Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/QgQPTUqWSoJLC8pH1ZTpV9J6Spg.roa
File:                     QgQPTUqWSoJLC8pH1ZTpV9J6Spg.roa (raw, json)
Hash identifier:          roAeP2l3vRUpAFpkZSsf9wX3WRLL0BI8ikMQ5kYqDxQ=
Subject key identifier:   42:04:0F:4D:4A:96:4A:82:4B:0B:CA:47:D5:94:E9:57:D2:7A:4A:98
Certificate issuer:       /CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
Certificate serial:       019421B19FCE33875407FE667EDBEF2BFBF3
Authority key identifier: 9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/QgQPTUqWSoJLC8pH1ZTpV9J6Spg.roa
Signing time:             Wed 01 Jan 2025 11:47:56 +0000
ROA not before:           Wed 01 Jan 2025 11:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24989
IP address blocks:        194.8.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:9f:ce:33:87:54:07:fe:66:7e:db:ef:2b:fb:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
        Validity
            Not Before: Jan  1 11:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42040f4d4a964a824b0bca47d594e957d27a4a98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1a:91:ca:df:16:6e:24:be:17:cf:af:d5:31:
                    5e:46:71:96:d3:e6:03:01:42:c2:3c:d6:c1:a8:1a:
                    8d:40:cc:c2:dc:33:60:2e:61:18:75:50:53:a6:f0:
                    c4:db:d2:86:1b:bb:2e:38:73:84:51:84:da:df:f5:
                    24:2f:91:65:fc:24:92:7c:b5:a6:a5:30:11:37:98:
                    fa:b0:27:7f:4f:75:79:fd:d2:d3:59:a4:f4:3e:63:
                    3a:c5:2c:d4:3d:92:e3:e7:96:ca:b2:9a:0c:7d:52:
                    fc:79:73:1f:8c:a0:1b:78:6c:81:a3:5b:a9:69:bd:
                    c7:9d:ac:94:ce:c7:f4:38:74:8c:d1:e0:c6:4c:28:
                    f4:ba:40:f3:1f:92:b0:45:b8:31:e2:15:3e:95:b2:
                    f7:71:82:de:a5:da:6c:09:15:75:a9:66:41:09:96:
                    d7:ab:4e:39:27:a1:22:e3:00:d7:02:1b:3d:4b:f9:
                    76:53:bf:62:ce:e9:ba:f2:23:b1:b3:fc:e2:f5:25:
                    b9:b1:d1:f1:70:e5:29:76:59:0f:17:54:24:41:6e:
                    11:01:a7:88:02:17:62:92:80:d6:4d:24:28:8b:cf:
                    c2:23:d4:13:fc:2c:6c:0d:59:e8:e3:f6:65:57:1f:
                    83:95:b1:e4:4d:ea:7c:70:de:45:1d:32:eb:77:59:
                    fc:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:04:0F:4D:4A:96:4A:82:4B:0B:CA:47:D5:94:E9:57:D2:7A:4A:98
            X509v3 Authority Key Identifier:
                keyid:9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/QgQPTUqWSoJLC8pH1ZTpV9J6Spg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:32:3a:13:98:c3:61:9a:88:2e:37:63:a6:07:c5:00:71:05:
         6c:cf:b6:99:5f:84:a5:81:62:6b:37:d9:85:48:9c:b9:72:b8:
         9f:3a:98:f0:ce:a9:59:17:d0:7e:ae:4c:86:7a:b5:c2:ae:f3:
         9e:1d:e7:aa:75:3d:1d:29:0e:85:d1:02:1d:76:cd:8e:e4:37:
         bb:97:b1:e1:05:54:c9:95:e8:e7:94:ea:94:db:c2:a2:1c:ae:
         8c:0e:87:9a:ae:d7:4c:b6:76:d9:8b:3c:d7:ca:57:f3:6a:03:
         8d:87:6c:4e:68:fb:37:d1:e1:d5:6b:97:e2:5b:a7:f9:23:61:
         62:e0:98:d0:89:a1:a3:2e:e0:47:64:83:98:a1:b2:90:39:eb:
         99:4c:73:35:d6:a2:d7:3f:30:50:e7:db:3c:58:47:a1:9c:2f:
         f8:39:7c:53:a8:13:17:0a:ac:cd:e9:cb:57:7b:2f:41:5a:c5:
         f1:62:84:fc:89:83:28:af:f2:eb:a6:b5:01:16:ec:09:ef:44:
         be:ac:24:4c:25:d2:ff:88:a6:25:22:58:fe:03:ad:03:9d:5e:
         3e:40:e2:6a:50:e7:33:47:df:5d:1c:13:5f:f8:1f:0e:a8:5d:
         b9:7d:c6:c9:1e:5f:62:21:96:52:4c:aa:3f:40:43:df:50:18:
         23:88:81:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsZ/OM4dUB/5mftvvK/vzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNWRlNDkwZmY4NzRlOTY4OWNlY2Y3MjZjYmI0ZTJmNTFm
NmM3MzEwHhcNMjUwMTAxMTE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjA0MGY0ZDRhOTY0YTgyNGIwYmNhNDdkNTk0ZTk1N2QyN2E0YTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxqRyt8WbiS+F8+v1TFeRnGW0+YD
AULCPNbBqBqNQMzC3DNgLmEYdVBTpvDE29KGG7suOHOEUYTa3/UkL5Fl/CSSfLWm
pTARN5j6sCd/T3V5/dLTWaT0PmM6xSzUPZLj55bKspoMfVL8eXMfjKAbeGyBo1up
ab3HnayUzsf0OHSM0eDGTCj0ukDzH5KwRbgx4hU+lbL3cYLepdpsCRV1qWZBCZbX
q045J6Ei4wDXAhs9S/l2U79izum68iOxs/zi9SW5sdHxcOUpdlkPF1QkQW4RAaeI
AhdikoDWTSQoi8/CI9QT/CxsDVno4/ZlVx+DlbHkTep8cN5FHTLrd1n8+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIED01KlkqCSwvKR9WU6VfSekqYMB8GA1UdIwQY
MBaAFJ1d5JD/h06Wic7Pcmy7Ti9R9scxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUt
Y2VjMzNiYTFiZGY1LzEvUWdRUFRVcVdTb0pMQzhwSDFaVHBWOUo2U3BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUtY2VjMzNiYTFiZGY1
LzEvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgh7MA0G
CSqGSIb3DQEBCwUAA4IBAQCDMjoTmMNhmoguN2OmB8UAcQVsz7aZX4SlgWJrN9mF
SJy5crifOpjwzqlZF9B+rkyGerXCrvOeHeeqdT0dKQ6F0QIdds2O5De7l7HhBVTJ
lejnlOqU28KiHK6MDoeartdMtnbZizzXylfzagONh2xOaPs30eHVa5fiW6f5I2Fi
4JjQiaGjLuBHZIOYobKQOeuZTHM11qLXPzBQ59s8WEehnC/4OXxTqBMXCqzN6ctX
ey9BWsXxYoT8iYMor/LrprUBFuwJ70S+rCRMJdL/iKYlIlj+A60DnV4+QOJqUOcz
R99dHBNf+B8OqF25fcbJHl9iIZZSTKo/QEPfUBgjiIGQ
-----END CERTIFICATE-----