Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/qE_tcfupauq7XdXPqb7KSreupsQ.roa
File:                     qE_tcfupauq7XdXPqb7KSreupsQ.roa (raw, json)
Hash identifier:          3EJWNtY+Qhvm2DJ7H+6VvM2/OxiFGq47XqF2H0oCbzM=
Subject key identifier:   A8:4F:ED:71:FB:A9:6A:EA:BB:5D:D5:CF:A9:BE:CA:4A:B7:AE:A6:C4
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       019424456B28D551642DB2DC5EBCC504682A
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/qE_tcfupauq7XdXPqb7KSreupsQ.roa
Signing time:             Wed 01 Jan 2025 23:48:36 +0000
ROA not before:           Wed 01 Jan 2025 23:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20853
IP address blocks:        168.199.247.0/24 maxlen: 24
                          185.226.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:6b:28:d5:51:64:2d:b2:dc:5e:bc:c5:04:68:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  1 23:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a84fed71fba96aeabb5dd5cfa9beca4ab7aea6c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d6:c8:64:0c:02:77:68:00:ec:3b:0a:75:bf:
                    fc:fc:e8:b4:8e:b4:e1:16:d0:8e:70:db:cb:e0:88:
                    c5:da:53:d0:b0:00:49:74:a9:05:a5:05:f8:5f:33:
                    21:5c:2f:5f:c7:9c:3d:4b:f6:b8:5e:bc:87:8b:32:
                    38:51:6b:d9:7a:49:0c:d7:f3:e5:3b:cc:da:14:0a:
                    98:2a:28:ab:71:81:fb:9b:70:df:a6:d7:be:aa:8a:
                    91:0e:f3:47:4c:65:7d:9e:04:50:60:5e:e4:f4:dc:
                    b3:cd:c9:34:bd:be:ab:f7:d6:5e:a9:ea:c2:5e:4a:
                    3b:02:62:8f:3d:c2:ef:2b:81:a5:b4:d6:d5:2f:ff:
                    e8:fa:69:53:a3:a1:80:5e:b5:1e:a1:77:d6:43:07:
                    50:38:3f:61:8c:8d:99:56:2f:d7:d2:c0:d3:cc:21:
                    30:a5:73:89:09:4a:f6:50:cd:02:66:bf:aa:15:f9:
                    78:e8:16:14:81:b8:e9:a4:10:0e:e7:30:b8:2c:6a:
                    0f:f0:bc:ef:f3:00:22:6a:cf:ee:d8:84:b7:be:85:
                    c5:d7:cc:cc:e6:7d:f6:d4:83:ad:70:71:c2:6a:6b:
                    a7:39:43:f9:4f:84:1a:f8:2a:32:2a:68:18:d5:93:
                    b7:92:d3:34:0e:fe:29:31:d5:23:42:99:d1:b6:67:
                    82:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:4F:ED:71:FB:A9:6A:EA:BB:5D:D5:CF:A9:BE:CA:4A:B7:AE:A6:C4
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/qE_tcfupauq7XdXPqb7KSreupsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.247.0/24
                  185.226.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:cb:38:ea:ef:04:4b:18:1a:d3:a3:2c:0c:6d:61:b5:74:0a:
         e2:bc:21:c3:84:b8:fe:79:32:d5:7f:28:39:ae:f9:56:6c:86:
         f2:ad:21:a5:be:e1:4b:65:5e:7f:f0:c4:62:7a:1e:bb:cf:73:
         67:49:c2:00:5c:90:3b:b0:48:60:7e:17:7f:69:b6:d0:ab:ed:
         40:77:09:09:3c:2d:42:07:c8:6f:b2:6d:e2:c3:8a:96:34:1f:
         d2:df:12:8e:b3:77:6a:99:03:0c:9d:2a:49:49:e4:78:f3:57:
         b2:ee:48:96:c8:46:c6:e3:3d:ab:a0:93:88:4b:74:9d:10:2e:
         62:42:fe:56:12:27:71:cd:e2:5f:a4:98:63:22:d4:a5:53:c6:
         04:32:2b:5b:2f:e1:38:62:8c:74:8a:b9:d1:4e:71:14:9e:4d:
         17:ee:15:f5:d6:f2:f5:c3:9e:99:1e:71:7d:d0:be:20:09:6b:
         ec:fb:48:7c:e8:f1:38:15:da:98:16:28:b5:1f:10:fb:91:3c:
         7f:72:41:4b:fe:92:85:9d:cb:c7:18:5e:4e:06:20:b5:28:53:
         10:9f:a7:c4:79:2f:7d:ec:d3:9f:10:bc:d9:bd:df:49:57:86:
         2c:8a:bb:93:42:9a:54:82:2b:ed:66:2a:ba:87:82:f3:25:25:
         a1:98:bb:d8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRWso1VFkLbLcXrzFBGgqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjUwMTAxMjM0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODRmZWQ3MWZiYTk2YWVhYmI1ZGQ1Y2ZhOWJlY2E0YWI3YWVhNmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdbIZAwCd2gA7DsKdb/8/Oi0jrTh
FtCOcNvL4IjF2lPQsABJdKkFpQX4XzMhXC9fx5w9S/a4XryHizI4UWvZekkM1/Pl
O8zaFAqYKiircYH7m3Dfpte+qoqRDvNHTGV9ngRQYF7k9Nyzzck0vb6r99ZeqerC
Xko7AmKPPcLvK4GltNbVL//o+mlTo6GAXrUeoXfWQwdQOD9hjI2ZVi/X0sDTzCEw
pXOJCUr2UM0CZr+qFfl46BYUgbjppBAO5zC4LGoP8Lzv8wAias/u2IS3voXF18zM
5n321IOtcHHCamunOUP5T4Qa+CoyKmgY1ZO3ktM0Dv4pMdUjQpnRtmeC1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKhP7XH7qWrqu13Vz6m+ykq3rqbEMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvcUVfdGNmdXBhdXE3WGRYUHFiN0tTcmV1cHNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAqMf3AwQA
ueLOMA0GCSqGSIb3DQEBCwUAA4IBAQBAyzjq7wRLGBrToywMbWG1dArivCHDhLj+
eTLVfyg5rvlWbIbyrSGlvuFLZV5/8MRieh67z3NnScIAXJA7sEhgfhd/abbQq+1A
dwkJPC1CB8hvsm3iw4qWNB/S3xKOs3dqmQMMnSpJSeR481ey7kiWyEbG4z2roJOI
S3SdEC5iQv5WEidxzeJfpJhjItSlU8YEMitbL+E4Yox0irnRTnEUnk0X7hX11vL1
w56ZHnF90L4gCWvs+0h86PE4FdqYFii1HxD7kTx/ckFL/pKFncvHGF5OBiC1KFMQ
n6fEeS997NOfELzZvd9JV4YsiruTQppUgivtZiq6h4LzJSWhmLvY
-----END CERTIFICATE-----