
K6mS2l/mOzHO88CWgzSv8uvfUr+GTYMsuB8Om90BzeZFfyaRcNd/DBqJUzneUGAB
OlXBxOderCQY4m2FSuCaVokRmsXV1fh/Fkcgpmpgf7qBqg9DV1DWdW99otO0pMch
IQVZ2Qw0MGipel8H3jFeUy45cUdiQSJ6+eIv+djo0QzIgs7WQSQpaFOZWeVbV2Cw
ZNIg8e0r9OBFb+mScg/v6DlwrCCDaINrcZE7+vTlB4+PN3zSwWYCDxvGPFU8L6CB
C5G+ZpbMQA+/9F8AP5j/6DVt1FQblX4F5viVf3dX8pua
-----END CERTIFICATE-----