Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/QdqTKHoiqUSS3YbPBuNzrQhQ9-U.roa
File:                     QdqTKHoiqUSS3YbPBuNzrQhQ9-U.roa (raw, json)
Hash identifier:          q0TCHE5AUt7fjjG6UbQUxp5tdbPD8QNzCCk/O3w0dcI=
Subject key identifier:   41:DA:93:28:7A:22:A9:44:92:DD:86:CF:06:E3:73:AD:08:50:F7:E5
Certificate issuer:       /CN=19b105d148de996036fdf21cb208a338a158ceda
Certificate serial:       019423D7E184C83B0CDD946645CE48D045DC
Authority key identifier: 19:B1:05:D1:48:DE:99:60:36:FD:F2:1C:B2:08:A3:38:A1:58:CE:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GbEF0UjemWA2_fIcsgijOKFYzto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/QdqTKHoiqUSS3YbPBuNzrQhQ9-U.roa
Signing time:             Wed 01 Jan 2025 21:48:58 +0000
ROA not before:           Wed 01 Jan 2025 21:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.138.242.0/24 maxlen: 24
                          2a07:10c0:c57::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/GbEF0UjemWA2_fIcsgijOKFYzto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/GbEF0UjemWA2_fIcsgijOKFYzto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GbEF0UjemWA2_fIcsgijOKFYzto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:e1:84:c8:3b:0c:dd:94:66:45:ce:48:d0:45:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19b105d148de996036fdf21cb208a338a158ceda
        Validity
            Not Before: Jan  1 21:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41da93287a22a94492dd86cf06e373ad0850f7e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:38:3c:0a:53:bc:7c:b2:3d:13:05:94:1d:00:
                    4d:22:51:43:f7:44:ea:d5:e9:bc:b9:d2:c1:16:ca:
                    0f:26:df:5c:66:4f:d9:6c:07:e0:54:2c:b0:91:8d:
                    c5:01:23:3f:e0:9c:58:30:cb:c1:d3:f0:0d:30:d6:
                    02:a6:d1:22:e8:b8:ca:c0:a4:2b:83:a6:0e:b7:f7:
                    c8:8c:77:f7:f7:20:f7:8e:03:e6:c3:1c:ba:4d:e4:
                    1c:32:70:15:76:44:0f:86:22:60:66:13:97:56:84:
                    60:24:57:d1:b7:33:35:38:3c:0f:fd:0a:86:59:dc:
                    a6:16:84:d2:d2:16:e0:3b:36:14:5b:b9:63:42:1f:
                    9e:08:b3:64:2e:12:a8:63:bd:24:59:f9:a9:4c:4f:
                    3e:fe:93:f5:7e:f9:53:a8:37:d0:5d:c3:6c:75:78:
                    66:e5:d1:0b:46:c9:d4:eb:c4:d9:64:58:4e:71:cf:
                    9d:f1:44:2d:72:e4:06:85:b7:5e:02:77:13:a5:89:
                    f1:f9:82:38:9b:26:f4:9a:b4:c2:cf:e7:fa:9a:08:
                    e6:46:2c:6f:05:a9:bd:c1:6e:1d:2a:d0:64:83:ee:
                    a3:d2:6d:25:9e:b2:e5:02:dc:34:85:14:38:a0:1f:
                    c4:58:3f:8a:55:c9:a0:26:d1:01:dd:9e:72:fa:24:
                    72:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:DA:93:28:7A:22:A9:44:92:DD:86:CF:06:E3:73:AD:08:50:F7:E5
            X509v3 Authority Key Identifier:
