Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/dqdCGJIarF_fA_bp2OJUuyDhlUg.roa
File:                     dqdCGJIarF_fA_bp2OJUuyDhlUg.roa (raw, json)
Hash identifier:          Fif7RHAQgWJkfwYtkxdDWVHz+hTK4+EvnpSylmo25qI=
Subject key identifier:   76:A7:42:18:92:1A:AC:5F:DF:03:F6:E9:D8:E2:54:BB:20:E1:95:48
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       019423D6D4BB0D48DD525DECF5E2EDAC4D47
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/dqdCGJIarF_fA_bp2OJUuyDhlUg.roa
Signing time:             Wed 01 Jan 2025 21:47:49 +0000
ROA not before:           Wed 01 Jan 2025 21:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49981
IP address blocks:        81.29.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:d4:bb:0d:48:dd:52:5d:ec:f5:e2:ed:ac:4d:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jan  1 21:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76a74218921aac5fdf03f6e9d8e254bb20e19548
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e3:84:61:6a:65:79:d5:57:0a:31:bc:34:e9:
                    68:e6:f4:ba:a6:d8:00:c6:1c:f3:c5:cc:8c:27:53:
                    47:28:dd:5a:88:55:20:7d:48:6b:59:d0:b8:82:8e:
                    e2:8e:48:1f:e5:28:08:9b:1f:e5:f9:7a:b4:03:62:
                    96:6a:8a:0e:a1:9d:7b:0f:05:97:98:c4:0c:9f:c3:
                    51:86:8a:6c:2e:2c:81:ec:22:06:43:30:45:d1:a4:
                    d0:f0:e6:60:90:73:e8:ba:f5:e0:53:81:78:16:19:
                    84:83:9a:41:99:58:78:58:79:4a:1f:d5:21:1d:bc:
                    6b:41:b3:fb:a1:da:6c:e0:94:c5:e9:39:40:87:7b:
                    dd:bc:37:72:35:6e:0c:0e:59:d7:72:a9:5f:2f:47:
                    ce:a6:ca:40:33:28:39:9d:3d:b5:f0:22:2a:56:17:
                    db:cb:e6:12:54:33:22:77:28:15:f8:43:a6:79:2d:
                    14:e6:cd:b7:07:ac:ff:6e:c0:4a:1f:43:38:f3:1d:
                    3d:b3:88:7d:d9:d2:fb:82:38:38:e7:80:7d:55:06:
                    96:e2:47:bb:1e:ab:d6:b2:b2:e8:b2:69:b6:48:21:
                    25:d4:81:6f:ca:a3:01:88:42:ec:4b:ca:9d:3d:c2:
                    8f:d9:28:df:74:38:29:bc:12:7c:fe:a0:76:d5:34:
                    6f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:A7:42:18:92:1A:AC:5F:DF:03:F6:E9:D8:E2:54:BB:20:E1:95:48
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/dqdCGJIarF_fA_bp2OJUuyDhlUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:3e:f5:41:e5:0a:8f:f0:1d:6d:1b:f8:d4:5a:d9:68:16:5a:
         e0:d1:ec:24:07:ea:4d:97:82:0d:78:1a:2b:33:d2:a9:f3:94:
         f3:b6:70:eb:bb:3b:d7:e8:26:cc:41:67:75:b4:d9:6e:0e:63:
         6e:a5:ee:49:57:70:0c:02:0e:09:31:9f:95:7c:ec:ae:82:8b:
         f6:f4:48:88:a5:0b:3a:b0:d1:92:16:75:a6:28:ff:b7:79:ac:
         fe:f7:a6:98:7b:de:d2:3f:86:ee:9f:6d:05:4f:bf:e3:33:08:
         72:c0:d9:2f:3f:8e:10:d9:1e:50:4f:f8:08:86:1b:fd:15:75:
         54:a7:23:49:cc:95:e4:5e:8b:60:a3:83:0c:7f:71:54:c1:a1:
         92:35:66:29:91:78:7b:db:d2:d9:a0:53:d4:4f:ea:9f:8e:96:
         9c:62:85:20:38:3d:d8:6c:d1:10:5e:07:fb:30:7b:ae:fe:90:
         a3:f0:61:92:56:2c:30:f6:57:28:99:54:12:b1:8d:97:24:58:
         49:5e:df:c1:3c:58:f1:d4:0d:2f:7a:e9:02:45:dc:b3:95:93:
         e7:50:4c:21:9d:2d:b2:16:53:c6:90:90:2a:5a:43:c2:7d:69:
         f9:27:68:08:3a:3e:59:b6:cd:e0:1b:4c:33:d2:a3:a8:b5:ab:
         fe:fe:04:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1tS7DUjdUl3s9eLtrE1HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjUwMTAxMjE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmE3NDIxODkyMWFhYzVmZGYwM2Y2ZTlkOGUyNTRiYjIwZTE5NTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuOEYWpledVXCjG8NOlo5vS6ptgA
xhzzxcyMJ1NHKN1aiFUgfUhrWdC4go7ijkgf5SgImx/l+Xq0A2KWaooOoZ17DwWX
mMQMn8NRhopsLiyB7CIGQzBF0aTQ8OZgkHPouvXgU4F4FhmEg5pBmVh4WHlKH9Uh
HbxrQbP7odps4JTF6TlAh3vdvDdyNW4MDlnXcqlfL0fOpspAMyg5nT218CIqVhfb
y+YSVDMidygV+EOmeS0U5s23B6z/bsBKH0M48x09s4h92dL7gjg454B9VQaW4ke7
HqvWsrLosmm2SCEl1IFvyqMBiELsS8qdPcKP2SjfdDgpvBJ8/qB21TRvLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHanQhiSGqxf3wP26djiVLsg4ZVIMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvZHFkQ0dKSWFyRl9mQV9icDJPSlV1eURobFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR2WMA0G
CSqGSIb3DQEBCwUAA4IBAQAcPvVB5QqP8B1tG/jUWtloFlrg0ewkB+pNl4INeBor
M9Kp85TztnDruzvX6CbMQWd1tNluDmNupe5JV3AMAg4JMZ+VfOyugov29EiIpQs6
sNGSFnWmKP+3eaz+96aYe97SP4bun20FT7/jMwhywNkvP44Q2R5QT/gIhhv9FXVU
pyNJzJXkXotgo4MMf3FUwaGSNWYpkXh729LZoFPUT+qfjpacYoUgOD3YbNEQXgf7
MHuu/pCj8GGSViww9lcomVQSsY2XJFhJXt/BPFjx1A0veukCRdyzlZPnUEwhnS2y
FlPGkJAqWkPCfWn5J2gIOj5Zts3gG0wz0qOotav+/gTH
-----END CERTIFICATE-----