Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/900b24-f286-4bc7-961e-044b686bc97f/1/OQ-BUjiM-4ZYICksoUde6ONei7U.roa
File:                     OQ-BUjiM-4ZYICksoUde6ONei7U.roa (raw, json)
Hash identifier:          nuZwAEc9XGaRcjHMhQRLcOzGazeKsZ0/3EUvFc3DPLU=
Subject key identifier:   39:0F:81:52:38:8C:FB:86:58:20:29:2C:A1:47:5E:E8:E3:5E:8B:B5
Certificate issuer:       /CN=abe443f9ae98acafddd6162d5c8eb0f9419a05f7
Certificate serial:       019421B25AFDB234577ECEA9FB6E70AC9862
Authority key identifier: AB:E4:43:F9:AE:98:AC:AF:DD:D6:16:2D:5C:8E:B0:F9:41:9A:05:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q-RD-a6YrK_d1hYtXI6w-UGaBfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/900b24-f286-4bc7-961e-044b686bc97f/1/OQ-BUjiM-4ZYICksoUde6ONei7U.roa
Signing time:             Wed 01 Jan 2025 11:48:44 +0000
ROA not before:           Wed 01 Jan 2025 11:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60015
IP address blocks:        185.54.64.0/24 maxlen: 24
                          185.54.65.0/24 maxlen: 24
                          185.54.66.0/24 maxlen: 24
                          185.54.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/900b24-f286-4bc7-961e-044b686bc97f/1/q-RD-a6YrK_d1hYtXI6w-UGaBfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/900b24-f286-4bc7-961e-044b686bc97f/1/q-RD-a6YrK_d1hYtXI6w-UGaBfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q-RD-a6YrK_d1hYtXI6w-UGaBfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:5a:fd:b2:34:57:7e:ce:a9:fb:6e:70:ac:98:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abe443f9ae98acafddd6162d5c8eb0f9419a05f7
        Validity
            Not Before: Jan  1 11:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=390f8152388cfb865820292ca1475ee8e35e8bb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:13:15:ed:81:16:3b:a6:95:f7:61:c2:ba:64:
                    cd:70:ac:f5:80:63:73:23:87:01:ba:d7:8b:c2:3f:
                    70:1a:11:53:8f:55:48:ab:f1:60:dc:9d:cf:17:5e:
                    24:8b:6c:95:ec:41:c5:46:5d:1e:67:6a:41:d0:74:
                    7c:ab:34:87:7d:4e:f8:a9:bf:d7:2b:07:51:b1:0d:
                    70:63:bb:e5:a4:30:17:83:e1:c5:a7:f7:89:96:f1:
                    5c:38:94:64:72:29:3a:46:5a:bc:d4:bb:d5:6b:a4:
                    97:9a:5f:40:c6:0a:2c:9c:c9:3f:5a:4f:80:66:c1:
                    54:31:46:a1:a7:a2:98:4d:78:2e:34:c1:eb:fa:53:
                    1d:44:37:87:a4:67:50:05:31:5e:36:15:c5:3a:64:
                    e2:63:a0:1f:75:27:f0:aa:c3:44:1e:e0:cd:6e:a7:
                    ae:7a:2e:ce:c0:d8:fc:b7:f5:5b:40:92:0b:19:78:
                    db:e6:63:f1:42:67:2e:3d:39:c4:c3:10:2c:c9:a1:
                    ae:bb:96:05:f6:66:2b:a8:21:09:7a:e2:6d:e8:65:
                    7f:3b:2a:3c:bd:fc:e4:86:ef:1d:47:ca:51:80:a0:
                    7f:50:e6:6a:0a:97:a6:3d:25:46:3b:ee:f3:4e:13:
                    c8:d8:11:91:7c:3c:6f:a3:3f:ef:ba:1e:76:9c:a5:
                    5d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:0F:81:52:38:8C:FB:86:58:20:29:2C:A1:47:5E:E8:E3:5E:8B:B5
