Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/e6845d-1c3c-48d6-a6b2-d605c53a35be/1/Q7vNAscnF-4OhkgVonOsxeJBDjA.roa
File:                     Q7vNAscnF-4OhkgVonOsxeJBDjA.roa (raw, json)
Hash identifier:          0ioDa0FuPDgR/Y4yLPplBITqL6YDwLS4b5dcomdJX+s=
Subject key identifier:   43:BB:CD:02:C7:27:17:EE:0E:86:48:15:A2:73:AC:C5:E2:41:0E:30
Certificate issuer:       /CN=86e1aba600cde5ec318319b15594b68ab96c956c
Certificate serial:       019424B3B8B6FDA1C9FC00A28EB205C96ECB
Authority key identifier: 86:E1:AB:A6:00:CD:E5:EC:31:83:19:B1:55:94:B6:8A:B9:6C:95:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/huGrpgDN5ewxgxmxVZS2irlslWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/e6845d-1c3c-48d6-a6b2-d605c53a35be/1/Q7vNAscnF-4OhkgVonOsxeJBDjA.roa
Signing time:             Thu 02 Jan 2025 01:49:05 +0000
ROA not before:           Thu 02 Jan 2025 01:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207586
IP address blocks:        176.126.116.0/24 maxlen: 24
                          2a11:d540:530::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/e6845d-1c3c-48d6-a6b2-d605c53a35be/1/huGrpgDN5ewxgxmxVZS2irlslWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/e6845d-1c3c-48d6-a6b2-d605c53a35be/1/huGrpgDN5ewxgxmxVZS2irlslWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/huGrpgDN5ewxgxmxVZS2irlslWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b8:b6:fd:a1:c9:fc:00:a2:8e:b2:05:c9:6e:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86e1aba600cde5ec318319b15594b68ab96c956c
        Validity
            Not Before: Jan  2 01:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43bbcd02c72717ee0e864815a273acc5e2410e30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:de:ec:02:5c:0b:6a:b7:91:7f:1e:16:8b:12:
                    76:5d:05:0b:cf:d1:8a:18:3e:b1:52:30:45:23:48:
                    43:0e:80:aa:2c:5d:08:4b:82:3c:f6:c7:0b:9a:ae:
                    ee:ea:e2:09:a1:55:5e:c2:3e:c5:30:c8:06:00:10:
                    0e:47:9d:26:c1:a8:24:d9:78:8c:68:63:78:cb:36:
                    da:51:7a:f9:4b:e3:cb:ec:69:3b:e6:08:cc:0a:af:
                    a4:18:4c:1e:91:35:04:f9:d7:a4:55:e4:7f:c5:20:
                    60:6e:35:d3:6d:44:68:43:94:60:f7:16:e1:b9:4b:
                    80:b5:4d:19:c9:fd:9f:e1:35:13:13:f8:8f:f5:6e:
                    47:fa:97:50:1f:3d:28:1b:da:3a:f9:4d:0d:b9:58:
                    13:d5:61:0f:9f:4f:26:8e:88:0d:1a:bd:a3:63:42:
                    32:ea:76:aa:0e:e8:c2:bb:46:af:09:6f:7b:61:af:
                    87:ba:5b:88:cf:65:f5:00:3c:04:d9:3b:8a:47:18:
                    57:70:74:4c:0f:48:2a:ef:2c:b4:4b:32:f0:52:22:
                    e7:01:87:58:ec:c2:26:d6:7f:ab:44:ff:27:09:78:
                    ff:a3:1f:57:52:eb:4a:25:66:27:3c:7c:22:1d:c4:
                    ff:5a:8b:c0:0c:d5:ff:0d:67:66:5b:73:9c:f7:6e:
                    5d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:BB:CD:02:C7:27:17:EE:0E:86:48:15:A2:73:AC:C5:E2:41:0E:30
            X509v3 Authority Key Identifier:
