Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/2c9883-f108-4fed-b416-a6f534c307f1/1/Q6UDfcr6-wjzrSR02hz91bMMgCQ.roa
File:                     Q6UDfcr6-wjzrSR02hz91bMMgCQ.roa (raw, json)
Hash identifier:          Ri+ho1nwscaoaR+lGA/lmNvU5bMAzGg4wnbtbjS6IAo=
Subject key identifier:   43:A5:03:7D:CA:FA:FB:08:F3:AD:24:74:DA:1C:FD:D5:B3:0C:80:24
Certificate issuer:       /CN=de8e60bb111087d0803fc3fcc4af327aa85c0b81
Certificate serial:       0194266BAFBFF43199EE9FB519D6EDAF54F9
Authority key identifier: DE:8E:60:BB:11:10:87:D0:80:3F:C3:FC:C4:AF:32:7A:A8:5C:0B:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3o5guxEQh9CAP8P8xK8yeqhcC4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/2c9883-f108-4fed-b416-a6f534c307f1/1/Q6UDfcr6-wjzrSR02hz91bMMgCQ.roa
Signing time:             Thu 02 Jan 2025 09:49:39 +0000
ROA not before:           Thu 02 Jan 2025 09:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197075
IP address blocks:        185.49.56.0/22 maxlen: 24
                          185.203.124.0/22 maxlen: 24
                          2a0a:e6c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/2c9883-f108-4fed-b416-a6f534c307f1/1/3o5guxEQh9CAP8P8xK8yeqhcC4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/2c9883-f108-4fed-b416-a6f534c307f1/1/3o5guxEQh9CAP8P8xK8yeqhcC4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3o5guxEQh9CAP8P8xK8yeqhcC4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 21:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:af:bf:f4:31:99:ee:9f:b5:19:d6:ed:af:54:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de8e60bb111087d0803fc3fcc4af327aa85c0b81
        Validity
            Not Before: Jan  2 09:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43a5037dcafafb08f3ad2474da1cfdd5b30c8024
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:cf:de:b1:31:75:19:43:cf:d1:2f:08:a2:2e:
                    73:cb:95:c8:de:80:25:03:fa:a9:de:0b:43:ec:0e:
                    60:9d:1b:a0:b0:8b:e1:c3:4a:5b:1a:75:44:3a:b0:
                    f9:14:5c:22:d3:a3:82:b2:4e:85:5c:b8:10:0b:f5:
                    19:bc:e0:ca:7f:c3:15:79:3e:e1:d4:d5:f1:5f:dc:
                    a6:f0:80:d1:0a:a3:1d:15:7a:cd:6a:86:de:6a:54:
                    9c:01:50:78:ea:a9:68:38:71:b6:4d:b4:89:d2:f5:
                    eb:a4:5d:e3:ce:72:ad:63:ea:01:9c:b0:3e:da:6e:
                    55:99:68:05:db:88:63:9b:07:f1:ba:65:07:40:ad:
                    40:a6:b5:a6:e5:c1:e6:00:d9:f3:9b:d5:47:79:1d:
                    7c:06:76:18:bc:70:14:31:b4:18:44:8f:83:14:f8:
                    0b:ba:52:15:3f:1a:b9:d7:ae:6b:a0:d6:9c:8c:d2:
                    9f:61:49:a5:f6:05:cd:98:c4:22:a3:5d:fa:4f:ad:
                    26:9c:f9:d3:05:1b:4d:60:d4:5d:13:d7:cd:9f:be:
                    f1:dc:ef:18:46:ea:14:b5:42:58:64:21:9f:1d:4c:
                    66:be:4e:54:a3:1f:bd:3d:b3:20:fa:19:ff:c0:cc:
                    19:84:c2:63:27:35:b5:64:d9:bf:a1:b6:dd:54:05:
                    d9:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:A5:03:7D:CA:FA:FB:08:F3:AD:24:74:DA:1C:FD:D5:B3:0C:80:24
            X509v3 Authority Key Identifier:
                keyid:DE:8E:60:BB:11:10:87:D0:80:3F:C3:FC:C4:AF:32:7A:A8:5C:0B:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3o5guxEQh9CAP8P8xK8yeqhcC4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/2c9883-f108-4fed-b416-a6f534c307f1/1/Q6UDfcr6-wjzrSR02hz91bMMgCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/2c9883-f108-4fed-b416-a6f534c307f1/1/3o5guxEQh9CAP8P8xK8yeqhcC4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.56.0/22
                  185.203.124.0/22
                IPv6:
                  2a0a:e6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1a:84:63:75:f9:95:10:41:0f:47:5e:12:1d:98:2a:29:d0:a8:
         cb:75:12:b1:bf:43:80:75:09:5f:74:d5:5b:96:d5:b7:e5:76:
         4b:27:96:2a:ba:9b:a9:73:72:f6:5e:11:4a:f8:0d:d1:b2:1a:
         15:4d:2b:f6:7e:b8:7c:57:cf:19:69:e3:19:78:30:dc:94:2e:
         d4:3b:7f:bb:05:54:fd:9f:57:32:e5:b7:dd:78:6d:1e:f5:50:
         6e:ed:22:c8:2a:b2:b1:78:d7:f3:1f:26:c2:dc:17:4c:2b:fd:
         e5:f0:25:27:7f:46:56:92:a5:33:79:29:3b:9f:73:03:41:b8:
         d0:ff:bd:14:cb:12:0a:3a:bc:f7:da:d5:49:61:bb:f8:13:a3:
         95:1c:da:20:2f:7d:74:5b:ca:1d:04:2c:2b:2a:a7:6f:87:54:
         e2:a3:f9:ee:2e:5c:f6:ae:08:07:17:a9:f6:9c:fc:f2:64:16:
         59:6d:c4:45:53:1a:2a:4f:44:c3:f3:1f:4d:a7:1a:33:65:89:
         e4:cd:7e:43:ca:15:49:6b:c5:5b:23:94:ca:8a:a4:51:83:b5:
         7b:f3:3f:bc:48:9f:57:61:e6:ad:1a:b7:35:0f:89:70:96:23:
         d9:58:4d:60:de:d8:de:17:5a:1b:34:d1:0d:b4:a4:20:46:3c:
         4c:ff:55:5f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQma6+/9DGZ7p+1Gdbtr1T5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlOGU2MGJiMTExMDg3ZDA4MDNmYzNmY2M0YWYzMjdhYTg1
YzBiODEwHhcNMjUwMTAyMDk0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2E1MDM3ZGNhZmFmYjA4ZjNhZDI0NzRkYTFjZmRkNWIzMGM4MDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8/esTF1GUPP0S8Ioi5zy5XI3oAl
A/qp3gtD7A5gnRugsIvhw0pbGnVEOrD5FFwi06OCsk6FXLgQC/UZvODKf8MVeT7h
1NXxX9ym8IDRCqMdFXrNaobealScAVB46qloOHG2TbSJ0vXrpF3jznKtY+oBnLA+
2m5VmWgF24hjmwfxumUHQK1AprWm5cHmANnzm9VHeR18BnYYvHAUMbQYRI+DFPgL
ulIVPxq5165roNacjNKfYUml9gXNmMQio136T60mnPnTBRtNYNRdE9fNn77x3O8Y
RuoUtUJYZCGfHUxmvk5Uox+9PbMg+hn/wMwZhMJjJzW1ZNm/obbdVAXZ/wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEOlA33K+vsI860kdNoc/dWzDIAkMB8GA1UdIwQY
MBaAFN6OYLsREIfQgD/D/MSvMnqoXAuBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM281Z3V4RVFoOUNBUDhQOHhLOHllcWhjQzRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8yYzk4ODMtZjEwOC00ZmVkLWI0MTYt
YTZmNTM0YzMwN2YxLzEvUTZVRGZjcjYtd2p6clNSMDJoejkxYk1NZ0NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8yYzk4ODMtZjEwOC00ZmVkLWI0MTYtYTZmNTM0YzMwN2Yx
LzEvM281Z3V4RVFoOUNBUDhQOHhLOHllcWhjQzRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuTE4AwQC
uct8MA0EAgACMAcDBQMqCubAMA0GCSqGSIb3DQEBCwUAA4IBAQAahGN1+ZUQQQ9H
XhIdmCop0KjLdRKxv0OAdQlfdNVbltW35XZLJ5Yqupupc3L2XhFK+A3RshoVTSv2
frh8V88ZaeMZeDDclC7UO3+7BVT9n1cy5bfdeG0e9VBu7SLIKrKxeNfzHybC3BdM
K/3l8CUnf0ZWkqUzeSk7n3MDQbjQ/70UyxIKOrz32tVJYbv4E6OVHNogL310W8od
BCwrKqdvh1Tio/nuLlz2rggHF6n2nPzyZBZZbcRFUxoqT0TD8x9NpxozZYnkzX5D
yhVJa8VbI5TKiqRRg7V78z+8SJ9XYeatGrc1D4lwliPZWE1g3tjeF1obNNENtKQg
RjxM/1Vf
-----END CERTIFICATE-----