Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/QqgdIg6hSu9l0qkAmT27rSaYEpI.roa
File:                     QqgdIg6hSu9l0qkAmT27rSaYEpI.roa (raw, json)
Hash identifier:          Zj7N5jWJe1MnRgbFLlzVoeaeQcOnvfzk+fyv1HdeicI=
Subject key identifier:   42:A8:1D:22:0E:A1:4A:EF:65:D2:A9:00:99:3D:BB:AD:26:98:12:92
Certificate issuer:       /CN=2f6f07cead06a4f811547600bac02faf0cc084c9
Certificate serial:       019424B3C39CC8A3DF94480A369F1B29E212
Authority key identifier: 2F:6F:07:CE:AD:06:A4:F8:11:54:76:00:BA:C0:2F:AF:0C:C0:84:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L28Hzq0GpPgRVHYAusAvrwzAhMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/QqgdIg6hSu9l0qkAmT27rSaYEpI.roa
Signing time:             Thu 02 Jan 2025 01:49:08 +0000
ROA not before:           Thu 02 Jan 2025 01:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209497
IP address blocks:        149.3.172.0/24 maxlen: 24
                          149.3.173.0/24 maxlen: 24
                          149.3.174.0/24 maxlen: 24
                          149.3.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/L28Hzq0GpPgRVHYAusAvrwzAhMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/L28Hzq0GpPgRVHYAusAvrwzAhMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L28Hzq0GpPgRVHYAusAvrwzAhMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c3:9c:c8:a3:df:94:48:0a:36:9f:1b:29:e2:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f6f07cead06a4f811547600bac02faf0cc084c9
        Validity
            Not Before: Jan  2 01:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42a81d220ea14aef65d2a900993dbbad26981292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:5a:4a:65:45:ed:49:80:b2:b0:3f:cc:1e:26:
                    4d:80:ef:19:b4:cc:9b:a0:e8:9f:18:44:7b:7f:e1:
                    ac:71:c1:0e:24:dc:b5:f0:f8:75:3c:0a:d0:53:0d:
                    1b:5f:d3:cc:e0:ca:08:2f:f5:7e:74:91:44:e6:e7:
                    42:ec:a3:f3:f3:ff:a0:26:39:4f:89:b1:88:07:1b:
                    b1:6c:c9:6e:e4:e7:a4:21:de:b1:94:46:0e:8e:05:
                    72:2f:4d:de:e1:f3:20:d6:32:64:2f:5f:2e:f4:81:
                    9a:ae:14:91:91:08:db:70:c7:4b:73:b6:f4:80:e8:
                    1a:eb:72:a0:c6:7c:5d:98:44:69:cf:a2:53:78:85:
                    93:74:a9:51:72:aa:fd:ed:45:ce:62:0b:1b:ba:5c:
                    19:92:1e:05:45:b5:a6:f2:9b:3e:b3:9b:f5:59:1c:
                    0d:38:5c:09:68:d6:df:28:72:f4:ab:bb:51:ea:e7:
                    bd:08:73:f0:05:e7:dc:52:d4:71:7e:c1:39:de:59:
                    a6:ba:79:29:cf:06:f7:ed:1b:7a:70:65:f7:41:61:
                    d1:39:df:21:aa:4c:b8:13:8c:55:93:e6:bf:78:39:
                    34:1a:d4:1d:63:4a:39:65:75:e3:44:7e:6e:5a:76:
                    5b:fd:1d:f1:13:16:31:46:51:c1:06:35:d3:96:59:
                    2b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:A8:1D:22:0E:A1:4A:EF:65:D2:A9:00:99:3D:BB:AD:26:98:12:92
            X509v3 Authority Key Identifier:
                keyid:2F:6F:07:CE:AD:06:A4:F8:11:54:76:00:BA:C0:2F:AF:0C:C0:84:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L28Hzq0GpPgRVHYAusAvrwzAhMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/QqgdIg6hSu9l0qkAmT27rSaYEpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/L28Hzq0GpPgRVHYAusAvrwzAhMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.3.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:12:ff:bc:68:6f:42:7e:7f:17:de:fd:7f:46:e2:d8:5b:9c:
         40:60:52:f2:85:7c:25:d1:8b:88:2f:22:ad:88:15:86:59:13:
         f5:47:b4:3f:a9:8a:fc:76:15:ae:93:ba:ea:46:b0:4a:7a:4d:
         d7:f1:b3:44:6b:68:97:ec:15:30:30:d4:75:f5:4f:22:71:b5:
         da:ff:13:35:ad:77:f5:10:f2:ca:5d:b3:0a:7b:d6:17:fe:8d:
         e8:2d:4d:c8:e5:13:f7:3c:15:cd:cb:6a:e2:df:f6:f3:df:fd:
         c3:db:97:4b:93:a3:c8:0a:fa:fc:7b:21:30:af:b1:a4:62:f4:
         42:bb:61:00:fc:47:8d:63:d5:02:2f:d9:17:93:7a:39:47:61:
         23:b9:83:c1:2b:c9:52:42:ec:47:08:1d:fb:87:14:82:46:dc:
         1f:0e:d7:97:43:c8:19:6e:4b:f5:45:91:7c:58:7c:6c:13:c3:
         2f:a9:ba:cc:d0:ba:6b:f2:c8:c6:2d:48:cf:61:1d:c0:9b:4f:
         16:5e:61:b2:ca:bb:08:a8:ef:c2:12:04:54:33:bb:d6:33:5f:
         7d:fb:7e:08:0c:ae:47:39:2f:24:7d:ca:54:47:8d:2b:94:21:
         71:ae:ec:ca:7d:58:41:ee:8c:6b:ce:c2:ac:04:5f:ee:4a:5a:
         2e:6a:20:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks8OcyKPflEgKNp8bKeISMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNmYwN2NlYWQwNmE0ZjgxMTU0NzYwMGJhYzAyZmFmMGNj
MDg0YzkwHhcNMjUwMTAyMDE0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmE4MWQyMjBlYTE0YWVmNjVkMmE5MDA5OTNkYmJhZDI2OTgxMjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1pKZUXtSYCysD/MHiZNgO8ZtMyb
oOifGER7f+GsccEOJNy18Ph1PArQUw0bX9PM4MoIL/V+dJFE5udC7KPz8/+gJjlP
ibGIBxuxbMlu5OekId6xlEYOjgVyL03e4fMg1jJkL18u9IGarhSRkQjbcMdLc7b0
gOga63KgxnxdmERpz6JTeIWTdKlRcqr97UXOYgsbulwZkh4FRbWm8ps+s5v1WRwN
OFwJaNbfKHL0q7tR6ue9CHPwBefcUtRxfsE53lmmunkpzwb37Rt6cGX3QWHROd8h
qky4E4xVk+a/eDk0GtQdY0o5ZXXjRH5uWnZb/R3xExYxRlHBBjXTllkruQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEKoHSIOoUrvZdKpAJk9u60mmBKSMB8GA1UdIwQY
MBaAFC9vB86tBqT4EVR2ALrAL68MwITJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDI4SHpxMEdwUGdSVkhZQXVzQXZyd3pBaE1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9lYWQ2YzQtOWZlMS00ZmVlLTk3NjAt
MDQ3Y2JjMzEwY2NiLzEvUXFnZElnNmhTdTlsMHFrQW1UMjdyU2FZRXBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9lYWQ2YzQtOWZlMS00ZmVlLTk3NjAtMDQ3Y2JjMzEwY2Ni
LzEvTDI4SHpxMEdwUGdSVkhZQXVzQXZyd3pBaE1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQClQOsMA0G
CSqGSIb3DQEBCwUAA4IBAQCPEv+8aG9Cfn8X3v1/RuLYW5xAYFLyhXwl0YuILyKt
iBWGWRP1R7Q/qYr8dhWuk7rqRrBKek3X8bNEa2iX7BUwMNR19U8icbXa/xM1rXf1
EPLKXbMKe9YX/o3oLU3I5RP3PBXNy2ri3/bz3/3D25dLk6PICvr8eyEwr7GkYvRC
u2EA/EeNY9UCL9kXk3o5R2EjuYPBK8lSQuxHCB37hxSCRtwfDteXQ8gZbkv1RZF8
WHxsE8MvqbrM0Lpr8sjGLUjPYR3Am08WXmGyyrsIqO/CEgRUM7vWM199+34IDK5H
OS8kfcpUR40rlCFxruzKfVhB7oxrzsKsBF/uSlouaiCr
-----END CERTIFICATE-----