Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/QQRJC_YG8r-4Cm4-FiDTcyGseMs.roa
File:                     QQRJC_YG8r-4Cm4-FiDTcyGseMs.roa (raw, json)
Hash identifier:          v9L1LzSv9+QS9AJyAVCgrR0utN6Qk2ha4KHx/OIWRBY=
Subject key identifier:   41:04:49:0B:F6:06:F2:BF:B8:0A:6E:3E:16:20:D3:73:21:AC:78:CB
Certificate issuer:       /CN=0c90c356e2864f43894857443555d8b5c0352819
Certificate serial:       0194228DE0FCB9931935895D36AA247BC4AA
Authority key identifier: 0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/QQRJC_YG8r-4Cm4-FiDTcyGseMs.roa
Signing time:             Wed 01 Jan 2025 15:48:31 +0000
ROA not before:           Wed 01 Jan 2025 15:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199698
IP address blocks:        82.199.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:e0:fc:b9:93:19:35:89:5d:36:aa:24:7b:c4:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c90c356e2864f43894857443555d8b5c0352819
        Validity
            Not Before: Jan  1 15:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4104490bf606f2bfb80a6e3e1620d37321ac78cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:de:54:d2:4e:24:23:ef:33:69:55:fb:ad:7a:
                    d3:d7:a2:f2:89:d6:be:98:08:7b:13:c9:f0:dd:e9:
                    19:a2:b5:00:ae:a0:42:6a:95:47:52:c2:46:3a:70:
                    bd:1a:9f:54:fd:05:c0:0a:a6:4b:38:2e:f6:31:09:
                    2e:aa:e5:35:4f:1a:b9:f7:ee:b4:2e:0d:85:e1:b9:
                    ba:44:e6:24:b6:6c:8a:a7:a3:07:0a:2f:3b:4e:68:
                    27:57:40:e5:2c:70:90:7a:12:9f:d1:a9:ca:b2:99:
                    4c:f6:ef:7e:65:b5:c3:b7:3c:d7:f1:d9:70:b8:44:
                    25:62:d6:5b:0f:e6:fb:e4:e0:81:86:58:72:b5:88:
                    a1:fa:3c:5d:16:8e:c6:d6:68:1f:7d:82:b8:3d:08:
                    cb:22:92:78:36:c1:80:8a:14:1a:66:15:6c:7a:77:
                    05:ce:fd:bb:1f:05:f2:d6:93:e5:ff:2e:70:7d:1f:
                    20:8a:e6:83:ce:89:e6:24:a3:1d:3d:10:79:7c:9a:
                    14:cd:d4:10:26:7e:a1:03:55:36:3f:46:fc:5d:4c:
                    7b:5e:4c:b3:67:03:fb:7c:74:ad:08:2d:4b:d1:a4:
                    26:44:07:d5:df:f8:29:28:91:7d:55:cc:1d:c0:9f:
                    8c:42:86:81:5b:b0:98:cf:e4:d8:02:68:e9:da:55:
                    fb:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:04:49:0B:F6:06:F2:BF:B8:0A:6E:3E:16:20:D3:73:21:AC:78:CB
            X509v3 Authority Key Identifier:
                keyid:0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/QQRJC_YG8r-4Cm4-FiDTcyGseMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.199.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:c3:84:63:1c:1f:99:a5:f1:aa:c6:0f:0c:33:5b:21:fd:56:
         d4:03:13:5f:1a:22:56:d2:7c:25:f6:b7:73:1e:e2:aa:91:71:
         c6:a5:72:d6:9d:24:cd:95:8c:e8:79:5b:89:30:e5:3a:62:12:
         ec:2c:a6:b8:d5:42:c9:91:06:9e:cb:a9:e7:db:7e:df:f9:aa:
         4c:70:81:87:77:61:b1:92:e8:22:55:8b:4a:ad:34:b4:8e:5c:
         c5:c5:eb:22:44:5b:a8:52:44:52:fd:4e:21:e0:af:fc:4f:01:
         06:f2:84:da:35:3a:e0:7a:10:85:b2:e6:5b:18:c8:f6:cc:67:
         f1:30:54:5d:02:d6:82:fc:2e:21:56:4d:8b:2a:dd:ff:91:46:
         a2:47:a3:48:6a:b6:d9:97:98:c2:79:f7:bd:70:bf:b3:30:09:
         35:5c:10:8b:1b:87:6a:e4:c0:e4:3c:ee:7c:35:29:62:96:71:
         f3:7d:0c:82:98:21:7d:0d:75:e8:ce:fb:ad:ff:4a:38:fc:5e:
         b7:4f:3d:b9:0c:6d:0e:8a:9c:7e:ca:cf:02:12:15:0e:73:85:
         76:fc:43:a2:08:9b:3c:85:23:b6:c7:49:45:eb:a6:af:2a:a3:
         08:b9:fa:9f:63:25:89:2c:e2:ae:a0:bd:df:4b:e7:22:31:0d:
         ae:5f:b8:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijeD8uZMZNYldNqoke8SqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOTBjMzU2ZTI4NjRmNDM4OTQ4NTc0NDM1NTVkOGI1YzAz
NTI4MTkwHhcNMjUwMTAxMTU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTA0NDkwYmY2MDZmMmJmYjgwYTZlM2UxNjIwZDM3MzIxYWM3OGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA295U0k4kI+8zaVX7rXrT16Lyida+
mAh7E8nw3ekZorUArqBCapVHUsJGOnC9Gp9U/QXACqZLOC72MQkuquU1Txq59+60
Lg2F4bm6ROYktmyKp6MHCi87TmgnV0DlLHCQehKf0anKsplM9u9+ZbXDtzzX8dlw
uEQlYtZbD+b75OCBhlhytYih+jxdFo7G1mgffYK4PQjLIpJ4NsGAihQaZhVsencF
zv27HwXy1pPl/y5wfR8giuaDzonmJKMdPRB5fJoUzdQQJn6hA1U2P0b8XUx7Xkyz
ZwP7fHStCC1L0aQmRAfV3/gpKJF9VcwdwJ+MQoaBW7CYz+TYAmjp2lX7AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEEESQv2BvK/uApuPhYg03MhrHjLMB8GA1UdIwQY
MBaAFAyQw1bihk9DiUhXRDVV2LXANSgZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDct
ZTM3OTlhZGU5ZGZlLzEvUVFSSkNfWUc4ci00Q200LUZpRFRjeUdzZU1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDctZTM3OTlhZGU5ZGZl
LzEvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUsfKMA0G
CSqGSIb3DQEBCwUAA4IBAQBlw4RjHB+ZpfGqxg8MM1sh/VbUAxNfGiJW0nwl9rdz
HuKqkXHGpXLWnSTNlYzoeVuJMOU6YhLsLKa41ULJkQaey6nn237f+apMcIGHd2Gx
kugiVYtKrTS0jlzFxesiRFuoUkRS/U4h4K/8TwEG8oTaNTrgehCFsuZbGMj2zGfx
MFRdAtaC/C4hVk2LKt3/kUaiR6NIarbZl5jCefe9cL+zMAk1XBCLG4dq5MDkPO58
NSlilnHzfQyCmCF9DXXozvut/0o4/F63Tz25DG0Oipx+ys8CEhUOc4V2/EOiCJs8
hSO2x0lF66avKqMIufqfYyWJLOKuoL3fS+ciMQ2uX7h0
-----END CERTIFICATE-----