Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/KQ6n4tDni3AIbl89TiA9LShR5J4.roa
File:                     KQ6n4tDni3AIbl89TiA9LShR5J4.roa (raw, json)
Hash identifier:          eJSTrL5nCsUccTE0LUUEIBRIdvXEaKFzbIAwyimw6Ls=
Subject key identifier:   29:0E:A7:E2:D0:E7:8B:70:08:6E:5F:3D:4E:20:3D:2D:28:51:E4:9E
Certificate issuer:       /CN=01626ffd800eafa336bdf343141f03f7c393c364
Certificate serial:       019427477D62B2452C07617D5C43EF9FA303
Authority key identifier: 01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/KQ6n4tDni3AIbl89TiA9LShR5J4.roa
Signing time:             Thu 02 Jan 2025 13:49:44 +0000
ROA not before:           Thu 02 Jan 2025 13:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34012
IP address blocks:        162.248.199.0/24 maxlen: 24
                          162.251.33.0/24 maxlen: 24
                          2a01:40e0:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:7d:62:b2:45:2c:07:61:7d:5c:43:ef:9f:a3:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01626ffd800eafa336bdf343141f03f7c393c364
        Validity
            Not Before: Jan  2 13:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=290ea7e2d0e78b70086e5f3d4e203d2d2851e49e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:4b:fd:56:b9:7c:75:5d:94:05:6e:33:83:86:
                    2d:ce:f2:ee:4a:dc:6b:62:e5:24:d5:dd:ee:bc:84:
                    5e:31:aa:3c:ec:bd:1d:5d:ba:bf:94:f8:fc:f0:69:
                    8f:d3:be:5d:f2:df:df:cc:3e:58:08:dd:79:7f:50:
                    79:15:52:7b:8a:c2:09:b6:87:ed:e3:19:c0:6b:f6:
                    8c:25:a6:59:d7:0c:f3:31:87:02:28:98:71:ad:a9:
                    9c:3b:48:64:89:38:08:d7:66:c0:41:b0:64:e0:c6:
                    0a:f5:a3:ff:c0:f9:02:65:f8:54:ab:ca:34:7a:99:
                    a6:0f:42:57:c6:b9:13:53:50:2b:fe:c6:c5:e6:58:
                    71:a8:73:be:96:62:5e:b4:83:4a:4f:8a:9a:02:7e:
                    4b:a6:58:ae:45:4e:58:ce:0b:ca:ef:04:91:54:de:
                    6b:0c:df:63:45:e2:da:a7:8e:fd:7c:08:87:b7:53:
                    c7:16:f8:dc:80:60:72:68:8a:4f:bb:73:34:a1:c6:
                    71:cc:c9:e9:de:03:40:cc:ed:0d:e2:c5:5a:6c:1d:
                    37:b6:8d:92:6b:0c:1a:54:f1:fa:9c:f5:82:c0:32:
                    b7:c2:40:21:ea:6a:c2:71:5b:c5:c0:7a:c6:1d:e6:
                    10:4b:b7:72:5a:be:a1:a8:01:8b:e6:4f:94:bb:f1:
                    03:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:0E:A7:E2:D0:E7:8B:70:08:6E:5F:3D:4E:20:3D:2D:28:51:E4:9E
            X509v3 Authority Key Identifier:
                keyid:01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/KQ6n4tDni3AIbl89TiA9LShR5J4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.248.199.0/24
