Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c626d5-d405-406e-8c81-5c01817fb822/1/Q5r7HzOrwEP1GGFCPc7woWNwbtw.roa
File:                     Q5r7HzOrwEP1GGFCPc7woWNwbtw.roa (raw, json)
Hash identifier:          U5JbPSv/06NMHfKHAXVH+Wi4JladerrLqdwWPT8pKOs=
Subject key identifier:   43:9A:FB:1F:33:AB:C0:43:F5:18:61:42:3D:CE:F0:A1:63:70:6E:DC
Certificate issuer:       /CN=6e83251661b0b774271c5cf526aab884b1fa7c7e
Certificate serial:       019426D9844A7EF422D2DD53B7C5B8003D85
Authority key identifier: 6E:83:25:16:61:B0:B7:74:27:1C:5C:F5:26:AA:B8:84:B1:FA:7C:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/boMlFmGwt3QnHFz1Jqq4hLH6fH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c626d5-d405-406e-8c81-5c01817fb822/1/Q5r7HzOrwEP1GGFCPc7woWNwbtw.roa
Signing time:             Thu 02 Jan 2025 11:49:36 +0000
ROA not before:           Thu 02 Jan 2025 11:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12874
IP address blocks:        185.43.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c626d5-d405-406e-8c81-5c01817fb822/1/boMlFmGwt3QnHFz1Jqq4hLH6fH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c626d5-d405-406e-8c81-5c01817fb822/1/boMlFmGwt3QnHFz1Jqq4hLH6fH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/boMlFmGwt3QnHFz1Jqq4hLH6fH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:84:4a:7e:f4:22:d2:dd:53:b7:c5:b8:00:3d:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e83251661b0b774271c5cf526aab884b1fa7c7e
        Validity
            Not Before: Jan  2 11:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=439afb1f33abc043f51861423dcef0a163706edc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:6a:3c:f1:c4:bd:a0:08:2b:b3:27:a1:4f:1c:
                    e3:80:f5:ad:97:b5:ce:6d:c7:fb:1e:0e:b2:74:49:
                    b8:3b:aa:ad:e1:28:50:59:7f:54:f1:11:0b:34:17:
                    3c:0b:86:45:64:37:9f:81:7e:f4:c1:a4:ee:d4:ad:
                    11:c2:d6:b9:02:aa:66:ae:13:39:55:4f:8b:17:fc:
                    9b:8e:fb:63:c6:20:d3:74:ad:f7:e2:7d:e6:79:92:
                    c4:ce:20:d2:d6:1e:db:7e:ed:c6:9b:dc:d7:b1:cc:
                    9a:7b:5b:a8:72:60:5f:39:fc:de:35:54:c1:ce:98:
                    73:a2:b3:7d:d4:14:cf:c0:30:9d:17:e3:e1:d0:e5:
                    8b:43:11:b5:d2:81:3d:18:ee:15:d5:d5:40:c8:5a:
                    71:26:8c:bd:67:d4:84:dc:e9:ed:f1:7b:bd:81:09:
                    13:32:93:dc:cd:41:38:d9:d5:fd:fc:26:0b:cf:d3:
                    e5:85:0b:9d:45:a4:a0:eb:5d:c0:62:cc:db:45:bf:
                    c4:43:02:8c:57:7b:85:ab:10:b3:18:53:0f:29:8c:
                    dc:a0:07:69:ce:39:63:71:0c:17:65:c3:4f:c7:aa:
                    93:3d:3c:1e:ab:98:04:7f:d7:72:16:da:9e:3c:e4:
                    39:8b:27:39:a0:75:5f:b7:a7:dc:51:96:35:50:73:
                    9f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:9A:FB:1F:33:AB:C0:43:F5:18:61:42:3D:CE:F0:A1:63:70:6E:DC
            X509v3 Authority Key Identifier:
                keyid:6E:83:25:16:61:B0:B7:74:27:1C:5C:F5:26:AA:B8:84:B1:FA:7C:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/boMlFmGwt3QnHFz1Jqq4hLH6fH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c626d5-d405-406e-8c81-5c01817fb822/1/Q5r7HzOrwEP1GGFCPc7woWNwbtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c626d5-d405-406e-8c81-5c01817fb822/1/boMlFmGwt3QnHFz1Jqq4hLH6fH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:ee:77:29:35:9d:bc:e1:8d:69:bf:75:de:e0:18:77:d5:5b:
         97:7a:c5:f8:48:d6:31:e8:9c:e4:2a:d5:96:7e:f6:2b:a4:9d:
         7a:69:2f:cc:63:19:56:0f:7d:6b:96:77:ed:f3:55:60:f7:e4:
         66:74:cb:49:36:11:15:b2:6e:c7:4d:a5:61:de:22:d4:9d:91:
         c2:7a:c6:41:23:b6:20:01:c8:bd:4a:17:4c:a3:26:2b:04:07:
         a3:be:4b:00:66:83:d9:63:c3:2f:fa:ea:fe:35:81:8a:ba:25:
         6b:01:6e:46:64:99:72:20:a5:7a:12:d1:99:ed:c5:a7:7c:a5:
         76:b9:05:4e:dd:5f:66:a7:be:80:3b:ae:50:1a:57:f6:28:23:
         14:72:07:70:1f:28:58:e9:cb:bd:15:5d:f2:1a:a7:4f:cf:c8:
         40:d2:07:48:4e:ba:90:6a:a4:ff:ca:0e:72:99:a0:93:c5:f9:
         12:d4:7c:fd:08:1e:49:9f:82:3b:d9:8f:e5:19:36:40:1e:5b:
         a4:e3:66:df:aa:9d:38:24:6b:63:a8:c1:8d:7a:18:46:07:d5:
         5a:ae:30:06:22:08:3e:ab:be:1b:39:ec:16:24:b9:34:57:e2:
         23:50:d0:6c:99:f9:f6:af:06:53:89:c7:b9:57:17:c4:dc:11:
         14:38:cd:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2YRKfvQi0t1Tt8W4AD2FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODMyNTE2NjFiMGI3NzQyNzFjNWNmNTI2YWFiODg0YjFm
YTdjN2UwHhcNMjUwMTAyMTE0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzlhZmIxZjMzYWJjMDQzZjUxODYxNDIzZGNlZjBhMTYzNzA2ZWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWo88cS9oAgrsyehTxzjgPWtl7XO
bcf7Hg6ydEm4O6qt4ShQWX9U8RELNBc8C4ZFZDefgX70waTu1K0Rwta5AqpmrhM5
VU+LF/ybjvtjxiDTdK334n3meZLEziDS1h7bfu3Gm9zXscyae1uocmBfOfzeNVTB
zphzorN91BTPwDCdF+Ph0OWLQxG10oE9GO4V1dVAyFpxJoy9Z9SE3Ont8Xu9gQkT
MpPczUE42dX9/CYLz9PlhQudRaSg613AYszbRb/EQwKMV3uFqxCzGFMPKYzcoAdp
zjljcQwXZcNPx6qTPTweq5gEf9dyFtqePOQ5iyc5oHVft6fcUZY1UHOfNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOa+x8zq8BD9RhhQj3O8KFjcG7cMB8GA1UdIwQY
MBaAFG6DJRZhsLd0Jxxc9SaquISx+nx+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9NbEZtR3d0M1FuSEZ6MUpxcTRoTEg2Zkg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jNjI2ZDUtZDQwNS00MDZlLThjODEt
NWMwMTgxN2ZiODIyLzEvUTVyN0h6T3J3RVAxR0dGQ1BjN3dvV053YnR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jNjI2ZDUtZDQwNS00MDZlLThjODEtNWMwMTgxN2ZiODIy
LzEvYm9NbEZtR3d0M1FuSEZ6MUpxcTRoTEg2Zkg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSsTMA0G
CSqGSIb3DQEBCwUAA4IBAQAg7ncpNZ284Y1pv3Xe4Bh31VuXesX4SNYx6JzkKtWW
fvYrpJ16aS/MYxlWD31rlnft81Vg9+RmdMtJNhEVsm7HTaVh3iLUnZHCesZBI7Yg
Aci9ShdMoyYrBAejvksAZoPZY8Mv+ur+NYGKuiVrAW5GZJlyIKV6EtGZ7cWnfKV2
uQVO3V9mp76AO65QGlf2KCMUcgdwHyhY6cu9FV3yGqdPz8hA0gdITrqQaqT/yg5y
maCTxfkS1Hz9CB5Jn4I72Y/lGTZAHluk42bfqp04JGtjqMGNehhGB9VarjAGIgg+
q74bOewWJLk0V+IjUNBsmfn2rwZTice5VxfE3BEUOM3x
-----END CERTIFICATE-----