Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/QUH08L51MfImU-aeLB1gViX82cI.roa
File:                     QUH08L51MfImU-aeLB1gViX82cI.roa (raw, json)
Hash identifier:          YfmDCd25c+HZBRwpm39HGU+G/47jVrQR3XrIyRY2J8U=
Subject key identifier:   41:41:F4:F0:BE:75:31:F2:26:53:E6:9E:2C:1D:60:56:25:FC:D9:C2
Certificate issuer:       /CN=ac89af60986e6d958322fb026c6b65aeec949a0d
Certificate serial:       0194C57DD89401E6638FF43BA85394A382EB
Authority key identifier: AC:89:AF:60:98:6E:6D:95:83:22:FB:02:6C:6B:65:AE:EC:94:9A:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rImvYJhubZWDIvsCbGtlruyUmg0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/QUH08L51MfImU-aeLB1gViX82cI.roa
Signing time:             Sun 02 Feb 2025 07:09:06 +0000
ROA not before:           Sun 02 Feb 2025 07:09:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216458
IP address blocks:        91.229.202.0/24 maxlen: 24
                          2a13:ce40:6666::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/rImvYJhubZWDIvsCbGtlruyUmg0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/rImvYJhubZWDIvsCbGtlruyUmg0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rImvYJhubZWDIvsCbGtlruyUmg0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:c5:7d:d8:94:01:e6:63:8f:f4:3b:a8:53:94:a3:82:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac89af60986e6d958322fb026c6b65aeec949a0d
        Validity
            Not Before: Feb  2 07:09:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4141f4f0be7531f22653e69e2c1d605625fcd9c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:19:ce:18:dc:ec:68:63:6b:59:c2:d5:45:ec:
                    14:66:0c:59:84:1c:ea:7e:cc:c5:a8:ec:66:f0:26:
                    e0:f5:10:fc:1c:43:80:5c:74:6a:44:69:f1:dc:0c:
                    1a:fa:6f:d1:77:8e:c7:1e:02:83:12:99:ab:a1:65:
                    f7:12:06:f0:cc:b4:13:b5:4c:02:44:ec:d0:c9:0d:
                    fd:18:7c:e7:84:de:49:06:4b:60:30:ce:78:7b:90:
                    a7:6f:97:fe:e3:d0:08:37:36:3a:66:94:74:f7:44:
                    bd:e1:72:39:9a:af:0b:26:27:fc:ff:db:e6:72:1d:
                    7e:55:1c:a7:73:cf:e4:0b:d6:87:1c:72:b0:34:64:
                    e1:fd:6b:94:f6:1c:69:ba:9e:e4:9c:82:46:cf:0e:
                    fd:c7:78:45:a9:09:4e:44:4e:32:5d:14:c9:e7:14:
                    5d:ff:35:63:28:61:85:ab:1b:06:db:04:3e:bd:25:
                    95:a0:0c:d6:f2:e3:07:64:d3:33:9a:35:72:c3:0c:
                    d2:2a:a5:30:89:97:b5:3d:d5:f8:ff:ca:e7:8e:20:
                    67:f6:b3:71:57:1f:21:dc:13:a5:6e:a0:b9:c4:14:
                    20:55:15:3e:75:18:70:8e:4a:4b:b1:f5:0d:a6:1f:
                    6c:4e:a5:61:6c:07:d7:f4:4c:47:ea:f5:ce:e0:2b:
                    41:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:41:F4:F0:BE:75:31:F2:26:53:E6:9E:2C:1D:60:56:25:FC:D9:C2
            X509v3 Authority Key Identifier:
                keyid:AC:89:AF:60:98:6E:6D:95:83:22:FB:02:6C:6B:65:AE:EC:94:9A:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rImvYJhubZWDIvsCbGtlruyUmg0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/QUH08L51MfImU-aeLB1gViX82cI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/rImvYJhubZWDIvsCbGtlruyUmg0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.202.0/24
                IPv6:
                  2a13:ce40:6666::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:4a:19:70:17:80:68:cc:32:cd:af:0c:01:f7:d2:39:b5:ae:
         27:1a:75:94:a8:cc:76:e1:18:10:06:51:d0:6d:6d:78:53:83:
         32:22:c1:fd:81:49:24:ca:e9:e1:c1:84:5f:03:f7:a5:2f:9f:
         19:cb:84:a9:02:fe:76:a5:8e:52:b8:b0:64:fb:61:e8:17:aa:
         8a:ad:60:17:d1:c4:f4:86:a5:5f:d6:a3:8d:4d:48:d4:4e:4b:
         91:b9:78:6a:72:0b:96:69:08:35:d3:d9:3d:33:be:9d:7b:0b:
         74:23:14:3d:74:f0:bb:96:c6:78:eb:bf:6b:7b:3a:ff:12:51:
         45:da:45:98:98:c6:6c:27:61:76:fb:18:c9:bd:cd:1d:dd:86:
         0a:c9:2b:06:b2:45:75:f6:50:d4:9a:f4:64:df:b3:b8:03:42:
         f5:6a:da:5e:c7:8c:6a:2d:87:fa:7c:23:88:f3:a3:48:ab:af:
         29:dc:db:90:61:96:fe:3f:3d:22:51:d3:e4:ff:b8:9e:78:66:
         fe:01:84:4d:d7:d8:ab:41:33:03:da:65:76:f3:1c:6b:f5:0d:
         6d:07:3b:b9:8b:60:88:f9:da:c1:a3:55:d3:d4:12:aa:30:3e:
         45:1f:11:1c:5c:52:1d:f2:90:02:9b:1b:a4:fb:4a:27:1e:d9:
         7e:31:41:ec
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZTFfdiUAeZjj/Q7qFOUo4LrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjODlhZjYwOTg2ZTZkOTU4MzIyZmIwMjZjNmI2NWFlZWM5
NDlhMGQwHhcNMjUwMjAyMDcwOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTQxZjRmMGJlNzUzMWYyMjY1M2U2OWUyYzFkNjA1NjI1ZmNkOWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRnOGNzsaGNrWcLVRewUZgxZhBzq
fszFqOxm8Cbg9RD8HEOAXHRqRGnx3Awa+m/Rd47HHgKDEpmroWX3EgbwzLQTtUwC
ROzQyQ39GHznhN5JBktgMM54e5Cnb5f+49AINzY6ZpR090S94XI5mq8LJif8/9vm
ch1+VRync8/kC9aHHHKwNGTh/WuU9hxpup7knIJGzw79x3hFqQlORE4yXRTJ5xRd
/zVjKGGFqxsG2wQ+vSWVoAzW8uMHZNMzmjVywwzSKqUwiZe1PdX4/8rnjiBn9rNx
Vx8h3BOlbqC5xBQgVRU+dRhwjkpLsfUNph9sTqVhbAfX9ExH6vXO4CtBXQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEFB9PC+dTHyJlPmniwdYFYl/NnCMB8GA1UdIwQY
MBaAFKyJr2CYbm2VgyL7AmxrZa7slJoNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckltdllKaHViWldESXZzQ2JHdGxydXlVbWcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zY2NiODUtOTE4Yi00ZGU4LWJkYTIt
OWM4YmJhNjY0ZmYwLzEvUVVIMDhMNTFNZkltVS1hZUxCMWdWaVg4MmNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zY2NiODUtOTE4Yi00ZGU4LWJkYTItOWM4YmJhNjY0ZmYw
LzEvckltdllKaHViWldESXZzQ2JHdGxydXlVbWcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+XKMA8E
AgACMAkDBwAqE85AZmYwDQYJKoZIhvcNAQELBQADggEBAHpKGXAXgGjMMs2vDAH3
0jm1ricadZSozHbhGBAGUdBtbXhTgzIiwf2BSSTK6eHBhF8D96UvnxnLhKkC/nal
jlK4sGT7YegXqoqtYBfRxPSGpV/Wo41NSNROS5G5eGpyC5ZpCDXT2T0zvp17C3Qj
FD108LuWxnjrv2t7Ov8SUUXaRZiYxmwnYXb7GMm9zR3dhgrJKwayRXX2UNSa9GTf
s7gDQvVq2l7HjGoth/p8I4jzo0irrync25Bhlv4/PSJR0+T/uJ54Zv4BhE3X2KtB
MwPaZXbzHGv1DW0HO7mLYIj52sGjVdPUEqowPkUfERxcUh3ykAKbG6T7Sice2X4x
Qew=
-----END CERTIFICATE-----