Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/qKUS3aWdXNKyGrEPIZqo9vOOxtM.roa
File:                     qKUS3aWdXNKyGrEPIZqo9vOOxtM.roa (raw, json)
Hash identifier:          aMMBOBw0agva6obgWYqVlq2psGGrS2vafTYjFkbH+48=
Subject key identifier:   A8:A5:12:DD:A5:9D:5C:D2:B2:1A:B1:0F:21:9A:A8:F6:F3:8E:C6:D3
Certificate issuer:       /CN=323ab5ba98bef5d0d9bd0cea031a1fe13777a486
Certificate serial:       01942444B0192374E2C462309613FDB495FC
Authority key identifier: 32:3A:B5:BA:98:BE:F5:D0:D9:BD:0C:EA:03:1A:1F:E1:37:77:A4:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mjq1upi-9dDZvQzqAxof4Td3pIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/qKUS3aWdXNKyGrEPIZqo9vOOxtM.roa
Signing time:             Wed 01 Jan 2025 23:47:48 +0000
ROA not before:           Wed 01 Jan 2025 23:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49621
IP address blocks:        185.105.200.0/22 maxlen: 22
                          188.64.48.0/21 maxlen: 21
                          2a03:8f00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/Mjq1upi-9dDZvQzqAxof4Td3pIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/Mjq1upi-9dDZvQzqAxof4Td3pIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mjq1upi-9dDZvQzqAxof4Td3pIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:b0:19:23:74:e2:c4:62:30:96:13:fd:b4:95:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=323ab5ba98bef5d0d9bd0cea031a1fe13777a486
        Validity
            Not Before: Jan  1 23:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8a512dda59d5cd2b21ab10f219aa8f6f38ec6d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:2b:68:30:2c:c8:92:60:7c:00:d0:f8:6a:36:
                    be:61:55:94:cd:d7:b7:b0:bd:8e:02:f1:2b:1d:b1:
                    11:eb:b0:7b:e3:f8:4d:b5:63:00:76:c2:ba:f0:e9:
                    09:53:ee:a9:5b:91:15:81:11:89:b3:d9:f5:b9:93:
                    e6:a1:06:24:08:0e:22:02:b5:03:76:2e:f4:1d:17:
                    5c:b2:74:19:7e:d2:71:15:68:8f:48:8c:af:bc:3c:
                    55:16:82:5e:c7:b8:36:9d:6e:1a:1e:07:66:52:27:
                    f6:0d:5e:58:98:af:95:6b:df:94:bf:5b:ae:37:1e:
                    fb:0b:35:72:89:80:a7:3f:12:97:d2:79:00:17:73:
                    22:08:ff:7d:e2:aa:85:74:94:47:bc:45:1c:a3:07:
                    e1:d0:17:f7:10:b1:2f:2c:c9:f3:5f:dc:75:04:ff:
                    1c:f9:df:24:5b:f8:91:d4:2d:4a:2b:1d:eb:e5:76:
                    70:3b:21:e1:61:58:ac:52:be:35:52:df:71:63:eb:
                    0e:6b:30:ab:51:2c:49:dd:9a:33:98:b0:75:7f:de:
                    82:2f:a0:1c:fb:57:ff:5a:e8:f0:42:32:ad:e6:e3:
                    97:d5:94:c4:d9:d2:f1:b3:f9:a5:6f:21:21:b9:14:
                    4b:f0:fb:d1:e7:b1:d0:38:29:84:41:1f:16:bd:d0:
                    78:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:A5:12:DD:A5:9D:5C:D2:B2:1A:B1:0F:21:9A:A8:F6:F3:8E:C6:D3
            X509v3 Authority Key Identifier:
                keyid:32:3A:B5:BA:98:BE:F5:D0:D9:BD:0C:EA:03:1A:1F:E1:37:77:A4:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mjq1upi-9dDZvQzqAxof4Td3pIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/qKUS3aWdXNKyGrEPIZqo9vOOxtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/Mjq1upi-9dDZvQzqAxof4Td3pIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.200.0/22
                  188.64.48.0/21
                IPv6:
                  2a03:8f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:1c:66:95:45:46:44:7e:a0:22:21:03:0b:8e:50:0d:f1:7b:
         22:64:d7:21:7f:ef:72:5d:e7:14:16:a8:2d:de:a6:0a:e8:06:
         32:93:f0:b9:37:66:24:2a:f2:f3:d4:7a:46:ae:10:4f:83:b5:
         b0:1b:e9:b2:c2:90:c9:0a:fd:59:7e:1e:9a:11:6b:6c:72:a6:
         51:09:69:19:26:f1:80:71:e8:5d:25:c8:bd:27:8b:14:36:5c:
         a4:a6:c8:8e:eb:a0:4e:a0:4e:31:2b:5a:8a:01:ad:e6:d4:84:
         89:15:53:ad:a0:56:e9:27:78:96:6b:c6:eb:ab:3e:33:30:f6:
         b8:30:f3:eb:be:25:d5:bc:85:8c:98:75:5e:82:fd:0c:cb:34:
         dd:d8:47:3f:ec:b0:81:f5:05:f6:07:a9:53:87:01:d4:f5:d4:
         79:89:43:9e:3a:86:a5:d4:91:b2:c9:72:09:ce:8c:9e:75:1c:
         04:78:8f:92:87:2b:4b:cf:f8:87:15:15:11:57:0f:a2:f0:69:
         f1:0d:bd:d5:27:82:36:ee:12:25:b2:79:21:b9:7e:c4:d1:32:
         27:c9:0c:5b:6e:c1:5d:72:e2:dc:25:74:3e:fb:81:8d:ce:18:
         c8:8f:b1:85:6e:13:52:74:59:58:9b:dc:42:93:1a:c4:04:7f:
         a4:1e:1a:05
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQkRLAZI3TixGIwlhP9tJX8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyM2FiNWJhOThiZWY1ZDBkOWJkMGNlYTAzMWExZmUxMzc3
N2E0ODYwHhcNMjUwMTAxMjM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGE1MTJkZGE1OWQ1Y2QyYjIxYWIxMGYyMTlhYThmNmYzOGVjNmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4StoMCzIkmB8AND4aja+YVWUzde3
sL2OAvErHbER67B74/hNtWMAdsK68OkJU+6pW5EVgRGJs9n1uZPmoQYkCA4iArUD
di70HRdcsnQZftJxFWiPSIyvvDxVFoJex7g2nW4aHgdmUif2DV5YmK+Va9+Uv1uu
Nx77CzVyiYCnPxKX0nkAF3MiCP994qqFdJRHvEUcowfh0Bf3ELEvLMnzX9x1BP8c
+d8kW/iR1C1KKx3r5XZwOyHhYVisUr41Ut9xY+sOazCrUSxJ3ZozmLB1f96CL6Ac
+1f/WujwQjKt5uOX1ZTE2dLxs/mlbyEhuRRL8PvR57HQOCmEQR8WvdB4UQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKilEt2lnVzSshqxDyGaqPbzjsbTMB8GA1UdIwQY
MBaAFDI6tbqYvvXQ2b0M6gMaH+E3d6SGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWpxMXVwaS05ZERadlF6cUF4b2Y0VGQzcElZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9iMDEyOTAtZDc2ZC00MmQ4LWEyMzQt
Zjk1MTI0OTllMDVjLzEvcUtVUzNhV2RYTkt5R3JFUElacW85dk9PeHRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9iMDEyOTAtZDc2ZC00MmQ4LWEyMzQtZjk1MTI0OTllMDVj
LzEvTWpxMXVwaS05ZERadlF6cUF4b2Y0VGQzcElZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuWnIAwQD
vEAwMA0EAgACMAcDBQMqA48AMA0GCSqGSIb3DQEBCwUAA4IBAQCLHGaVRUZEfqAi
IQMLjlAN8XsiZNchf+9yXecUFqgt3qYK6AYyk/C5N2YkKvLz1HpGrhBPg7WwG+my
wpDJCv1Zfh6aEWtscqZRCWkZJvGAcehdJci9J4sUNlykpsiO66BOoE4xK1qKAa3m
1ISJFVOtoFbpJ3iWa8brqz4zMPa4MPPrviXVvIWMmHVegv0MyzTd2Ec/7LCB9QX2
B6lThwHU9dR5iUOeOoal1JGyyXIJzoyedRwEeI+ShytLz/iHFRURVw+i8GnxDb3V
J4I27hIlsnkhuX7E0TInyQxbbsFdcuLcJXQ++4GNzhjIj7GFbhNSdFlYm9xCkxrE
BH+kHhoF
-----END CERTIFICATE-----