Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/QJH1xkQhD8ZqrUTpIxRVC-9iWsg.roa
File:                     QJH1xkQhD8ZqrUTpIxRVC-9iWsg.roa (raw, json)
Hash identifier:          k8wK85RayUQhoeFyh00R6U1ww1Aske+9ky6WjpJEXWs=
Subject key identifier:   40:91:F5:C6:44:21:0F:C6:6A:AD:44:E9:23:14:55:0B:EF:62:5A:C8
Certificate issuer:       /CN=bfe3971a32c0692c4e342e911790662470cf31b2
Certificate serial:       0194266AC41678B5446FC694172C2CA7C796
Authority key identifier: BF:E3:97:1A:32:C0:69:2C:4E:34:2E:91:17:90:66:24:70:CF:31:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v-OXGjLAaSxONC6RF5BmJHDPMbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/QJH1xkQhD8ZqrUTpIxRVC-9iWsg.roa
Signing time:             Thu 02 Jan 2025 09:48:38 +0000
ROA not before:           Thu 02 Jan 2025 09:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205299
IP address blocks:        185.16.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/v-OXGjLAaSxONC6RF5BmJHDPMbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/v-OXGjLAaSxONC6RF5BmJHDPMbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v-OXGjLAaSxONC6RF5BmJHDPMbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:c4:16:78:b5:44:6f:c6:94:17:2c:2c:a7:c7:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfe3971a32c0692c4e342e911790662470cf31b2
        Validity
            Not Before: Jan  2 09:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4091f5c644210fc66aad44e92314550bef625ac8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:54:dd:79:1d:15:d6:17:6e:bb:b1:e4:5b:64:
                    4c:5a:24:7a:85:86:7d:fd:d0:84:ff:42:bb:f4:b9:
                    41:6a:8e:c3:0b:28:ff:83:1e:b1:6c:60:24:7f:56:
                    3f:f8:53:3f:85:d8:94:c2:90:ec:6f:b4:f5:f2:bf:
                    db:34:b5:5f:24:c6:18:ff:5c:82:10:0b:8c:4f:c7:
                    37:fa:58:d0:01:96:13:b5:6f:f2:61:b7:ed:03:3e:
                    48:ec:21:f3:71:46:3b:63:4c:59:37:be:21:c2:28:
                    8e:96:f5:cb:b6:c4:0c:1f:e7:57:e3:c0:68:93:bb:
                    63:1d:8c:be:e2:97:8e:7b:d7:83:ae:9e:ac:66:59:
                    c2:40:d3:b1:c9:e8:60:6b:62:cb:b1:31:82:ea:dc:
                    b5:45:64:56:37:f1:52:61:5d:bb:6d:10:05:4a:ee:
                    96:6d:4b:12:44:fc:84:a8:7b:d8:b3:67:c9:1f:19:
                    ee:80:cb:e2:89:40:3a:02:59:7a:a0:8a:b0:66:f8:
                    a2:af:d5:38:57:40:d5:a7:73:39:61:78:3a:06:7f:
                    fa:77:c1:ff:bc:d0:8a:cf:e1:ec:ce:a1:a3:fa:ab:
                    ce:c7:17:01:82:91:a5:05:d7:38:f9:a1:17:a1:a4:
                    b6:b8:c3:06:f4:16:bb:63:f4:0d:e8:f1:a8:a6:77:
                    25:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:91:F5:C6:44:21:0F:C6:6A:AD:44:E9:23:14:55:0B:EF:62:5A:C8
            X509v3 Authority Key Identifier:
