Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/qttpBVUzvg-H-ScovtnzHfhab98.roa
File:                     qttpBVUzvg-H-ScovtnzHfhab98.roa (raw, json)
Hash identifier:          Z/Qik4bEzsKJTfqfp1D8dTDPNezW76BTvrr8ud6rEd8=
Subject key identifier:   AA:DB:69:05:55:33:BE:0F:87:F9:27:28:BE:D9:F3:1D:F8:5A:6F:DF
Certificate issuer:       /CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
Certificate serial:       019519B93441380184BBC264C6A15C1CD44E
Authority key identifier: B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/qttpBVUzvg-H-ScovtnzHfhab98.roa
Signing time:             Tue 18 Feb 2025 15:42:02 +0000
ROA not before:           Tue 18 Feb 2025 15:42:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     153589
IP address blocks:        153.112.128.0/24 maxlen: 24
                          192.131.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:19:b9:34:41:38:01:84:bb:c2:64:c6:a1:5c:1c:d4:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
        Validity
            Not Before: Feb 18 15:42:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aadb69055533be0f87f92728bed9f31df85a6fdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a7:cc:33:17:a1:a1:c0:66:29:b0:36:0f:a2:
                    25:2e:4d:ea:a6:9e:89:00:fd:c8:73:e7:12:2b:11:
                    c2:53:59:ae:0f:f5:df:94:a8:ae:89:5e:d0:00:16:
                    5c:c7:c3:9d:d8:ea:1f:6e:77:4b:40:19:cf:83:16:
                    4f:90:a6:d2:e9:92:ec:fe:c3:92:ff:a1:20:48:6a:
                    3a:5b:24:6f:b5:a8:8e:11:83:63:5e:8e:ca:22:a2:
                    bb:12:da:14:16:05:c1:1c:72:1a:4e:8f:49:9f:fb:
                    ae:f1:19:c7:09:56:c1:45:19:bd:6a:be:0b:ea:8b:
                    d9:e4:97:38:1d:9d:63:56:8e:eb:df:3f:1e:5b:e7:
                    e6:03:7e:2e:50:60:d5:2d:1a:a0:f3:e7:ec:38:51:
                    aa:9b:fb:4c:04:40:4b:4c:f9:61:63:90:fe:28:61:
                    37:80:e0:0f:d9:47:7b:d9:06:58:88:d8:15:fd:cc:
                    f3:33:e1:ef:b2:f3:28:4a:76:83:9a:2b:66:00:19:
                    3e:7b:62:50:6c:57:bc:e6:bf:79:e9:26:11:59:15:
                    2b:c5:f0:49:d3:a8:93:f8:5a:44:f2:69:f2:2d:1c:
                    9d:19:43:bc:8b:b7:df:9b:d1:6c:0b:c8:7c:22:03:
                    f2:8b:60:70:dd:db:bb:7b:df:9e:11:2a:e4:3a:ea:
                    3c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:DB:69:05:55:33:BE:0F:87:F9:27:28:BE:D9:F3:1D:F8:5A:6F:DF
            X509v3 Authority Key Identifier:
                keyid:B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/qttpBVUzvg-H-ScovtnzHfhab98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.112.128.0/24
                  192.131.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:ee:df:73:70:09:ec:b0:3d:34:db:71:c4:06:9d:b0:d0:d0:
         cd:61:15:55:23:54:ac:54:f9:42:17:fe:1c:f2:a4:ec:69:27:
         31:b2:2e:a9:21:e5:fe:1d:4c:a8:d2:55:a5:44:de:7b:38:d0:
         f6:6c:33:15:1e:a5:46:c3:42:be:17:7b:2b:ee:74:c5:40:af:
         88:a4:fb:56:07:22:a9:49:64:dc:59:ee:e9:8e:de:08:07:72:
         6d:48:d2:bc:70:70:5b:4f:fe:3b:45:74:38:4b:06:c5:44:8b:
         f9:90:93:b5:6c:29:39:ed:63:26:ec:4a:df:ad:89:62:f0:9d:
         50:d4:9d:f5:38:d9:31:33:73:de:44:19:57:18:6b:8a:0d:e6:
         20:4f:2d:fe:71:84:62:f9:1e:bd:1d:68:a0:75:b6:17:40:a8:
         c9:34:e8:24:10:33:72:1e:f4:eb:78:89:dc:35:4e:31:ef:cf:
         cf:75:3d:30:8e:12:07:27:2b:4f:66:08:a4:e0:c3:66:53:25:
         d9:54:cb:12:20:3f:91:c1:dd:5d:ab:ae:26:01:98:57:a2:60:
         4f:97:e2:51:c0:20:9b:3a:01:9b:28:37:18:1f:7e:58:5a:4c:
         25:82:fa:a5:f5:49:72:80:37:df:41:ec:90:1f:6e:82:9c:2b:
         ce:3c:99:61
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZUZuTRBOAGEu8JkxqFcHNROMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ODUyZmZiYTdkNTdjNWE4YWZiYjZlYTViZWFmN2RmZWMw
YzE0NWEwHhcNMjUwMjE4MTU0MjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWRiNjkwNTU1MzNiZTBmODdmOTI3MjhiZWQ5ZjMxZGY4NWE2ZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxafMMxehocBmKbA2D6IlLk3qpp6J
AP3Ic+cSKxHCU1muD/XflKiuiV7QABZcx8Od2OofbndLQBnPgxZPkKbS6ZLs/sOS
/6EgSGo6WyRvtaiOEYNjXo7KIqK7EtoUFgXBHHIaTo9Jn/uu8RnHCVbBRRm9ar4L
6ovZ5Jc4HZ1jVo7r3z8eW+fmA34uUGDVLRqg8+fsOFGqm/tMBEBLTPlhY5D+KGE3
gOAP2Ud72QZYiNgV/czzM+HvsvMoSnaDmitmABk+e2JQbFe85r956SYRWRUrxfBJ
06iT+FpE8mnyLRydGUO8i7ffm9FsC8h8IgPyi2Bw3du7e9+eESrkOuo8KwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKrbaQVVM74Ph/knKL7Z8x34Wm/fMB8GA1UdIwQY
MBaAFLSFL/un1Xxaivu26lvq99/sDBRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQt
ZjcxMDM4ZTk2N2E0LzEvcXR0cEJWVXp2Zy1ILVNjb3Z0bnpIZmhhYjk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQtZjcxMDM4ZTk2N2E0
LzEvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAmXCAAwQA
wIMZMA0GCSqGSIb3DQEBCwUAA4IBAQCN7t9zcAnssD0023HEBp2w0NDNYRVVI1Ss
VPlCF/4c8qTsaScxsi6pIeX+HUyo0lWlRN57OND2bDMVHqVGw0K+F3sr7nTFQK+I
pPtWByKpSWTcWe7pjt4IB3JtSNK8cHBbT/47RXQ4SwbFRIv5kJO1bCk57WMm7Erf
rYli8J1Q1J31ONkxM3PeRBlXGGuKDeYgTy3+cYRi+R69HWigdbYXQKjJNOgkEDNy
HvTreIncNU4x78/PdT0wjhIHJytPZgik4MNmUyXZVMsSID+Rwd1dq64mAZhXomBP
l+JRwCCbOgGbKDcYH35YWkwlgvql9UlygDffQeyQH26CnCvOPJlh
-----END CERTIFICATE-----