Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/f0775c-da2e-4d7d-8019-d2b02a403c7b/1/qiJ5Co2COWp43yOD01u1VY4pCJY.roa
File:                     qiJ5Co2COWp43yOD01u1VY4pCJY.roa (raw, json)
Hash identifier:          Anp0UBOibdiSB6xGLwvRtwG1gQPGc4uydYTJppvlKoM=
Subject key identifier:   AA:22:79:0A:8D:82:39:6A:78:DF:23:83:D3:5B:B5:55:8E:29:08:96
Certificate issuer:       /CN=631aca5f9a1dcfa19704d1f0377f1b9fe9145e08
Certificate serial:       01942445867542D5F23E5ADDC925848ABD71
Authority key identifier: 63:1A:CA:5F:9A:1D:CF:A1:97:04:D1:F0:37:7F:1B:9F:E9:14:5E:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YxrKX5odz6GXBNHwN38bn-kUXgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/f0775c-da2e-4d7d-8019-d2b02a403c7b/1/qiJ5Co2COWp43yOD01u1VY4pCJY.roa
Signing time:             Wed 01 Jan 2025 23:48:43 +0000
ROA not before:           Wed 01 Jan 2025 23:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199081
IP address blocks:        178.239.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/f0775c-da2e-4d7d-8019-d2b02a403c7b/1/YxrKX5odz6GXBNHwN38bn-kUXgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/f0775c-da2e-4d7d-8019-d2b02a403c7b/1/YxrKX5odz6GXBNHwN38bn-kUXgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YxrKX5odz6GXBNHwN38bn-kUXgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:86:75:42:d5:f2:3e:5a:dd:c9:25:84:8a:bd:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=631aca5f9a1dcfa19704d1f0377f1b9fe9145e08
        Validity
            Not Before: Jan  1 23:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa22790a8d82396a78df2383d35bb5558e290896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:47:e1:1a:24:54:06:75:50:ed:d7:a2:1a:50:
                    d3:c9:51:63:2d:2f:de:dc:70:d9:76:02:ea:8e:d2:
                    36:ec:92:f9:6b:5d:ff:da:21:8d:e7:1a:07:19:74:
                    b7:8b:11:dc:5e:6e:ae:31:42:ca:32:e8:53:67:b5:
                    47:41:c8:f0:e0:57:82:ee:07:e8:5f:c9:f9:c0:ee:
                    ce:f0:d1:d6:b7:34:be:f3:0b:fb:55:be:2c:45:c0:
                    9c:d2:f5:06:b4:20:7e:85:1f:f3:54:0a:72:d6:fd:
                    15:4e:25:ec:43:e5:db:72:df:11:cd:a5:16:cf:e7:
                    b7:a6:67:a2:10:2a:f2:77:0e:8e:0b:08:57:72:82:
                    7d:09:0a:e6:37:2b:22:fc:f7:78:04:7b:6c:ff:23:
                    1e:49:c9:fc:c2:90:26:61:a1:48:1c:6f:8a:5d:4c:
                    13:f2:bc:6e:eb:60:95:a6:87:dd:3f:c6:d0:f0:c2:
                    70:fa:d3:1e:3a:a6:85:f4:51:91:ff:1b:0c:b1:98:
                    59:78:fa:13:95:bb:a2:e3:9e:a8:7b:e0:ce:f2:ad:
                    f0:75:8b:ce:eb:17:2d:fb:16:41:e9:d7:d6:43:de:
                    64:89:d8:c5:5e:99:72:54:e8:5b:2d:77:cb:54:01:
                    43:68:6f:0d:c6:e3:e7:15:61:59:a7:b3:62:cb:da:
                    03:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:22:79:0A:8D:82:39:6A:78:DF:23:83:D3:5B:B5:55:8E:29:08:96
            X509v3 Authority Key Identifier:
                keyid:63:1A:CA:5F:9A:1D:CF:A1:97:04:D1:F0:37:7F:1B:9F:E9:14:5E:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YxrKX5odz6GXBNHwN38bn-kUXgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/f0775c-da2e-4d7d-8019-d2b02a403c7b/1/qiJ5Co2COWp43yOD01u1VY4pCJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/f0775c-da2e-4d7d-8019-d2b02a403c7b/1/YxrKX5odz6GXBNHwN38bn-kUXgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:a4:c0:07:c4:2f:ff:6b:d3:c9:3b:de:f2:35:51:54:cd:00:
         5a:14:e0:87:d7:69:b9:3f:e0:db:a1:c4:f2:12:a1:ba:bb:5f:
         d7:fe:5b:35:47:75:8c:ba:62:6a:fa:3c:14:31:2c:6a:5e:ae:
         dc:d2:a9:78:94:37:7e:a3:65:fc:2f:1b:d4:3a:97:b8:c1:1d:
         1f:c2:10:11:df:34:a0:e4:7e:c5:81:5d:64:15:7a:0e:73:3b:
         bc:57:5f:82:a8:eb:ac:22:ce:22:f9:29:8a:20:3a:5a:36:24:
         fa:49:3e:be:e4:3d:5c:9a:d1:f4:b3:97:ee:c4:a1:2d:f3:bc:
         48:0b:57:49:40:83:17:85:30:b3:97:e5:f1:31:6e:a9:57:d5:
         44:fc:ac:33:d9:6a:21:5a:32:3b:e0:59:2f:44:66:91:9f:7f:
         81:2f:33:b8:72:de:bc:f1:b7:e9:85:da:14:79:c0:6b:42:66:
         c6:b7:3a:ae:a5:fe:66:61:f7:56:3a:34:b8:3a:26:b6:a2:09:
         ae:17:fe:7f:a8:b3:63:2b:4e:e4:ae:b0:fb:c7:66:47:3a:d8:
         2a:2f:0f:57:49:a3:44:56:83:9c:6b:c2:8c:8a:c0:1f:de:46:
         79:b9:e7:6a:e2:fb:9e:b8:1c:9c:ec:77:36:86:0e:db:15:7f:
         53:73:3d:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRYZ1QtXyPlrdySWEir1xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMWFjYTVmOWExZGNmYTE5NzA0ZDFmMDM3N2YxYjlmZTkx
NDVlMDgwHhcNMjUwMTAxMjM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTIyNzkwYThkODIzOTZhNzhkZjIzODNkMzViYjU1NThlMjkwODk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUfhGiRUBnVQ7deiGlDTyVFjLS/e
3HDZdgLqjtI27JL5a13/2iGN5xoHGXS3ixHcXm6uMULKMuhTZ7VHQcjw4FeC7gfo
X8n5wO7O8NHWtzS+8wv7Vb4sRcCc0vUGtCB+hR/zVApy1v0VTiXsQ+Xbct8RzaUW
z+e3pmeiECrydw6OCwhXcoJ9CQrmNysi/Pd4BHts/yMeScn8wpAmYaFIHG+KXUwT
8rxu62CVpofdP8bQ8MJw+tMeOqaF9FGR/xsMsZhZePoTlbui456oe+DO8q3wdYvO
6xct+xZB6dfWQ95kidjFXplyVOhbLXfLVAFDaG8NxuPnFWFZp7Niy9oDvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKoieQqNgjlqeN8jg9NbtVWOKQiWMB8GA1UdIwQY
MBaAFGMayl+aHc+hlwTR8Dd/G5/pFF4IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXhyS1g1b2R6NkdYQk5Id04zOGJuLWtVWGdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mMDc3NWMtZGEyZS00ZDdkLTgwMTkt
ZDJiMDJhNDAzYzdiLzEvcWlKNUNvMkNPV3A0M3lPRDAxdTFWWTRwQ0pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mMDc3NWMtZGEyZS00ZDdkLTgwMTktZDJiMDJhNDAzYzdi
LzEvWXhyS1g1b2R6NkdYQk5Id04zOGJuLWtVWGdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu8ZMA0G
CSqGSIb3DQEBCwUAA4IBAQCPpMAHxC//a9PJO97yNVFUzQBaFOCH12m5P+DbocTy
EqG6u1/X/ls1R3WMumJq+jwUMSxqXq7c0ql4lDd+o2X8LxvUOpe4wR0fwhAR3zSg
5H7FgV1kFXoOczu8V1+CqOusIs4i+SmKIDpaNiT6ST6+5D1cmtH0s5fuxKEt87xI
C1dJQIMXhTCzl+XxMW6pV9VE/Kwz2WohWjI74FkvRGaRn3+BLzO4ct688bfphdoU
ecBrQmbGtzqupf5mYfdWOjS4Oia2ogmuF/5/qLNjK07krrD7x2ZHOtgqLw9XSaNE
VoOca8KMisAf3kZ5uedq4vueuByc7Hc2hg7bFX9Tcz0S
-----END CERTIFICATE-----