                keyid:19:B1:05:D1:48:DE:99:60:36:FD:F2:1C:B2:08:A3:38:A1:58:CE:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GbEF0UjemWA2_fIcsgijOKFYzto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/QdqTKHoiqUSS3YbPBuNzrQhQ9-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/GbEF0UjemWA2_fIcsgijOKFYzto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.242.0/24
                IPv6:
                  2a07:10c0:c57::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:e0:cf:e7:97:b8:71:e1:76:d6:ad:01:8d:44:b8:30:73:6d:
         86:67:df:2d:49:53:37:a6:02:4f:22:d7:ea:f3:da:04:13:d5:
         7c:a6:ca:50:46:13:9f:dd:8b:c9:63:1d:e7:9c:e3:bc:a4:36:
         7d:08:98:a8:7c:2e:47:ac:64:b4:3b:de:56:ff:fd:29:bf:52:
         82:1d:cc:52:bc:60:45:8b:a9:60:f6:dc:23:a7:ab:b4:b8:25:
         cb:ce:b3:e9:c0:a7:a8:62:1e:e3:73:ad:ff:59:65:9e:2e:5a:
         cb:41:a5:2a:2d:f7:7e:2f:04:0f:47:ab:88:cc:5a:65:15:99:
         20:a1:4c:d2:ca:1e:a5:b1:33:58:8b:62:f2:37:68:9b:3c:87:
         12:34:29:12:c3:b7:7e:7e:63:74:7b:27:16:af:fb:32:a9:d3:
         6a:e6:f7:ce:0b:f4:c7:38:24:f1:b6:d9:5b:59:c5:fc:12:d1:
         5e:5d:ee:4c:a6:71:3a:33:1a:6d:f7:96:c7:45:78:e2:45:51:
         e6:c3:5d:46:dc:60:f1:e4:75:81:c0:6f:3c:f8:c5:a4:ec:47:
         1a:22:3d:c9:ed:72:38:ce:e0:1d:df:49:0e:7a:57:bc:cd:2b:
         07:3a:17:8b:7b:24:80:09:db:1e:da:1a:be:b6:79:54:6c:af:
         f2:b0:d3:0d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQj1+GEyDsM3ZRmRc5I0EXcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YjEwNWQxNDhkZTk5NjAzNmZkZjIxY2IyMDhhMzM4YTE1
OGNlZGEwHhcNMjUwMTAxMjE0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWRhOTMyODdhMjJhOTQ0OTJkZDg2Y2YwNmUzNzNhZDA4NTBmN2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszg8ClO8fLI9EwWUHQBNIlFD90Tq
1em8udLBFsoPJt9cZk/ZbAfgVCywkY3FASM/4JxYMMvB0/ANMNYCptEi6LjKwKQr
g6YOt/fIjHf39yD3jgPmwxy6TeQcMnAVdkQPhiJgZhOXVoRgJFfRtzM1ODwP/QqG
WdymFoTS0hbgOzYUW7ljQh+eCLNkLhKoY70kWfmpTE8+/pP1fvlTqDfQXcNsdXhm
5dELRsnU68TZZFhOcc+d8UQtcuQGhbdeAncTpYnx+YI4myb0mrTCz+f6mgjmRixv
Bam9wW4dKtBkg+6j0m0lnrLlAtw0hRQ4oB/EWD+KVcmgJtEB3Z5y+iRyNwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEHakyh6IqlEkt2Gzwbjc60IUPflMB8GA1UdIwQY
MBaAFBmxBdFI3plgNv3yHLIIozihWM7aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2JFRjBVamVtV0EyX2ZJY3NnaWpPS0ZZenRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi81MmNiOGQtMTFkNC00ZjljLThmOTIt
MjZlNjRkNzhiMGM2LzEvUWRxVEtIb2lxVVNTM1liUEJ1TnpyUWhROS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi81MmNiOGQtMTFkNC00ZjljLThmOTItMjZlNjRkNzhiMGM2
LzEvR2JFRjBVamVtV0EyX2ZJY3NnaWpPS0ZZenRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuYryMA8E
AgACMAkDBwAqBxDADFcwDQYJKoZIhvcNAQELBQADggEBABrgz+eXuHHhdtatAY1E
uDBzbYZn3y1JUzemAk8i1+rz2gQT1XymylBGE5/di8ljHeec47ykNn0ImKh8Lkes
ZLQ73lb//Sm/UoIdzFK8YEWLqWD23COnq7S4JcvOs+nAp6hiHuNzrf9ZZZ4uWstB
pSot934vBA9Hq4jMWmUVmSChTNLKHqWxM1iLYvI3aJs8hxI0KRLDt35+Y3R7Jxav
+zKp02rm984L9Mc4JPG22VtZxfwS0V5d7kymcTozGm33lsdFeOJFUebDXUbcYPHk
dYHAbzz4xaTsRxoiPcntcjjO4B3fSQ56V7zNKwc6F4t7JIAJ2x7aGr62eVRsr/Kw
0w0=
-----END CERTIFICATE-----