Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/9952c8-2d40-41e2-ba70-61bc7ecc485c/1/Zqcute0EJxNZqsLIYM5IZaAu0eA.roa
File:                     Zqcute0EJxNZqsLIYM5IZaAu0eA.roa (raw, json)
Hash identifier:          Ka5B3hGdb3O+/SiQ/oll6eB0Rldz6LRmTl/iQ6A8Wb8=
Subject key identifier:   66:A7:2E:B5:ED:04:27:13:59:AA:C2:C8:60:CE:48:65:A0:2E:D1:E0
Certificate issuer:       /CN=84abf0c981701aba97e4fcd0bed4e4cdb8692047
Certificate serial:       0194236A36B0E442A5472522B3B8285F103F
Authority key identifier: 84:AB:F0:C9:81:70:1A:BA:97:E4:FC:D0:BE:D4:E4:CD:B8:69:20:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hKvwyYFwGrqX5PzQvtTkzbhpIEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/9952c8-2d40-41e2-ba70-61bc7ecc485c/1/Zqcute0EJxNZqsLIYM5IZaAu0eA.roa
Signing time:             Wed 01 Jan 2025 19:49:10 +0000
ROA not before:           Wed 01 Jan 2025 19:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12130
IP address blocks:        109.71.152.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/9952c8-2d40-41e2-ba70-61bc7ecc485c/1/hKvwyYFwGrqX5PzQvtTkzbhpIEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/9952c8-2d40-41e2-ba70-61bc7ecc485c/1/hKvwyYFwGrqX5PzQvtTkzbhpIEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hKvwyYFwGrqX5PzQvtTkzbhpIEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:36:b0:e4:42:a5:47:25:22:b3:b8:28:5f:10:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84abf0c981701aba97e4fcd0bed4e4cdb8692047
        Validity
            Not Before: Jan  1 19:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66a72eb5ed04271359aac2c860ce4865a02ed1e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:13:19:74:2a:2c:f2:b2:fe:9c:df:25:0a:bc:
                    bf:3b:74:20:74:55:59:bd:77:db:7a:b8:76:e5:ba:
                    c0:a1:39:3c:32:f7:69:dc:b9:28:d9:61:a9:37:c5:
                    e9:48:35:d5:b1:dd:b1:31:aa:25:4a:39:8d:c4:6e:
                    ed:0a:c6:47:56:17:fe:54:0c:d0:bc:ce:35:99:dc:
                    a4:c0:c4:6b:81:c8:ca:13:11:a3:13:9b:b1:9d:7a:
                    04:03:3c:0b:df:34:4f:11:40:aa:d8:45:35:0a:49:
                    b2:c7:4a:ea:46:e2:3f:4c:83:75:ea:63:09:e1:30:
                    31:02:e3:d8:e3:bf:3c:83:3f:a3:50:13:38:0c:37:
                    81:24:15:d4:d2:69:9b:a8:37:ab:f5:42:44:60:36:
                    1e:55:d8:35:c0:7d:04:fb:31:fa:26:29:e6:17:fb:
                    62:99:68:50:7c:fa:13:e9:6d:47:5d:78:7e:72:d4:
                    5f:2b:99:01:54:b3:ff:77:7b:85:55:bf:e6:50:dd:
                    f7:72:49:a1:7c:01:68:27:c7:10:b6:9f:4d:c4:9b:
                    b8:a5:8a:0c:4d:8f:11:f6:b0:5e:b3:9b:31:60:36:
                    34:a6:61:8e:79:08:86:58:ea:3d:16:30:1a:2f:6b:
                    1a:12:a1:54:73:d6:27:7c:61:bf:ca:77:f2:21:8e:
                    ad:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:A7:2E:B5:ED:04:27:13:59:AA:C2:C8:60:CE:48:65:A0:2E:D1:E0
            X509v3 Authority Key Identifier:
