Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/0d6b47-8191-41e2-8113-6e56212cdf5c/1/RnQqeSwt7hN3ORL3uVQS5JgLuZs.roa
File:                     RnQqeSwt7hN3ORL3uVQS5JgLuZs.roa (raw, json)
Hash identifier:          PSsACPr2ZZlu/VcCkGWefI0lMsTEK4kuZI31GIxteCE=
Subject key identifier:   46:74:2A:79:2C:2D:EE:13:77:39:12:F7:B9:54:12:E4:98:0B:B9:9B
Certificate issuer:       /CN=2ea7626d600daf759376a6507e1d684386992d31
Certificate serial:       019427B5F5DF348C1315D5E19C8527F2D52D
Authority key identifier: 2E:A7:62:6D:60:0D:AF:75:93:76:A6:50:7E:1D:68:43:86:99:2D:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LqdibWANr3WTdqZQfh1oQ4aZLTE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/0d6b47-8191-41e2-8113-6e56212cdf5c/1/RnQqeSwt7hN3ORL3uVQS5JgLuZs.roa
Signing time:             Thu 02 Jan 2025 15:50:23 +0000
ROA not before:           Thu 02 Jan 2025 15:50:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57022
IP address blocks:        185.70.168.0/24 maxlen: 24
                          185.70.169.0/24 maxlen: 24
                          185.70.170.0/24 maxlen: 24
                          185.70.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/0d6b47-8191-41e2-8113-6e56212cdf5c/1/LqdibWANr3WTdqZQfh1oQ4aZLTE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/0d6b47-8191-41e2-8113-6e56212cdf5c/1/LqdibWANr3WTdqZQfh1oQ4aZLTE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LqdibWANr3WTdqZQfh1oQ4aZLTE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 00:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:f5:df:34:8c:13:15:d5:e1:9c:85:27:f2:d5:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ea7626d600daf759376a6507e1d684386992d31
        Validity
            Not Before: Jan  2 15:50:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46742a792c2dee13773912f7b95412e4980bb99b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f4:fd:02:1d:f9:1b:3a:7b:28:39:23:f8:a9:
                    b9:e9:89:93:21:19:92:78:41:30:56:d2:e2:a3:3b:
                    e8:d8:9e:e1:b4:ac:73:a6:46:50:5d:1a:cc:ce:6e:
                    6e:cc:f8:e7:fb:da:f0:01:49:7b:ef:3d:37:66:de:
                    53:fc:fa:79:f1:76:f4:ab:f8:eb:ed:d0:ec:d4:ee:
                    ee:67:8e:95:63:1b:13:b2:d9:39:52:4c:db:e2:92:
                    e7:4c:93:73:5a:f8:1e:51:a4:b5:72:c8:0e:d6:8e:
                    c2:fd:f4:7a:da:4d:c9:3e:61:d5:2d:d8:b3:9d:3f:
                    e2:40:bc:a8:13:fc:a4:00:3a:0d:fc:fc:6b:ac:18:
                    5f:39:6a:ac:09:5b:7c:db:df:25:21:48:88:21:2f:
                    7c:f3:4a:d6:bb:35:05:3f:c3:96:ee:ad:86:ce:d4:
                    16:3d:4f:76:27:c7:7b:c6:39:18:5f:8c:80:89:65:
                    4c:89:8e:73:a6:14:bd:06:67:b2:43:36:41:74:00:
                    ec:03:51:8c:72:f7:45:63:5c:82:87:44:e4:b7:da:
                    b2:bd:de:15:4a:d0:a5:ec:ae:61:a5:25:fb:9c:78:
                    26:01:cb:fe:0a:2b:90:f5:bf:61:8d:6a:ff:72:12:
                    d6:e6:5b:21:99:a9:10:b2:2d:e5:3d:1c:0f:a6:77:
                    6d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:74:2A:79:2C:2D:EE:13:77:39:12:F7:B9:54:12:E4:98:0B:B9:9B
