Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/qwTTHCXcxwtsgcuGIWM5lbPW5Io.roa
File:                     qwTTHCXcxwtsgcuGIWM5lbPW5Io.roa (raw, json)
Hash identifier:          f/0DiiE2k7pjXg46zZOOFPAkYIW0WGzA9MmvWCkb4Ec=
Subject key identifier:   AB:04:D3:1C:25:DC:C7:0B:6C:81:CB:86:21:63:39:95:B3:D6:E4:8A
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       019427462F7164C9ADCC046AB911CF76ABAF
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/qwTTHCXcxwtsgcuGIWM5lbPW5Io.roa
Signing time:             Thu 02 Jan 2025 13:48:18 +0000
ROA not before:           Thu 02 Jan 2025 13:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197071
IP address blocks:        185.244.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 18:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:2f:71:64:c9:ad:cc:04:6a:b9:11:cf:76:ab:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  2 13:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab04d31c25dcc70b6c81cb8621633995b3d6e48a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:65:3a:9f:09:18:6d:af:8e:f5:ec:c4:01:af:
                    41:b6:1f:da:79:2d:f3:20:6d:57:6d:fa:1f:8b:99:
                    f8:15:9b:98:be:29:4e:58:0f:36:32:58:ef:92:07:
                    bc:41:0d:15:56:b0:48:42:19:61:0f:9f:d4:df:1b:
                    67:54:80:8b:99:bf:39:aa:12:4e:45:9f:ad:f8:df:
                    4a:ff:3f:c2:13:5b:0f:c2:52:e6:4d:00:70:15:a9:
                    c4:bc:df:a1:39:c5:76:c5:88:c1:1a:f8:d6:d3:0a:
                    c6:70:7b:31:62:87:aa:1b:6e:6f:06:a0:77:6f:65:
                    e9:67:66:a7:37:7d:2f:ba:46:59:cd:bf:33:10:e9:
                    59:6f:11:49:5b:7f:40:5d:96:ec:41:c2:e0:2d:ee:
                    29:33:1c:17:a9:e2:5b:cc:0b:cf:15:01:1e:ea:bc:
                    b9:9d:9d:1c:f8:8f:3d:cc:90:d7:ff:e0:31:96:ae:
                    52:37:99:76:23:ca:c0:67:e1:ae:4f:f5:41:7a:d7:
                    47:fe:fc:e0:0c:2a:41:ca:5d:01:43:1c:01:02:cb:
                    c5:48:a5:86:3e:95:1a:9f:68:eb:a8:de:38:a8:44:
                    09:2b:19:51:31:07:6b:31:4e:89:f3:81:38:43:8b:
                    39:c4:59:13:13:3d:5b:cf:b3:87:36:ee:65:0d:22:
                    2a:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:04:D3:1C:25:DC:C7:0B:6C:81:CB:86:21:63:39:95:B3:D6:E4:8A
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/qwTTHCXcxwtsgcuGIWM5lbPW5Io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:f7:da:aa:f5:74:4f:67:ba:d0:d0:ed:0a:a3:39:28:ad:ec:
         76:69:e4:f2:70:64:34:48:55:a1:6c:8f:73:a4:cb:eb:5f:e8:
         a5:5e:3f:a7:e3:fa:db:2e:d9:be:ee:5d:1c:ce:fb:07:75:f2:
         1e:01:39:23:35:c1:99:e0:d0:b2:f8:73:da:fb:49:3d:d4:e2:
         27:52:f3:2f:26:d5:64:51:b8:d7:9a:e6:58:2e:59:98:9b:26:
         cf:47:0d:87:ed:c0:68:3b:ce:12:8b:c8:5c:23:a0:de:46:07:
         44:45:e3:ac:3b:34:5d:db:29:92:2c:1e:10:fa:55:ba:6c:1f:
         21:8c:6d:2c:fc:07:df:b3:4f:0c:66:bb:61:6a:b1:71:bb:1e:
         bb:9b:f8:2e:5e:b9:96:20:3c:0c:44:df:d9:75:6b:12:22:f5:
         e6:10:eb:77:26:64:00:63:89:ef:e2:24:be:73:39:28:b0:39:
         84:08:28:f0:4b:2b:2a:ab:3f:80:aa:a4:ed:d7:92:7a:d8:46:
         2e:6a:0d:3a:f4:bc:c3:9f:7a:b9:ca:16:32:79:3c:d1:69:17:
         79:a4:64:9c:ab:5a:b3:a8:f8:ed:b8:79:f1:34:52:1c:78:6b:
         53:49:4a:7d:64:bf:7f:63:2f:59:cd:48:65:7f:43:ed:26:2b:
         c3:d1:4b:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRi9xZMmtzARquRHPdquvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjUwMTAyMTM0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjA0ZDMxYzI1ZGNjNzBiNmM4MWNiODYyMTYzMzk5NWIzZDZlNDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGU6nwkYba+O9ezEAa9Bth/aeS3z
IG1Xbfofi5n4FZuYvilOWA82Mljvkge8QQ0VVrBIQhlhD5/U3xtnVICLmb85qhJO
RZ+t+N9K/z/CE1sPwlLmTQBwFanEvN+hOcV2xYjBGvjW0wrGcHsxYoeqG25vBqB3
b2XpZ2anN30vukZZzb8zEOlZbxFJW39AXZbsQcLgLe4pMxwXqeJbzAvPFQEe6ry5
nZ0c+I89zJDX/+Axlq5SN5l2I8rAZ+GuT/VBetdH/vzgDCpByl0BQxwBAsvFSKWG
PpUan2jrqN44qEQJKxlRMQdrMU6J84E4Q4s5xFkTEz1bz7OHNu5lDSIq0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsE0xwl3McLbIHLhiFjOZWz1uSKMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvcXdUVEhDWGN4d3RzZ2N1R0lXTTVsYlBXNUlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufQZMA0G
CSqGSIb3DQEBCwUAA4IBAQAy99qq9XRPZ7rQ0O0Kozkorex2aeTycGQ0SFWhbI9z
pMvrX+ilXj+n4/rbLtm+7l0czvsHdfIeATkjNcGZ4NCy+HPa+0k91OInUvMvJtVk
UbjXmuZYLlmYmybPRw2H7cBoO84Si8hcI6DeRgdEReOsOzRd2ymSLB4Q+lW6bB8h
jG0s/Affs08MZrtharFxux67m/guXrmWIDwMRN/ZdWsSIvXmEOt3JmQAY4nv4iS+
czkosDmECCjwSysqqz+AqqTt15J62EYuag069LzDn3q5yhYyeTzRaRd5pGScq1qz
qPjtuHnxNFIceGtTSUp9ZL9/Yy9ZzUhlf0PtJivD0Uv+
-----END CERTIFICATE-----