Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/QXSM-tWrPmeWBheSqnXnaDNQmDc.roa
File:                     QXSM-tWrPmeWBheSqnXnaDNQmDc.roa (raw, json)
Hash identifier:          x9yXB+eo0EInUWHjOj6vjP2I3KVEdKt4v4+AdmEQgDw=
Subject key identifier:   41:74:8C:FA:D5:AB:3E:67:96:06:17:92:AA:75:E7:68:33:50:98:37
Certificate issuer:       /CN=47aa878f76b50947cbd7deca04ac832e287b514d
Certificate serial:       0194258FB1C755F0EAD62FF234E3D8ACAD5E
Authority key identifier: 47:AA:87:8F:76:B5:09:47:CB:D7:DE:CA:04:AC:83:2E:28:7B:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/QXSM-tWrPmeWBheSqnXnaDNQmDc.roa
Signing time:             Thu 02 Jan 2025 05:49:21 +0000
ROA not before:           Thu 02 Jan 2025 05:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207188
IP address blocks:        194.61.102.0/23 maxlen: 24
                          2a03:98c7::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 17:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:b1:c7:55:f0:ea:d6:2f:f2:34:e3:d8:ac:ad:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47aa878f76b50947cbd7deca04ac832e287b514d
        Validity
            Not Before: Jan  2 05:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41748cfad5ab3e6796061792aa75e76833509837
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:9a:04:db:3b:75:56:72:82:5a:d8:57:71:fc:
                    81:29:ca:4b:89:f6:15:e7:c5:53:e4:95:d5:50:70:
                    ca:a5:d3:0b:38:62:e4:93:e5:68:f7:c5:0f:44:ad:
                    8d:03:8b:44:49:ea:08:38:05:61:91:97:01:c4:d2:
                    df:df:b0:a1:71:b1:7d:68:09:5b:69:fd:a9:9d:30:
                    46:f3:4b:49:5a:6c:85:e1:8b:5f:87:33:46:2a:57:
                    7a:eb:12:2f:78:7b:62:2b:e1:6f:75:a9:0d:bf:7a:
                    a4:85:ce:8a:eb:0c:c3:e4:51:5d:5b:d0:7d:a6:23:
                    30:20:58:2d:85:8c:83:49:96:0b:a3:fe:84:fe:2f:
                    29:ad:75:68:a2:a0:5e:db:d0:7e:12:00:11:7e:8f:
                    ac:fe:d3:b5:29:81:82:ff:6a:67:5f:0c:cc:81:f7:
                    4f:8c:14:da:bb:cc:b7:65:12:0e:27:3a:ab:e6:bc:
                    db:a3:55:03:fb:de:38:23:b9:69:5f:06:4c:e5:cf:
                    43:06:5a:a6:90:53:75:d7:fc:49:e1:65:1e:ac:e5:
                    fa:9d:e1:00:2a:7c:ca:48:b5:5c:b8:3f:97:2c:a0:
                    c8:62:9f:87:c8:c3:fd:87:5e:a5:43:61:43:d6:3e:
                    48:5f:7b:b0:81:ef:ac:c8:e0:1c:04:9e:40:91:7e:
                    09:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:74:8C:FA:D5:AB:3E:67:96:06:17:92:AA:75:E7:68:33:50:98:37
            X509v3 Authority Key Identifier:
                keyid:47:AA:87:8F:76:B5:09:47:CB:D7:DE:CA:04:AC:83:2E:28:7B:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/QXSM-tWrPmeWBheSqnXnaDNQmDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.102.0/23