            X509v3 Authority Key Identifier:
                keyid:2E:A7:62:6D:60:0D:AF:75:93:76:A6:50:7E:1D:68:43:86:99:2D:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LqdibWANr3WTdqZQfh1oQ4aZLTE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/0d6b47-8191-41e2-8113-6e56212cdf5c/1/RnQqeSwt7hN3ORL3uVQS5JgLuZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/0d6b47-8191-41e2-8113-6e56212cdf5c/1/LqdibWANr3WTdqZQfh1oQ4aZLTE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:79:e1:ff:62:3f:ba:9f:3d:77:bc:68:34:93:1d:24:b6:02:
         9f:d4:7c:e9:28:45:d1:ec:89:74:29:56:0a:c2:1d:cf:75:da:
         d7:11:4c:1d:90:10:51:50:b5:ff:65:d2:5b:45:64:c5:a2:a2:
         e6:22:90:f0:b9:07:9c:3a:55:a3:d8:99:5d:83:7e:55:d7:75:
         7c:77:50:33:7b:5e:34:22:89:4b:6b:ab:94:7a:76:40:e1:b4:
         52:e5:56:ed:e1:a1:1c:fd:dd:32:6e:a8:82:4b:af:2d:38:b9:
         fd:a3:b1:da:84:9f:c3:4a:ba:39:d3:c1:13:4e:30:e3:46:1a:
         4d:77:5d:cf:d3:2d:0b:94:94:e9:ec:dd:7b:c0:19:d1:2e:9e:
         c6:f2:cf:d7:fc:88:e9:7e:5b:12:6f:0d:5a:47:ca:0c:f7:5b:
         27:28:3e:23:46:c9:59:fb:2b:81:57:7b:0c:dc:91:b6:56:55:
         a8:28:a1:58:64:57:38:93:a7:ac:ab:a9:58:ff:24:96:ff:f1:
         eb:c5:27:3d:d1:41:72:a2:9e:77:36:68:c2:2b:12:0f:3a:59:
         2c:a0:f2:c9:41:e9:38:23:ea:b4:cc:7e:12:d1:e3:33:b3:c2:
         a2:53:c4:39:f2:2d:9b:83:43:a5:ea:3b:93:53:c9:48:58:9b:
         ab:ec:90:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntfXfNIwTFdXhnIUn8tUtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlYTc2MjZkNjAwZGFmNzU5Mzc2YTY1MDdlMWQ2ODQzODY5
OTJkMzEwHhcNMjUwMTAyMTU1MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Njc0MmE3OTJjMmRlZTEzNzczOTEyZjdiOTU0MTJlNDk4MGJiOTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/T9Ah35Gzp7KDkj+Km56YmTIRmS
eEEwVtLiozvo2J7htKxzpkZQXRrMzm5uzPjn+9rwAUl77z03Zt5T/Pp58Xb0q/jr
7dDs1O7uZ46VYxsTstk5Ukzb4pLnTJNzWvgeUaS1csgO1o7C/fR62k3JPmHVLdiz
nT/iQLyoE/ykADoN/PxrrBhfOWqsCVt8298lIUiIIS9880rWuzUFP8OW7q2GztQW
PU92J8d7xjkYX4yAiWVMiY5zphS9BmeyQzZBdADsA1GMcvdFY1yCh0Tkt9qyvd4V
StCl7K5hpSX7nHgmAcv+CiuQ9b9hjWr/chLW5lshmakQsi3lPRwPpndtywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZ0KnksLe4TdzkS97lUEuSYC7mbMB8GA1UdIwQY
MBaAFC6nYm1gDa91k3amUH4daEOGmS0xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHFkaWJXQU5yM1dUZHFaUWZoMW9RNGFaTFRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8wZDZiNDctODE5MS00MWUyLTgxMTMt
NmU1NjIxMmNkZjVjLzEvUm5RcWVTd3Q3aE4zT1JMM3VWUVM1SmdMdVpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8wZDZiNDctODE5MS00MWUyLTgxMTMtNmU1NjIxMmNkZjVj
LzEvTHFkaWJXQU5yM1dUZHFaUWZoMW9RNGFaTFRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUaoMA0G
CSqGSIb3DQEBCwUAA4IBAQBGeeH/Yj+6nz13vGg0kx0ktgKf1HzpKEXR7Il0KVYK
wh3PddrXEUwdkBBRULX/ZdJbRWTFoqLmIpDwuQecOlWj2Jldg35V13V8d1Aze140
IolLa6uUenZA4bRS5Vbt4aEc/d0ybqiCS68tOLn9o7HahJ/DSro508ETTjDjRhpN
d13P0y0LlJTp7N17wBnRLp7G8s/X/IjpflsSbw1aR8oM91snKD4jRslZ+yuBV3sM
3JG2VlWoKKFYZFc4k6esq6lY/ySW//HrxSc90UFyop53NmjCKxIPOlksoPLJQek4
I+q0zH4S0eMzs8KiU8Q58i2bg0Ol6juTU8lIWJur7JA1
-----END CERTIFICATE-----