Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/48a8ba-dc61-42bd-943a-c31fa71e2635/1/QdF1_Zq92wXCrTWLXFHsTX1fLOE.roa
File:                     QdF1_Zq92wXCrTWLXFHsTX1fLOE.roa (raw, json)
Hash identifier:          3ntgOindNlTLmT1RU6YRq18wFcBPHz2TO/Rc5iQY6kw=
Subject key identifier:   41:D1:75:FD:9A:BD:DB:05:C2:AD:35:8B:5C:51:EC:4D:7D:5F:2C:E1
Certificate issuer:       /CN=e695cfb36fe5a1f384cc778ae299acab81c27bfa
Certificate serial:       019421B1EE72F0941F366081C7C159333F8E
Authority key identifier: E6:95:CF:B3:6F:E5:A1:F3:84:CC:77:8A:E2:99:AC:AB:81:C2:7B:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5pXPs2_lofOEzHeK4pmsq4HCe_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/48a8ba-dc61-42bd-943a-c31fa71e2635/1/QdF1_Zq92wXCrTWLXFHsTX1fLOE.roa
Signing time:             Wed 01 Jan 2025 11:48:16 +0000
ROA not before:           Wed 01 Jan 2025 11:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60237
IP address blocks:        185.34.44.0/22 maxlen: 22
                          2a00:d5e0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/48a8ba-dc61-42bd-943a-c31fa71e2635/1/5pXPs2_lofOEzHeK4pmsq4HCe_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/48a8ba-dc61-42bd-943a-c31fa71e2635/1/5pXPs2_lofOEzHeK4pmsq4HCe_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5pXPs2_lofOEzHeK4pmsq4HCe_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ee:72:f0:94:1f:36:60:81:c7:c1:59:33:3f:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e695cfb36fe5a1f384cc778ae299acab81c27bfa
        Validity
            Not Before: Jan  1 11:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41d175fd9abddb05c2ad358b5c51ec4d7d5f2ce1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:94:57:de:c5:dc:4f:17:93:52:6c:cd:7d:78:
                    57:ff:c2:d8:ae:b7:d7:84:70:dc:07:d2:19:22:64:
                    1a:41:76:e6:2c:31:8e:50:21:20:83:75:7d:9d:6e:
                    83:d3:59:f3:d2:5b:29:eb:4a:43:d3:02:0e:ba:29:
                    f9:19:5c:4d:fc:e4:31:7c:8c:c3:3c:39:c4:e7:43:
                    4e:08:c6:54:c8:18:27:a8:fc:fa:ff:aa:a2:e1:6d:
                    51:54:e5:ec:18:a7:14:05:c7:b2:e6:c8:2e:d6:0c:
                    7c:c9:6d:08:ec:9c:5e:d7:95:02:e2:a1:81:4f:e7:
                    c1:52:7e:46:43:49:5d:f4:26:36:d1:71:fe:bb:9f:
                    aa:26:d7:19:7b:8f:29:cf:ce:df:0d:c2:f9:dc:1a:
                    41:95:fa:ab:78:02:ea:48:61:ba:d2:79:3d:41:3f:
                    eb:bc:06:38:34:74:52:11:1d:ba:ba:8d:2b:42:0e:
                    f6:d6:96:c8:ca:4b:5d:61:14:15:d5:1d:67:77:30:
                    a4:47:5a:22:b2:e2:25:d8:ce:b5:3b:e8:bb:ad:b4:
                    fd:53:6f:53:4d:d1:ec:09:0b:a4:26:15:79:0c:6a:
                    36:0c:c4:08:37:34:e0:fc:75:11:66:41:f3:a2:45:
                    05:62:18:4c:cf:8e:1e:80:83:e2:b0:cc:bc:15:bb:
                    a5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:D1:75:FD:9A:BD:DB:05:C2:AD:35:8B:5C:51:EC:4D:7D:5F:2C:E1
            X509v3 Authority Key Identifier:
                keyid:E6:95:CF:B3:6F:E5:A1:F3:84:CC:77:8A:E2:99:AC:AB:81:C2:7B:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5pXPs2_lofOEzHeK4pmsq4HCe_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/48a8ba-dc61-42bd-943a-c31fa71e2635/1/QdF1_Zq92wXCrTWLXFHsTX1fLOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/48a8ba-dc61-42bd-943a-c31fa71e2635/1/5pXPs2_lofOEzHeK4pmsq4HCe_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.44.0/22
                IPv6:
                  2a00:d5e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:2f:fa:d5:26:c6:49:ff:e7:8e:1c:10:88:6c:f8:af:4e:27:
         4d:ea:88:8d:bf:c4:84:b3:da:e9:a3:37:c9:08:f8:7f:68:68:
         87:a6:b4:31:8b:32:c7:05:28:7f:dd:27:0f:93:ac:19:66:e1:
         51:3f:72:79:4c:6a:de:bd:11:30:61:e7:bc:7e:be:9c:ea:93:
         5b:50:0a:2b:32:a2:b0:0c:e5:8c:e8:ba:70:e9:7d:93:16:46:
         74:1a:ac:6b:d1:f3:0a:09:48:30:59:cc:39:d9:fd:87:f6:14:
         5e:1f:12:da:2a:d8:d2:23:0e:82:2b:68:a0:b4:0d:49:38:d9:
         01:e5:82:54:4a:85:d7:db:11:73:3a:82:33:e3:d6:ba:67:83:
         8c:e5:21:f9:98:9a:bc:b6:c0:f9:0e:6d:4c:10:dc:3a:b2:cf:
         0b:7a:d9:e1:15:d3:5c:67:c3:95:5e:62:71:fd:14:e5:ec:bd:
         cc:75:77:57:f8:68:b3:cd:21:90:ce:bf:42:77:32:96:f1:a6:
         1f:dc:a2:81:d8:23:e2:c1:5f:c6:48:c8:27:a6:c2:58:c7:3d:
         99:32:f6:b4:d2:f3:84:a7:53:08:f2:4f:53:35:70:cf:57:ea:
         53:6d:e6:9c:9b:dd:0c:fa:f4:dc:34:16:72:2f:3d:0f:13:be:
         2d:36:68:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhse5y8JQfNmCBx8FZMz+OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2OTVjZmIzNmZlNWExZjM4NGNjNzc4YWUyOTlhY2FiODFj
MjdiZmEwHhcNMjUwMTAxMTE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWQxNzVmZDlhYmRkYjA1YzJhZDM1OGI1YzUxZWM0ZDdkNWYyY2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZRX3sXcTxeTUmzNfXhX/8LYrrfX
hHDcB9IZImQaQXbmLDGOUCEgg3V9nW6D01nz0lsp60pD0wIOuin5GVxN/OQxfIzD
PDnE50NOCMZUyBgnqPz6/6qi4W1RVOXsGKcUBcey5sgu1gx8yW0I7Jxe15UC4qGB
T+fBUn5GQ0ld9CY20XH+u5+qJtcZe48pz87fDcL53BpBlfqreALqSGG60nk9QT/r
vAY4NHRSER26uo0rQg721pbIyktdYRQV1R1ndzCkR1oisuIl2M61O+i7rbT9U29T
TdHsCQukJhV5DGo2DMQINzTg/HURZkHzokUFYhhMz44egIPisMy8FbulqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEHRdf2avdsFwq01i1xR7E19XyzhMB8GA1UdIwQY
MBaAFOaVz7Nv5aHzhMx3iuKZrKuBwnv6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXBYUHMyX2xvZk9FekhlSzRwbXNxNEhDZV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi80OGE4YmEtZGM2MS00MmJkLTk0M2Et
YzMxZmE3MWUyNjM1LzEvUWRGMV9acTkyd1hDclRXTFhGSHNUWDFmTE9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi80OGE4YmEtZGM2MS00MmJkLTk0M2EtYzMxZmE3MWUyNjM1
LzEvNXBYUHMyX2xvZk9FekhlSzRwbXNxNEhDZV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSIsMA0E
AgACMAcDBQAqANXgMA0GCSqGSIb3DQEBCwUAA4IBAQAGL/rVJsZJ/+eOHBCIbPiv
TidN6oiNv8SEs9rpozfJCPh/aGiHprQxizLHBSh/3ScPk6wZZuFRP3J5TGrevREw
Yee8fr6c6pNbUAorMqKwDOWM6Lpw6X2TFkZ0Gqxr0fMKCUgwWcw52f2H9hReHxLa
KtjSIw6CK2igtA1JONkB5YJUSoXX2xFzOoIz49a6Z4OM5SH5mJq8tsD5Dm1MENw6
ss8LetnhFdNcZ8OVXmJx/RTl7L3MdXdX+GizzSGQzr9CdzKW8aYf3KKB2CPiwV/G
SMgnpsJYxz2ZMva00vOEp1MI8k9TNXDPV+pTbeacm90M+vTcNBZyLz0PE74tNmj5
-----END CERTIFICATE-----