Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/cb8930-c063-41e2-805d-a7e4bb415cfe/1/QdWm_iYTkmRwOlae6fa_m0n_xoY.roa
File:                     QdWm_iYTkmRwOlae6fa_m0n_xoY.roa (raw, json)
Hash identifier:          GAwdxYROZcqJfJWKya6QGN1+Dp1F3FkjXyRiudeAVk4=
Subject key identifier:   41:D5:A6:FE:26:13:92:64:70:3A:56:9E:E9:F6:BF:9B:49:FF:C6:86
Certificate issuer:       /CN=b51ec4e58bd44ebac789548f319e69cc9a53211f
Certificate serial:       0194214443FAAD4EBB110B67C6AFD2F51B81
Authority key identifier: B5:1E:C4:E5:8B:D4:4E:BA:C7:89:54:8F:31:9E:69:CC:9A:53:21:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tR7E5YvUTrrHiVSPMZ5pzJpTIR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/cb8930-c063-41e2-805d-a7e4bb415cfe/1/QdWm_iYTkmRwOlae6fa_m0n_xoY.roa
Signing time:             Wed 01 Jan 2025 09:48:29 +0000
ROA not before:           Wed 01 Jan 2025 09:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        192.109.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/cb8930-c063-41e2-805d-a7e4bb415cfe/1/tR7E5YvUTrrHiVSPMZ5pzJpTIR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/cb8930-c063-41e2-805d-a7e4bb415cfe/1/tR7E5YvUTrrHiVSPMZ5pzJpTIR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tR7E5YvUTrrHiVSPMZ5pzJpTIR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:43:fa:ad:4e:bb:11:0b:67:c6:af:d2:f5:1b:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b51ec4e58bd44ebac789548f319e69cc9a53211f
        Validity
            Not Before: Jan  1 09:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41d5a6fe26139264703a569ee9f6bf9b49ffc686
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:89:e5:43:a2:68:1b:31:23:33:28:5a:4c:09:
                    71:f4:f6:59:a7:58:94:ff:86:fe:72:df:ac:e1:3d:
                    e8:25:3e:04:c4:57:2c:2e:c3:5e:34:d0:95:84:5a:
                    86:ba:9b:f1:96:3b:34:d6:0d:96:e8:c6:06:bc:0a:
                    c1:d5:86:82:bc:6a:b8:fa:40:97:ff:dc:5e:d7:57:
                    97:72:31:bf:3b:08:33:4d:31:91:8e:7b:d3:8e:c7:
                    ea:45:34:ce:f7:2f:e3:cd:91:2f:55:3a:9f:82:9e:
                    79:e9:40:7b:1d:c9:ea:cc:61:50:75:e5:0f:1d:a9:
                    17:8d:7e:bd:4f:b3:52:4e:d5:b3:3a:9d:98:23:47:
                    cd:ec:3d:25:e8:6b:45:93:44:1a:5a:75:61:2e:3b:
                    75:73:f2:67:57:00:45:cb:d8:ca:3b:4e:33:0a:c0:
                    bf:d7:e7:7e:b4:aa:d8:de:18:a2:b2:2c:3c:9e:34:
                    5e:50:62:4c:0c:74:59:f5:86:00:0e:8b:93:d0:32:
                    1e:75:f0:ba:70:b9:0a:2e:1f:e2:5c:05:6b:1b:17:
                    6d:9a:e4:4d:49:8e:a7:a2:03:14:b1:fa:94:97:8b:
                    a6:36:93:f4:d0:72:34:7d:b9:5c:6f:9a:b2:08:8f:
                    9d:98:c3:bf:ec:41:85:8e:f0:11:f1:72:c5:a9:ad:
                    9e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:D5:A6:FE:26:13:92:64:70:3A:56:9E:E9:F6:BF:9B:49:FF:C6:86
            X509v3 Authority Key Identifier:
                keyid:B5:1E:C4:E5:8B:D4:4E:BA:C7:89:54:8F:31:9E:69:CC:9A:53:21:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tR7E5YvUTrrHiVSPMZ5pzJpTIR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/cb8930-c063-41e2-805d-a7e4bb415cfe/1/QdWm_iYTkmRwOlae6fa_m0n_xoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/cb8930-c063-41e2-805d-a7e4bb415cfe/1/tR7E5YvUTrrHiVSPMZ5pzJpTIR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:d7:5b:2d:33:ca:cc:84:3e:ed:69:ea:06:c8:09:cc:d9:2f:
         18:5a:df:f1:7a:6d:3e:37:70:d5:00:f1:6d:09:5f:a7:49:e1:
         f0:8c:8f:c2:67:71:4c:24:52:6f:f6:f7:53:83:f4:1a:7d:07:
         86:85:6a:ab:6a:23:ba:30:8b:eb:89:34:ef:ab:89:9a:53:54:
         6e:7d:48:c3:b2:8d:c0:1a:0c:5c:2e:ba:e3:eb:fc:79:dc:88:
         b8:3e:e0:32:e7:68:dc:89:c8:91:ce:e2:d2:8a:e5:d8:5f:b5:
         22:d0:72:e9:38:be:54:06:4c:c6:0a:fe:e6:35:83:e6:d9:45:
         07:6b:4e:12:95:68:da:d8:2d:7f:80:5a:e2:ea:24:b7:27:b2:
         75:5d:a3:31:53:87:94:8e:04:8b:59:79:66:4c:66:92:f7:56:
         65:c3:b0:bc:cc:d5:fe:4a:5b:3c:d7:6f:8f:48:f3:1e:1c:82:
         d5:76:36:e2:c5:13:0d:86:43:cc:e5:87:96:d6:4c:9c:89:4a:
         7e:1e:15:37:b5:9a:b7:96:f6:52:f9:fb:cf:16:29:04:cb:ff:
         ac:a6:aa:38:e9:0e:37:40:b4:85:79:49:52:c0:39:02:45:96:
         c3:d1:3a:ca:08:ee:ed:42:8c:6e:0d:98:d8:44:7f:cb:0b:c2:
         16:02:fd:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhREP6rU67EQtnxq/S9RuBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MWVjNGU1OGJkNDRlYmFjNzg5NTQ4ZjMxOWU2OWNjOWE1
MzIxMWYwHhcNMjUwMTAxMDk0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWQ1YTZmZTI2MTM5MjY0NzAzYTU2OWVlOWY2YmY5YjQ5ZmZjNjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYnlQ6JoGzEjMyhaTAlx9PZZp1iU
/4b+ct+s4T3oJT4ExFcsLsNeNNCVhFqGupvxljs01g2W6MYGvArB1YaCvGq4+kCX
/9xe11eXcjG/OwgzTTGRjnvTjsfqRTTO9y/jzZEvVTqfgp556UB7HcnqzGFQdeUP
HakXjX69T7NSTtWzOp2YI0fN7D0l6GtFk0QaWnVhLjt1c/JnVwBFy9jKO04zCsC/
1+d+tKrY3hiisiw8njReUGJMDHRZ9YYADouT0DIedfC6cLkKLh/iXAVrGxdtmuRN
SY6nogMUsfqUl4umNpP00HI0fblcb5qyCI+dmMO/7EGFjvAR8XLFqa2eMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHVpv4mE5JkcDpWnun2v5tJ/8aGMB8GA1UdIwQY
MBaAFLUexOWL1E66x4lUjzGeacyaUyEfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFI3RTVZdlVUcnJIaVZTUE1aNXB6SnBUSVI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9jYjg5MzAtYzA2My00MWUyLTgwNWQt
YTdlNGJiNDE1Y2ZlLzEvUWRXbV9pWVRrbVJ3T2xhZTZmYV9tMG5feG9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9jYjg5MzAtYzA2My00MWUyLTgwNWQtYTdlNGJiNDE1Y2Zl
LzEvdFI3RTVZdlVUcnJIaVZTUE1aNXB6SnBUSVI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG2HMA0G
CSqGSIb3DQEBCwUAA4IBAQAf11stM8rMhD7taeoGyAnM2S8YWt/xem0+N3DVAPFt
CV+nSeHwjI/CZ3FMJFJv9vdTg/QafQeGhWqraiO6MIvriTTvq4maU1RufUjDso3A
GgxcLrrj6/x53Ii4PuAy52jciciRzuLSiuXYX7Ui0HLpOL5UBkzGCv7mNYPm2UUH
a04SlWja2C1/gFri6iS3J7J1XaMxU4eUjgSLWXlmTGaS91Zlw7C8zNX+Sls812+P
SPMeHILVdjbixRMNhkPM5YeW1kyciUp+HhU3tZq3lvZS+fvPFikEy/+spqo46Q43
QLSFeUlSwDkCRZbD0TrKCO7tQoxuDZjYRH/LC8IWAv0Z
-----END CERTIFICATE-----