                keyid:84:AB:F0:C9:81:70:1A:BA:97:E4:FC:D0:BE:D4:E4:CD:B8:69:20:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hKvwyYFwGrqX5PzQvtTkzbhpIEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/9952c8-2d40-41e2-ba70-61bc7ecc485c/1/Zqcute0EJxNZqsLIYM5IZaAu0eA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/9952c8-2d40-41e2-ba70-61bc7ecc485c/1/hKvwyYFwGrqX5PzQvtTkzbhpIEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.71.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c0:50:57:c2:d6:01:88:32:53:b2:63:66:10:f0:a7:2e:78:26:
         2b:d2:39:d3:89:15:af:74:49:b0:d2:8e:f6:0c:98:2f:b7:37:
         b7:10:91:09:ba:9f:eb:97:ce:d0:2d:3d:cc:c1:98:99:5d:0a:
         fc:de:5c:73:ea:5f:ad:e0:64:4e:1b:a7:58:6b:25:35:bb:a9:
         d2:88:35:f6:03:a3:18:0d:b1:c8:a7:cf:68:4a:bc:29:e6:a0:
         e1:70:7c:21:38:01:6a:9b:a0:8f:03:5f:5b:b8:2e:b0:49:35:
         6f:e1:ba:e7:b1:19:d0:36:f5:5c:f9:1e:62:03:d6:a8:43:6d:
         06:d9:15:66:d8:e6:ca:81:03:14:c9:91:08:db:b9:c2:df:98:
         1b:25:d3:c0:d9:9c:77:2f:3a:c8:77:72:6f:78:1b:f2:72:80:
         3b:4b:e1:7c:bb:fb:9f:cd:d4:21:6a:9e:84:fb:aa:8b:c5:77:
         fa:29:0e:ef:e6:4a:9c:61:98:d3:81:31:19:6a:19:55:09:ed:
         43:ef:4b:c7:5a:f6:03:f4:db:6c:bd:6b:0b:c0:7b:e4:8a:94:
         7d:7f:75:94:a9:a5:eb:22:bf:b6:e0:4e:ad:67:59:64:8e:2c:
         fe:40:89:5d:d6:4b:71:f9:50:ac:d3:dd:2c:d6:20:eb:5f:7e:
         04:b4:43:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajaw5EKlRyUis7goXxA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YWJmMGM5ODE3MDFhYmE5N2U0ZmNkMGJlZDRlNGNkYjg2
OTIwNDcwHhcNMjUwMTAxMTk0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmE3MmViNWVkMDQyNzEzNTlhYWMyYzg2MGNlNDg2NWEwMmVkMWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxMZdCos8rL+nN8lCry/O3QgdFVZ
vXfberh25brAoTk8Mvdp3Lko2WGpN8XpSDXVsd2xMaolSjmNxG7tCsZHVhf+VAzQ
vM41mdykwMRrgcjKExGjE5uxnXoEAzwL3zRPEUCq2EU1Ckmyx0rqRuI/TIN16mMJ
4TAxAuPY4788gz+jUBM4DDeBJBXU0mmbqDer9UJEYDYeVdg1wH0E+zH6JinmF/ti
mWhQfPoT6W1HXXh+ctRfK5kBVLP/d3uFVb/mUN33ckmhfAFoJ8cQtp9NxJu4pYoM
TY8R9rBes5sxYDY0pmGOeQiGWOo9FjAaL2saEqFUc9YnfGG/ynfyIY6tJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGanLrXtBCcTWarCyGDOSGWgLtHgMB8GA1UdIwQY
MBaAFISr8MmBcBq6l+T80L7U5M24aSBHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEt2d3lZRndHcnFYNVB6UXZ0VGt6YmhwSUVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC85OTUyYzgtMmQ0MC00MWUyLWJhNzAt
NjFiYzdlY2M0ODVjLzEvWnFjdXRlMEVKeE5acXNMSVlNNUlaYUF1MGVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC85OTUyYzgtMmQ0MC00MWUyLWJhNzAtNjFiYzdlY2M0ODVj
LzEvaEt2d3lZRndHcnFYNVB6UXZ0VGt6YmhwSUVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbUeYMA0G
CSqGSIb3DQEBCwUAA4IBAQDAUFfC1gGIMlOyY2YQ8KcueCYr0jnTiRWvdEmw0o72
DJgvtze3EJEJup/rl87QLT3MwZiZXQr83lxz6l+t4GROG6dYayU1u6nSiDX2A6MY
DbHIp89oSrwp5qDhcHwhOAFqm6CPA19buC6wSTVv4brnsRnQNvVc+R5iA9aoQ20G
2RVm2ObKgQMUyZEI27nC35gbJdPA2Zx3LzrId3JveBvycoA7S+F8u/ufzdQhap6E
+6qLxXf6KQ7v5kqcYZjTgTEZahlVCe1D70vHWvYD9NtsvWsLwHvkipR9f3WUqaXr
Ir+24E6tZ1lkjiz+QIld1ktx+VCs090s1iDrX34EtEPp
-----END CERTIFICATE-----