                IPv6:
                  2a03:98c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:47:ab:6b:d4:7d:dd:94:82:17:59:6b:33:0b:86:0a:5d:2b:
         7e:c5:6d:89:44:6e:d2:19:20:81:22:c8:6c:6d:6a:d6:09:77:
         d6:02:89:3b:d9:63:f3:e4:f3:25:ab:63:a6:8e:54:8c:f7:7b:
         b1:a2:56:7b:ba:94:87:32:66:62:10:a2:38:86:47:10:91:88:
         fb:3b:29:f7:b0:35:59:a2:c8:b6:00:7d:9c:d1:de:f6:5c:6b:
         d7:53:fb:dd:02:a2:f9:fa:90:ad:d7:8b:df:dc:0d:c6:27:a1:
         51:c4:27:bc:ef:98:25:a2:16:0f:3a:b8:a4:c2:49:10:ab:cd:
         8a:b4:b1:a2:db:ea:e7:d9:7d:e4:60:21:2f:f2:ac:df:7c:23:
         1c:72:de:9a:2f:67:e2:f3:0b:c6:36:a6:c3:c6:21:f0:9f:4b:
         e9:10:7d:52:39:84:54:49:bb:fa:6b:98:98:4a:f1:f7:b5:a7:
         88:17:08:0c:8b:a1:a6:d5:eb:d1:b0:59:a6:ae:31:b3:68:f6:
         0d:53:8b:97:a4:aa:59:29:17:4d:65:4a:e7:a0:55:92:77:66:
         07:58:2a:39:1b:3c:34:c2:77:50:25:fc:d7:2c:ae:6a:f7:d8:
         0f:c2:fd:56:62:80:e9:dd:5b:2f:e9:68:1a:31:67:19:3a:d0:
         0c:a4:74:b9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj7HHVfDq1i/yNOPYrK1eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YWE4NzhmNzZiNTA5NDdjYmQ3ZGVjYTA0YWM4MzJlMjg3
YjUxNGQwHhcNMjUwMTAyMDU0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTc0OGNmYWQ1YWIzZTY3OTYwNjE3OTJhYTc1ZTc2ODMzNTA5ODM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypoE2zt1VnKCWthXcfyBKcpLifYV
58VT5JXVUHDKpdMLOGLkk+Vo98UPRK2NA4tESeoIOAVhkZcBxNLf37ChcbF9aAlb
af2pnTBG80tJWmyF4YtfhzNGKld66xIveHtiK+FvdakNv3qkhc6K6wzD5FFdW9B9
piMwIFgthYyDSZYLo/6E/i8prXVooqBe29B+EgARfo+s/tO1KYGC/2pnXwzMgfdP
jBTau8y3ZRIOJzqr5rzbo1UD+944I7lpXwZM5c9DBlqmkFN11/xJ4WUerOX6neEA
KnzKSLVcuD+XLKDIYp+HyMP9h16lQ2FD1j5IX3uwge+syOAcBJ5AkX4J5wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEF0jPrVqz5nlgYXkqp152gzUJg3MB8GA1UdIwQY
MBaAFEeqh492tQlHy9feygSsgy4oe1FNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjZxSGozYTFDVWZMMTk3S0JLeURMaWg3VVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jMWFiMjYtMjhiMC00NjM3LWI1MWIt
Mzk5MmM1NGUxODdiLzEvUVhTTS10V3JQbWVXQmhlU3FuWG5hRE5RbURjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jMWFiMjYtMjhiMC00NjM3LWI1MWItMzk5MmM1NGUxODdi
LzEvUjZxSGozYTFDVWZMMTk3S0JLeURMaWg3VVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwj1mMA0E
AgACMAcDBQAqA5jHMA0GCSqGSIb3DQEBCwUAA4IBAQBHR6tr1H3dlIIXWWszC4YK
XSt+xW2JRG7SGSCBIshsbWrWCXfWAok72WPz5PMlq2OmjlSM93uxolZ7upSHMmZi
EKI4hkcQkYj7Oyn3sDVZosi2AH2c0d72XGvXU/vdAqL5+pCt14vf3A3GJ6FRxCe8
75glohYPOrikwkkQq82KtLGi2+rn2X3kYCEv8qzffCMcct6aL2fi8wvGNqbDxiHw
n0vpEH1SOYRUSbv6a5iYSvH3taeIFwgMi6Gm1evRsFmmrjGzaPYNU4uXpKpZKRdN
ZUrnoFWSd2YHWCo5Gzw0wndQJfzXLK5q99gPwv1WYoDp3Vsv6WgaMWcZOtAMpHS5
-----END CERTIFICATE-----