Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/294a81-5237-4bf3-a05b-a88a4d094af0/1/QxzsJBZ0KnjdWggXNkiPE3mxTiE.roa
File:                     QxzsJBZ0KnjdWggXNkiPE3mxTiE.roa (raw, json)
Hash identifier:          wp71B9vMq7Np21xWaUokwt4Wn7Ga2Zz2FhWmCQz4Lj0=
Subject key identifier:   43:1C:EC:24:16:74:2A:78:DD:5A:08:17:36:48:8F:13:79:B1:4E:21
Certificate issuer:       /CN=f0a112710434e85ae5fe6fbf41e76bddf93818cf
Certificate serial:       01942067BFE99877147CD6978353C15EC217
Authority key identifier: F0:A1:12:71:04:34:E8:5A:E5:FE:6F:BF:41:E7:6B:DD:F9:38:18:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8KEScQQ06Frl_m-_Qedr3fk4GM8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/294a81-5237-4bf3-a05b-a88a4d094af0/1/QxzsJBZ0KnjdWggXNkiPE3mxTiE.roa
Signing time:             Wed 01 Jan 2025 05:47:37 +0000
ROA not before:           Wed 01 Jan 2025 05:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209120
IP address blocks:        91.213.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/294a81-5237-4bf3-a05b-a88a4d094af0/1/8KEScQQ06Frl_m-_Qedr3fk4GM8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/294a81-5237-4bf3-a05b-a88a4d094af0/1/8KEScQQ06Frl_m-_Qedr3fk4GM8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8KEScQQ06Frl_m-_Qedr3fk4GM8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:bf:e9:98:77:14:7c:d6:97:83:53:c1:5e:c2:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0a112710434e85ae5fe6fbf41e76bddf93818cf
        Validity
            Not Before: Jan  1 05:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=431cec2416742a78dd5a081736488f1379b14e21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:01:cc:03:c7:b2:16:1c:21:3d:81:20:d3:d4:
                    fd:f9:4a:38:68:65:59:ba:34:52:74:7a:96:f7:a3:
                    0e:cd:0d:2d:09:78:ae:94:95:72:ce:89:79:9d:85:
                    5b:1d:48:30:3a:48:50:3e:35:09:53:34:9a:dd:3d:
                    fc:86:0d:b9:77:6c:0e:c4:8d:f4:ce:d2:fc:3f:24:
                    d6:16:1b:ae:59:a7:51:90:2b:9e:07:4d:1f:92:b8:
                    64:d6:36:e3:ff:45:f5:aa:8a:db:ee:6c:27:7e:f0:
                    19:76:f8:2d:f6:b7:00:c0:4a:bc:44:a1:c5:28:f9:
                    42:5e:82:74:23:a3:10:cd:a4:30:11:6a:66:f0:d2:
                    32:86:b3:c2:80:d6:73:3a:b1:12:de:8e:34:6a:d5:
                    89:fb:11:50:b9:08:c5:4d:5b:e1:5a:fd:12:d6:fd:
                    26:5a:da:d8:b5:db:19:9a:0d:a0:39:cb:75:59:4e:
                    bf:e3:f8:c6:50:79:7f:0a:4f:d9:d1:e4:1b:6b:2a:
                    51:2d:d3:2d:5e:0c:1f:6b:39:19:41:f3:12:60:9a:
                    5d:dd:02:01:f2:11:5d:ce:e8:e6:f1:0f:5e:e7:ec:
                    c3:0b:64:26:83:dc:8e:61:06:b7:f4:8f:db:04:a8:
                    10:5b:9f:80:9c:35:17:69:6e:3f:46:01:e1:3c:7d:
                    4e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:1C:EC:24:16:74:2A:78:DD:5A:08:17:36:48:8F:13:79:B1:4E:21
            X509v3 Authority Key Identifier:
                keyid:F0:A1:12:71:04:34:E8:5A:E5:FE:6F:BF:41:E7:6B:DD:F9:38:18:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8KEScQQ06Frl_m-_Qedr3fk4GM8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/294a81-5237-4bf3-a05b-a88a4d094af0/1/QxzsJBZ0KnjdWggXNkiPE3mxTiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/294a81-5237-4bf3-a05b-a88a4d094af0/1/8KEScQQ06Frl_m-_Qedr3fk4GM8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:94:5e:8a:9a:44:ae:15:42:25:96:cb:1e:4d:1c:83:be:a4:
         44:d1:34:8b:6e:22:34:f3:dd:dc:93:dc:c4:45:43:03:38:71:
         d9:d8:b0:3b:17:04:c0:4d:10:ec:b0:ab:84:41:d9:e6:91:6c:
         2b:74:b8:00:14:d4:12:da:1e:be:94:66:df:ca:4c:5b:5d:d4:
         b6:01:57:e4:9f:3a:36:bf:d9:45:ba:80:5c:b5:39:95:61:5a:
         d5:c8:f3:19:dd:95:67:10:aa:6d:aa:fc:a5:c4:a2:cb:16:f2:
         d8:f6:cd:bf:54:b3:fa:34:24:fc:37:fa:5a:b4:67:f9:fc:2f:
         97:c2:ca:3e:65:e9:f9:40:15:df:f3:d0:ad:56:5b:c0:7a:37:
         b0:e7:6b:11:24:8a:f3:04:72:09:f9:52:f1:13:04:f4:f0:56:
         fc:fd:1b:90:0c:ce:52:02:78:f4:14:7d:7c:a9:b4:11:5f:33:
         2e:da:59:d8:e1:41:f5:5c:07:9e:7d:0e:f6:90:c1:ed:74:d3:
         8b:bf:26:ee:05:84:98:aa:66:ed:e6:20:bd:95:a0:a9:26:77:
         41:ff:84:dc:25:7c:88:90:77:32:32:6f:71:97:b6:2b:7e:b7:
         89:2f:f3:f0:09:54:34:50:10:97:79:14:08:16:ac:f7:4d:06:
         26:5b:79:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ7/pmHcUfNaXg1PBXsIXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYTExMjcxMDQzNGU4NWFlNWZlNmZiZjQxZTc2YmRkZjkz
ODE4Y2YwHhcNMjUwMTAxMDU0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzFjZWMyNDE2NzQyYTc4ZGQ1YTA4MTczNjQ4OGYxMzc5YjE0ZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwHMA8eyFhwhPYEg09T9+Uo4aGVZ
ujRSdHqW96MOzQ0tCXiulJVyzol5nYVbHUgwOkhQPjUJUzSa3T38hg25d2wOxI30
ztL8PyTWFhuuWadRkCueB00fkrhk1jbj/0X1qorb7mwnfvAZdvgt9rcAwEq8RKHF
KPlCXoJ0I6MQzaQwEWpm8NIyhrPCgNZzOrES3o40atWJ+xFQuQjFTVvhWv0S1v0m
WtrYtdsZmg2gOct1WU6/4/jGUHl/Ck/Z0eQbaypRLdMtXgwfazkZQfMSYJpd3QIB
8hFdzujm8Q9e5+zDC2Qmg9yOYQa39I/bBKgQW5+AnDUXaW4/RgHhPH1O1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMc7CQWdCp43VoIFzZIjxN5sU4hMB8GA1UdIwQY
MBaAFPChEnEENOha5f5vv0Hna935OBjPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEtFU2NRUTA2RnJsX20tX1FlZHIzZms0R004LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS8yOTRhODEtNTIzNy00YmYzLWEwNWIt
YTg4YTRkMDk0YWYwLzEvUXh6c0pCWjBLbmpkV2dnWE5raVBFM214VGlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS8yOTRhODEtNTIzNy00YmYzLWEwNWItYTg4YTRkMDk0YWYw
LzEvOEtFU2NRUTA2RnJsX20tX1FlZHIzZms0R004LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9X3MA0G
CSqGSIb3DQEBCwUAA4IBAQCAlF6KmkSuFUIllsseTRyDvqRE0TSLbiI0893ck9zE
RUMDOHHZ2LA7FwTATRDssKuEQdnmkWwrdLgAFNQS2h6+lGbfykxbXdS2AVfknzo2
v9lFuoBctTmVYVrVyPMZ3ZVnEKptqvylxKLLFvLY9s2/VLP6NCT8N/patGf5/C+X
wso+Zen5QBXf89CtVlvAejew52sRJIrzBHIJ+VLxEwT08Fb8/RuQDM5SAnj0FH18
qbQRXzMu2lnY4UH1XAeefQ72kMHtdNOLvybuBYSYqmbt5iC9laCpJndB/4TcJXyI
kHcyMm9xl7YrfreJL/PwCVQ0UBCXeRQIFqz3TQYmW3lm
-----END CERTIFICATE-----