Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/c01306-66f5-4209-8c88-2db691b1d4ab/1/rqs2jYsXIEmeZSer38OOcJGK7EU.roa
File:                     rqs2jYsXIEmeZSer38OOcJGK7EU.roa (raw, json)
Hash identifier:          m+TNUwZvlDUtkC5/TwdymkZwjEw131NWG7VhMWfXmRQ=
Subject key identifier:   AE:AB:36:8D:8B:17:20:49:9E:65:27:AB:DF:C3:8E:70:91:8A:EC:45
Certificate issuer:       /CN=8300996c08890bd5e1e6dd0528217d28f9d09355
Certificate serial:       019422FC47867BE46D3CC312E9A7996AD891
Authority key identifier: 83:00:99:6C:08:89:0B:D5:E1:E6:DD:05:28:21:7D:28:F9:D0:93:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gwCZbAiJC9Xh5t0FKCF9KPnQk1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/c01306-66f5-4209-8c88-2db691b1d4ab/1/rqs2jYsXIEmeZSer38OOcJGK7EU.roa
Signing time:             Wed 01 Jan 2025 17:49:06 +0000
ROA not before:           Wed 01 Jan 2025 17:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197422
IP address blocks:        91.224.148.0/23 maxlen: 24
                          185.119.168.0/22 maxlen: 24
                          2a03:7220::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/c01306-66f5-4209-8c88-2db691b1d4ab/1/gwCZbAiJC9Xh5t0FKCF9KPnQk1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/c01306-66f5-4209-8c88-2db691b1d4ab/1/gwCZbAiJC9Xh5t0FKCF9KPnQk1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gwCZbAiJC9Xh5t0FKCF9KPnQk1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:47:86:7b:e4:6d:3c:c3:12:e9:a7:99:6a:d8:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8300996c08890bd5e1e6dd0528217d28f9d09355
        Validity
            Not Before: Jan  1 17:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aeab368d8b1720499e6527abdfc38e70918aec45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:46:3d:c2:be:e8:96:06:9a:de:8d:0a:9e:05:
                    48:2a:b3:b2:3e:ce:95:44:cb:c5:3f:39:4f:22:57:
                    b2:c4:5e:b3:fe:4c:d0:0f:db:3e:ad:ae:59:38:86:
                    1c:aa:3a:b5:d0:a7:fa:f5:b6:23:14:2d:2b:77:9b:
                    17:89:98:7a:04:8b:3b:3c:a0:8b:46:f2:fe:be:33:
                    81:55:2f:a3:be:82:29:98:b7:84:3e:30:a1:a9:5b:
                    ec:18:f9:40:28:c9:53:8a:fa:22:6c:df:5d:40:00:
                    bc:d8:fc:7b:64:5f:bf:ec:f7:ff:8e:d8:2d:e3:7b:
                    69:77:c3:d7:50:bf:58:20:7c:4b:69:2b:91:7d:2d:
                    52:5d:b3:69:0c:f1:ab:40:6e:5f:3d:34:2c:95:86:
                    f6:2f:44:ec:a4:06:b7:7a:ac:2b:54:71:b4:ba:de:
                    52:47:31:70:0d:5a:50:b5:32:4e:e7:f7:15:c4:c0:
                    23:a0:b2:1e:97:57:a6:97:41:9f:32:e5:81:c3:04:
                    c9:2f:b8:18:76:8d:ad:44:2d:e0:a3:4b:1e:d9:38:
                    67:cb:6a:73:b8:09:b5:0d:ca:6d:07:e8:bd:23:4e:
                    fc:81:4f:b2:d3:a7:92:1d:6c:60:80:61:b2:25:0c:
                    d7:01:e4:6b:5c:a4:11:4d:a1:51:77:c1:8e:dc:0f:
                    5a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:AB:36:8D:8B:17:20:49:9E:65:27:AB:DF:C3:8E:70:91:8A:EC:45
            X509v3 Authority Key Identifier:
                keyid:83:00:99:6C:08:89:0B:D5:E1:E6:DD:05:28:21:7D:28:F9:D0:93:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gwCZbAiJC9Xh5t0FKCF9KPnQk1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c01306-66f5-4209-8c88-2db691b1d4ab/1/rqs2jYsXIEmeZSer38OOcJGK7EU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c01306-66f5-4209-8c88-2db691b1d4ab/1/gwCZbAiJC9Xh5t0FKCF9KPnQk1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.148.0/23
                  185.119.168.0/22
                IPv6:
                  2a03:7220::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:fd:b6:d4:87:bf:5b:59:d5:88:b8:1b:14:57:af:85:70:e4:
         a8:b2:7c:2b:25:cb:59:7f:ed:ca:2e:6f:23:40:11:36:1e:ce:
         a6:76:31:88:27:bc:85:ff:f1:e0:40:6c:6c:17:26:4f:33:43:
         78:08:a2:e2:5a:89:7a:94:ce:36:42:ef:35:24:f9:e8:a1:b8:
         e6:59:55:be:9d:08:07:ed:76:0d:ce:0d:f5:f7:51:7d:06:5d:
         77:71:dd:d2:0c:08:41:c4:7a:1d:e5:1b:ba:62:ef:f8:69:0a:
         cd:f7:6b:3d:76:e1:f1:fd:4b:27:57:06:b2:85:df:71:81:ce:
         59:80:7a:a8:a1:8e:10:c6:22:31:0f:ec:b6:34:c7:f3:00:ca:
         eb:57:4f:be:a4:fe:1c:c8:5a:1e:fe:ff:dd:d8:aa:fd:8c:22:
         2f:ed:74:73:90:11:a9:39:95:fe:cf:48:f0:62:09:e6:7b:50:
         b5:cc:1b:79:81:e8:ce:e1:a8:47:54:1b:a6:bf:15:37:2e:05:
         97:fc:5c:91:15:62:37:7e:22:dd:e4:37:b2:67:4d:19:1d:57:
         86:dc:99:3b:52:b7:0b:15:60:36:c8:db:d6:40:ad:a5:3a:15:
         f5:17:2d:a4:0b:4b:3e:30:0c:81:f7:b9:e8:a8:78:aa:62:1d:
         6a:a7:32:fd
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQi/EeGe+RtPMMS6aeZatiRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMDA5OTZjMDg4OTBiZDVlMWU2ZGQwNTI4MjE3ZDI4Zjlk
MDkzNTUwHhcNMjUwMTAxMTc0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWFiMzY4ZDhiMTcyMDQ5OWU2NTI3YWJkZmMzOGU3MDkxOGFlYzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA20Y9wr7olgaa3o0KngVIKrOyPs6V
RMvFPzlPIleyxF6z/kzQD9s+ra5ZOIYcqjq10Kf69bYjFC0rd5sXiZh6BIs7PKCL
RvL+vjOBVS+jvoIpmLeEPjChqVvsGPlAKMlTivoibN9dQAC82Px7ZF+/7Pf/jtgt
43tpd8PXUL9YIHxLaSuRfS1SXbNpDPGrQG5fPTQslYb2L0TspAa3eqwrVHG0ut5S
RzFwDVpQtTJO5/cVxMAjoLIel1eml0GfMuWBwwTJL7gYdo2tRC3go0se2Thny2pz
uAm1DcptB+i9I078gU+y06eSHWxggGGyJQzXAeRrXKQRTaFRd8GO3A9akQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK6rNo2LFyBJnmUnq9/DjnCRiuxFMB8GA1UdIwQY
MBaAFIMAmWwIiQvV4ebdBSghfSj50JNVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3dDWmJBaUpDOVhoNXQwRktDRjlLUG5RazFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9jMDEzMDYtNjZmNS00MjA5LThjODgt
MmRiNjkxYjFkNGFiLzEvcnFzMmpZc1hJRW1lWlNlcjM4T09jSkdLN0VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9jMDEzMDYtNjZmNS00MjA5LThjODgtMmRiNjkxYjFkNGFi
LzEvZ3dDWmJBaUpDOVhoNXQwRktDRjlLUG5RazFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBW+CUAwQC
uXeoMA0EAgACMAcDBQMqA3IgMA0GCSqGSIb3DQEBCwUAA4IBAQBH/bbUh79bWdWI
uBsUV6+FcOSosnwrJctZf+3KLm8jQBE2Hs6mdjGIJ7yF//HgQGxsFyZPM0N4CKLi
Wol6lM42Qu81JPnoobjmWVW+nQgH7XYNzg3191F9Bl13cd3SDAhBxHod5Ru6Yu/4
aQrN92s9duHx/UsnVwayhd9xgc5ZgHqooY4QxiIxD+y2NMfzAMrrV0++pP4cyFoe
/v/d2Kr9jCIv7XRzkBGpOZX+z0jwYgnme1C1zBt5gejO4ahHVBumvxU3LgWX/FyR
FWI3fiLd5DeyZ00ZHVeG3Jk7UrcLFWA2yNvWQK2lOhX1Fy2kC0s+MAyB97noqHiq
Yh1qpzL9
-----END CERTIFICATE-----