Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/39254c-5286-4b84-b691-4014478bb6c8/1/Qc5cmd1l4zemEHfozY81Dk5Vg5A.roa
File:                     Qc5cmd1l4zemEHfozY81Dk5Vg5A.roa (raw, json)
Hash identifier:          1e50whpvJStdUj8bNZvYvbgVa0jYFa3BmNTPWax7Fi4=
Subject key identifier:   41:CE:5C:99:DD:65:E3:37:A6:10:77:E8:CD:8F:35:0E:4E:55:83:90
Certificate issuer:       /CN=8c810edc51abd61e69f3c69ee49d88e9896a6f09
Certificate serial:       01941F8CA330CCA7930E0B71CEA9A2FECD3E
Authority key identifier: 8C:81:0E:DC:51:AB:D6:1E:69:F3:C6:9E:E4:9D:88:E9:89:6A:6F:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jIEO3FGr1h5p88ae5J2I6Ylqbwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/39254c-5286-4b84-b691-4014478bb6c8/1/Qc5cmd1l4zemEHfozY81Dk5Vg5A.roa
Signing time:             Wed 01 Jan 2025 01:48:18 +0000
ROA not before:           Wed 01 Jan 2025 01:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216274
IP address blocks:        83.97.36.0/24 maxlen: 24
                          185.165.194.0/24 maxlen: 24
                          2a10:a180::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/39254c-5286-4b84-b691-4014478bb6c8/1/jIEO3FGr1h5p88ae5J2I6Ylqbwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/39254c-5286-4b84-b691-4014478bb6c8/1/jIEO3FGr1h5p88ae5J2I6Ylqbwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jIEO3FGr1h5p88ae5J2I6Ylqbwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:a3:30:cc:a7:93:0e:0b:71:ce:a9:a2:fe:cd:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c810edc51abd61e69f3c69ee49d88e9896a6f09
        Validity
            Not Before: Jan  1 01:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41ce5c99dd65e337a61077e8cd8f350e4e558390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:7c:34:e1:52:af:f5:24:5a:75:ce:52:81:be:
                    8b:3e:48:26:54:95:70:37:da:65:d7:d5:c7:1f:f2:
                    8d:19:62:d6:a7:c9:8a:48:1e:a2:e9:1e:90:64:e8:
                    ab:ce:00:48:ee:6e:c0:be:b1:b2:41:6a:25:0e:c7:
                    18:ff:a9:da:d3:3c:c3:51:c4:a1:b6:0d:ee:c2:b4:
                    8b:94:49:31:ba:5a:69:99:a0:b2:a9:51:88:04:34:
                    fe:8a:10:2a:ba:2a:9a:d6:3c:96:d6:c5:79:7b:f2:
                    7c:fd:b5:8d:14:bb:93:2d:70:6a:cc:bd:6e:92:58:
                    b8:37:fd:b5:00:d0:ed:71:d3:3c:17:6d:94:a0:cb:
                    79:c0:5d:90:a5:85:a0:fe:ab:25:47:96:b1:3c:90:
                    24:c5:b3:9b:09:3a:8b:12:88:fa:28:14:4e:6e:26:
                    4d:39:2e:2c:a9:85:9c:c1:64:06:94:fd:82:c3:26:
                    57:72:74:49:13:65:96:2c:32:94:49:32:e6:92:21:
                    62:d9:70:ee:32:9b:2f:e1:19:05:84:7b:72:45:6d:
                    e0:7b:12:f4:c0:c7:f9:f7:fa:92:79:17:56:6a:da:
                    21:b2:21:38:45:a8:15:df:1e:3c:25:f9:e6:55:82:
                    4a:92:40:b1:c9:01:8c:f1:98:9e:da:60:86:b1:0e:
                    b5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:CE:5C:99:DD:65:E3:37:A6:10:77:E8:CD:8F:35:0E:4E:55:83:90
            X509v3 Authority Key Identifier:
                keyid:8C:81:0E:DC:51:AB:D6:1E:69:F3:C6:9E:E4:9D:88:E9:89:6A:6F:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jIEO3FGr1h5p88ae5J2I6Ylqbwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/39254c-5286-4b84-b691-4014478bb6c8/1/Qc5cmd1l4zemEHfozY81Dk5Vg5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/39254c-5286-4b84-b691-4014478bb6c8/1/jIEO3FGr1h5p88ae5J2I6Ylqbwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.36.0/24
                  185.165.194.0/24
                IPv6:
                  2a10:a180::/30

    Signature Algorithm: sha256WithRSAEncryption
         3b:31:4b:ed:79:c1:85:cc:e0:3a:f3:72:c3:bf:e8:95:49:d5:
         c5:03:51:c9:cb:4e:fa:35:6a:b8:a7:68:49:c5:99:fe:15:0f:
         46:17:44:e6:26:1b:46:d2:f0:10:b3:ef:bb:94:c1:2c:b1:ef:
         a6:3c:84:2a:3c:09:d9:15:4a:4a:8d:36:5a:78:86:1c:13:3b:
         1f:7d:00:9a:52:e3:2e:3f:fb:94:26:08:a0:82:c1:7e:a5:45:
         c0:55:02:e3:90:67:24:aa:fc:71:9d:af:8a:c1:28:7e:6b:9f:
         e0:1c:74:b8:d7:b4:8b:94:35:9b:b4:cb:a4:3d:7d:29:f9:39:
         22:3a:5c:50:25:3a:9d:e5:db:b9:6e:50:65:ad:27:ec:78:58:
         ef:8c:82:10:b7:e0:97:8b:23:4e:92:4c:3d:d8:10:a1:8d:f2:
         77:a7:1d:1c:e5:d7:bf:26:5c:16:05:3a:3e:71:7d:bf:22:df:
         7b:45:03:a9:4d:6e:80:e6:1e:16:ab:8a:72:d6:e5:f7:d1:ba:
         6f:0c:9b:cf:23:45:cf:86:59:29:50:d7:5c:fb:de:a9:ad:ab:
         c1:79:18:21:33:13:a6:e3:ea:f7:34:af:ab:2c:4e:fc:eb:23:
         75:20:88:f5:d8:ac:64:01:c3:01:d4:95:c6:7a:2c:94:8a:9d:
         9d:3a:65:0a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQfjKMwzKeTDgtxzqmi/s0+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjODEwZWRjNTFhYmQ2MWU2OWYzYzY5ZWU0OWQ4OGU5ODk2
YTZmMDkwHhcNMjUwMTAxMDE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWNlNWM5OWRkNjVlMzM3YTYxMDc3ZThjZDhmMzUwZTRlNTU4MzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Hw04VKv9SRadc5Sgb6LPkgmVJVw
N9pl19XHH/KNGWLWp8mKSB6i6R6QZOirzgBI7m7AvrGyQWolDscY/6na0zzDUcSh
tg3uwrSLlEkxulppmaCyqVGIBDT+ihAquiqa1jyW1sV5e/J8/bWNFLuTLXBqzL1u
kli4N/21ANDtcdM8F22UoMt5wF2QpYWg/qslR5axPJAkxbObCTqLEoj6KBRObiZN
OS4sqYWcwWQGlP2CwyZXcnRJE2WWLDKUSTLmkiFi2XDuMpsv4RkFhHtyRW3gexL0
wMf59/qSeRdWatohsiE4RagV3x48JfnmVYJKkkCxyQGM8Zie2mCGsQ61qQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEHOXJndZeM3phB36M2PNQ5OVYOQMB8GA1UdIwQY
MBaAFIyBDtxRq9YeafPGnuSdiOmJam8JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaklFTzNGR3IxaDVwODhhZTVKMkk2WWxxYndrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8zOTI1NGMtNTI4Ni00Yjg0LWI2OTEt
NDAxNDQ3OGJiNmM4LzEvUWM1Y21kMWw0emVtRUhmb3pZODFEazVWZzVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8zOTI1NGMtNTI4Ni00Yjg0LWI2OTEtNDAxNDQ3OGJiNmM4
LzEvaklFTzNGR3IxaDVwODhhZTVKMkk2WWxxYndrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAU2EkAwQA
uaXCMA0EAgACMAcDBQIqEKGAMA0GCSqGSIb3DQEBCwUAA4IBAQA7MUvtecGFzOA6
83LDv+iVSdXFA1HJy076NWq4p2hJxZn+FQ9GF0TmJhtG0vAQs++7lMEsse+mPIQq
PAnZFUpKjTZaeIYcEzsffQCaUuMuP/uUJgiggsF+pUXAVQLjkGckqvxxna+KwSh+
a5/gHHS417SLlDWbtMukPX0p+TkiOlxQJTqd5du5blBlrSfseFjvjIIQt+CXiyNO
kkw92BChjfJ3px0c5de/JlwWBTo+cX2/It97RQOpTW6A5h4Wq4py1uX30bpvDJvP
I0XPhlkpUNdc+96pravBeRghMxOm4+r3NK+rLE786yN1IIj12KxkAcMB1JXGeiyU
ip2dOmUK
-----END CERTIFICATE-----