                keyid:BF:E3:97:1A:32:C0:69:2C:4E:34:2E:91:17:90:66:24:70:CF:31:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v-OXGjLAaSxONC6RF5BmJHDPMbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/QJH1xkQhD8ZqrUTpIxRVC-9iWsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/v-OXGjLAaSxONC6RF5BmJHDPMbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.16.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:8e:59:b1:db:30:80:43:c6:5f:fd:38:e2:bd:9e:a5:16:1b:
         24:a0:77:d4:05:b7:93:53:0b:81:e8:8d:32:74:ab:6c:d2:ad:
         1f:83:e3:cd:04:14:4d:e1:74:53:70:8f:e6:96:f3:6e:2b:e2:
         98:77:ed:9d:93:f6:52:db:cf:b0:6c:8b:50:1c:5b:0e:d5:39:
         b7:68:65:a8:44:04:c2:bb:0b:c2:04:d6:7c:54:ad:8c:44:20:
         db:91:84:51:b1:a9:9b:87:3c:ee:0a:d5:ec:da:30:84:dd:42:
         e4:6c:70:aa:53:8a:80:f7:37:ef:27:1b:9f:5b:60:83:36:50:
         9a:8e:f5:5a:26:a4:c9:19:2f:ab:0b:8e:6b:a4:4a:7c:96:fa:
         0b:76:6f:ec:67:4a:93:3d:5f:2e:ef:0e:0a:9d:ff:29:7d:c3:
         cc:29:15:8f:c6:4c:67:c6:0c:f2:29:c4:96:c9:7d:69:3e:50:
         5d:41:13:e1:81:3a:af:ac:92:0a:aa:0f:1d:a5:0f:19:0d:2a:
         85:2c:c9:60:4d:97:b4:38:b6:ae:3d:6c:c8:0b:33:52:68:5d:
         db:55:33:c1:ff:a2:5a:b6:32:ba:2b:63:19:77:83:25:71:83:
         56:22:15:b7:5a:10:2a:fa:db:e5:cf:21:57:10:5c:ad:66:89:
         3b:92:3c:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmasQWeLVEb8aUFywsp8eWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZTM5NzFhMzJjMDY5MmM0ZTM0MmU5MTE3OTA2NjI0NzBj
ZjMxYjIwHhcNMjUwMTAyMDk0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDkxZjVjNjQ0MjEwZmM2NmFhZDQ0ZTkyMzE0NTUwYmVmNjI1YWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFTdeR0V1hduu7HkW2RMWiR6hYZ9
/dCE/0K79LlBao7DCyj/gx6xbGAkf1Y/+FM/hdiUwpDsb7T18r/bNLVfJMYY/1yC
EAuMT8c3+ljQAZYTtW/yYbftAz5I7CHzcUY7Y0xZN74hwiiOlvXLtsQMH+dX48Bo
k7tjHYy+4peOe9eDrp6sZlnCQNOxyehga2LLsTGC6ty1RWRWN/FSYV27bRAFSu6W
bUsSRPyEqHvYs2fJHxnugMviiUA6All6oIqwZviir9U4V0DVp3M5YXg6Bn/6d8H/
vNCKz+HszqGj+qvOxxcBgpGlBdc4+aEXoaS2uMMG9Ba7Y/QN6PGopnclywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECR9cZEIQ/Gaq1E6SMUVQvvYlrIMB8GA1UdIwQY
MBaAFL/jlxoywGksTjQukReQZiRwzzGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdi1PWEdqTEFhU3hPTkM2UkY1Qm1KSERQTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9kNzZiZjgtNTQxZi00ZWZjLTk4YzUt
YzRkY2M3ZjZiN2RmLzEvUUpIMXhrUWhEOFpxclVUcEl4UlZDLTlpV3NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9kNzZiZjgtNTQxZi00ZWZjLTk4YzUtYzRkY2M3ZjZiN2Rm
LzEvdi1PWEdqTEFhU3hPTkM2UkY1Qm1KSERQTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRAlMA0G
CSqGSIb3DQEBCwUAA4IBAQAcjlmx2zCAQ8Zf/TjivZ6lFhskoHfUBbeTUwuB6I0y
dKts0q0fg+PNBBRN4XRTcI/mlvNuK+KYd+2dk/ZS28+wbItQHFsO1Tm3aGWoRATC
uwvCBNZ8VK2MRCDbkYRRsambhzzuCtXs2jCE3ULkbHCqU4qA9zfvJxufW2CDNlCa
jvVaJqTJGS+rC45rpEp8lvoLdm/sZ0qTPV8u7w4Knf8pfcPMKRWPxkxnxgzyKcSW
yX1pPlBdQRPhgTqvrJIKqg8dpQ8ZDSqFLMlgTZe0OLauPWzICzNSaF3bVTPB/6Ja
tjK6K2MZd4MlcYNWIhW3WhAq+tvlzyFXEFytZok7kjwO
-----END CERTIFICATE-----