Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/QahvPROFYvLxVQivH_FM5XFBuJA.roa
File:                     QahvPROFYvLxVQivH_FM5XFBuJA.roa (raw, json)
Hash identifier:          EhojPbOwogV3Vcmgr+mTQfsTBmyk5dOwKsVlFMceTUQ=
Subject key identifier:   41:A8:6F:3D:13:85:62:F2:F1:55:08:AF:1F:F1:4C:E5:71:41:B8:90
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B2545C19E2EDBB944713927EB43A8B
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/QahvPROFYvLxVQivH_FM5XFBuJA.roa
Signing time:             Wed 01 Jan 2025 11:48:42 +0000
ROA not before:           Wed 01 Jan 2025 11:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6874
IP address blocks:        82.179.112.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:54:5c:19:e2:ed:bb:94:47:13:92:7e:b4:3a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41a86f3d138562f2f15508af1ff14ce57141b890
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:d6:ef:f6:76:3c:a0:87:3e:81:f4:7c:9b:30:
                    09:1b:f5:87:8a:43:56:25:24:a6:c2:30:cc:19:54:
                    e3:6e:1e:fd:ae:3a:2c:2d:18:19:04:6f:27:81:d5:
                    6a:f6:31:9e:b5:9d:49:bb:87:3a:ee:c5:2c:f4:7b:
                    92:63:a2:76:c9:f4:82:2c:03:1d:2b:f0:e3:4d:a7:
                    a8:5b:6e:58:fc:d1:a7:45:3e:0e:c4:df:af:89:20:
                    2b:2d:b8:9f:45:e7:f1:1a:8d:37:e3:f6:74:a9:9a:
                    03:23:b6:85:5d:46:2e:c1:2d:6c:f4:6e:a2:bc:cc:
                    8e:dc:bc:a8:f1:89:23:75:cb:45:dd:7f:ed:2a:73:
                    9f:74:2e:f9:6f:09:66:1d:44:77:bf:d8:52:ad:17:
                    ce:7b:db:22:e3:b8:6c:a2:6b:5e:56:1a:cc:b1:50:
                    ba:62:e6:eb:c2:e1:6a:61:65:21:90:d5:8b:ba:73:
                    9b:5e:76:43:6f:46:0e:92:43:50:16:7d:40:0a:5a:
                    b1:0d:18:c7:93:57:bf:24:da:1b:8b:75:66:78:02:
                    f2:09:aa:e2:94:fa:75:f6:42:fc:1d:84:13:1f:7b:
                    6f:68:a9:a5:e8:2a:8b:36:cc:fb:1d:30:f6:b0:e8:
                    4b:e6:ff:a6:61:a5:b7:fe:64:12:a4:79:7c:49:be:
                    e0:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:A8:6F:3D:13:85:62:F2:F1:55:08:AF:1F:F1:4C:E5:71:41:B8:90
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/QahvPROFYvLxVQivH_FM5XFBuJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.179.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3c:3a:05:fa:28:76:87:1a:ee:b2:44:87:b9:a1:d3:e3:dd:57:
         49:9b:7e:26:86:95:93:26:3f:02:ed:3d:e6:28:b5:85:1a:15:
         9d:aa:4e:2f:a0:3c:7c:33:cd:a4:69:ef:2c:b3:76:b6:19:56:
         27:fc:31:4b:87:30:07:3f:99:9b:dc:d8:2c:39:d4:36:82:26:
         29:2d:72:f6:bc:21:4b:97:42:39:75:8d:48:ae:98:fa:12:2a:
         ae:64:f5:27:7a:35:ba:21:9c:ad:5a:fe:9e:0c:6a:a2:18:c9:
         c1:32:07:14:9f:ae:2b:e5:63:72:7c:9a:2d:2b:8c:d1:97:10:
         d5:9c:41:3f:57:a6:2d:0a:26:81:d4:d9:f5:be:5b:40:fd:60:
         94:8f:8c:0d:08:18:bc:13:20:9f:6c:6a:a9:64:f5:16:a9:7c:
         7e:43:10:ad:39:09:bb:62:c2:b0:f3:e2:b6:10:1e:4c:cb:34:
         a6:f3:cd:06:91:e6:56:1f:07:b6:28:29:9a:44:b6:33:31:53:
         d8:b8:ee:0b:aa:6c:e2:b2:70:e7:e5:39:c0:83:f3:b5:20:20:
         dd:e0:49:7e:c6:8d:f6:22:c4:40:f1:b7:04:b2:f2:33:7b:1d:
         00:88:67:ba:7e:dc:99:be:d6:d4:90:ef:fc:04:a6:fc:a0:2f:
         ca:78:74:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhslRcGeLtu5RHE5J+tDqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWE4NmYzZDEzODU2MmYyZjE1NTA4YWYxZmYxNGNlNTcxNDFiODkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1tbv9nY8oIc+gfR8mzAJG/WHikNW
JSSmwjDMGVTjbh79rjosLRgZBG8ngdVq9jGetZ1Ju4c67sUs9HuSY6J2yfSCLAMd
K/DjTaeoW25Y/NGnRT4OxN+viSArLbifRefxGo034/Z0qZoDI7aFXUYuwS1s9G6i
vMyO3Lyo8YkjdctF3X/tKnOfdC75bwlmHUR3v9hSrRfOe9si47hsomteVhrMsVC6
YubrwuFqYWUhkNWLunObXnZDb0YOkkNQFn1AClqxDRjHk1e/JNobi3VmeALyCari
lPp19kL8HYQTH3tvaKml6CqLNsz7HTD2sOhL5v+mYaW3/mQSpHl8Sb7gWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGobz0ThWLy8VUIrx/xTOVxQbiQMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvUWFodlBST0ZZdkx4VlFpdkhfRk01WEZCdUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUrNwMA0G
CSqGSIb3DQEBCwUAA4IBAQA8OgX6KHaHGu6yRIe5odPj3VdJm34mhpWTJj8C7T3m
KLWFGhWdqk4voDx8M82kae8ss3a2GVYn/DFLhzAHP5mb3NgsOdQ2giYpLXL2vCFL
l0I5dY1Irpj6EiquZPUnejW6IZytWv6eDGqiGMnBMgcUn64r5WNyfJotK4zRlxDV
nEE/V6YtCiaB1Nn1vltA/WCUj4wNCBi8EyCfbGqpZPUWqXx+QxCtOQm7YsKw8+K2
EB5MyzSm880GkeZWHwe2KCmaRLYzMVPYuO4LqmzisnDn5TnAg/O1ICDd4El+xo32
IsRA8bcEsvIzex0AiGe6ftyZvtbUkO/8BKb8oC/KeHTQ
-----END CERTIFICATE-----