Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/qpIHRqhd7Nb3PZWHKXegTOoXNV4.roa
File:                     qpIHRqhd7Nb3PZWHKXegTOoXNV4.roa (raw, json)
Hash identifier:          Zo5QxFaHcYek6dzqi+zquJFUfLpMRdJYYo05MF+VngU=
Subject key identifier:   AA:92:07:46:A8:5D:EC:D6:F7:3D:95:87:29:77:A0:4C:EA:17:35:5E
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       019483A43DA4A4E21BE0FF1097E3EBD5563C
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/qpIHRqhd7Nb3PZWHKXegTOoXNV4.roa
Signing time:             Mon 20 Jan 2025 12:16:06 +0000
ROA not before:           Mon 20 Jan 2025 12:16:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        147.161.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:83:a4:3d:a4:a4:e2:1b:e0:ff:10:97:e3:eb:d5:56:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: Jan 20 12:16:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa920746a85decd6f73d95872977a04cea17355e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f9:8a:d5:1a:df:4a:98:00:34:1a:8f:30:62:
                    a6:b6:1a:85:a8:d7:1e:6a:6a:96:e8:0c:73:ef:12:
                    65:e5:8e:72:b5:11:3c:aa:bf:dd:84:fe:68:5f:81:
                    fd:a6:5c:73:51:37:46:73:2d:0b:32:ec:58:de:95:
                    95:d8:21:c5:28:6f:9f:0a:8a:6b:d4:05:14:d8:83:
                    17:9f:4c:01:a6:04:e7:db:26:da:e4:6f:36:fc:48:
                    5b:52:f2:f1:17:7d:36:ee:3a:f5:fa:cf:e3:5a:75:
                    71:9c:a0:e7:00:fa:4f:43:47:fb:13:04:e6:90:5a:
                    62:03:c4:0d:8a:bc:10:4f:7b:db:41:60:41:ac:7d:
                    25:a5:ea:55:df:05:15:04:fd:6a:7a:66:bb:3a:0e:
                    a6:33:cc:0d:be:59:a7:68:1c:75:18:89:1d:2c:d4:
                    9a:36:02:64:09:c5:ee:0b:b8:ee:bb:61:c8:74:e3:
                    e0:9b:da:d2:3d:d9:fb:ee:76:ca:b8:5d:91:ed:82:
                    24:ab:7a:98:df:d5:5c:3a:67:86:3c:6f:49:1a:0f:
                    0d:fd:0a:7d:fd:30:23:f0:f0:d2:da:0d:df:19:2b:
                    6f:50:a7:3c:55:ed:be:5a:50:53:20:c1:0c:0d:16:
                    29:4d:b2:d0:1c:fa:34:84:56:16:f3:32:5c:bf:ae:
                    72:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:92:07:46:A8:5D:EC:D6:F7:3D:95:87:29:77:A0:4C:EA:17:35:5E
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/qpIHRqhd7Nb3PZWHKXegTOoXNV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.161.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:32:ad:a3:f0:f8:19:92:09:be:b8:fe:64:11:01:bf:ac:13:
         e6:1f:b7:e7:7a:97:65:67:48:56:1d:57:9b:3c:a8:94:3f:b2:
         43:09:4d:04:50:01:a1:62:67:5b:f0:10:a3:46:56:4e:87:87:
         2a:41:0b:8c:11:86:39:7f:50:79:0d:e2:fc:52:c8:37:b7:55:
         ab:2f:25:0f:73:70:ba:13:15:47:ef:0b:fb:b1:7f:05:54:c6:
         a2:51:59:eb:86:e0:2b:be:49:6e:65:11:58:86:db:c5:94:cd:
         95:a1:80:6d:54:48:65:06:9c:49:d8:d9:ed:00:bf:22:2f:a4:
         b7:59:60:df:05:3d:78:f7:3f:ec:f9:46:c0:d6:97:05:a1:ec:
         24:c3:b9:4a:67:55:f4:fe:a7:74:e1:d8:ec:7b:43:57:69:c3:
         56:88:fc:71:b9:26:f1:aa:5f:6b:1b:fb:f1:b5:cd:fd:c7:10:
         83:08:4b:e5:d7:6e:85:82:24:0f:16:2e:fa:47:42:c5:91:46:
         bb:1b:d5:f4:dc:28:cc:b9:96:7d:54:64:33:fe:a1:34:f7:0a:
         4a:63:7d:f2:ac:00:d7:fb:21:99:9e:3a:28:f0:43:4a:01:11:
         b7:7e:5c:e5:42:64:cd:5b:7a:61:f7:b9:0e:0a:81:da:4f:d4:
         c8:84:43:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSDpD2kpOIb4P8Ql+Pr1VY8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTcyMDQ2NWM1Y2QwZGE5YzZhMTNiNDRmYTBkODZmNjQ5
ZTUwNTUwHhcNMjUwMTIwMTIxNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTkyMDc0NmE4NWRlY2Q2ZjczZDk1ODcyOTc3YTA0Y2VhMTczNTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfmK1RrfSpgANBqPMGKmthqFqNce
amqW6Axz7xJl5Y5ytRE8qr/dhP5oX4H9plxzUTdGcy0LMuxY3pWV2CHFKG+fCopr
1AUU2IMXn0wBpgTn2yba5G82/EhbUvLxF3027jr1+s/jWnVxnKDnAPpPQ0f7EwTm
kFpiA8QNirwQT3vbQWBBrH0lpepV3wUVBP1qema7Og6mM8wNvlmnaBx1GIkdLNSa
NgJkCcXuC7juu2HIdOPgm9rSPdn77nbKuF2R7YIkq3qY39VcOmeGPG9JGg8N/Qp9
/TAj8PDS2g3fGStvUKc8Ve2+WlBTIMEMDRYpTbLQHPo0hFYW8zJcv65yzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqSB0aoXezW9z2Vhyl3oEzqFzVeMB8GA1UdIwQY
MBaAFJLnIEZcXNDanGoTtE+g2G9knlBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDkt
OTA5NmUxNjc0ZTIyLzEvcXBJSFJxaGQ3TmIzUFpXSEtYZWdUT29YTlY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDktOTA5NmUxNjc0ZTIy
LzEva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk6ECMA0G
CSqGSIb3DQEBCwUAA4IBAQBQMq2j8PgZkgm+uP5kEQG/rBPmH7fnepdlZ0hWHVeb
PKiUP7JDCU0EUAGhYmdb8BCjRlZOh4cqQQuMEYY5f1B5DeL8Usg3t1WrLyUPc3C6
ExVH7wv7sX8FVMaiUVnrhuArvkluZRFYhtvFlM2VoYBtVEhlBpxJ2NntAL8iL6S3
WWDfBT149z/s+UbA1pcFoewkw7lKZ1X0/qd04djse0NXacNWiPxxuSbxql9rG/vx
tc39xxCDCEvl126FgiQPFi76R0LFkUa7G9X03CjMuZZ9VGQz/qE09wpKY33yrADX
+yGZnjoo8ENKARG3flzlQmTNW3ph97kOCoHaT9TIhEP/
-----END CERTIFICATE-----