Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/QpAJ4vf1qXK5jaYvVWmL5jIF3Pw.roa
File:                     QpAJ4vf1qXK5jaYvVWmL5jIF3Pw.roa (raw, json)
Hash identifier:          cvXwgvPz8qfjcC7GpIKDqE7c3dlSczcrBaKQqZloC5A=
Subject key identifier:   42:90:09:E2:F7:F5:A9:72:B9:8D:A6:2F:55:69:8B:E6:32:05:DC:FC
Certificate issuer:       /CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
Certificate serial:       01941FFA1CECC891F48CAC1AE5074A76432E
Authority key identifier: 52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/QpAJ4vf1qXK5jaYvVWmL5jIF3Pw.roa
Signing time:             Wed 01 Jan 2025 03:47:52 +0000
ROA not before:           Wed 01 Jan 2025 03:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215540
IP address blocks:        185.143.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:1c:ec:c8:91:f4:8c:ac:1a:e5:07:4a:76:43:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
        Validity
            Not Before: Jan  1 03:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=429009e2f7f5a972b98da62f55698be63205dcfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:10:99:1d:f9:df:69:4d:48:b2:f1:74:ef:33:
                    45:71:0b:13:49:86:31:76:9a:88:f3:27:15:cf:93:
                    a3:a4:25:c7:6d:40:fc:46:2d:83:ce:18:fe:94:2d:
                    cc:1f:c6:8a:d1:ec:f4:09:41:27:79:c5:85:94:04:
                    fc:6d:63:76:73:79:16:77:c0:4c:a8:2f:68:be:30:
                    c4:44:66:6e:83:1d:94:2d:b5:d2:bc:ec:0e:1d:00:
                    ce:4e:48:a6:85:39:bd:bf:3c:2c:14:c7:de:c7:82:
                    0b:89:dc:e5:91:92:69:6f:d5:a4:c0:81:e4:27:48:
                    e4:a8:92:14:33:fb:d5:98:e5:f4:ec:d8:dc:39:3b:
                    e5:aa:ab:6d:94:42:1b:9d:12:6e:f9:0a:ea:cc:17:
                    48:97:40:53:99:a0:0e:dc:d8:93:e5:2c:98:47:c2:
                    ad:a8:23:eb:7b:51:35:d8:53:15:b6:7e:9f:f6:97:
                    94:52:0f:6c:28:29:8e:36:d3:be:42:50:c4:18:71:
                    6f:e6:92:75:62:30:68:9a:32:96:36:29:e6:5b:b9:
                    89:11:0e:4a:d6:4b:b7:1c:6b:23:08:fb:88:b6:9b:
                    62:49:1a:0c:49:8e:e9:69:15:a2:20:4c:2a:ee:67:
                    75:2f:2e:8f:95:91:e6:1b:da:9a:98:f8:7d:3a:fd:
                    ba:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:90:09:E2:F7:F5:A9:72:B9:8D:A6:2F:55:69:8B:E6:32:05:DC:FC
            X509v3 Authority Key Identifier:
                keyid:52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/QpAJ4vf1qXK5jaYvVWmL5jIF3Pw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:06:5f:c2:97:f0:16:4d:3e:ba:02:08:17:6f:f5:ee:5d:22:
         24:24:6e:b5:80:65:0f:47:99:5e:b7:da:61:97:2d:f9:2d:d8:
         4e:ac:9e:fd:e6:42:bc:3c:6f:27:60:06:9e:ec:f1:6c:4e:59:
         de:9c:44:8f:30:18:04:84:60:89:85:f4:cc:13:ab:cc:59:70:
         0b:a8:ab:f1:02:33:72:be:39:79:19:b8:02:8b:0c:fd:e6:26:
         80:61:ea:43:0b:0a:8a:51:e2:a3:0f:b7:02:8d:eb:7f:5e:a5:
         ff:df:68:b2:b7:1a:2b:78:0d:2e:c1:80:38:d8:1b:d9:20:46:
         bf:2f:36:c3:29:c0:a1:83:cb:1f:73:fc:9c:55:d0:24:0d:f3:
         f3:24:b7:c1:57:ff:fc:31:f7:80:b5:3a:23:e1:e0:2b:40:5a:
         e4:7b:ea:f0:5e:69:2c:36:ce:cd:07:e1:e7:53:f1:a0:6f:ac:
         92:da:4d:f9:81:f3:ea:b7:90:f3:0a:1f:a7:05:6f:ea:20:c3:
         85:b8:9d:da:33:b7:f2:d7:7c:17:59:d9:ef:cf:8c:70:0d:aa:
         82:db:cb:fd:5d:f6:6d:f9:18:da:58:f1:ac:72:b3:5e:53:d1:
         d7:d4:d5:51:bd:31:87:70:48:32:8c:aa:33:ec:d7:89:db:52:
         df:c0:fe:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+hzsyJH0jKwa5QdKdkMuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTE2NWRjM2FhZmJlMmM2MmUyNjVmZjEwNDMyN2EzZTY3
NWY4OWYwHhcNMjUwMTAxMDM0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjkwMDllMmY3ZjVhOTcyYjk4ZGE2MmY1NTY5OGJlNjMyMDVkY2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxCZHfnfaU1IsvF07zNFcQsTSYYx
dpqI8ycVz5OjpCXHbUD8Ri2Dzhj+lC3MH8aK0ez0CUEnecWFlAT8bWN2c3kWd8BM
qC9ovjDERGZugx2ULbXSvOwOHQDOTkimhTm9vzwsFMfex4ILidzlkZJpb9WkwIHk
J0jkqJIUM/vVmOX07NjcOTvlqqttlEIbnRJu+QrqzBdIl0BTmaAO3NiT5SyYR8Kt
qCPre1E12FMVtn6f9peUUg9sKCmONtO+QlDEGHFv5pJ1YjBomjKWNinmW7mJEQ5K
1ku3HGsjCPuItptiSRoMSY7paRWiIEwq7md1Ly6PlZHmG9qamPh9Ov26yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEKQCeL39alyuY2mL1Vpi+YyBdz8MB8GA1UdIwQY
MBaAFFKhZdw6r74sYuJl/xBDJ6PmdfifMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTIt
ZTI5OGI0MWI2YzgxLzEvUXBBSjR2ZjFxWEs1amFZdlZXbUw1aklGM1B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTItZTI5OGI0MWI2Yzgx
LzEvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY/fMA0G
CSqGSIb3DQEBCwUAA4IBAQAoBl/Cl/AWTT66AggXb/XuXSIkJG61gGUPR5let9ph
ly35LdhOrJ795kK8PG8nYAae7PFsTlnenESPMBgEhGCJhfTME6vMWXALqKvxAjNy
vjl5GbgCiwz95iaAYepDCwqKUeKjD7cCjet/XqX/32iytxoreA0uwYA42BvZIEa/
LzbDKcChg8sfc/ycVdAkDfPzJLfBV//8MfeAtToj4eArQFrke+rwXmksNs7NB+Hn
U/Ggb6yS2k35gfPqt5DzCh+nBW/qIMOFuJ3aM7fy13wXWdnvz4xwDaqC28v9XfZt
+RjaWPGscrNeU9HX1NVRvTGHcEgyjKoz7NeJ21LfwP4y
-----END CERTIFICATE-----