            X509v3 Authority Key Identifier:
                keyid:AB:E4:43:F9:AE:98:AC:AF:DD:D6:16:2D:5C:8E:B0:F9:41:9A:05:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q-RD-a6YrK_d1hYtXI6w-UGaBfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/900b24-f286-4bc7-961e-044b686bc97f/1/OQ-BUjiM-4ZYICksoUde6ONei7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/900b24-f286-4bc7-961e-044b686bc97f/1/q-RD-a6YrK_d1hYtXI6w-UGaBfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:ea:3e:7e:bc:e4:76:73:c7:63:e9:18:1d:53:bb:ce:71:5f:
         cd:a7:86:57:f1:c3:c2:a5:36:02:76:f0:65:41:53:59:53:76:
         29:42:83:f9:ca:2d:c9:eb:72:8c:9b:f6:6f:b2:32:81:16:e7:
         20:5c:f8:b4:96:b0:e2:22:82:94:ab:f1:f7:6c:38:a2:24:81:
         b4:4f:1c:4b:95:47:5b:c9:ad:bb:d4:49:12:0b:0f:d6:69:79:
         f3:9f:62:09:a8:e5:30:e5:fd:26:d2:d4:99:33:00:13:6a:9e:
         a5:a4:db:e4:c1:c8:71:86:22:21:44:f9:7a:93:48:3b:d7:dd:
         25:9d:96:5e:04:04:5a:8d:2c:56:91:37:96:4f:1a:19:a6:db:
         3d:a7:d0:3f:a0:59:79:7a:d4:69:9c:24:2d:8e:68:7b:ef:94:
         6f:d2:28:05:10:91:12:05:d3:c6:2e:bf:5a:7b:7c:22:48:7f:
         e7:29:be:23:9c:a8:76:53:e2:ed:60:93:a3:ba:aa:fa:b9:50:
         67:00:7e:2e:f6:e2:b4:b0:ba:3b:99:53:48:91:7e:a1:9a:13:
         a5:93:bc:2e:35:88:47:73:99:12:03:f0:b7:b5:a2:74:5d:8a:
         16:e0:50:c2:94:41:54:e3:0a:79:5a:2c:41:57:60:04:3a:5d:
         16:50:22:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhslr9sjRXfs6p+25wrJhiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiZTQ0M2Y5YWU5OGFjYWZkZGQ2MTYyZDVjOGViMGY5NDE5
YTA1ZjcwHhcNMjUwMTAxMTE0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTBmODE1MjM4OGNmYjg2NTgyMDI5MmNhMTQ3NWVlOGUzNWU4YmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2xMV7YEWO6aV92HCumTNcKz1gGNz
I4cButeLwj9wGhFTj1VIq/Fg3J3PF14ki2yV7EHFRl0eZ2pB0HR8qzSHfU74qb/X
KwdRsQ1wY7vlpDAXg+HFp/eJlvFcOJRkcik6Rlq81LvVa6SXml9AxgosnMk/Wk+A
ZsFUMUahp6KYTXguNMHr+lMdRDeHpGdQBTFeNhXFOmTiY6AfdSfwqsNEHuDNbqeu
ei7OwNj8t/VbQJILGXjb5mPxQmcuPTnEwxAsyaGuu5YF9mYrqCEJeuJt6GV/Oyo8
vfzkhu8dR8pRgKB/UOZqCpemPSVGO+7zThPI2BGRfDxvoz/vuh52nKVdWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkPgVI4jPuGWCApLKFHXujjXou1MB8GA1UdIwQY
MBaAFKvkQ/mumKyv3dYWLVyOsPlBmgX3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcS1SRC1hNllyS19kMWhZdFhJNnctVUdhQmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi85MDBiMjQtZjI4Ni00YmM3LTk2MWUt
MDQ0YjY4NmJjOTdmLzEvT1EtQlVqaU0tNFpZSUNrc29VZGU2T05laTdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi85MDBiMjQtZjI4Ni00YmM3LTk2MWUtMDQ0YjY4NmJjOTdm
LzEvcS1SRC1hNllyS19kMWhZdFhJNnctVUdhQmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTZAMA0G
CSqGSIb3DQEBCwUAA4IBAQB16j5+vOR2c8dj6RgdU7vOcV/Np4ZX8cPCpTYCdvBl
QVNZU3YpQoP5yi3J63KMm/ZvsjKBFucgXPi0lrDiIoKUq/H3bDiiJIG0TxxLlUdb
ya271EkSCw/WaXnzn2IJqOUw5f0m0tSZMwATap6lpNvkwchxhiIhRPl6k0g7190l
nZZeBARajSxWkTeWTxoZpts9p9A/oFl5etRpnCQtjmh775Rv0igFEJESBdPGLr9a
e3wiSH/nKb4jnKh2U+LtYJOjuqr6uVBnAH4u9uK0sLo7mVNIkX6hmhOlk7wuNYhH
c5kSA/C3taJ0XYoW4FDClEFU4wp5WixBV2AEOl0WUCJI
-----END CERTIFICATE-----