Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/f498a2-d86d-4c75-bfd3-e8c559c71d66/1/qcTZ9F_MrFUBfQXGS6Pdrvtd3hM.roa
File:                     qcTZ9F_MrFUBfQXGS6Pdrvtd3hM.roa (raw, json)
Hash identifier:          6Y3o3xfek4OtHUqQEh7Mq+AHRFEDKhceMAsEbUlDjDA=
Subject key identifier:   A9:C4:D9:F4:5F:CC:AC:55:01:7D:05:C6:4B:A3:DD:AE:FB:5D:DE:13
Certificate issuer:       /CN=26bd5ffbce6bf8707fa3e5967e0d38b455d9d4e1
Certificate serial:       0194266B3E69204EFDA6D4CC561CB55A174C
Authority key identifier: 26:BD:5F:FB:CE:6B:F8:70:7F:A3:E5:96:7E:0D:38:B4:55:D9:D4:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jr1f-85r-HB_o-WWfg04tFXZ1OE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/f498a2-d86d-4c75-bfd3-e8c559c71d66/1/qcTZ9F_MrFUBfQXGS6Pdrvtd3hM.roa
Signing time:             Thu 02 Jan 2025 09:49:09 +0000
ROA not before:           Thu 02 Jan 2025 09:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3302
IP address blocks:        185.169.176.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/f498a2-d86d-4c75-bfd3-e8c559c71d66/1/Jr1f-85r-HB_o-WWfg04tFXZ1OE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/f498a2-d86d-4c75-bfd3-e8c559c71d66/1/Jr1f-85r-HB_o-WWfg04tFXZ1OE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jr1f-85r-HB_o-WWfg04tFXZ1OE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 18:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:3e:69:20:4e:fd:a6:d4:cc:56:1c:b5:5a:17:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26bd5ffbce6bf8707fa3e5967e0d38b455d9d4e1
        Validity
            Not Before: Jan  2 09:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9c4d9f45fccac55017d05c64ba3ddaefb5dde13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:7e:50:de:7c:d1:fb:1d:9c:97:31:56:c9:f4:
                    57:58:6f:4f:93:54:fa:a9:74:6d:65:b8:84:63:68:
                    7c:c9:09:ac:17:dc:58:7b:e9:80:f3:2b:8b:16:a0:
                    01:94:ea:23:ff:88:a8:91:99:4c:53:83:f0:50:f4:
                    76:49:33:f5:ef:e9:75:6e:22:ee:4a:aa:09:55:10:
                    d6:e5:02:94:66:80:cc:fe:09:1d:10:29:c0:40:bc:
                    dd:c7:13:7d:a5:ad:72:ea:9d:99:44:d0:0e:e6:c5:
                    42:e9:70:4a:1f:67:a5:a5:73:b9:db:dd:c0:9d:7f:
                    67:b0:e5:db:58:18:cd:c3:55:9b:7a:00:3b:4b:b3:
                    14:d0:1c:61:61:38:8a:97:fb:d1:e2:19:64:93:15:
                    1d:ef:9a:af:0d:c2:38:de:70:fd:24:ed:ef:4f:0d:
                    2d:27:05:47:bd:52:ef:66:8a:94:11:b6:3a:c9:42:
                    77:8e:5b:f3:ce:eb:20:90:51:bc:9f:df:0a:39:a2:
                    51:f8:ee:3e:fc:c7:0e:ff:29:9a:51:cb:b7:2f:34:
                    f2:8e:85:f6:c2:e8:b6:d6:34:53:ed:09:b3:40:c8:
                    d3:55:6d:8c:05:d8:f1:8b:62:7a:6d:2c:de:9d:0b:
                    9d:fd:04:97:ac:64:fb:ec:b6:61:5b:d9:86:7f:21:
                    04:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:C4:D9:F4:5F:CC:AC:55:01:7D:05:C6:4B:A3:DD:AE:FB:5D:DE:13
            X509v3 Authority Key Identifier:
