Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/9d0a15-d546-4970-9a81-8596c2af9dcc/1/qnXqSBmvIClWRdSX3rmYASI_2Pc.roa
File:                     qnXqSBmvIClWRdSX3rmYASI_2Pc.roa (raw, json)
Hash identifier:          2FNK4DlE8j3wOu3WxQxB7a85ZmjXWPid3Sa9pj/6S3M=
Subject key identifier:   AA:75:EA:48:19:AF:20:29:56:45:D4:97:DE:B9:98:01:22:3F:D8:F7
Certificate issuer:       /CN=6857a9bb297f0b3c444ab0af673a52750e979b4e
Certificate serial:       01942521F4B7D73F159053FA9452F2D3EE21
Authority key identifier: 68:57:A9:BB:29:7F:0B:3C:44:4A:B0:AF:67:3A:52:75:0E:97:9B:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aFepuyl_CzxESrCvZzpSdQ6Xm04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/9d0a15-d546-4970-9a81-8596c2af9dcc/1/qnXqSBmvIClWRdSX3rmYASI_2Pc.roa
Signing time:             Thu 02 Jan 2025 03:49:29 +0000
ROA not before:           Thu 02 Jan 2025 03:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        141.14.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/9d0a15-d546-4970-9a81-8596c2af9dcc/1/aFepuyl_CzxESrCvZzpSdQ6Xm04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/9d0a15-d546-4970-9a81-8596c2af9dcc/1/aFepuyl_CzxESrCvZzpSdQ6Xm04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aFepuyl_CzxESrCvZzpSdQ6Xm04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f4:b7:d7:3f:15:90:53:fa:94:52:f2:d3:ee:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6857a9bb297f0b3c444ab0af673a52750e979b4e
        Validity
            Not Before: Jan  2 03:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa75ea4819af20295645d497deb99801223fd8f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a6:62:82:0f:28:c9:1c:5f:24:fc:5f:59:a8:
                    8b:2a:a8:37:35:33:b9:92:2f:97:27:44:8d:46:ad:
                    71:e7:10:5a:42:c1:1e:e9:56:57:a1:85:a5:e0:aa:
                    91:86:23:f3:a5:a6:68:1f:5d:f2:6f:f5:f8:9b:0b:
                    8b:ae:1a:fd:61:ea:46:7b:72:1c:fa:9f:c1:c8:3e:
                    7c:16:7b:30:4e:59:9a:af:15:ff:cd:06:c2:1c:76:
                    c6:e9:47:48:a7:16:8a:4d:f0:35:ca:09:fa:e5:a5:
                    94:c2:d2:36:09:90:98:39:8a:d6:b3:82:6f:c2:29:
                    ef:4b:ec:b7:c1:6c:47:83:1f:96:23:2f:67:7c:d5:
                    b0:c2:0a:97:43:4e:f7:84:64:37:34:7f:33:e8:be:
                    f9:d6:57:36:78:c2:d7:23:d9:86:ba:90:09:a3:6b:
                    2d:5a:62:39:1a:ef:86:a9:ce:9f:d3:9d:6b:e8:c5:
                    42:72:38:85:91:77:e1:f8:75:ab:a2:ae:1d:37:e3:
                    eb:c0:32:27:8b:1c:6e:3e:ad:63:52:85:c1:8e:7a:
                    76:f4:3e:b9:69:51:92:d1:9a:bc:90:c8:28:de:58:
                    9e:de:53:a2:72:b6:85:07:85:fd:cc:02:53:c7:04:
                    9a:c6:ae:b6:b0:9d:0b:b3:7f:54:bd:16:fa:24:4f:
                    d5:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:75:EA:48:19:AF:20:29:56:45:D4:97:DE:B9:98:01:22:3F:D8:F7
            X509v3 Authority Key Identifier:
                keyid:68:57:A9:BB:29:7F:0B:3C:44:4A:B0:AF:67:3A:52:75:0E:97:9B:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aFepuyl_CzxESrCvZzpSdQ6Xm04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/9d0a15-d546-4970-9a81-8596c2af9dcc/1/qnXqSBmvIClWRdSX3rmYASI_2Pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/9d0a15-d546-4970-9a81-8596c2af9dcc/1/aFepuyl_CzxESrCvZzpSdQ6Xm04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.14.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4d:6e:f6:23:e4:16:69:43:d8:ea:9f:ae:c8:d2:f2:ca:04:90:
         f4:77:e9:fb:05:d0:04:b6:82:af:70:1d:15:54:2d:bd:77:00:
         95:a0:5c:64:d8:c0:bd:5c:18:7c:d9:28:2e:72:de:f5:bd:09:
         82:93:0a:ac:94:24:23:cf:6a:12:06:3c:2c:81:a7:ce:f7:bf:
         d5:9f:8f:a3:9e:c9:62:bb:05:02:4d:83:81:d8:fa:73:5f:04:
         e5:9b:0d:88:17:bb:3a:1e:c1:fa:98:4e:e8:22:fd:f2:12:14:
         56:4d:93:a2:f2:0f:43:87:52:99:a1:a6:31:23:71:e4:89:29:
         ef:b7:1c:11:40:89:54:73:29:69:d1:89:bb:18:05:98:c9:3c:
         b0:b1:81:1d:72:8c:85:34:f4:86:fb:1c:b5:b6:9d:08:01:3c:
         02:42:aa:be:53:c3:bf:c0:25:da:8d:08:b1:12:e8:c0:94:fc:
         f7:c0:21:9b:3c:7c:50:2a:d3:10:9c:0f:88:ac:c4:1e:c4:f1:
         4e:43:04:cb:ac:e5:db:39:37:84:9b:60:8a:cc:97:9b:42:39:
         ff:62:92:f5:ce:38:8d:fe:9b:42:7e:90:99:c0:1c:e2:e1:c9:
         54:40:2b:75:d9:4e:32:b6:71:d3:ab:46:d9:d8:2f:0c:d8:5c:
         96:6f:19:fa
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQlIfS31z8VkFP6lFLy0+4hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NTdhOWJiMjk3ZjBiM2M0NDRhYjBhZjY3M2E1Mjc1MGU5
NzliNGUwHhcNMjUwMTAyMDM0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTc1ZWE0ODE5YWYyMDI5NTY0NWQ0OTdkZWI5OTgwMTIyM2ZkOGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6Zigg8oyRxfJPxfWaiLKqg3NTO5
ki+XJ0SNRq1x5xBaQsEe6VZXoYWl4KqRhiPzpaZoH13yb/X4mwuLrhr9YepGe3Ic
+p/ByD58FnswTlmarxX/zQbCHHbG6UdIpxaKTfA1ygn65aWUwtI2CZCYOYrWs4Jv
winvS+y3wWxHgx+WIy9nfNWwwgqXQ073hGQ3NH8z6L751lc2eMLXI9mGupAJo2st
WmI5Gu+Gqc6f051r6MVCcjiFkXfh+HWroq4dN+PrwDInixxuPq1jUoXBjnp29D65
aVGS0Zq8kMgo3lie3lOicraFB4X9zAJTxwSaxq62sJ0Ls39UvRb6JE/VsQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFKp16kgZryApVkXUl965mAEiP9j3MB8GA1UdIwQY
MBaAFGhXqbspfws8REqwr2c6UnUOl5tOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUZlcHV5bF9DenhFU3JDdlp6cFNkUTZYbTA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85ZDBhMTUtZDU0Ni00OTcwLTlhODEt
ODU5NmMyYWY5ZGNjLzEvcW5YcVNCbXZJQ2xXUmRTWDNybVlBU0lfMlBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85ZDBhMTUtZDU0Ni00OTcwLTlhODEtODU5NmMyYWY5ZGNj
LzEvYUZlcHV5bF9DenhFU3JDdlp6cFNkUTZYbTA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjQ4wDQYJ
KoZIhvcNAQELBQADggEBAE1u9iPkFmlD2OqfrsjS8soEkPR36fsF0AS2gq9wHRVU
Lb13AJWgXGTYwL1cGHzZKC5y3vW9CYKTCqyUJCPPahIGPCyBp873v9Wfj6OeyWK7
BQJNg4HY+nNfBOWbDYgXuzoewfqYTugi/fISFFZNk6LyD0OHUpmhpjEjceSJKe+3
HBFAiVRzKWnRibsYBZjJPLCxgR1yjIU09Ib7HLW2nQgBPAJCqr5Tw7/AJdqNCLES
6MCU/PfAIZs8fFAq0xCcD4isxB7E8U5DBMus5ds5N4SbYIrMl5tCOf9ikvXOOI3+
m0J+kJnAHOLhyVRAK3XZTjK2cdOrRtnYLwzYXJZvGfo=
-----END CERTIFICATE-----