                  162.251.33.0/24
                IPv6:
                  2a01:40e0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:26:5f:ea:62:7b:d3:94:94:9f:c3:a1:e4:ff:32:b7:28:8b:
         2b:c2:ed:0e:03:a2:9d:0a:00:91:4e:4e:57:36:07:10:7c:e8:
         a7:7d:4e:22:0d:b9:41:68:91:65:6c:fb:b4:b3:a5:08:7a:a8:
         2b:4c:47:0c:50:2c:cb:67:e6:8d:26:48:9d:04:fa:75:36:cd:
         36:03:96:71:59:72:8e:8d:02:19:9e:47:56:ed:03:54:b6:d1:
         fb:96:24:09:40:56:81:12:7b:15:ad:19:bc:73:e9:d9:3e:00:
         09:58:ed:1f:aa:ec:0d:2e:a8:4b:fc:90:48:ce:1c:de:ae:8e:
         18:47:cb:0c:55:0b:1a:81:f8:1c:3f:eb:32:d9:36:c8:2e:b7:
         94:fa:58:fe:9d:86:2a:74:f4:71:3c:85:0e:05:8e:a3:0e:fc:
         68:13:32:ad:b4:1f:6c:a8:b9:52:28:36:50:2f:38:b0:1e:42:
         ae:43:e9:e8:fd:8e:5f:0c:e5:0b:91:fc:b5:95:22:9d:c0:25:
         f4:20:79:a6:27:1d:43:aa:cf:ac:b9:10:de:77:dc:3a:42:92:
         ab:28:74:3f:8a:83:e7:cf:b8:c3:99:fc:60:26:d7:cc:de:96:
         74:bf:cd:76:67:8f:ee:30:23:f8:d0:cf:b4:42:e3:16:42:58:
         52:25:4f:e2
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQnR31iskUsB2F9XEPvn6MDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNjI2ZmZkODAwZWFmYTMzNmJkZjM0MzE0MWYwM2Y3YzM5
M2MzNjQwHhcNMjUwMTAyMTM0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTBlYTdlMmQwZTc4YjcwMDg2ZTVmM2Q0ZTIwM2QyZDI4NTFlNDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUv9Vrl8dV2UBW4zg4YtzvLuStxr
YuUk1d3uvIReMao87L0dXbq/lPj88GmP075d8t/fzD5YCN15f1B5FVJ7isIJtoft
4xnAa/aMJaZZ1wzzMYcCKJhxramcO0hkiTgI12bAQbBk4MYK9aP/wPkCZfhUq8o0
epmmD0JXxrkTU1Ar/sbF5lhxqHO+lmJetINKT4qaAn5LpliuRU5YzgvK7wSRVN5r
DN9jReLap479fAiHt1PHFvjcgGByaIpPu3M0ocZxzMnp3gNAzO0N4sVabB03to2S
awwaVPH6nPWCwDK3wkAh6mrCcVvFwHrGHeYQS7dyWr6hqAGL5k+Uu/ED4wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFCkOp+LQ54twCG5fPU4gPS0oUeSeMB8GA1UdIwQY
MBaAFAFib/2ADq+jNr3zQxQfA/fDk8NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODct
MWY0YmVhMjNlNGM3LzEvS1E2bjR0RG5pM0FJYmw4OVRpQTlMU2hSNUo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODctMWY0YmVhMjNlNGM3
LzEvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAovjHAwQA
ovshMA8EAgACMAkDBwAqAUDgAAIwDQYJKoZIhvcNAQELBQADggEBAHYmX+pie9OU
lJ/DoeT/MrcoiyvC7Q4Dop0KAJFOTlc2BxB86Kd9TiINuUFokWVs+7SzpQh6qCtM
RwxQLMtn5o0mSJ0E+nU2zTYDlnFZco6NAhmeR1btA1S20fuWJAlAVoESexWtGbxz
6dk+AAlY7R+q7A0uqEv8kEjOHN6ujhhHywxVCxqB+Bw/6zLZNsgut5T6WP6dhip0
9HE8hQ4FjqMO/GgTMq20H2youVIoNlAvOLAeQq5D6ej9jl8M5QuR/LWVIp3AJfQg
eaYnHUOqz6y5EN533DpCkqsodD+Kg+fPuMOZ/GAm18zelnS/zXZnj+4wI/jQz7RC
4xZCWFIlT+I=
-----END CERTIFICATE-----