                keyid:26:BD:5F:FB:CE:6B:F8:70:7F:A3:E5:96:7E:0D:38:B4:55:D9:D4:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jr1f-85r-HB_o-WWfg04tFXZ1OE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/f498a2-d86d-4c75-bfd3-e8c559c71d66/1/qcTZ9F_MrFUBfQXGS6Pdrvtd3hM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/f498a2-d86d-4c75-bfd3-e8c559c71d66/1/Jr1f-85r-HB_o-WWfg04tFXZ1OE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:01:be:c7:89:ba:b3:7d:45:98:1b:1d:3e:f4:ed:ce:98:db:
         61:25:74:8c:58:e1:5b:11:3d:60:5c:8d:96:5f:e9:2d:bf:b4:
         40:85:c4:84:6f:93:e2:b4:99:b6:3c:f3:4e:c4:f0:12:d0:15:
         f7:b1:b1:9b:cf:7d:d5:3a:2c:f7:a4:ae:e2:9f:2c:ab:64:c8:
         3f:2a:78:76:a2:65:ec:6f:ba:a2:33:07:a6:b6:45:49:6e:86:
         82:34:71:06:13:1d:d8:4f:1c:f6:f7:a0:64:3a:9e:75:92:17:
         86:a9:ed:72:43:2d:b5:15:57:74:6a:3a:73:6f:7d:0a:07:96:
         8b:f8:3e:0f:90:3e:5b:85:08:f2:01:ed:ad:91:14:16:c4:24:
         ba:82:de:61:5f:ba:07:0b:c2:0c:59:2a:1a:75:22:e9:b7:5d:
         2c:d5:f0:13:a0:18:ba:24:cb:59:09:94:bf:20:eb:f5:57:d5:
         90:c7:ba:fc:5f:08:f0:67:2d:10:ad:eb:76:70:66:32:cd:60:
         68:20:76:47:ec:a8:88:3c:22:1e:c3:7f:cf:30:e2:49:ef:eb:
         ab:24:39:4e:88:21:81:e5:37:e2:97:82:80:e1:d2:e5:66:c3:
         00:3e:13:5e:c9:fd:61:93:9a:41:03:8f:c5:86:ab:b8:48:7e:
         c3:3b:c6:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmaz5pIE79ptTMVhy1WhdMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YmQ1ZmZiY2U2YmY4NzA3ZmEzZTU5NjdlMGQzOGI0NTVk
OWQ0ZTEwHhcNMjUwMTAyMDk0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWM0ZDlmNDVmY2NhYzU1MDE3ZDA1YzY0YmEzZGRhZWZiNWRkZTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArn5Q3nzR+x2clzFWyfRXWG9Pk1T6
qXRtZbiEY2h8yQmsF9xYe+mA8yuLFqABlOoj/4iokZlMU4PwUPR2STP17+l1biLu
SqoJVRDW5QKUZoDM/gkdECnAQLzdxxN9pa1y6p2ZRNAO5sVC6XBKH2elpXO5293A
nX9nsOXbWBjNw1WbegA7S7MU0BxhYTiKl/vR4hlkkxUd75qvDcI43nD9JO3vTw0t
JwVHvVLvZoqUEbY6yUJ3jlvzzusgkFG8n98KOaJR+O4+/McO/ymaUcu3LzTyjoX2
wui21jRT7QmzQMjTVW2MBdjxi2J6bSzenQud/QSXrGT77LZhW9mGfyEEEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKnE2fRfzKxVAX0Fxkuj3a77Xd4TMB8GA1UdIwQY
MBaAFCa9X/vOa/hwf6Plln4NOLRV2dThMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnIxZi04NXItSEJfby1XV2ZnMDR0RlhaMU9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9mNDk4YTItZDg2ZC00Yzc1LWJmZDMt
ZThjNTU5YzcxZDY2LzEvcWNUWjlGX01yRlVCZlFYR1M2UGRydnRkM2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9mNDk4YTItZDg2ZC00Yzc1LWJmZDMtZThjNTU5YzcxZDY2
LzEvSnIxZi04NXItSEJfby1XV2ZnMDR0RlhaMU9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuamwMA0G
CSqGSIb3DQEBCwUAA4IBAQCMAb7HibqzfUWYGx0+9O3OmNthJXSMWOFbET1gXI2W
X+ktv7RAhcSEb5PitJm2PPNOxPAS0BX3sbGbz33VOiz3pK7inyyrZMg/Knh2omXs
b7qiMwemtkVJboaCNHEGEx3YTxz296BkOp51kheGqe1yQy21FVd0ajpzb30KB5aL
+D4PkD5bhQjyAe2tkRQWxCS6gt5hX7oHC8IMWSoadSLpt10s1fAToBi6JMtZCZS/
IOv1V9WQx7r8XwjwZy0Qret2cGYyzWBoIHZH7KiIPCIew3/PMOJJ7+urJDlOiCGB
5Tfil4KA4dLlZsMAPhNeyf1hk5pBA4/Fhqu4SH7DO8av
-----END CERTIFICATE-----