Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/QPCXSoVGqmo5YTCi73-CSDuyZ-M.roa
File:                     QPCXSoVGqmo5YTCi73-CSDuyZ-M.roa (raw, json)
Hash identifier:          BYlFE9CUTQ67gGcO7goW8z5RieIlu+Sp4h/7HCES0Bg=
Subject key identifier:   40:F0:97:4A:85:46:AA:6A:39:61:30:A2:EF:7F:82:48:3B:B2:67:E3
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       019426D95328128206A40004305CDABB8E4C
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/QPCXSoVGqmo5YTCi73-CSDuyZ-M.roa
Signing time:             Thu 02 Jan 2025 11:49:24 +0000
ROA not before:           Thu 02 Jan 2025 11:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209667
IP address blocks:        89.223.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:53:28:12:82:06:a4:00:04:30:5c:da:bb:8e:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 11:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40f0974a8546aa6a396130a2ef7f82483bb267e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d5:e3:63:d0:39:aa:b3:fb:ee:40:37:6c:37:
                    c6:48:59:d2:dc:bb:cf:44:65:22:38:58:53:cc:8d:
                    c9:93:b8:34:0a:d5:33:2a:9b:2b:55:e4:78:20:b3:
                    8f:da:31:df:49:b3:14:83:df:63:fb:ee:be:0a:ca:
                    54:47:54:19:06:94:44:2f:79:b8:81:99:5b:be:3b:
                    18:b3:25:fa:93:41:20:17:7e:05:3c:20:88:fa:d7:
                    d8:00:fc:d6:ef:c2:63:b5:2b:a9:06:64:bb:18:54:
                    5d:18:9b:36:3d:48:88:ef:ec:68:ab:9b:dc:1c:20:
                    ab:a2:cf:2e:ea:fd:04:55:56:f6:e9:6c:e0:17:30:
                    a9:f7:fc:02:f4:4d:15:20:a6:7f:b7:f8:0e:b3:37:
                    4d:76:77:b0:37:2b:74:36:25:5c:6d:15:43:25:3a:
                    95:3f:a3:c9:e7:7c:19:30:c5:97:d6:02:7d:9c:89:
                    a3:83:dd:ed:c7:7f:20:4b:ba:0c:4f:45:99:46:17:
                    04:f5:e0:48:d7:27:0d:e0:bd:23:b3:d0:6f:5d:46:
                    cd:89:84:cd:4b:97:7b:d4:fb:59:aa:67:b6:95:dc:
                    77:26:7b:f3:b4:22:a6:61:a9:42:52:ce:1d:fd:d9:
                    85:39:9d:03:b0:fe:d3:1d:d4:bf:47:5b:07:c7:e3:
                    dd:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:F0:97:4A:85:46:AA:6A:39:61:30:A2:EF:7F:82:48:3B:B2:67:E3
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/QPCXSoVGqmo5YTCi73-CSDuyZ-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.223.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:da:8b:90:24:c8:30:0f:f1:5f:72:18:89:60:c8:6c:0b:72:
         20:60:e0:78:c7:1e:4b:93:bd:d7:79:8b:e9:42:f7:58:11:24:
         93:fd:ee:d8:e0:43:e6:dd:ff:b2:b7:fc:8e:67:98:ff:2d:a2:
         a0:96:5e:e6:45:c3:4a:75:95:de:6a:a8:39:f9:20:87:e8:f1:
         1f:32:d9:e9:01:47:2a:ca:83:7d:8a:db:e8:d7:2a:36:15:73:
         5a:ba:06:6d:6c:8f:60:ad:0f:93:79:5e:2a:3b:b5:4c:f4:9b:
         b5:bf:6a:c5:4d:1c:9e:36:bc:1f:3b:46:95:5a:95:db:47:bb:
         65:7a:4e:68:2e:c5:19:53:34:05:26:c4:c8:0d:f0:3e:0f:aa:
         66:9d:01:79:b0:b0:28:b3:10:31:c1:9f:bd:fc:94:eb:29:04:
         6b:ac:33:73:12:df:5f:17:85:e7:ce:48:b8:07:6e:8d:82:4e:
         e0:17:11:26:43:07:46:37:fa:f0:0d:5a:7f:18:b3:a8:ff:79:
         22:37:7f:25:fb:0a:42:4b:bb:bb:d7:42:4e:f0:f6:e9:e4:8f:
         ca:7c:52:59:61:81:c3:a6:1e:cd:d7:7b:84:d4:54:4f:28:de:
         ed:0c:0c:ed:56:52:b6:95:78:69:d6:f2:66:f5:5e:d0:28:8f:
         55:47:09:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2VMoEoIGpAAEMFzau45MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjUwMTAyMTE0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGYwOTc0YTg1NDZhYTZhMzk2MTMwYTJlZjdmODI0ODNiYjI2N2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydXjY9A5qrP77kA3bDfGSFnS3LvP
RGUiOFhTzI3Jk7g0CtUzKpsrVeR4ILOP2jHfSbMUg99j++6+CspUR1QZBpREL3m4
gZlbvjsYsyX6k0EgF34FPCCI+tfYAPzW78JjtSupBmS7GFRdGJs2PUiI7+xoq5vc
HCCros8u6v0EVVb26WzgFzCp9/wC9E0VIKZ/t/gOszdNdnewNyt0NiVcbRVDJTqV
P6PJ53wZMMWX1gJ9nImjg93tx38gS7oMT0WZRhcE9eBI1ycN4L0js9BvXUbNiYTN
S5d71PtZqme2ldx3JnvztCKmYalCUs4d/dmFOZ0DsP7THdS/R1sHx+PdWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDwl0qFRqpqOWEwou9/gkg7smfjMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvUVBDWFNvVkdxbW81WVRDaTczLUNTRHV5Wi1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWd9gMA0G
CSqGSIb3DQEBCwUAA4IBAQBz2ouQJMgwD/FfchiJYMhsC3IgYOB4xx5Lk73XeYvp
QvdYESST/e7Y4EPm3f+yt/yOZ5j/LaKgll7mRcNKdZXeaqg5+SCH6PEfMtnpAUcq
yoN9itvo1yo2FXNaugZtbI9grQ+TeV4qO7VM9Ju1v2rFTRyeNrwfO0aVWpXbR7tl
ek5oLsUZUzQFJsTIDfA+D6pmnQF5sLAosxAxwZ+9/JTrKQRrrDNzEt9fF4Xnzki4
B26Ngk7gFxEmQwdGN/rwDVp/GLOo/3kiN38l+wpCS7u710JO8Pbp5I/KfFJZYYHD
ph7N13uE1FRPKN7tDAztVlK2lXhp1vJm9V7QKI9VRwmp
-----END CERTIFICATE-----