Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QVpDsEjXaPZQ4FGjN9dHcrQXvHg.roa
File:                     QVpDsEjXaPZQ4FGjN9dHcrQXvHg.roa (raw, json)
Hash identifier:          HCD6w2XxMAQn0SFhGHQKXXLIjCxVrY39/u5TIy7CNM8=
Subject key identifier:   41:5A:43:B0:48:D7:68:F6:50:E0:51:A3:37:D7:47:72:B4:17:BC:78
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       0194221F900A51E53D4AE868B475FFD276D8
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QVpDsEjXaPZQ4FGjN9dHcrQXvHg.roa
Signing time:             Wed 01 Jan 2025 13:48:01 +0000
ROA not before:           Wed 01 Jan 2025 13:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198388
IP address blocks:        85.14.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:90:0a:51:e5:3d:4a:e8:68:b4:75:ff:d2:76:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 13:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=415a43b048d768f650e051a337d74772b417bc78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:6b:0a:a9:56:f3:c0:27:e1:6b:ab:97:ea:d8:
                    5e:c3:41:47:02:30:29:ab:b0:11:24:c1:29:76:cc:
                    43:37:cc:cf:be:2f:5d:dd:56:b2:eb:fb:a5:20:ea:
                    cc:ee:f9:74:eb:18:ae:79:7c:2a:b0:fa:90:b0:54:
                    05:d7:73:ec:c7:98:6c:20:83:66:d2:0d:a2:20:f3:
                    91:15:84:72:c7:fe:75:e0:bd:bd:31:00:ee:03:15:
                    9b:9e:e9:3b:3d:ff:e8:7b:b8:6a:4c:9a:73:d5:ca:
                    43:84:9c:48:3d:ba:6e:b8:b4:e2:84:94:11:25:07:
                    50:9a:a1:a3:f5:0a:e0:9d:d4:de:57:f8:ec:53:e5:
                    95:c0:b1:10:66:d9:a8:d8:28:01:0a:5a:1a:c4:6e:
                    87:9b:62:8e:fd:5e:64:c1:76:41:15:a1:56:a4:35:
                    ec:f4:65:0c:ec:b4:2e:f2:b2:69:78:fb:a3:e0:69:
                    54:2b:31:a0:1b:fa:d2:85:3a:5e:d1:31:97:43:a6:
                    ac:cb:8e:5c:82:24:71:ed:d6:34:88:07:91:1d:34:
                    fe:c3:33:03:84:94:cd:de:be:87:e5:f1:18:97:ca:
                    5a:ad:45:36:59:f9:0b:09:eb:58:51:79:a0:d3:0d:
                    d9:59:95:22:9e:8b:b0:e2:4d:3c:42:a9:e1:81:95:
                    1b:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:5A:43:B0:48:D7:68:F6:50:E0:51:A3:37:D7:47:72:B4:17:BC:78
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QVpDsEjXaPZQ4FGjN9dHcrQXvHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.14.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:da:7d:22:f0:97:d8:96:bc:cf:95:5e:16:82:43:dc:73:89:
         e7:7a:40:f6:3e:9b:45:cc:66:73:36:fe:84:9b:58:94:ee:a5:
         e9:e3:b2:5b:2b:a9:a4:6c:51:18:5c:3f:b3:8d:a4:e0:66:0f:
         51:c5:9e:de:e7:72:3c:f4:e7:ab:12:46:ca:b4:b6:51:22:f4:
         e5:48:8e:39:5f:8c:74:fb:5f:96:81:f3:f0:48:2c:9a:e2:f6:
         a8:5e:42:c0:1b:af:9f:55:8d:8a:53:6f:ff:d4:f2:33:1c:82:
         e2:19:69:e4:c7:09:2b:32:d2:df:6c:67:78:b4:2d:85:d2:72:
         10:0e:c0:d6:68:14:1a:42:4f:ee:7f:44:94:7e:88:a9:92:ea:
         60:69:07:ed:83:8c:84:43:60:1e:b1:5e:10:39:2e:57:08:bb:
         76:38:3a:8d:64:ba:c1:df:ef:68:b5:ac:e3:14:7a:55:0f:4a:
         f1:e2:11:13:ba:88:93:b9:18:55:62:fc:21:66:b6:2d:86:b8:
         e9:af:22:ca:a6:0a:d0:23:b8:fd:04:6d:79:1f:2d:ea:68:33:
         2c:4f:ec:fd:e6:50:dd:94:cd:2e:c2:99:c7:23:fd:2c:bf:61:
         d1:75:25:83:3a:f0:4e:bc:77:4a:69:65:77:96:96:0e:29:e1:
         81:92:ce:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH5AKUeU9SuhotHX/0nbYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjUwMTAxMTM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTVhNDNiMDQ4ZDc2OGY2NTBlMDUxYTMzN2Q3NDc3MmI0MTdiYzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22sKqVbzwCfha6uX6thew0FHAjAp
q7ARJMEpdsxDN8zPvi9d3Vay6/ulIOrM7vl06xiueXwqsPqQsFQF13Psx5hsIINm
0g2iIPORFYRyx/514L29MQDuAxWbnuk7Pf/oe7hqTJpz1cpDhJxIPbpuuLTihJQR
JQdQmqGj9QrgndTeV/jsU+WVwLEQZtmo2CgBCloaxG6Hm2KO/V5kwXZBFaFWpDXs
9GUM7LQu8rJpePuj4GlUKzGgG/rShTpe0TGXQ6asy45cgiRx7dY0iAeRHTT+wzMD
hJTN3r6H5fEYl8parUU2WfkLCetYUXmg0w3ZWZUinouw4k08QqnhgZUb6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFaQ7BI12j2UOBRozfXR3K0F7x4MB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvUVZwRHNFalhhUFpRNEZHak45ZEhjclFYdkhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVQ4dMA0G
CSqGSIb3DQEBCwUAA4IBAQAS2n0i8JfYlrzPlV4WgkPcc4nnekD2PptFzGZzNv6E
m1iU7qXp47JbK6mkbFEYXD+zjaTgZg9RxZ7e53I89OerEkbKtLZRIvTlSI45X4x0
+1+WgfPwSCya4vaoXkLAG6+fVY2KU2//1PIzHILiGWnkxwkrMtLfbGd4tC2F0nIQ
DsDWaBQaQk/uf0SUfoipkupgaQftg4yEQ2AesV4QOS5XCLt2ODqNZLrB3+9otazj
FHpVD0rx4hETuoiTuRhVYvwhZrYthrjpryLKpgrQI7j9BG15Hy3qaDMsT+z95lDd
lM0uwpnHI/0sv2HRdSWDOvBOvHdKaWV3lpYOKeGBks6v
-----END CERTIFICATE-----