Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/22744a-8588-4290-b23c-6c0771f25396/1/Q5qSxQZ6AuTJXsJJ-9RRWDA26wA.roa
File:                     Q5qSxQZ6AuTJXsJJ-9RRWDA26wA.roa (raw, json)
Hash identifier:          64WIeN1+JBWLPlD+mMTcZ54izCFjiXRNJWE/ls/16OM=
Subject key identifier:   43:9A:92:C5:06:7A:02:E4:C9:5E:C2:49:FB:D4:51:58:30:36:EB:00
Certificate issuer:       /CN=380f935bcd048625e70155cf2cc2829e2c2072a6
Certificate serial:       019422FC365FE6C7C4322181D509DA4D0F7D
Authority key identifier: 38:0F:93:5B:CD:04:86:25:E7:01:55:CF:2C:C2:82:9E:2C:20:72:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OA-TW80EhiXnAVXPLMKCniwgcqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/22744a-8588-4290-b23c-6c0771f25396/1/Q5qSxQZ6AuTJXsJJ-9RRWDA26wA.roa
Signing time:             Wed 01 Jan 2025 17:49:01 +0000
ROA not before:           Wed 01 Jan 2025 17:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43924
IP address blocks:        185.182.144.0/23 maxlen: 24
                          185.182.146.0/24 maxlen: 24
                          2a0a:ef80::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/22744a-8588-4290-b23c-6c0771f25396/1/OA-TW80EhiXnAVXPLMKCniwgcqY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/22744a-8588-4290-b23c-6c0771f25396/1/OA-TW80EhiXnAVXPLMKCniwgcqY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OA-TW80EhiXnAVXPLMKCniwgcqY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:36:5f:e6:c7:c4:32:21:81:d5:09:da:4d:0f:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380f935bcd048625e70155cf2cc2829e2c2072a6
        Validity
            Not Before: Jan  1 17:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=439a92c5067a02e4c95ec249fbd451583036eb00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6a:08:4c:4b:0a:d3:0f:ea:3a:cb:bc:c0:bd:
                    7b:33:9d:e7:fb:47:57:5c:9b:da:d6:83:6d:c3:e2:
                    35:95:83:93:5a:fa:c2:d9:bb:b8:fe:b5:46:fc:67:
                    bc:99:8b:3d:d8:18:6d:2c:f5:28:21:39:59:28:4c:
                    a7:9f:bf:dd:c9:2b:7c:8e:3b:2b:73:f6:14:f2:e1:
                    4a:6d:07:54:47:45:69:22:6e:a5:dc:dd:12:f6:d4:
                    38:a3:fb:12:1d:87:91:07:01:46:6c:e5:4e:b9:b9:
                    b2:4e:c9:6e:69:c3:75:fc:fd:c2:d2:14:4b:e7:6b:
                    ee:6e:72:67:5b:99:ae:ef:d4:3a:95:30:66:35:e5:
                    04:94:4c:cf:01:f9:8d:d1:e3:91:c4:18:22:a1:ed:
                    f2:ec:92:19:e1:32:fe:e7:d1:5e:31:bb:77:81:66:
                    ff:9e:6f:d5:26:5a:f9:96:43:b3:fc:7e:5d:42:b6:
                    d5:45:f8:cb:ee:a0:21:82:4e:3f:72:f5:41:e7:99:
                    dc:da:80:f5:d7:8c:0e:ee:b4:84:f0:90:5c:72:22:
                    33:a5:94:2b:09:79:78:23:80:fe:17:a5:54:37:c0:
                    ba:de:14:03:7a:f0:19:1c:f7:84:fb:91:8b:0a:c5:
                    f4:ee:c4:ec:4d:b2:07:f8:2c:84:f7:1e:8c:ce:df:
                    5a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:9A:92:C5:06:7A:02:E4:C9:5E:C2:49:FB:D4:51:58:30:36:EB:00
            X509v3 Authority Key Identifier:
