Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/KQBuRgw8Y0KbmmlDf0vAM2YIaPA.roa
File:                     KQBuRgw8Y0KbmmlDf0vAM2YIaPA.roa (raw, json)
Hash identifier:          QXf4EjAiEGLAr0x3Q6vwc7700G3/acnAdSocqpfwwj8=
Subject key identifier:   29:00:6E:46:0C:3C:63:42:9B:9A:69:43:7F:4B:C0:33:66:08:68:F0
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       0194236A63BFD26F20B5384BEAD2EBA1D948
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/KQBuRgw8Y0KbmmlDf0vAM2YIaPA.roa
Signing time:             Wed 01 Jan 2025 19:49:22 +0000
ROA not before:           Wed 01 Jan 2025 19:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42517
IP address blocks:        145.35.0.0/16 maxlen: 24
                          145.35.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:63:bf:d2:6f:20:b5:38:4b:ea:d2:eb:a1:d9:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  1 19:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29006e460c3c63429b9a69437f4bc033660868f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:84:62:f9:39:30:14:11:99:f8:5b:7b:08:b3:
                    de:39:61:36:7b:a2:92:46:ce:27:27:e4:2c:28:09:
                    8b:15:76:e7:d7:6d:1f:9a:79:ce:56:36:16:6f:b5:
                    0a:c9:88:21:69:85:56:75:06:d0:53:bb:a2:d6:93:
                    3e:53:e6:81:57:99:9c:2a:db:ca:07:d4:3b:57:31:
                    60:d1:2c:e8:61:81:22:c8:ba:53:24:d6:85:23:20:
                    fe:01:e5:36:f7:9a:1b:37:f3:c3:14:1f:d4:22:31:
                    ce:f4:89:bd:75:8c:17:b6:a2:9f:6e:15:92:27:df:
                    0c:45:e8:aa:e3:55:eb:ab:82:29:d9:de:fd:aa:28:
                    f3:87:2b:36:19:dc:17:ba:cb:03:80:0a:09:ef:c8:
                    f3:c5:c4:65:d9:23:c0:c9:81:4b:ef:17:5b:d4:17:
                    79:e2:36:79:53:2c:b6:09:fa:b0:48:6a:03:60:4d:
                    00:9e:70:b1:81:9a:34:6e:1d:0a:ca:33:e8:01:d0:
                    04:c6:38:02:43:27:c1:37:07:ca:c2:04:b3:bb:8d:
                    ad:65:d3:37:05:25:44:75:f1:03:c4:0d:f9:f1:ef:
                    27:c4:48:28:29:71:a4:f7:9e:96:b5:e4:02:f5:2c:
                    31:64:ca:95:ef:9b:8b:c5:bd:e7:17:2c:77:1c:7c:
                    3e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:00:6E:46:0C:3C:63:42:9B:9A:69:43:7F:4B:C0:33:66:08:68:F0
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/KQBuRgw8Y0KbmmlDf0vAM2YIaPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.35.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a3:60:c4:46:76:ac:2b:6b:1b:2f:aa:a7:98:84:36:2d:d7:76:
         dd:5c:d3:3f:d8:7b:ab:07:86:68:2e:ae:15:50:b5:31:d9:c0:
         96:23:8b:e1:a4:a2:5a:0e:f2:71:e7:9e:0e:d2:66:77:23:d4:
         d9:02:0e:c2:6a:d4:02:c8:61:2d:df:fe:11:a7:c7:7f:bd:b7:
         2a:0b:70:da:e1:2c:be:1f:e8:1b:47:8e:a1:b7:a9:ff:c7:16:
         a2:d1:7e:83:d0:b7:02:92:5e:f6:e4:4c:31:8c:43:38:16:97:
         3a:b8:bd:07:d3:ec:fb:82:7c:de:43:a9:63:c7:85:95:29:b3:
         f5:e4:81:74:5c:8a:c8:2a:f1:d1:2e:34:1a:50:41:fe:9d:ed:
         74:5b:e5:b3:4c:9d:79:ba:af:5b:3f:44:76:61:c1:ca:f7:21:
         17:bf:64:67:3e:f9:71:87:c7:dc:57:60:57:28:25:79:85:84:
         6d:50:c6:82:e8:ae:76:0a:b6:25:65:14:d9:93:48:d6:6e:d9:
         39:54:2e:b4:74:d9:83:92:4e:93:dc:c2:bd:b1:c6:78:cc:85:
         fa:18:13:80:c9:06:a5:55:da:d1:8d:04:ea:c3:57:bf:79:b2:
         59:4f:2b:54:86:29:14:f7:ad:24:46:a0:d2:cf:10:56:82:23:
         84:b1:0b:83
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQjamO/0m8gtThL6tLrodlIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjUwMTAxMTk0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTAwNmU0NjBjM2M2MzQyOWI5YTY5NDM3ZjRiYzAzMzY2MDg2OGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYRi+TkwFBGZ+Ft7CLPeOWE2e6KS
Rs4nJ+QsKAmLFXbn120fmnnOVjYWb7UKyYghaYVWdQbQU7ui1pM+U+aBV5mcKtvK
B9Q7VzFg0SzoYYEiyLpTJNaFIyD+AeU295obN/PDFB/UIjHO9Im9dYwXtqKfbhWS
J98MReiq41Xrq4Ip2d79qijzhys2GdwXussDgAoJ78jzxcRl2SPAyYFL7xdb1Bd5
4jZ5Uyy2CfqwSGoDYE0AnnCxgZo0bh0KyjPoAdAExjgCQyfBNwfKwgSzu42tZdM3
BSVEdfEDxA358e8nxEgoKXGk956WteQC9SwxZMqV75uLxb3nFyx3HHw+PwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCkAbkYMPGNCm5ppQ39LwDNmCGjwMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvS1FCdVJndzhZMEtibW1sRGYwdkFNMllJYVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkSMwDQYJ
KoZIhvcNAQELBQADggEBAKNgxEZ2rCtrGy+qp5iENi3Xdt1c0z/Ye6sHhmgurhVQ
tTHZwJYji+GkoloO8nHnng7SZncj1NkCDsJq1ALIYS3f/hGnx3+9tyoLcNrhLL4f
6BtHjqG3qf/HFqLRfoPQtwKSXvbkTDGMQzgWlzq4vQfT7PuCfN5DqWPHhZUps/Xk
gXRcisgq8dEuNBpQQf6d7XRb5bNMnXm6r1s/RHZhwcr3IRe/ZGc++XGHx9xXYFco
JXmFhG1QxoLornYKtiVlFNmTSNZu2TlULrR02YOSTpPcwr2xxnjMhfoYE4DJBqVV
2tGNBOrDV795sllPK1SGKRT3rSRGoNLPEFaCI4SxC4M=
-----END CERTIFICATE-----