Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/qpsCNwwHbknEaaKytIMeg-iyJrI.roa
File:                     qpsCNwwHbknEaaKytIMeg-iyJrI.roa (raw, json)
Hash identifier:          TsRtBKifaH7yUNxGo/mtxzGd6NziDUel8ySXbzGH1Xs=
Subject key identifier:   AA:9B:02:37:0C:07:6E:49:C4:69:A2:B2:B4:83:1E:83:E8:B2:26:B2
Certificate issuer:       /CN=6735a8295a30d7dfcac2a570b8decb25c4652140
Certificate serial:       0194266BD56713A8770A355508DE66F17810
Authority key identifier: 67:35:A8:29:5A:30:D7:DF:CA:C2:A5:70:B8:DE:CB:25:C4:65:21:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZzWoKVow19_KwqVwuN7LJcRlIUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/qpsCNwwHbknEaaKytIMeg-iyJrI.roa
Signing time:             Thu 02 Jan 2025 09:49:48 +0000
ROA not before:           Thu 02 Jan 2025 09:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200845
IP address blocks:        85.208.16.0/22 maxlen: 24
                          185.233.234.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/ZzWoKVow19_KwqVwuN7LJcRlIUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/ZzWoKVow19_KwqVwuN7LJcRlIUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZzWoKVow19_KwqVwuN7LJcRlIUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d5:67:13:a8:77:0a:35:55:08:de:66:f1:78:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6735a8295a30d7dfcac2a570b8decb25c4652140
        Validity
            Not Before: Jan  2 09:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa9b02370c076e49c469a2b2b4831e83e8b226b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:2c:c0:b7:6b:98:8c:9b:e2:3d:37:5e:59:70:
                    69:7d:59:24:3f:e8:31:c3:f4:77:1c:2c:b4:cb:78:
                    44:4e:6b:d8:c2:e3:c9:e9:73:d5:82:60:67:fc:04:
                    c5:31:bc:1a:72:cd:f9:db:67:cb:6d:8f:c4:ec:3b:
                    c1:80:15:1d:8f:ee:78:28:df:d4:f6:67:ce:1d:bc:
                    c3:db:83:1c:f4:57:04:5e:ac:f5:01:31:13:8b:2d:
                    76:d3:a1:a3:2f:fa:e4:4e:87:0f:3f:65:e0:43:e4:
                    f5:40:e7:16:1f:9d:00:94:d9:b7:5a:68:51:31:e5:
                    95:c6:8a:c6:20:ef:19:1f:48:02:7e:6a:58:49:e2:
                    44:17:ba:9b:e2:0e:b4:5d:8d:64:e9:d5:79:f8:08:
                    e6:5b:0a:bd:bd:b1:d6:df:a4:ed:b7:b7:c4:18:00:
                    d6:b4:b6:7d:da:f6:74:a0:0c:dd:a3:78:94:81:a2:
                    f7:28:ef:0d:90:e5:83:36:11:30:32:81:df:76:6d:
                    1d:ba:66:16:25:6b:ac:ac:50:a3:08:87:aa:0e:9e:
                    92:17:22:84:b3:f3:28:cf:36:63:7e:66:47:49:99:
                    92:b8:92:6c:ca:c2:73:87:d5:41:4c:15:73:ef:fe:
                    62:2a:a5:c7:fc:fb:63:94:61:de:00:c1:61:91:7a:
                    00:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:9B:02:37:0C:07:6E:49:C4:69:A2:B2:B4:83:1E:83:E8:B2:26:B2
            X509v3 Authority Key Identifier:
                keyid:67:35:A8:29:5A:30:D7:DF:CA:C2:A5:70:B8:DE:CB:25:C4:65:21:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZzWoKVow19_KwqVwuN7LJcRlIUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/qpsCNwwHbknEaaKytIMeg-iyJrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/ZzWoKVow19_KwqVwuN7LJcRlIUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.16.0/22
                  185.233.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:f9:86:ec:ad:89:d4:0f:b2:c0:8f:ad:9e:96:d8:07:f8:9e:
         68:80:09:a0:4f:42:6d:13:ba:1b:d2:3d:a1:e8:cd:ec:81:77:
         85:8e:df:16:2e:15:75:5a:19:f2:80:a3:4d:31:f6:05:d1:21:
         02:dd:04:ae:85:10:4e:15:29:c9:48:5c:03:2d:65:03:1f:18:
         78:75:84:6c:59:92:53:73:f1:01:57:13:19:6b:00:71:31:fc:
         8e:5f:cc:66:06:a6:e7:71:72:3f:0c:71:12:5d:25:34:af:9a:
         7b:55:49:97:b3:77:31:2f:16:e6:2c:0b:19:2f:73:ce:6c:ad:
         e4:ae:21:5f:5d:0f:80:32:59:61:ec:06:1c:20:26:6d:9e:67:
         67:bb:1b:31:40:4f:df:82:34:80:0c:fb:e7:5e:25:dd:bf:03:
         e0:7c:44:0b:12:20:5b:78:86:b5:79:02:9f:be:a7:de:8c:55:
         41:73:29:c6:3a:ab:f7:d2:69:3f:27:02:fd:ed:6a:dc:19:e7:
         28:9e:b7:09:18:b7:f1:d4:d5:b6:38:58:d1:5d:92:66:8b:6d:
         c0:60:1f:78:43:49:b5:3c:a0:a4:34:10:62:76:c1:22:36:90:
         fc:8e:6d:2a:b7:8a:cf:3c:15:80:19:6a:43:18:e8:fc:79:22:
         af:81:54:cf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQma9VnE6h3CjVVCN5m8XgQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3MzVhODI5NWEzMGQ3ZGZjYWMyYTU3MGI4ZGVjYjI1YzQ2
NTIxNDAwHhcNMjUwMTAyMDk0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTliMDIzNzBjMDc2ZTQ5YzQ2OWEyYjJiNDgzMWU4M2U4YjIyNmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSzAt2uYjJviPTdeWXBpfVkkP+gx
w/R3HCy0y3hETmvYwuPJ6XPVgmBn/ATFMbwacs3522fLbY/E7DvBgBUdj+54KN/U
9mfOHbzD24Mc9FcEXqz1ATETiy1206GjL/rkTocPP2XgQ+T1QOcWH50AlNm3WmhR
MeWVxorGIO8ZH0gCfmpYSeJEF7qb4g60XY1k6dV5+AjmWwq9vbHW36Ttt7fEGADW
tLZ92vZ0oAzdo3iUgaL3KO8NkOWDNhEwMoHfdm0dumYWJWusrFCjCIeqDp6SFyKE
s/MozzZjfmZHSZmSuJJsysJzh9VBTBVz7/5iKqXH/PtjlGHeAMFhkXoAYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKqbAjcMB25JxGmisrSDHoPosiayMB8GA1UdIwQY
MBaAFGc1qClaMNffysKlcLjeyyXEZSFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnpXb0tWb3cxOV9Ld3FWd3VON0xKY1JsSVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMGIwZWMtNzA1NS00ZWJjLTk2ZmMt
MThlMThkNjU5ZDhmLzEvcXBzQ053d0hia25FYWFLeXRJTWVnLWl5SnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMGIwZWMtNzA1NS00ZWJjLTk2ZmMtMThlMThkNjU5ZDhm
LzEvWnpXb0tWb3cxOV9Ld3FWd3VON0xKY1JsSVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVdAQAwQB
uenqMA0GCSqGSIb3DQEBCwUAA4IBAQBz+YbsrYnUD7LAj62eltgH+J5ogAmgT0Jt
E7ob0j2h6M3sgXeFjt8WLhV1WhnygKNNMfYF0SEC3QSuhRBOFSnJSFwDLWUDHxh4
dYRsWZJTc/EBVxMZawBxMfyOX8xmBqbncXI/DHESXSU0r5p7VUmXs3cxLxbmLAsZ
L3PObK3kriFfXQ+AMllh7AYcICZtnmdnuxsxQE/fgjSADPvnXiXdvwPgfEQLEiBb
eIa1eQKfvqfejFVBcynGOqv30mk/JwL97WrcGeconrcJGLfx1NW2OFjRXZJmi23A
YB94Q0m1PKCkNBBidsEiNpD8jm0qt4rPPBWAGWpDGOj8eSKvgVTP
-----END CERTIFICATE-----