Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/282cb0-91be-422a-95d3-24f20f9675ec/1/qUq_q62qYu3qxVOMe_F0xihpmUw.roa
File:                     qUq_q62qYu3qxVOMe_F0xihpmUw.roa (raw, json)
Hash identifier:          SovqRJc4ePvthgrrsQXCalBtYnWMU+TdM7o0xgmwIiE=
Subject key identifier:   A9:4A:BF:AB:AD:AA:62:ED:EA:C5:53:8C:7B:F1:74:C6:28:69:99:4C
Certificate issuer:       /CN=bd85272a4080904f75e235a47af0b41266e2a603
Certificate serial:       01942521BC5B011F3A445F9CF7D27D81185B
Authority key identifier: BD:85:27:2A:40:80:90:4F:75:E2:35:A4:7A:F0:B4:12:66:E2:A6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vYUnKkCAkE914jWkevC0EmbipgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/282cb0-91be-422a-95d3-24f20f9675ec/1/qUq_q62qYu3qxVOMe_F0xihpmUw.roa
Signing time:             Thu 02 Jan 2025 03:49:15 +0000
ROA not before:           Thu 02 Jan 2025 03:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30781
IP address blocks:        194.247.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/282cb0-91be-422a-95d3-24f20f9675ec/1/vYUnKkCAkE914jWkevC0EmbipgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/282cb0-91be-422a-95d3-24f20f9675ec/1/vYUnKkCAkE914jWkevC0EmbipgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vYUnKkCAkE914jWkevC0EmbipgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:bc:5b:01:1f:3a:44:5f:9c:f7:d2:7d:81:18:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd85272a4080904f75e235a47af0b41266e2a603
        Validity
            Not Before: Jan  2 03:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a94abfabadaa62edeac5538c7bf174c62869994c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c9:06:1e:34:b3:8a:28:c0:07:ab:63:bb:d5:
                    43:44:d7:3d:10:98:77:09:71:4d:28:c5:a6:3a:e2:
                    8d:cb:0d:02:1b:db:8a:e7:37:d5:ff:92:22:9a:b5:
                    01:56:73:d8:bd:d3:0d:76:1f:b2:97:a5:d7:5e:94:
                    b1:3f:32:42:21:a6:ff:1e:1d:9b:aa:af:74:1d:13:
                    67:76:67:23:4f:10:a0:19:63:aa:54:75:57:81:cf:
                    d3:4c:8c:e0:e2:25:d8:a1:6f:67:21:b9:ca:12:0e:
                    46:21:b4:43:ef:2d:33:52:21:6e:31:4f:2e:2b:7a:
                    ca:35:8b:a3:eb:b1:af:04:a5:29:2e:fe:b0:8d:33:
                    3c:6e:63:74:da:23:eb:26:43:35:1e:6e:63:35:73:
                    4e:55:6e:e7:9c:26:91:bd:69:1f:d0:c7:97:7e:d6:
                    c7:74:e4:ff:25:fa:01:6d:d7:de:89:69:26:68:fb:
                    db:c6:c3:91:ff:e7:73:81:28:dd:6b:39:e5:e7:60:
                    b3:f8:81:ab:d9:6b:10:61:6f:31:ce:26:c3:95:f9:
                    68:86:9d:77:1d:83:65:85:cc:0d:32:9c:a7:e7:91:
                    80:5a:3a:6b:ff:31:d4:29:da:15:3e:1d:ee:be:fd:
                    b9:a6:f4:db:41:65:01:a3:72:b4:21:8a:d6:fe:cf:
                    d1:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:4A:BF:AB:AD:AA:62:ED:EA:C5:53:8C:7B:F1:74:C6:28:69:99:4C
            X509v3 Authority Key Identifier:
                keyid:BD:85:27:2A:40:80:90:4F:75:E2:35:A4:7A:F0:B4:12:66:E2:A6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vYUnKkCAkE914jWkevC0EmbipgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/282cb0-91be-422a-95d3-24f20f9675ec/1/qUq_q62qYu3qxVOMe_F0xihpmUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/282cb0-91be-422a-95d3-24f20f9675ec/1/vYUnKkCAkE914jWkevC0EmbipgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.247.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:8e:13:68:d6:ca:3e:a9:0a:98:fd:7e:64:a2:e7:db:95:1d:
         cd:02:30:9d:f5:27:3c:08:a2:36:80:f2:c5:c3:54:a5:ea:99:
         94:e5:54:38:12:67:56:55:8d:71:71:f5:45:03:5d:59:09:5a:
         dd:b1:90:6b:ee:09:ea:67:5f:ed:ad:a7:9e:6a:2e:84:14:f1:
         24:64:04:e0:e0:12:f3:b8:fd:5c:72:03:e5:81:f3:5e:00:54:
         16:ac:2b:ef:b3:5a:4a:e3:50:4c:c8:9d:c9:34:4b:46:ce:ef:
         94:e4:7c:13:02:14:23:0a:ce:f0:e9:74:5e:c7:72:37:8d:e6:
         70:b2:95:bc:08:ff:af:95:d4:a3:f6:e4:b2:3b:34:b6:12:c8:
         91:a0:9c:da:49:22:d4:01:20:c3:98:2c:44:be:d1:9e:41:e3:
         96:6e:c8:87:b4:b5:e7:0a:1b:54:5b:fe:4c:e2:03:fd:88:b8:
         b8:98:02:c6:71:7b:f8:b6:7e:e6:cb:a1:41:09:bc:bb:16:6b:
         fa:97:ee:1b:96:b3:e2:b8:ed:46:c9:65:36:a1:88:7d:72:e1:
         4f:9e:26:c2:fc:2b:f4:89:1a:a4:19:c3:35:96:dc:ae:78:71:
         e9:46:bc:72:d5:32:9c:0a:01:bd:73:b2:83:48:60:23:5e:d7:
         c4:61:6a:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIbxbAR86RF+c99J9gRhbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkODUyNzJhNDA4MDkwNGY3NWUyMzVhNDdhZjBiNDEyNjZl
MmE2MDMwHhcNMjUwMTAyMDM0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTRhYmZhYmFkYWE2MmVkZWFjNTUzOGM3YmYxNzRjNjI4Njk5OTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMkGHjSziijAB6tju9VDRNc9EJh3
CXFNKMWmOuKNyw0CG9uK5zfV/5IimrUBVnPYvdMNdh+yl6XXXpSxPzJCIab/Hh2b
qq90HRNndmcjTxCgGWOqVHVXgc/TTIzg4iXYoW9nIbnKEg5GIbRD7y0zUiFuMU8u
K3rKNYuj67GvBKUpLv6wjTM8bmN02iPrJkM1Hm5jNXNOVW7nnCaRvWkf0MeXftbH
dOT/JfoBbdfeiWkmaPvbxsOR/+dzgSjdaznl52Cz+IGr2WsQYW8xzibDlflohp13
HYNlhcwNMpyn55GAWjpr/zHUKdoVPh3uvv25pvTbQWUBo3K0IYrW/s/RGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKlKv6utqmLt6sVTjHvxdMYoaZlMMB8GA1UdIwQY
MBaAFL2FJypAgJBPdeI1pHrwtBJm4qYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdllVbktrQ0FrRTkxNGpXa2V2QzBFbWJpcGdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8yODJjYjAtOTFiZS00MjJhLTk1ZDMt
MjRmMjBmOTY3NWVjLzEvcVVxX3E2MnFZdTNxeFZPTWVfRjB4aWhwbVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8yODJjYjAtOTFiZS00MjJhLTk1ZDMtMjRmMjBmOTY3NWVj
LzEvdllVbktrQ0FrRTkxNGpXa2V2QzBFbWJpcGdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvciMA0G
CSqGSIb3DQEBCwUAA4IBAQBfjhNo1so+qQqY/X5koufblR3NAjCd9Sc8CKI2gPLF
w1Sl6pmU5VQ4EmdWVY1xcfVFA11ZCVrdsZBr7gnqZ1/traeeai6EFPEkZATg4BLz
uP1ccgPlgfNeAFQWrCvvs1pK41BMyJ3JNEtGzu+U5HwTAhQjCs7w6XRex3I3jeZw
spW8CP+vldSj9uSyOzS2EsiRoJzaSSLUASDDmCxEvtGeQeOWbsiHtLXnChtUW/5M
4gP9iLi4mALGcXv4tn7my6FBCby7Fmv6l+4blrPiuO1GyWU2oYh9cuFPnibC/Cv0
iRqkGcM1ltyueHHpRrxy1TKcCgG9c7KDSGAjXtfEYWqC
-----END CERTIFICATE-----