Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/281dfb-3293-4bab-ba22-1becb5dcd7aa/1/qaZCGy8ImKVej6couAVTC--aSzI.roa
File:                     qaZCGy8ImKVej6couAVTC--aSzI.roa (raw, json)
Hash identifier:          dKUZq0YlDWheyPATDjfQQ4lypZzKgD8qgqRTkln0uKk=
Subject key identifier:   A9:A6:42:1B:2F:08:98:A5:5E:8F:A7:28:B8:05:53:0B:EF:9A:4B:32
Certificate issuer:       /CN=230d311fc19463fdd30adecc917b5f0298741b44
Certificate serial:       019422FBF17D7B297DBF2CCDA3C783DDC542
Authority key identifier: 23:0D:31:1F:C1:94:63:FD:D3:0A:DE:CC:91:7B:5F:02:98:74:1B:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iw0xH8GUY_3TCt7MkXtfAph0G0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/281dfb-3293-4bab-ba22-1becb5dcd7aa/1/qaZCGy8ImKVej6couAVTC--aSzI.roa
Signing time:             Wed 01 Jan 2025 17:48:44 +0000
ROA not before:           Wed 01 Jan 2025 17:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49121
IP address blocks:        185.65.69.0/24 maxlen: 24
                          2a0d:3180:7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/281dfb-3293-4bab-ba22-1becb5dcd7aa/1/Iw0xH8GUY_3TCt7MkXtfAph0G0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/281dfb-3293-4bab-ba22-1becb5dcd7aa/1/Iw0xH8GUY_3TCt7MkXtfAph0G0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iw0xH8GUY_3TCt7MkXtfAph0G0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:f1:7d:7b:29:7d:bf:2c:cd:a3:c7:83:dd:c5:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=230d311fc19463fdd30adecc917b5f0298741b44
        Validity
            Not Before: Jan  1 17:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9a6421b2f0898a55e8fa728b805530bef9a4b32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:40:c9:09:0c:85:5b:4e:b5:f2:52:3e:3b:38:
                    dd:16:4e:83:e6:e3:87:28:67:c6:8d:c0:08:a3:3a:
                    17:2e:30:a8:ff:cd:9e:9b:3e:1d:b5:f7:ab:e5:89:
                    34:c9:a6:da:16:6a:6f:c1:e1:81:ad:57:00:72:05:
                    10:55:a1:62:d5:19:e9:94:c8:8a:e5:6f:f6:c9:36:
                    32:2e:c4:3a:41:58:58:3e:18:0c:ee:f1:52:96:9a:
                    a0:3c:3a:83:dd:34:80:12:ec:92:3d:59:7f:01:55:
                    f5:8b:d6:f8:43:1d:e3:d4:00:34:d5:9a:dd:be:dc:
                    3a:b8:eb:3b:55:12:f7:26:7b:87:9c:39:f6:ce:19:
                    2a:9c:c7:6f:99:46:bf:55:1b:cb:d0:16:14:9c:17:
                    9b:f1:8b:32:7e:f2:51:cd:e3:e5:09:4a:04:c3:c9:
                    c4:3a:88:c3:ef:9a:72:82:a3:43:6a:c2:e9:85:71:
                    24:77:ff:79:88:36:28:ec:3d:bd:7e:43:90:cb:c1:
                    74:dd:f9:a1:f5:d5:d1:fc:53:ce:53:71:cd:6a:2d:
                    1f:3a:e3:4f:a1:96:41:10:68:3a:36:d2:96:96:c4:
                    da:f8:2c:78:b1:17:8e:a8:58:d2:31:37:a6:b0:20:
                    d6:e2:20:f5:3e:6d:f3:d3:f1:c4:13:a3:3b:75:0d:
                    3f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:A6:42:1B:2F:08:98:A5:5E:8F:A7:28:B8:05:53:0B:EF:9A:4B:32
            X509v3 Authority Key Identifier:
                keyid:23:0D:31:1F:C1:94:63:FD:D3:0A:DE:CC:91:7B:5F:02:98:74:1B:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iw0xH8GUY_3TCt7MkXtfAph0G0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/281dfb-3293-4bab-ba22-1becb5dcd7aa/1/qaZCGy8ImKVej6couAVTC--aSzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/281dfb-3293-4bab-ba22-1becb5dcd7aa/1/Iw0xH8GUY_3TCt7MkXtfAph0G0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.69.0/24
                IPv6:
                  2a0d:3180:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:05:a0:fa:43:5d:4f:55:06:49:63:e1:84:e3:b4:e8:d5:2e:
         27:a6:37:cb:eb:34:69:78:aa:51:09:78:75:7f:ad:ce:54:6f:
         4d:93:90:f2:29:76:23:49:cf:6b:44:b4:44:24:92:61:b1:fd:
         92:31:72:05:b5:cb:ed:ed:65:e1:04:b2:a2:48:ed:b8:5c:9b:
         0f:48:e0:2c:de:1d:6d:fa:91:31:82:29:e4:02:7e:46:98:82:
         ad:c1:e1:2e:61:e9:e2:36:1a:b3:b0:72:13:70:3e:a0:a4:e5:
         8c:80:9d:3e:df:e9:a4:32:ab:94:65:eb:72:fe:18:f2:24:38:
         49:08:7a:51:e7:bc:1d:13:c6:b6:30:d8:38:41:07:af:9c:8b:
         e7:25:70:5a:23:b2:b6:23:29:d8:e4:f8:5a:da:34:3b:34:40:
         d8:71:49:05:10:67:7f:4f:07:60:cd:19:78:e6:25:a2:61:38:
         46:02:a8:9e:93:07:52:18:a7:88:23:80:63:79:65:32:52:df:
         13:36:ab:f6:a5:6b:00:2c:8c:55:b1:8f:82:30:7f:55:12:f4:
         9e:fc:fc:ff:38:ab:4d:d7:a9:56:cd:0e:b2:71:e0:72:c9:86:
         bd:21:da:34:f3:51:58:c6:bc:92:26:ce:67:a9:4a:d7:26:76:
         f4:87:9f:11
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQi+/F9eyl9vyzNo8eD3cVCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMGQzMTFmYzE5NDYzZmRkMzBhZGVjYzkxN2I1ZjAyOTg3
NDFiNDQwHhcNMjUwMTAxMTc0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWE2NDIxYjJmMDg5OGE1NWU4ZmE3MjhiODA1NTMwYmVmOWE0YjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEDJCQyFW0618lI+OzjdFk6D5uOH
KGfGjcAIozoXLjCo/82emz4dtfer5Yk0yabaFmpvweGBrVcAcgUQVaFi1RnplMiK
5W/2yTYyLsQ6QVhYPhgM7vFSlpqgPDqD3TSAEuySPVl/AVX1i9b4Qx3j1AA01Zrd
vtw6uOs7VRL3JnuHnDn2zhkqnMdvmUa/VRvL0BYUnBeb8YsyfvJRzePlCUoEw8nE
OojD75pygqNDasLphXEkd/95iDYo7D29fkOQy8F03fmh9dXR/FPOU3HNai0fOuNP
oZZBEGg6NtKWlsTa+Cx4sReOqFjSMTemsCDW4iD1Pm3z0/HEE6M7dQ0/xwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKmmQhsvCJilXo+nKLgFUwvvmksyMB8GA1UdIwQY
MBaAFCMNMR/BlGP90wrezJF7XwKYdBtEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXcweEg4R1VZXzNUQ3Q3TWtYdGZBcGgwRzBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8yODFkZmItMzI5My00YmFiLWJhMjIt
MWJlY2I1ZGNkN2FhLzEvcWFaQ0d5OEltS1ZlajZjb3VBVlRDLS1hU3pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8yODFkZmItMzI5My00YmFiLWJhMjItMWJlY2I1ZGNkN2Fh
LzEvSXcweEg4R1VZXzNUQ3Q3TWtYdGZBcGgwRzBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuUFFMA8E
AgACMAkDBwAqDTGAAAcwDQYJKoZIhvcNAQELBQADggEBAAAFoPpDXU9VBklj4YTj
tOjVLiemN8vrNGl4qlEJeHV/rc5Ub02TkPIpdiNJz2tEtEQkkmGx/ZIxcgW1y+3t
ZeEEsqJI7bhcmw9I4CzeHW36kTGCKeQCfkaYgq3B4S5h6eI2GrOwchNwPqCk5YyA
nT7f6aQyq5Rl63L+GPIkOEkIelHnvB0TxrYw2DhBB6+ci+clcFojsrYjKdjk+Fra
NDs0QNhxSQUQZ39PB2DNGXjmJaJhOEYCqJ6TB1IYp4gjgGN5ZTJS3xM2q/alawAs
jFWxj4Iwf1US9J78/P84q03XqVbNDrJx4HLJhr0h2jTzUVjGvJImzmepStcmdvSH
nxE=
-----END CERTIFICATE-----