Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/QSxkF4rOw8CaQhbY1bgweRS2k84.roa
File:                     QSxkF4rOw8CaQhbY1bgweRS2k84.roa (raw, json)
Hash identifier:          /gVGhfkCO75vlxeNpsZvkhIuMR2YzpuGJXm7VvwUGkk=
Subject key identifier:   41:2C:64:17:8A:CE:C3:C0:9A:42:16:D8:D5:B8:30:79:14:B6:93:CE
Certificate issuer:       /CN=b0b56d10ccad9d69c01856be0afaa17ec682acbf
Certificate serial:       0194258F6459926304AF0F06C2B6C9D3A196
Authority key identifier: B0:B5:6D:10:CC:AD:9D:69:C0:18:56:BE:0A:FA:A1:7E:C6:82:AC:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/QSxkF4rOw8CaQhbY1bgweRS2k84.roa
Signing time:             Thu 02 Jan 2025 05:49:01 +0000
ROA not before:           Thu 02 Jan 2025 05:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214304
IP address blocks:        2a01:f900:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:64:59:92:63:04:af:0f:06:c2:b6:c9:d3:a1:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b56d10ccad9d69c01856be0afaa17ec682acbf
        Validity
            Not Before: Jan  2 05:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=412c64178acec3c09a4216d8d5b8307914b693ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:01:fa:4c:4f:5d:60:f7:26:48:e9:e9:57:5f:
                    8f:22:b7:3f:a5:61:b3:99:a9:d8:04:01:3c:f4:79:
                    ac:8b:45:a5:8c:97:d4:31:1b:b4:c2:99:45:cc:2a:
                    55:8a:d0:ff:91:7d:08:0d:b2:65:17:c4:53:08:09:
                    6d:7e:76:03:2a:a9:98:0a:d3:8e:dc:c6:e1:cd:94:
                    23:c9:94:1c:fe:9e:6a:19:c0:7b:16:ca:0f:9c:0b:
                    51:9c:41:cd:78:b7:fa:f0:26:c3:5a:8b:62:be:7d:
                    a2:cd:ce:06:ef:d1:4b:c6:10:9b:98:d5:80:0d:ff:
                    de:b8:b1:44:d5:cc:d5:89:1b:2c:54:68:b6:ca:2e:
                    ac:fe:0d:27:ab:b8:db:c5:08:9e:89:89:23:b1:f5:
                    c1:be:46:5c:3f:a3:0d:66:70:f9:e3:27:07:48:6d:
                    5b:36:00:35:6d:4c:3d:b2:f9:d9:4b:23:fc:2c:51:
                    19:cc:fe:90:79:da:60:d1:63:c1:5b:21:ea:47:82:
                    c5:31:a8:e7:c7:b8:e0:91:af:a1:8a:47:c4:bf:27:
                    c6:c9:b4:27:74:48:87:8d:4f:64:a2:37:85:15:6d:
                    d3:73:a3:fd:37:0f:ac:03:e7:07:ac:2a:bb:36:39:
                    37:e5:61:ec:ad:ba:94:41:6c:b3:ce:ff:dd:24:4d:
                    c6:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:2C:64:17:8A:CE:C3:C0:9A:42:16:D8:D5:B8:30:79:14:B6:93:CE
            X509v3 Authority Key Identifier:
                keyid:B0:B5:6D:10:CC:AD:9D:69:C0:18:56:BE:0A:FA:A1:7E:C6:82:AC:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/QSxkF4rOw8CaQhbY1bgweRS2k84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f900:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:54:c5:d2:16:63:ea:16:b3:4d:6b:7b:b1:13:a8:54:fc:53:
         1e:33:cc:57:da:c8:4a:fa:b9:69:83:07:26:be:bf:85:50:ff:
         4c:9a:c5:bd:49:53:5d:e5:45:fd:fb:8b:6f:50:4e:a9:22:9f:
         85:d6:26:7e:6c:26:54:e6:5b:83:14:76:6e:ae:5e:79:d9:3b:
         8a:4e:89:72:ed:17:58:20:03:03:60:16:10:32:11:62:85:b1:
         c3:bd:a5:a0:47:f9:74:21:12:3f:61:0b:92:02:ee:46:ce:9c:
         c9:9b:fb:12:b6:a2:4a:c7:ac:2d:03:65:30:a2:51:50:a0:59:
         0e:55:15:ef:5a:85:d2:60:e3:0d:0d:85:6e:c7:d7:81:b7:69:
         13:c1:0f:44:ce:7b:2c:e6:16:7a:d8:ea:27:ba:2f:2e:64:d9:
         03:f8:a5:6c:53:67:1f:25:0d:21:63:71:f5:42:a3:4b:a3:7d:
         82:d0:41:0e:de:29:88:01:12:d2:b6:d2:98:4c:cf:ba:dc:b9:
         8b:8a:de:ac:44:be:5c:df:55:47:57:10:c4:90:29:ed:8a:d7:
         a8:42:4d:47:16:39:82:c8:2d:e1:4d:6b:ff:e9:18:f1:e9:43:
         47:e9:68:92:15:69:a7:a2:37:17:fb:5a:11:f0:78:dc:27:e5:
         4b:53:94:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlj2RZkmMErw8GwrbJ06GWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjU2ZDEwY2NhZDlkNjljMDE4NTZiZTBhZmFhMTdlYzY4
MmFjYmYwHhcNMjUwMTAyMDU0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTJjNjQxNzhhY2VjM2MwOWE0MjE2ZDhkNWI4MzA3OTE0YjY5M2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQH6TE9dYPcmSOnpV1+PIrc/pWGz
manYBAE89Hmsi0WljJfUMRu0wplFzCpVitD/kX0IDbJlF8RTCAltfnYDKqmYCtOO
3MbhzZQjyZQc/p5qGcB7FsoPnAtRnEHNeLf68CbDWotivn2izc4G79FLxhCbmNWA
Df/euLFE1czViRssVGi2yi6s/g0nq7jbxQieiYkjsfXBvkZcP6MNZnD54ycHSG1b
NgA1bUw9svnZSyP8LFEZzP6Qedpg0WPBWyHqR4LFMajnx7jgka+hikfEvyfGybQn
dEiHjU9kojeFFW3Tc6P9Nw+sA+cHrCq7Njk35WHsrbqUQWyzzv/dJE3GgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEEsZBeKzsPAmkIW2NW4MHkUtpPOMB8GA1UdIwQY
MBaAFLC1bRDMrZ1pwBhWvgr6oX7Ggqy/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xWdEVNeXRuV25BR0ZhLUN2cWhmc2FDckw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC82OTQwOWUtMWVjNC00ODlkLWI2MWYt
YTE5Y2M4YTc2ZDA0LzEvUVN4a0Y0ck93OENhUWhiWTFiZ3dlUlMyazg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC82OTQwOWUtMWVjNC00ODlkLWI2MWYtYTE5Y2M4YTc2ZDA0
LzEvc0xWdEVNeXRuV25BR0ZhLUN2cWhmc2FDckw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgH5AAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQAKVMXSFmPqFrNNa3uxE6hU/FMeM8xX2shK+rlp
gwcmvr+FUP9MmsW9SVNd5UX9+4tvUE6pIp+F1iZ+bCZU5luDFHZurl552TuKToly
7RdYIAMDYBYQMhFihbHDvaWgR/l0IRI/YQuSAu5GzpzJm/sStqJKx6wtA2UwolFQ
oFkOVRXvWoXSYOMNDYVux9eBt2kTwQ9Eznss5hZ62Oonui8uZNkD+KVsU2cfJQ0h
Y3H1QqNLo32C0EEO3imIARLSttKYTM+63LmLit6sRL5c31VHVxDEkCntiteoQk1H
FjmCyC3hTWv/6Rjx6UNH6WiSFWmnojcX+1oR8HjcJ+VLU5R5
-----END CERTIFICATE-----