                keyid:38:0F:93:5B:CD:04:86:25:E7:01:55:CF:2C:C2:82:9E:2C:20:72:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OA-TW80EhiXnAVXPLMKCniwgcqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/22744a-8588-4290-b23c-6c0771f25396/1/Q5qSxQZ6AuTJXsJJ-9RRWDA26wA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/22744a-8588-4290-b23c-6c0771f25396/1/OA-TW80EhiXnAVXPLMKCniwgcqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.144.0-185.182.146.255
                IPv6:
                  2a0a:ef80::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:76:cc:ab:bb:d6:79:74:19:68:bf:6e:59:b8:ac:05:e0:e6:
         3b:c3:1f:de:14:f2:f4:ff:d7:e4:88:3f:8b:ec:69:8b:5a:04:
         88:70:7e:34:f9:74:db:3c:a7:09:72:58:39:65:48:e2:51:bd:
         23:b6:79:3e:11:8b:a8:43:30:cc:d1:7c:8f:3f:55:e6:c9:24:
         e5:32:44:35:ea:22:53:dc:b4:c2:7b:3a:b1:c1:55:9b:b5:50:
         73:5f:e8:2f:4f:6a:d6:5c:c0:dc:bd:40:87:7c:27:1a:23:17:
         b0:d5:2c:02:c5:29:5f:4a:1b:51:16:4d:96:9c:c0:80:ce:e7:
         17:2d:33:80:87:8d:69:a6:85:e5:13:75:20:a9:47:fa:f2:ba:
         b5:9e:cd:59:77:82:d4:37:69:b0:60:ef:6d:1a:c8:1a:27:fb:
         a4:30:cc:cd:16:9d:bd:e2:91:05:27:15:f7:80:bd:fc:a7:6e:
         8f:65:1b:2d:5b:72:00:c0:bc:c1:d9:d4:54:8c:87:d9:0a:3b:
         9f:68:1e:c1:f7:ff:86:49:50:d3:c6:f5:3b:d7:0b:69:b1:ff:
         9e:e7:92:67:b9:94:a7:e4:fb:c7:b3:e4:14:cc:94:01:40:65:
         63:8b:d7:e7:b8:07:6b:b9:3c:3b:22:a5:73:1b:7c:03:e8:86:
         4a:df:89:58
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQi/DZf5sfEMiGB1QnaTQ99MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MGY5MzViY2QwNDg2MjVlNzAxNTVjZjJjYzI4MjllMmMy
MDcyYTYwHhcNMjUwMTAxMTc0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzlhOTJjNTA2N2EwMmU0Yzk1ZWMyNDlmYmQ0NTE1ODMwMzZlYjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWoITEsK0w/qOsu8wL17M53n+0dX
XJva1oNtw+I1lYOTWvrC2bu4/rVG/Ge8mYs92BhtLPUoITlZKEynn7/dySt8jjsr
c/YU8uFKbQdUR0VpIm6l3N0S9tQ4o/sSHYeRBwFGbOVOubmyTsluacN1/P3C0hRL
52vubnJnW5mu79Q6lTBmNeUElEzPAfmN0eORxBgioe3y7JIZ4TL+59FeMbt3gWb/
nm/VJlr5lkOz/H5dQrbVRfjL7qAhgk4/cvVB55nc2oD114wO7rSE8JBcciIzpZQr
CXl4I4D+F6VUN8C63hQDevAZHPeE+5GLCsX07sTsTbIH+CyE9x6Mzt9aGQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFEOaksUGegLkyV7CSfvUUVgwNusAMB8GA1UdIwQY
MBaAFDgPk1vNBIYl5wFVzyzCgp4sIHKmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0EtVFc4MEVoaVhuQVZYUExNS0NuaXdnY3FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8yMjc0NGEtODU4OC00MjkwLWIyM2Mt
NmMwNzcxZjI1Mzk2LzEvUTVxU3hRWjZBdVRKWHNKSi05UlJXREEyNndBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8yMjc0NGEtODU4OC00MjkwLWIyM2MtNmMwNzcxZjI1Mzk2
LzEvT0EtVFc4MEVoaVhuQVZYUExNS0NuaXdnY3FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAS5tpAD
BAC5tpIwDQQCAAIwBwMFAyoK74AwDQYJKoZIhvcNAQELBQADggEBADl2zKu71nl0
GWi/blm4rAXg5jvDH94U8vT/1+SIP4vsaYtaBIhwfjT5dNs8pwlyWDllSOJRvSO2
eT4Ri6hDMMzRfI8/VebJJOUyRDXqIlPctMJ7OrHBVZu1UHNf6C9PatZcwNy9QId8
JxojF7DVLALFKV9KG1EWTZacwIDO5xctM4CHjWmmheUTdSCpR/ryurWezVl3gtQ3
abBg720ayBon+6QwzM0Wnb3ikQUnFfeAvfynbo9lGy1bcgDAvMHZ1FSMh9kKO59o
HsH3/4ZJUNPG9TvXC2mx/57nkme5lKfk+8ez5BTMlAFAZWOL1+e4B2u5PDsipXMb
fAPohkrfiVg=
-----END CERTIFICATE-----