Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/4e0201-4a04-415f-a5f2-f21b66de9b56/1/qsewLApSJANcPGT3dklt2zSF2HU.roa
File:                     qsewLApSJANcPGT3dklt2zSF2HU.roa (raw, json)
Hash identifier:          bPAVtg7OfBYMMJkAVdTPdE+2AmcR0ogISjqN5CtNEqY=
Subject key identifier:   AA:C7:B0:2C:0A:52:24:03:5C:3C:64:F7:76:49:6D:DB:34:85:D8:75
Certificate issuer:       /CN=84d1dc613d74e6c32dcb9814ce126bd61b52aaa7
Certificate serial:       0194221FB79AD31E7F4C2B50FABC23EB9DBF
Authority key identifier: 84:D1:DC:61:3D:74:E6:C3:2D:CB:98:14:CE:12:6B:D6:1B:52:AA:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hNHcYT105sMty5gUzhJr1htSqqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/4e0201-4a04-415f-a5f2-f21b66de9b56/1/qsewLApSJANcPGT3dklt2zSF2HU.roa
Signing time:             Wed 01 Jan 2025 13:48:11 +0000
ROA not before:           Wed 01 Jan 2025 13:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     559
IP address blocks:        193.247.248.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/4e0201-4a04-415f-a5f2-f21b66de9b56/1/hNHcYT105sMty5gUzhJr1htSqqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/4e0201-4a04-415f-a5f2-f21b66de9b56/1/hNHcYT105sMty5gUzhJr1htSqqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hNHcYT105sMty5gUzhJr1htSqqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 21:50:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b7:9a:d3:1e:7f:4c:2b:50:fa:bc:23:eb:9d:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84d1dc613d74e6c32dcb9814ce126bd61b52aaa7
        Validity
            Not Before: Jan  1 13:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aac7b02c0a5224035c3c64f776496ddb3485d875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:22:65:b7:5e:a0:2d:d4:79:81:bd:68:49:2e:
                    d1:ef:4b:80:19:45:7b:67:92:e6:2c:1f:60:73:4c:
                    5e:b7:3b:f5:b3:e5:1d:5b:2b:15:de:70:aa:2a:45:
                    fc:e8:69:3c:c2:22:54:0c:90:db:58:da:53:52:6c:
                    c0:c4:d2:0e:3b:ef:6d:7e:dc:03:a9:42:6b:7a:92:
                    8c:17:32:83:13:2e:7c:56:19:c7:63:c3:d1:46:b8:
                    9a:69:11:5d:93:1d:e6:d7:55:13:f5:c6:7d:6b:26:
                    f4:84:3f:1e:ca:2d:49:61:8c:59:bd:43:59:47:94:
                    af:e3:76:21:68:00:15:74:e9:c0:16:8b:10:3d:a5:
                    2e:25:d7:05:2a:4b:d8:36:b5:f5:e9:f5:cb:e5:32:
                    dd:ce:f0:49:1e:fc:a0:08:e6:28:43:39:47:45:03:
                    8d:3c:e4:b9:dc:d4:84:3d:a4:89:03:c5:bc:b5:a6:
                    75:4b:7a:9f:da:f1:61:e0:36:78:f3:01:19:d5:93:
                    87:72:5f:c9:16:1d:7d:1a:5e:ef:bf:f1:d6:33:d6:
                    5b:1b:7a:4c:2e:27:28:43:ef:00:bb:07:29:ec:ec:
                    af:97:3c:56:87:fd:95:e6:4e:87:25:82:b4:c4:4a:
                    11:e3:67:95:98:81:10:0c:28:7d:6b:16:fc:26:61:
                    41:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:C7:B0:2C:0A:52:24:03:5C:3C:64:F7:76:49:6D:DB:34:85:D8:75
            X509v3 Authority Key Identifier:
                keyid:84:D1:DC:61:3D:74:E6:C3:2D:CB:98:14:CE:12:6B:D6:1B:52:AA:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hNHcYT105sMty5gUzhJr1htSqqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/4e0201-4a04-415f-a5f2-f21b66de9b56/1/qsewLApSJANcPGT3dklt2zSF2HU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/4e0201-4a04-415f-a5f2-f21b66de9b56/1/hNHcYT105sMty5gUzhJr1htSqqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.247.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:1b:2d:9b:61:b3:6f:67:46:67:fd:c1:f0:e3:6c:0c:8d:0d:
         92:be:a3:0f:a2:63:2b:27:7a:0c:a2:b1:5a:41:bc:9b:6e:c2:
         40:db:08:8b:7d:1e:5d:4e:b0:1d:46:f2:cd:30:f0:95:a1:ac:
         66:3e:e7:5c:80:cd:6e:61:7c:8f:5a:d5:9e:63:a8:99:4b:7a:
         95:3f:f8:c5:a8:7e:6e:6a:ca:ab:ca:9a:8f:c0:2a:a2:96:78:
         ec:e8:68:24:ad:a5:92:df:44:68:b8:96:2c:30:73:00:13:f9:
         77:dc:03:9a:eb:f9:37:50:71:6d:7b:56:4a:a8:c4:cc:8b:99:
         dd:92:f0:28:86:82:90:0f:c2:e3:56:0c:cc:6e:c1:41:5a:2e:
         1c:15:62:69:e7:91:7c:7b:d5:41:1b:6e:12:c3:a1:18:3c:a9:
         47:8d:39:0a:c0:38:03:86:fb:2a:f5:89:9c:13:0f:9d:46:4c:
         c1:71:68:bf:97:ec:46:00:c2:fe:45:18:76:9b:24:d3:08:e8:
         1a:cf:5c:50:f9:6d:e7:c6:c3:04:b1:25:0d:db:e6:d9:df:4b:
         b8:60:95:84:a9:4a:26:96:4e:a8:0d:79:7a:16:40:79:bf:52:
         ce:7a:2f:2e:94:ec:2e:5b:f9:d6:7f:55:55:9c:69:a7:c8:e7:
         27:0d:81:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH7ea0x5/TCtQ+rwj652/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZDFkYzYxM2Q3NGU2YzMyZGNiOTgxNGNlMTI2YmQ2MWI1
MmFhYTcwHhcNMjUwMTAxMTM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWM3YjAyYzBhNTIyNDAzNWMzYzY0Zjc3NjQ5NmRkYjM0ODVkODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8yJlt16gLdR5gb1oSS7R70uAGUV7
Z5LmLB9gc0xetzv1s+UdWysV3nCqKkX86Gk8wiJUDJDbWNpTUmzAxNIOO+9tftwD
qUJrepKMFzKDEy58VhnHY8PRRriaaRFdkx3m11UT9cZ9ayb0hD8eyi1JYYxZvUNZ
R5Sv43YhaAAVdOnAFosQPaUuJdcFKkvYNrX16fXL5TLdzvBJHvygCOYoQzlHRQON
POS53NSEPaSJA8W8taZ1S3qf2vFh4DZ48wEZ1ZOHcl/JFh19Gl7vv/HWM9ZbG3pM
LicoQ+8Auwcp7OyvlzxWh/2V5k6HJYK0xEoR42eVmIEQDCh9axb8JmFBIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKrHsCwKUiQDXDxk93ZJbds0hdh1MB8GA1UdIwQY
MBaAFITR3GE9dObDLcuYFM4Sa9YbUqqnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaE5IY1lUMTA1c010eTVnVXpoSnIxaHRTcXFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy80ZTAyMDEtNGEwNC00MTVmLWE1ZjIt
ZjIxYjY2ZGU5YjU2LzEvcXNld0xBcFNKQU5jUEdUM2RrbHQyelNGMkhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy80ZTAyMDEtNGEwNC00MTVmLWE1ZjItZjIxYjY2ZGU5YjU2
LzEvaE5IY1lUMTA1c010eTVnVXpoSnIxaHRTcXFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwff4MA0G
CSqGSIb3DQEBCwUAA4IBAQB7Gy2bYbNvZ0Zn/cHw42wMjQ2SvqMPomMrJ3oMorFa
QbybbsJA2wiLfR5dTrAdRvLNMPCVoaxmPudcgM1uYXyPWtWeY6iZS3qVP/jFqH5u
asqrypqPwCqilnjs6GgkraWS30RouJYsMHMAE/l33AOa6/k3UHFte1ZKqMTMi5nd
kvAohoKQD8LjVgzMbsFBWi4cFWJp55F8e9VBG24Sw6EYPKlHjTkKwDgDhvsq9Ymc
Ew+dRkzBcWi/l+xGAML+RRh2myTTCOgaz1xQ+W3nxsMEsSUN2+bZ30u4YJWEqUom
lk6oDXl6FkB5v1LOei8ulOwuW/nWf1VVnGmnyOcnDYFl
-----END CERTIFICATE-----