Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/qGSQdjcXyhT0QLKjchrOjSnQ7gE.roa
File:                     qGSQdjcXyhT0QLKjchrOjSnQ7gE.roa (raw, json)
Hash identifier:          EQAqL99JSflycP0fZPJYNQJHHrRVzzt52ckpMKtIf7g=
Subject key identifier:   A8:64:90:76:37:17:CA:14:F4:40:B2:A3:72:1A:CE:8D:29:D0:EE:01
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       018F7778F1DFE6BBF4E3A0C5ABA4B6BA2F39
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/qGSQdjcXyhT0QLKjchrOjSnQ7gE.roa
Signing time:             Tue 14 May 2024 14:19:25 +0000
ROA not before:           Tue 14 May 2024 14:19:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26383
IP address blocks:        81.29.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:77:78:f1:df:e6:bb:f4:e3:a0:c5:ab:a4:b6:ba:2f:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: May 14 14:19:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a86490763717ca14f440b2a3721ace8d29d0ee01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:dd:80:d5:ff:d8:d8:1f:95:18:5d:51:30:18:
                    bd:e4:83:3a:bd:69:6a:27:c6:b5:8c:5b:de:aa:72:
                    80:e4:ab:4d:15:f1:e0:76:db:f4:28:dc:89:9b:10:
                    68:81:97:f3:a0:33:f0:ff:bd:d3:1d:f1:4a:a8:17:
                    53:d2:13:f2:67:b8:dc:a3:0e:cb:07:ca:8d:5e:64:
                    4c:2c:bc:78:51:a9:eb:ac:c9:95:a3:48:a7:23:f9:
                    86:d3:63:c8:87:b7:1c:aa:00:bb:42:a2:5e:8a:63:
                    21:10:4c:77:a8:4f:36:c1:2b:8f:30:89:7e:36:5b:
                    45:aa:df:89:d7:e5:91:a6:14:b8:a0:ba:47:e5:d8:
                    4e:ad:b2:c2:3b:8d:3b:b0:69:58:b6:8e:17:6f:5e:
                    4b:e6:76:20:df:97:3d:73:fd:a8:69:fe:58:86:5b:
                    a7:cb:69:7e:97:41:63:c8:ff:10:3f:50:6b:63:c2:
                    19:6b:57:32:6c:bd:3d:23:1d:e7:79:1a:18:43:57:
                    d2:2b:ff:6a:e4:55:52:8a:ae:c4:34:04:f7:52:e2:
                    94:80:23:00:96:d6:02:11:3a:7d:f3:bb:81:ca:bd:
                    3e:8f:58:14:be:e1:f3:6b:12:e4:23:9c:27:81:e4:
                    6a:c9:b9:33:de:7a:ad:d7:2b:d2:15:24:20:4d:b5:
                    28:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:64:90:76:37:17:CA:14:F4:40:B2:A3:72:1A:CE:8D:29:D0:EE:01
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/qGSQdjcXyhT0QLKjchrOjSnQ7gE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:c8:e4:c7:c4:b6:64:43:fe:e7:48:c7:33:aa:a0:2e:f6:b4:
         eb:f1:53:48:7c:50:ac:6c:8c:30:b1:4a:29:6c:4c:f5:54:02:
         c9:fe:e1:5f:ac:a1:b9:da:03:57:47:00:e9:b2:1d:89:fb:40:
         ed:94:99:a1:42:c5:9f:b7:72:8e:70:ab:76:15:06:42:29:81:
         b3:08:61:4c:bf:e3:6c:88:24:31:0b:95:16:17:f4:83:5a:6d:
         e3:73:bd:04:9b:57:8f:95:47:0f:be:3d:a9:61:79:70:5b:98:
         7d:58:35:38:4b:c8:c1:b2:04:f6:b3:fc:3d:51:20:1e:b9:90:
         8c:76:c9:dc:71:76:41:6f:4f:94:ef:b4:91:a3:02:b9:30:38:
         68:ab:ea:91:20:a3:10:a3:88:f8:c7:3c:7d:4b:fd:4a:4b:db:
         64:03:e0:68:2e:f5:74:d5:8b:5f:bb:2e:ab:b6:dc:a8:56:7e:
         ce:f4:65:13:2f:c3:69:fd:ee:63:93:c1:1f:3c:71:da:44:a3:
         dc:fe:2c:49:71:58:c9:0d:92:18:97:bf:75:a6:8e:69:4b:ca:
         60:e3:12:fc:b9:c4:a8:3b:c8:82:81:82:2e:20:29:a5:8e:55:
         18:dc:11:16:fb:7f:2f:a0:c2:a6:89:0e:5a:cc:67:37:1f:de:
         95:aa:05:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY93ePHf5rv046DFq6S2ui85MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwNTE0MTQxOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODY0OTA3NjM3MTdjYTE0ZjQ0MGIyYTM3MjFhY2U4ZDI5ZDBlZTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1t2A1f/Y2B+VGF1RMBi95IM6vWlq
J8a1jFveqnKA5KtNFfHgdtv0KNyJmxBogZfzoDPw/73THfFKqBdT0hPyZ7jcow7L
B8qNXmRMLLx4UanrrMmVo0inI/mG02PIh7ccqgC7QqJeimMhEEx3qE82wSuPMIl+
NltFqt+J1+WRphS4oLpH5dhOrbLCO407sGlYto4Xb15L5nYg35c9c/2oaf5Yhlun
y2l+l0FjyP8QP1BrY8IZa1cybL09Ix3neRoYQ1fSK/9q5FVSiq7ENAT3UuKUgCMA
ltYCETp987uByr0+j1gUvuHzaxLkI5wngeRqybkz3nqt1yvSFSQgTbUouQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhkkHY3F8oU9ECyo3Iazo0p0O4BMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvcUdTUWRqY1h5aFQwUUxLamNock9qU25RN2dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR2VMA0G
CSqGSIb3DQEBCwUAA4IBAQBOyOTHxLZkQ/7nSMczqqAu9rTr8VNIfFCsbIwwsUop
bEz1VALJ/uFfrKG52gNXRwDpsh2J+0DtlJmhQsWft3KOcKt2FQZCKYGzCGFMv+Ns
iCQxC5UWF/SDWm3jc70Em1ePlUcPvj2pYXlwW5h9WDU4S8jBsgT2s/w9USAeuZCM
dsnccXZBb0+U77SRowK5MDhoq+qRIKMQo4j4xzx9S/1KS9tkA+BoLvV01Ytfuy6r
ttyoVn7O9GUTL8Np/e5jk8EfPHHaRKPc/ixJcVjJDZIYl791po5pS8pg4xL8ucSo
O8iCgYIuICmljlUY3BEW+38voMKmiQ5azGc3H96VqgVT
-----END CERTIFICATE-----