Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/AmqiC38rtSv0iE1wKrjS0J46Q88.roa
File:                     AmqiC38rtSv0iE1wKrjS0J46Q88.roa (raw, json)
Hash identifier:          UHlyMJ5+FWbMAOr2Ngcc+hElY0msx9uI+m00I3guqOI=
Subject key identifier:   02:6A:A2:0B:7F:2B:B5:2B:F4:88:4D:70:2A:B8:D2:D0:9E:3A:43:CF
Certificate issuer:       /CN=533802e62965d4584e598d59b76a928be5afd971
Certificate serial:       019527E919FE78CA197D6D752550071AE02B
Authority key identifier: 53:38:02:E6:29:65:D4:58:4E:59:8D:59:B7:6A:92:8B:E5:AF:D9:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/AmqiC38rtSv0iE1wKrjS0J46Q88.roa
Signing time:             Fri 21 Feb 2025 09:49:02 +0000
ROA not before:           Fri 21 Feb 2025 09:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39704
IP address blocks:        141.98.228.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:27:e9:19:fe:78:ca:19:7d:6d:75:25:50:07:1a:e0:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=533802e62965d4584e598d59b76a928be5afd971
        Validity
            Not Before: Feb 21 09:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=026aa20b7f2bb52bf4884d702ab8d2d09e3a43cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:18:d2:b5:e5:ea:2c:10:2d:4b:97:ae:64:80:
                    fc:c7:58:62:e8:02:89:75:15:ed:e1:07:ce:5f:28:
                    76:55:4e:1c:49:84:32:fa:31:c1:c6:da:a6:02:5a:
                    1e:4a:58:46:91:77:76:c2:d0:b5:43:e3:cf:97:39:
                    28:92:45:0e:59:5d:3f:34:f3:b7:25:b9:76:9f:d8:
                    8b:5a:82:9e:90:8f:6e:06:d4:37:24:41:e9:c8:6a:
                    43:af:79:82:a6:33:a5:f4:01:3c:a0:78:b9:8a:2c:
                    d5:f8:d2:00:1d:66:27:13:55:b4:39:d1:3a:82:be:
                    0b:44:f0:84:f9:d6:8c:8e:92:42:26:c4:94:10:b4:
                    cd:18:21:e8:a8:a3:54:46:fa:37:7a:cb:d2:55:35:
                    1d:35:16:d5:81:f0:97:b7:b2:11:53:d8:b1:11:c4:
                    3f:2f:cb:a0:3f:84:da:b8:61:8e:21:fb:e1:5c:0b:
                    34:7d:7a:46:94:f7:a7:cf:e5:cb:16:e5:18:eb:fb:
                    7a:41:d6:d7:c8:e6:1d:6e:75:4c:4a:e1:4e:30:d2:
                    88:61:86:01:3f:cd:ef:15:36:cf:01:22:88:ee:13:
                    1a:85:02:78:e4:e0:f7:9b:21:9e:14:1e:3b:e0:d1:
                    e2:8a:8d:26:06:4c:6b:75:ca:15:cd:04:01:45:6a:
                    c6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:6A:A2:0B:7F:2B:B5:2B:F4:88:4D:70:2A:B8:D2:D0:9E:3A:43:CF
            X509v3 Authority Key Identifier:
                keyid:53:38:02:E6:29:65:D4:58:4E:59:8D:59:B7:6A:92:8B:E5:AF:D9:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/AmqiC38rtSv0iE1wKrjS0J46Q88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:7b:21:ab:13:40:23:63:c1:a5:57:d6:4d:0d:99:ec:68:fe:
         fa:53:7a:60:37:67:51:3b:60:9a:83:b2:27:de:a2:a0:6c:00:
         1e:1c:38:68:e1:2e:4c:95:8f:f3:26:57:37:4d:e8:6e:6d:f0:
         1e:89:a0:59:a7:20:2c:4e:62:71:5b:65:97:cb:f7:71:04:5c:
         33:6b:b5:c1:60:37:3c:88:74:22:5c:39:0c:44:dd:de:a0:4b:
         09:ce:19:65:1c:c6:ef:36:a0:72:fd:17:99:d3:ab:d9:d5:cf:
         0b:88:97:b7:df:f6:af:2f:95:7b:f7:0a:9f:dd:18:45:46:77:
         3b:96:2a:ef:a2:1a:d7:ad:54:70:1b:ee:e7:8c:a4:1b:c4:f1:
         12:73:cb:d9:c4:48:6c:32:ed:33:aa:a6:b5:eb:ff:f6:34:34:
         f0:9e:3c:07:c0:d7:f9:7c:50:c3:63:d1:48:c2:e9:84:a7:94:
         f6:9d:c7:6e:eb:99:38:96:56:96:d3:a8:b5:6e:cd:7c:a7:09:
         f1:5c:78:6b:c0:ec:c1:9b:f8:ec:4f:21:ec:07:06:6d:56:05:
         66:cb:81:15:04:3e:4c:e4:03:f7:f5:59:8e:b6:18:16:a6:7f:
         59:10:f3:ea:84:ac:82:f9:16:14:a4:2c:83:35:3d:1c:c4:3f:
         76:2d:8f:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUn6Rn+eMoZfW11JVAHGuArMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMzgwMmU2Mjk2NWQ0NTg0ZTU5OGQ1OWI3NmE5MjhiZTVh
ZmQ5NzEwHhcNMjUwMjIxMDk0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjZhYTIwYjdmMmJiNTJiZjQ4ODRkNzAyYWI4ZDJkMDllM2E0M2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBjSteXqLBAtS5euZID8x1hi6AKJ
dRXt4QfOXyh2VU4cSYQy+jHBxtqmAloeSlhGkXd2wtC1Q+PPlzkokkUOWV0/NPO3
Jbl2n9iLWoKekI9uBtQ3JEHpyGpDr3mCpjOl9AE8oHi5iizV+NIAHWYnE1W0OdE6
gr4LRPCE+daMjpJCJsSUELTNGCHoqKNURvo3esvSVTUdNRbVgfCXt7IRU9ixEcQ/
L8ugP4TauGGOIfvhXAs0fXpGlPenz+XLFuUY6/t6QdbXyOYdbnVMSuFOMNKIYYYB
P83vFTbPASKI7hMahQJ45OD3myGeFB474NHiio0mBkxrdcoVzQQBRWrGsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJqogt/K7Ur9IhNcCq40tCeOkPPMB8GA1UdIwQY
MBaAFFM4AuYpZdRYTlmNWbdqkovlr9lxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXpnQzVpbGwxRmhPV1kxWnQycVNpLVd2MlhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8wMWE3M2EtOGRhMC00OGI5LWFhZWQt
YTIzYzEzMWMwZDM4LzEvQW1xaUMzOHJ0U3YwaUUxd0tyalMwSjQ2UTg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8wMWE3M2EtOGRhMC00OGI5LWFhZWQtYTIzYzEzMWMwZDM4
LzEvVXpnQzVpbGwxRmhPV1kxWnQycVNpLVd2MlhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjWLkMA0G
CSqGSIb3DQEBCwUAA4IBAQAkeyGrE0AjY8GlV9ZNDZnsaP76U3pgN2dRO2Cag7In
3qKgbAAeHDho4S5MlY/zJlc3TehubfAeiaBZpyAsTmJxW2WXy/dxBFwza7XBYDc8
iHQiXDkMRN3eoEsJzhllHMbvNqBy/ReZ06vZ1c8LiJe33/avL5V79wqf3RhFRnc7
lirvohrXrVRwG+7njKQbxPESc8vZxEhsMu0zqqa16//2NDTwnjwHwNf5fFDDY9FI
wumEp5T2ncdu65k4llaW06i1bs18pwnxXHhrwOzBm/jsTyHsBwZtVgVmy4EVBD5M
5AP39VmOthgWpn9ZEPPqhKyC+RYUpCyDNT0cxD92LY/m
-----END CERTIFICATE-----