                keyid:86:E1:AB:A6:00:CD:E5:EC:31:83:19:B1:55:94:B6:8A:B9:6C:95:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/huGrpgDN5ewxgxmxVZS2irlslWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/e6845d-1c3c-48d6-a6b2-d605c53a35be/1/Q7vNAscnF-4OhkgVonOsxeJBDjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/e6845d-1c3c-48d6-a6b2-d605c53a35be/1/huGrpgDN5ewxgxmxVZS2irlslWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.126.116.0/24
                IPv6:
                  2a11:d540:530::/44

    Signature Algorithm: sha256WithRSAEncryption
         97:89:ad:bf:5f:18:0e:f7:4a:a6:eb:5e:45:27:ba:29:a9:d9:
         31:6d:f4:13:c1:cf:81:c7:b2:6b:94:34:12:ca:59:ca:06:73:
         05:5e:f9:1c:80:5b:97:17:bd:26:e6:03:26:6d:41:89:38:c5:
         a1:73:fb:20:6d:86:2a:50:bd:3d:89:a5:bc:9a:47:0d:94:29:
         db:a3:27:2e:d6:1c:d7:81:fd:90:61:98:b3:a6:9f:80:cd:38:
         74:6d:58:dc:df:08:28:6c:2c:ca:dc:a8:43:0f:e0:c6:b1:d9:
         79:cb:83:aa:44:a8:8c:e6:87:fb:ae:26:71:e7:cc:df:f2:3e:
         7e:51:e9:1c:cd:80:f0:e1:c0:c2:0f:e4:ad:36:f1:68:b1:dc:
         f6:92:a4:b5:ac:63:f4:1e:ab:c5:a6:a4:7a:68:b7:05:8a:75:
         1e:93:a3:1d:25:11:32:bb:50:c8:7c:db:ab:c1:8d:08:05:91:
         a2:40:9e:55:23:98:14:2c:6c:6e:c9:f3:ba:2e:ba:59:22:3c:
         35:7f:a1:48:c3:c8:69:b0:e9:58:4d:f2:ae:5b:ea:d8:c5:df:
         ce:f5:ca:48:ef:90:23:0b:7b:54:dd:df:ae:40:3d:b4:9c:d9:
         65:a4:33:ef:aa:22:44:08:30:4a:f2:20:cc:ff:20:a0:b7:ff:
         e1:75:36:d1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQks7i2/aHJ/ACijrIFyW7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZTFhYmE2MDBjZGU1ZWMzMTgzMTliMTU1OTRiNjhhYjk2
Yzk1NmMwHhcNMjUwMTAyMDE0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2JiY2QwMmM3MjcxN2VlMGU4NjQ4MTVhMjczYWNjNWUyNDEwZTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyt7sAlwLareRfx4WixJ2XQULz9GK
GD6xUjBFI0hDDoCqLF0IS4I89scLmq7u6uIJoVVewj7FMMgGABAOR50mwagk2XiM
aGN4yzbaUXr5S+PL7Gk75gjMCq+kGEwekTUE+dekVeR/xSBgbjXTbURoQ5Rg9xbh
uUuAtU0Zyf2f4TUTE/iP9W5H+pdQHz0oG9o6+U0NuVgT1WEPn08mjogNGr2jY0Iy
6naqDujCu0avCW97Ya+HuluIz2X1ADwE2TuKRxhXcHRMD0gq7yy0SzLwUiLnAYdY
7MIm1n+rRP8nCXj/ox9XUutKJWYnPHwiHcT/WovADNX/DWdmW3Oc925dpQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEO7zQLHJxfuDoZIFaJzrMXiQQ4wMB8GA1UdIwQY
MBaAFIbhq6YAzeXsMYMZsVWUtoq5bJVsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHVHcnBnRE41ZXd4Z3hteFZaUzJpcmxzbFd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9lNjg0NWQtMWMzYy00OGQ2LWE2YjIt
ZDYwNWM1M2EzNWJlLzEvUTd2TkFzY25GLTRPaGtnVm9uT3N4ZUpCRGpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9lNjg0NWQtMWMzYy00OGQ2LWE2YjItZDYwNWM1M2EzNWJl
LzEvaHVHcnBnRE41ZXd4Z3hteFZaUzJpcmxzbFd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAsH50MA8E
AgACMAkDBwQqEdVABTAwDQYJKoZIhvcNAQELBQADggEBAJeJrb9fGA73SqbrXkUn
uimp2TFt9BPBz4HHsmuUNBLKWcoGcwVe+RyAW5cXvSbmAyZtQYk4xaFz+yBthipQ
vT2JpbyaRw2UKdujJy7WHNeB/ZBhmLOmn4DNOHRtWNzfCChsLMrcqEMP4Max2XnL
g6pEqIzmh/uuJnHnzN/yPn5R6RzNgPDhwMIP5K028Wix3PaSpLWsY/Qeq8WmpHpo
twWKdR6Tox0lETK7UMh826vBjQgFkaJAnlUjmBQsbG7J87ouulkiPDV/oUjDyGmw
6VhN8q5b6tjF3871ykjvkCMLe1Td365APbSc2WWkM++qIkQIMEryIMz/IKC3/+F1
NtE=
-----END CERTIFICATE-----