Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/qBYlovJkfJHkvUcB5hy59ysLvBI.roa
File:                     qBYlovJkfJHkvUcB5hy59ysLvBI.roa (raw, json)
Hash identifier:          rhUQ7eemuasO/N/vCeryMqfVlnZzFbMH9k0Lde5p9sY=
Subject key identifier:   A8:16:25:A2:F2:64:7C:91:E4:BD:47:01:E6:1C:B9:F7:2B:0B:BC:12
Certificate issuer:       /CN=5a955ca458468c5776b8d9936dfe9b0b2668731c
Certificate serial:       019422FB9876D11E03AA3BC81180608C358D
Authority key identifier: 5A:95:5C:A4:58:46:8C:57:76:B8:D9:93:6D:FE:9B:0B:26:68:73:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WpVcpFhGjFd2uNmTbf6bCyZocxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/qBYlovJkfJHkvUcB5hy59ysLvBI.roa
Signing time:             Wed 01 Jan 2025 17:48:21 +0000
ROA not before:           Wed 01 Jan 2025 17:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8399
IP address blocks:        87.247.224.0/24 maxlen: 24
                          185.197.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/WpVcpFhGjFd2uNmTbf6bCyZocxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/WpVcpFhGjFd2uNmTbf6bCyZocxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WpVcpFhGjFd2uNmTbf6bCyZocxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:98:76:d1:1e:03:aa:3b:c8:11:80:60:8c:35:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a955ca458468c5776b8d9936dfe9b0b2668731c
        Validity
            Not Before: Jan  1 17:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a81625a2f2647c91e4bd4701e61cb9f72b0bbc12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b6:75:ca:68:03:64:b2:54:c7:a5:4f:77:61:
                    02:c4:72:53:f9:07:90:3b:a2:c9:2e:1f:3b:7b:d9:
                    15:93:7d:9d:ac:06:c6:c8:b6:e7:f7:f1:98:1e:8a:
                    b6:19:38:1a:47:26:53:92:24:05:7e:08:51:2d:3c:
                    6a:fa:94:6b:f0:ba:4d:81:38:13:39:15:07:d0:09:
                    42:f6:4a:c7:03:19:fb:2e:29:48:5a:df:2f:43:c1:
                    a4:58:f2:f2:77:a2:09:df:61:20:d1:71:22:53:6b:
                    39:bd:b8:b5:21:14:1b:2d:32:49:6b:f3:ed:3c:c6:
                    9b:e0:d1:fb:50:ba:97:ea:e3:9d:6e:ac:cd:74:de:
                    01:31:ac:ed:01:1e:19:82:5b:fa:c6:c8:3b:e5:de:
                    74:3f:7e:d1:49:69:6e:67:46:e2:26:df:cd:c9:a7:
                    06:65:45:98:73:af:fa:a1:09:0a:91:d6:db:39:d3:
                    44:2b:fc:86:9b:f1:fa:c9:c6:e9:bb:0a:56:7f:f0:
                    9b:51:5b:2d:82:3a:b9:00:78:92:16:20:59:0c:25:
                    1e:b6:d2:08:5c:ba:1f:a2:3c:8f:f3:84:d8:9f:c2:
                    85:77:de:61:06:75:fd:4d:62:1c:13:90:a5:6b:d8:
                    c7:ae:e4:d2:b7:16:6c:1f:07:6b:65:cc:93:5c:41:
                    50:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:16:25:A2:F2:64:7C:91:E4:BD:47:01:E6:1C:B9:F7:2B:0B:BC:12
            X509v3 Authority Key Identifier:
                keyid:5A:95:5C:A4:58:46:8C:57:76:B8:D9:93:6D:FE:9B:0B:26:68:73:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WpVcpFhGjFd2uNmTbf6bCyZocxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/qBYlovJkfJHkvUcB5hy59ysLvBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/WpVcpFhGjFd2uNmTbf6bCyZocxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.247.224.0/24
                  185.197.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:02:a7:08:cd:39:a7:f1:a0:53:8e:80:72:cc:82:83:d2:59:
         cd:54:03:44:6b:23:51:46:bf:b5:99:15:75:39:47:3c:82:b4:
         be:20:8d:70:95:74:47:e6:3c:2c:2a:27:4e:6d:b3:03:f1:68:
         f1:88:d2:56:b8:ed:8b:ed:c1:3a:5b:e9:49:f5:90:aa:78:c5:
         bb:eb:f9:72:81:15:50:dc:8f:ad:7f:fd:61:49:03:ec:c4:ee:
         6f:7f:96:5b:c8:18:38:93:1e:22:03:1c:88:c5:6d:be:c3:d2:
         c2:8f:1e:dd:f0:92:f8:e6:46:75:75:73:fe:f2:61:dc:1d:80:
         11:a2:83:e7:16:be:69:69:0e:33:bb:c1:53:df:3d:8b:b9:63:
         b3:81:d8:ef:43:1b:f6:6c:31:01:60:a2:fd:98:8a:19:75:fd:
         a8:33:2a:a8:db:d9:f5:62:3a:4b:7f:e7:86:7b:fc:d6:26:a1:
         f8:3c:83:aa:ac:6e:94:ca:82:f2:88:a5:2a:52:28:43:78:f6:
         80:9c:5d:10:d8:bb:7f:16:c1:ad:eb:ea:9a:ab:4c:e2:90:2f:
         1a:6c:12:ff:5a:be:98:93:8a:93:3c:10:d4:f0:4f:57:eb:62:
         1e:ce:0f:c1:fa:04:ed:ae:83:e4:24:1c:8e:a2:b3:f0:ac:c1:
         f3:da:61:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+5h20R4DqjvIEYBgjDWNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhOTU1Y2E0NTg0NjhjNTc3NmI4ZDk5MzZkZmU5YjBiMjY2
ODczMWMwHhcNMjUwMTAxMTc0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODE2MjVhMmYyNjQ3YzkxZTRiZDQ3MDFlNjFjYjlmNzJiMGJiYzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrZ1ymgDZLJUx6VPd2ECxHJT+QeQ
O6LJLh87e9kVk32drAbGyLbn9/GYHoq2GTgaRyZTkiQFfghRLTxq+pRr8LpNgTgT
ORUH0AlC9krHAxn7LilIWt8vQ8GkWPLyd6IJ32Eg0XEiU2s5vbi1IRQbLTJJa/Pt
PMab4NH7ULqX6uOdbqzNdN4BMaztAR4Zglv6xsg75d50P37RSWluZ0biJt/NyacG
ZUWYc6/6oQkKkdbbOdNEK/yGm/H6ycbpuwpWf/CbUVstgjq5AHiSFiBZDCUettII
XLofojyP84TYn8KFd95hBnX9TWIcE5Cla9jHruTStxZsHwdrZcyTXEFQUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKgWJaLyZHyR5L1HAeYcufcrC7wSMB8GA1UdIwQY
MBaAFFqVXKRYRoxXdrjZk23+mwsmaHMcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3BWY3BGaEdqRmQydU5tVGJmNmJDeVpvY3h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9iZTlhMDAtZTBiMS00NTQxLTljMGYt
MTM4NThkYTg1ZjUzLzEvcUJZbG92SmtmSkhrdlVjQjVoeTU5eXNMdkJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9iZTlhMDAtZTBiMS00NTQxLTljMGYtMTM4NThkYTg1ZjUz
LzEvV3BWY3BGaEdqRmQydU5tVGJmNmJDeVpvY3h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV/fgAwQA
ucVkMA0GCSqGSIb3DQEBCwUAA4IBAQCYAqcIzTmn8aBTjoByzIKD0lnNVANEayNR
Rr+1mRV1OUc8grS+II1wlXRH5jwsKidObbMD8WjxiNJWuO2L7cE6W+lJ9ZCqeMW7
6/lygRVQ3I+tf/1hSQPsxO5vf5ZbyBg4kx4iAxyIxW2+w9LCjx7d8JL45kZ1dXP+
8mHcHYARooPnFr5paQ4zu8FT3z2LuWOzgdjvQxv2bDEBYKL9mIoZdf2oMyqo29n1
YjpLf+eGe/zWJqH4PIOqrG6UyoLyiKUqUihDePaAnF0Q2Lt/FsGt6+qaq0zikC8a
bBL/Wr6Yk4qTPBDU8E9X62Iezg/B+gTtroPkJByOorPwrMHz2mF1
-----END CERTIFICATE-----