Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/cqDq4tCqin-RxETDXp25AqdBSeE.roa
File:                     cqDq4tCqin-RxETDXp25AqdBSeE.roa (raw, json)
Hash identifier:          RTcBG4WyCxixqgAm7DJ0Zrr1Fu3C+khmPuB8vFple2U=
Subject key identifier:   72:A0:EA:E2:D0:AA:8A:7F:91:C4:44:C3:5E:9D:B9:02:A7:41:49:E1
Certificate issuer:       /CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
Certificate serial:       01941FFA66C9F1AFDAA7D69B36EF34923B43
Authority key identifier: 81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/cqDq4tCqin-RxETDXp25AqdBSeE.roa
Signing time:             Wed 01 Jan 2025 03:48:11 +0000
ROA not before:           Wed 01 Jan 2025 03:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41229
IP address blocks:        195.64.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:66:c9:f1:af:da:a7:d6:9b:36:ef:34:92:3b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
        Validity
            Not Before: Jan  1 03:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72a0eae2d0aa8a7f91c444c35e9db902a74149e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d3:ad:be:eb:57:2e:42:1b:ae:45:37:03:68:
                    ea:e6:e2:0b:1e:92:4d:7f:f2:e7:fd:d3:e7:2f:4e:
                    15:29:ae:5e:b5:6f:ab:87:c6:02:51:42:af:ef:58:
                    f3:cc:30:fc:45:41:d6:bd:ba:4c:dc:a3:5f:d3:b4:
                    65:b2:07:32:c2:01:34:b7:35:67:f9:c1:35:3b:ae:
                    c4:80:bc:7e:59:18:d3:aa:1b:3b:94:c9:f6:d2:c2:
                    16:12:3d:ba:cc:bf:bd:e9:69:16:f2:e7:23:fe:10:
                    8a:34:b9:4b:20:85:34:89:de:2e:b2:ab:f4:1a:e8:
                    85:37:a1:3f:3c:bf:36:7a:2a:23:7d:7c:4e:eb:d2:
                    ad:54:78:30:b9:f7:38:60:3a:cc:ee:ef:1b:d5:59:
                    f7:e7:0b:42:fa:56:d3:80:36:c1:68:10:7b:7b:1a:
                    de:22:fe:16:87:86:a7:11:70:de:25:69:a3:d5:b9:
                    88:10:86:bc:8a:35:22:e5:53:aa:a7:77:e8:30:70:
                    66:e2:38:a9:47:12:61:69:da:99:be:15:80:e7:91:
                    6e:1b:0c:fa:d0:74:66:37:8c:65:2e:42:37:f5:e7:
                    8f:79:f7:93:3a:28:aa:22:89:ea:85:af:5e:12:f2:
                    62:ab:03:98:1c:62:77:c1:87:76:b3:16:6d:2b:16:
                    3f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:A0:EA:E2:D0:AA:8A:7F:91:C4:44:C3:5E:9D:B9:02:A7:41:49:E1
            X509v3 Authority Key Identifier:
                keyid:81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/cqDq4tCqin-RxETDXp25AqdBSeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:91:33:b2:5d:77:f1:4f:c8:d2:0f:dc:67:53:62:51:b7:39:
         98:d7:84:cb:19:ba:0c:0d:d7:bc:e6:17:c8:54:db:65:39:a0:
         3e:59:05:31:b5:18:2f:ae:6d:df:5c:31:e6:77:7f:26:54:5f:
         d8:fe:9a:6c:32:8c:27:e1:7d:6f:2b:68:97:5a:53:60:ef:fb:
         98:82:99:7e:9e:28:2e:dd:ad:25:55:3e:69:51:07:fc:4d:d8:
         77:25:14:79:62:19:34:03:13:5c:6b:9b:d4:2e:0c:18:5b:9d:
         11:b5:95:a4:6f:d0:d5:ca:b0:74:cc:96:e2:55:ac:50:ad:db:
         31:73:e6:ba:8e:0f:bd:93:87:64:9f:3a:0a:a7:df:db:0b:21:
         eb:4e:b6:49:fe:52:e9:2c:3f:af:37:bf:29:02:3b:3f:9c:c5:
         4a:d8:5a:db:7f:d0:cb:e6:50:2e:d4:95:d6:7b:c0:16:7f:3d:
         9c:58:cf:54:f9:3e:2b:68:d7:03:e5:fd:cc:8f:69:d2:48:d5:
         26:cb:b0:63:c7:fd:2d:08:e3:3a:dc:3c:ca:4d:ab:8f:fa:5b:
         27:d9:2b:bb:40:e9:64:ee:fc:a4:39:74:92:08:71:31:57:c6:
         7c:e5:1d:14:30:10:8a:86:9b:18:7b:29:e7:8a:a1:87:4c:21:
         b7:5c:22:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+mbJ8a/ap9abNu80kjtDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZmE0OGY0MGJjODQ1NDBjNDZiZDIzYmU5YjkwODk3YWEx
ODRmNGQwHhcNMjUwMTAxMDM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmEwZWFlMmQwYWE4YTdmOTFjNDQ0YzM1ZTlkYjkwMmE3NDE0OWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltOtvutXLkIbrkU3A2jq5uILHpJN
f/Ln/dPnL04VKa5etW+rh8YCUUKv71jzzDD8RUHWvbpM3KNf07RlsgcywgE0tzVn
+cE1O67EgLx+WRjTqhs7lMn20sIWEj26zL+96WkW8ucj/hCKNLlLIIU0id4usqv0
GuiFN6E/PL82eiojfXxO69KtVHgwufc4YDrM7u8b1Vn35wtC+lbTgDbBaBB7exre
Iv4Wh4anEXDeJWmj1bmIEIa8ijUi5VOqp3foMHBm4jipRxJhadqZvhWA55FuGwz6
0HRmN4xlLkI39eePefeTOiiqIonqha9eEvJiqwOYHGJ3wYd2sxZtKxY/DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKg6uLQqop/kcREw16duQKnQUnhMB8GA1UdIwQY
MBaAFIH6SPQLyEVAxGvSO+m5CJeqGE9NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEt
OGU5M2NiNWM1MzU1LzEvY3FEcTR0Q3Fpbi1SeEVURFhwMjVBcWRCU2VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEtOGU5M2NiNWM1MzU1
LzEvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0D8MA0G
CSqGSIb3DQEBCwUAA4IBAQCikTOyXXfxT8jSD9xnU2JRtzmY14TLGboMDde85hfI
VNtlOaA+WQUxtRgvrm3fXDHmd38mVF/Y/ppsMown4X1vK2iXWlNg7/uYgpl+nigu
3a0lVT5pUQf8Tdh3JRR5Yhk0AxNca5vULgwYW50RtZWkb9DVyrB0zJbiVaxQrdsx
c+a6jg+9k4dknzoKp9/bCyHrTrZJ/lLpLD+vN78pAjs/nMVK2Frbf9DL5lAu1JXW
e8AWfz2cWM9U+T4raNcD5f3Mj2nSSNUmy7Bjx/0tCOM63DzKTauP+lsn2Su7QOlk
7vykOXSSCHExV8Z85R0UMBCKhpsYeynniqGHTCG3XCKN
-----END CERTIFICATE-----