Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QSMocKQbhcJiRbWZvx8AZLvqMNY.roa
File:                     QSMocKQbhcJiRbWZvx8AZLvqMNY.roa (raw, json)
Hash identifier:          WsgnQsZgqJz5cOEn8i5YFgNbaoTlM2oXbOWjx2Z8YIU=
Subject key identifier:   41:23:28:70:A4:1B:85:C2:62:45:B5:99:BF:1F:00:64:BB:EA:30:D6
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421441868EDDF04A8EA7A165D6AC0537E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QSMocKQbhcJiRbWZvx8AZLvqMNY.roa
Signing time:             Wed 01 Jan 2025 09:48:18 +0000
ROA not before:           Wed 01 Jan 2025 09:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212384
IP address blocks:        37.252.27.0/24 maxlen: 24
                          81.168.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:18:68:ed:df:04:a8:ea:7a:16:5d:6a:c0:53:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41232870a41b85c26245b599bf1f0064bbea30d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:2c:a9:1d:a8:20:e9:d5:81:a2:1e:00:b5:b9:
                    f7:e6:b9:46:ba:46:5a:49:7d:17:85:d4:3c:38:70:
                    57:f8:bd:15:33:4b:51:f8:68:ea:8a:7c:1f:45:cb:
                    b5:59:7e:9a:8a:7e:11:ea:3a:12:e6:db:d0:4c:8d:
                    78:05:4e:9d:9f:d7:e1:0d:de:01:e1:b9:48:44:de:
                    9d:1e:60:60:45:bf:54:b2:cf:da:0d:31:bf:19:c5:
                    14:a5:e8:f4:43:1d:02:2a:23:d6:d9:1e:5a:28:a8:
                    5c:f1:db:9b:64:ff:5f:22:a6:06:05:b2:b6:ad:c2:
                    21:71:a5:0a:43:a4:a6:99:74:e5:d4:af:d5:63:6f:
                    8f:11:85:03:7a:f2:47:df:01:10:ca:6d:6e:85:32:
                    24:b3:61:04:6b:a6:2e:8c:db:b0:f0:d2:35:eb:18:
                    05:ed:ce:ec:ad:9c:b0:a8:01:81:dd:a7:b6:43:00:
                    dc:18:6c:e9:7f:db:6e:a9:9d:16:f3:7f:fa:a6:fb:
                    ac:55:de:76:f0:32:0c:8f:69:a8:40:4c:55:d6:9c:
                    bf:19:57:e8:9c:9a:97:80:0f:92:41:48:e1:8b:c6:
                    b1:8b:a9:72:0c:38:8a:26:c2:23:1f:47:e2:12:64:
                    a4:f2:dd:ea:13:28:d2:ba:b3:ef:09:4e:dc:d6:cd:
                    f3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:23:28:70:A4:1B:85:C2:62:45:B5:99:BF:1F:00:64:BB:EA:30:D6
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QSMocKQbhcJiRbWZvx8AZLvqMNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.27.0/24
                  81.168.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:a5:fd:d5:b2:2b:79:01:87:0c:c1:ef:ce:e1:32:60:b5:08:
         99:d3:8b:bd:eb:4f:c5:f5:1c:a1:5c:10:db:fe:36:67:65:19:
         b6:80:23:f7:7f:f2:05:0b:82:40:88:2c:9f:34:09:f2:34:b9:
         1a:ae:99:9b:b7:2f:14:45:f1:49:c1:d9:f3:f8:16:4b:0d:44:
         55:86:98:d5:15:01:3a:af:35:6b:09:4b:83:99:64:53:87:b3:
         df:00:9a:91:47:57:7a:32:a8:b2:c9:62:f5:a3:e5:33:2a:3f:
         f8:74:ef:25:98:e3:b5:36:be:c2:02:6e:90:9a:40:b7:72:c8:
         75:43:48:d2:cd:ba:c6:7e:69:2c:13:e5:0f:19:9e:e5:e9:29:
         31:a5:7b:19:a2:27:03:ef:1b:c5:c9:9d:48:9d:e2:10:25:d4:
         79:6f:57:7e:28:5a:d1:8a:7e:ab:d6:10:2d:52:82:94:10:aa:
         a5:79:8f:c9:72:05:35:ba:e6:a2:ca:11:c0:a0:88:dd:36:07:
         e5:f0:e7:51:44:46:69:f1:c5:98:ab:e4:52:91:68:4f:16:15:
         10:b8:05:5c:66:df:ad:ec:df:c4:2e:a4:b0:9d:0d:fb:b9:a1:
         05:fc:f9:2e:dc:d9:35:d8:8a:3e:9e:98:26:06:7e:ad:c6:67:
         e2:ae:08:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRBho7d8EqOp6Fl1qwFN+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTIzMjg3MGE0MWI4NWMyNjI0NWI1OTliZjFmMDA2NGJiZWEzMGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CypHagg6dWBoh4Atbn35rlGukZa
SX0XhdQ8OHBX+L0VM0tR+GjqinwfRcu1WX6ain4R6joS5tvQTI14BU6dn9fhDd4B
4blIRN6dHmBgRb9Uss/aDTG/GcUUpej0Qx0CKiPW2R5aKKhc8dubZP9fIqYGBbK2
rcIhcaUKQ6SmmXTl1K/VY2+PEYUDevJH3wEQym1uhTIks2EEa6YujNuw8NI16xgF
7c7srZywqAGB3ae2QwDcGGzpf9tuqZ0W83/6pvusVd528DIMj2moQExV1py/GVfo
nJqXgA+SQUjhi8axi6lyDDiKJsIjH0fiEmSk8t3qEyjSurPvCU7c1s3zZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEEjKHCkG4XCYkW1mb8fAGS76jDWMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUVNNb2NLUWJoY0ppUmJXWnZ4OEFaTHZxTU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJfwbAwQA
UagyMA0GCSqGSIb3DQEBCwUAA4IBAQCgpf3Vsit5AYcMwe/O4TJgtQiZ04u960/F
9RyhXBDb/jZnZRm2gCP3f/IFC4JAiCyfNAnyNLkarpmbty8URfFJwdnz+BZLDURV
hpjVFQE6rzVrCUuDmWRTh7PfAJqRR1d6MqiyyWL1o+UzKj/4dO8lmOO1Nr7CAm6Q
mkC3csh1Q0jSzbrGfmksE+UPGZ7l6SkxpXsZoicD7xvFyZ1IneIQJdR5b1d+KFrR
in6r1hAtUoKUEKqleY/JcgU1uuaiyhHAoIjdNgfl8OdRREZp8cWYq+RSkWhPFhUQ
uAVcZt+t7N/ELqSwnQ37uaEF/Pku3Nk12Io+npgmBn6txmfirghM
-----END CERTIFICATE-----