Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/f93da2-1457-4cd9-9073-806a315dd1fd/1/qzdc_fwaLRJwIIHpIg8vA5h4lo0.roa
File:                     qzdc_fwaLRJwIIHpIg8vA5h4lo0.roa (raw, json)
Hash identifier:          V/FGmYc5ZjOuTnWlxFYXLE8AFUo6wdD1TCze3ez9KOM=
Subject key identifier:   AB:37:5C:FD:FC:1A:2D:12:70:20:81:E9:22:0F:2F:03:98:78:96:8D
Certificate issuer:       /CN=84df54bdc104106cdb299e01ef08a60985ec35fb
Certificate serial:       019425FC819307D9ED2FE9F2C560E6E49D48
Authority key identifier: 84:DF:54:BD:C1:04:10:6C:DB:29:9E:01:EF:08:A6:09:85:EC:35:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hN9UvcEEEGzbKZ4B7wimCYXsNfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/f93da2-1457-4cd9-9073-806a315dd1fd/1/qzdc_fwaLRJwIIHpIg8vA5h4lo0.roa
Signing time:             Thu 02 Jan 2025 07:48:12 +0000
ROA not before:           Thu 02 Jan 2025 07:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51918
IP address blocks:        185.117.236.0/22 maxlen: 22
                          2a06:94c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/f93da2-1457-4cd9-9073-806a315dd1fd/1/hN9UvcEEEGzbKZ4B7wimCYXsNfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/f93da2-1457-4cd9-9073-806a315dd1fd/1/hN9UvcEEEGzbKZ4B7wimCYXsNfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hN9UvcEEEGzbKZ4B7wimCYXsNfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 13:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:81:93:07:d9:ed:2f:e9:f2:c5:60:e6:e4:9d:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84df54bdc104106cdb299e01ef08a60985ec35fb
        Validity
            Not Before: Jan  2 07:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab375cfdfc1a2d12702081e9220f2f039878968d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f0:24:cd:04:fd:26:5c:bc:99:06:5f:82:39:
                    7c:28:ad:9e:15:81:62:dd:04:04:b1:fd:af:53:29:
                    bf:16:f0:60:f9:a5:14:df:59:9a:83:47:04:65:f8:
                    3b:f6:f0:32:8f:98:92:2a:e8:29:80:dd:1d:77:a0:
                    60:a5:82:08:66:d8:16:42:a2:e3:1a:8d:2a:3d:2d:
                    8e:f2:63:76:51:72:91:14:4f:06:4d:68:20:61:99:
                    43:ca:f2:4c:c6:4d:d2:fe:21:b4:c8:9a:41:63:38:
                    c1:58:12:79:69:25:95:9c:64:e2:25:b8:f2:5c:4c:
                    de:31:1f:47:b9:9d:58:62:89:31:e6:f3:c7:e3:07:
                    94:0f:12:99:52:23:38:35:14:f9:1c:59:dc:92:5c:
                    9c:79:1e:a1:e8:dc:60:5f:e6:59:e2:4f:49:fb:19:
                    2c:f1:b4:3f:0d:97:53:fa:50:b4:00:02:7b:6f:44:
                    dd:d6:4a:36:9c:c5:2e:2f:89:d4:34:cf:84:4d:4a:
                    dd:59:ec:cf:b3:74:40:55:f1:82:05:e2:39:79:b7:
                    ad:b8:c6:c1:dc:5d:10:a4:8b:92:6f:0f:fa:0d:54:
                    6c:a1:e2:af:4d:fd:b5:08:0d:f2:c7:37:7e:f3:04:
                    2f:8e:67:6a:cd:58:7d:de:29:1c:59:d3:d1:e8:3f:
                    fb:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:37:5C:FD:FC:1A:2D:12:70:20:81:E9:22:0F:2F:03:98:78:96:8D
            X509v3 Authority Key Identifier:
                keyid:84:DF:54:BD:C1:04:10:6C:DB:29:9E:01:EF:08:A6:09:85:EC:35:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hN9UvcEEEGzbKZ4B7wimCYXsNfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/f93da2-1457-4cd9-9073-806a315dd1fd/1/qzdc_fwaLRJwIIHpIg8vA5h4lo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/f93da2-1457-4cd9-9073-806a315dd1fd/1/hN9UvcEEEGzbKZ4B7wimCYXsNfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.236.0/22
                IPv6:
                  2a06:94c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:cd:99:6e:e3:58:cb:49:b9:ce:fe:c7:94:8b:00:04:69:b9:
         3d:ed:99:e7:6a:c5:a5:23:8f:ee:c7:c2:27:fb:a6:44:69:1d:
         f1:73:5e:7d:8b:b7:9e:88:2c:61:93:1c:16:e5:47:ae:86:0b:
         9f:b1:6b:07:d5:1d:c2:10:22:d1:12:05:be:86:63:a1:ca:13:
         34:3e:11:7e:d2:aa:c4:d3:25:2c:bb:ac:6b:9f:be:6f:77:30:
         78:f2:e0:6e:03:b3:77:e6:2a:0c:43:6d:43:81:67:f2:f0:61:
         6b:27:3d:65:da:c8:1a:93:a0:85:48:b3:1e:28:8a:70:c9:a5:
         ef:8c:07:c1:ab:ed:64:31:f1:3f:67:59:95:74:e3:b8:46:f2:
         b4:95:00:8c:e6:da:c9:a7:e0:6c:39:90:79:cd:2d:3d:db:95:
         af:28:a7:f2:d4:6c:35:e1:3e:4f:48:79:30:a2:3b:91:0c:de:
         6c:61:29:0e:a0:36:f2:37:3b:2a:07:a7:da:e7:51:37:48:f5:
         81:50:cb:66:4c:43:22:6e:2b:b7:f8:0d:68:27:0b:88:10:1a:
         27:c9:07:f1:5c:89:a8:3a:29:8b:49:23:30:2f:0a:9d:a6:eb:
         8b:18:bc:9a:7d:fa:db:81:74:17:b2:6e:31:e1:20:db:a7:6f:
         f1:ad:b1:32
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/IGTB9ntL+nyxWDm5J1IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZGY1NGJkYzEwNDEwNmNkYjI5OWUwMWVmMDhhNjA5ODVl
YzM1ZmIwHhcNMjUwMTAyMDc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjM3NWNmZGZjMWEyZDEyNzAyMDgxZTkyMjBmMmYwMzk4Nzg5NjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvAkzQT9Jly8mQZfgjl8KK2eFYFi
3QQEsf2vUym/FvBg+aUU31mag0cEZfg79vAyj5iSKugpgN0dd6BgpYIIZtgWQqLj
Go0qPS2O8mN2UXKRFE8GTWggYZlDyvJMxk3S/iG0yJpBYzjBWBJ5aSWVnGTiJbjy
XEzeMR9HuZ1YYokx5vPH4weUDxKZUiM4NRT5HFncklyceR6h6NxgX+ZZ4k9J+xks
8bQ/DZdT+lC0AAJ7b0Td1ko2nMUuL4nUNM+ETUrdWezPs3RAVfGCBeI5ebetuMbB
3F0QpIuSbw/6DVRsoeKvTf21CA3yxzd+8wQvjmdqzVh93ikcWdPR6D/7qQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKs3XP38Gi0ScCCB6SIPLwOYeJaNMB8GA1UdIwQY
MBaAFITfVL3BBBBs2ymeAe8IpgmF7DX7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaE45VXZjRUVFR3piS1o0Qjd3aW1DWVhzTmZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9mOTNkYTItMTQ1Ny00Y2Q5LTkwNzMt
ODA2YTMxNWRkMWZkLzEvcXpkY19md2FMUkp3SUlIcElnOHZBNWg0bG8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9mOTNkYTItMTQ1Ny00Y2Q5LTkwNzMtODA2YTMxNWRkMWZk
LzEvaE45VXZjRUVFR3piS1o0Qjd3aW1DWVhzTmZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXXsMA0E
AgACMAcDBQMqBpTAMA0GCSqGSIb3DQEBCwUAA4IBAQCLzZlu41jLSbnO/seUiwAE
abk97ZnnasWlI4/ux8In+6ZEaR3xc159i7eeiCxhkxwW5UeuhgufsWsH1R3CECLR
EgW+hmOhyhM0PhF+0qrE0yUsu6xrn75vdzB48uBuA7N35ioMQ21DgWfy8GFrJz1l
2sgak6CFSLMeKIpwyaXvjAfBq+1kMfE/Z1mVdOO4RvK0lQCM5trJp+BsOZB5zS09
25WvKKfy1Gw14T5PSHkwojuRDN5sYSkOoDbyNzsqB6fa51E3SPWBUMtmTEMibiu3
+A1oJwuIEBonyQfxXImoOimLSSMwLwqdpuuLGLyaffrbgXQXsm4x4SDbp2/xrbEy
-----END CERTIFICATE-----