Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/ce0edd-80d4-4af6-baec-baf2572e8093/1/QJ-q4jY57XBPftq8mgfLyBux4KM.roa
File:                     QJ-q4jY57XBPftq8mgfLyBux4KM.roa (raw, json)
Hash identifier:          pgWu6jyyJTF/Q2y1mtLzh6qQQVUyFCHc0G6KZW7xtps=
Subject key identifier:   40:9F:AA:E2:36:39:ED:70:4F:7E:DA:BC:9A:07:CB:C8:1B:B1:E0:A3
Certificate issuer:       /CN=25e8277d1feab52387eab26f8dcca9260c258a3d
Certificate serial:       0194258F77167E33F32B4E3E9AA081095997
Authority key identifier: 25:E8:27:7D:1F:EA:B5:23:87:EA:B2:6F:8D:CC:A9:26:0C:25:8A:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JegnfR_qtSOH6rJvjcypJgwlij0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/ce0edd-80d4-4af6-baec-baf2572e8093/1/QJ-q4jY57XBPftq8mgfLyBux4KM.roa
Signing time:             Thu 02 Jan 2025 05:49:06 +0000
ROA not before:           Thu 02 Jan 2025 05:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50239
IP address blocks:        109.196.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/ce0edd-80d4-4af6-baec-baf2572e8093/1/JegnfR_qtSOH6rJvjcypJgwlij0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/ce0edd-80d4-4af6-baec-baf2572e8093/1/JegnfR_qtSOH6rJvjcypJgwlij0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JegnfR_qtSOH6rJvjcypJgwlij0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:77:16:7e:33:f3:2b:4e:3e:9a:a0:81:09:59:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e8277d1feab52387eab26f8dcca9260c258a3d
        Validity
            Not Before: Jan  2 05:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=409faae23639ed704f7edabc9a07cbc81bb1e0a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:87:c2:f2:cb:44:ed:dc:1a:09:5a:6f:98:7f:
                    90:02:89:ec:7b:6f:3b:41:55:85:a4:b2:81:c9:6b:
                    21:4d:0a:9f:b9:94:64:c5:e4:02:71:15:29:d2:3f:
                    3b:41:97:3f:5a:a8:cd:f5:2a:24:1e:1a:83:ff:49:
                    58:0a:0a:54:ba:49:42:5b:98:64:ca:09:b7:93:22:
                    2f:b5:dc:f0:81:57:35:51:aa:91:70:2f:ad:6b:d3:
                    60:e3:71:17:10:35:7b:23:c6:91:ab:5d:78:59:2b:
                    c1:0a:78:43:7f:b4:b9:20:e2:12:e0:79:e9:14:b8:
                    03:10:3d:fe:d7:83:6f:cf:d3:78:52:54:ed:d4:97:
                    d6:87:19:7d:c9:71:4c:dd:18:d1:0d:58:ca:8f:50:
                    cf:f3:b5:ab:32:40:0c:fe:bb:43:ab:cb:6d:f3:c8:
                    02:cd:31:54:ba:36:5c:f1:64:46:93:0b:47:3a:ef:
                    bc:7f:ea:11:70:b7:98:1a:8d:5a:e0:52:f6:f0:8c:
                    39:e2:5f:18:9f:0b:40:48:bd:86:9e:a6:42:f5:6e:
                    1f:da:92:61:c4:0d:6f:77:be:a1:79:57:4b:3e:a5:
                    ea:98:a7:c0:2e:64:a0:e3:f1:bb:0f:96:ad:fb:55:
                    46:4f:6f:77:42:eb:6b:06:01:48:44:54:e4:d8:d5:
                    06:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:9F:AA:E2:36:39:ED:70:4F:7E:DA:BC:9A:07:CB:C8:1B:B1:E0:A3
            X509v3 Authority Key Identifier:
                keyid:25:E8:27:7D:1F:EA:B5:23:87:EA:B2:6F:8D:CC:A9:26:0C:25:8A:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JegnfR_qtSOH6rJvjcypJgwlij0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ce0edd-80d4-4af6-baec-baf2572e8093/1/QJ-q4jY57XBPftq8mgfLyBux4KM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ce0edd-80d4-4af6-baec-baf2572e8093/1/JegnfR_qtSOH6rJvjcypJgwlij0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.196.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         04:4c:87:64:6b:de:74:94:9a:d5:2b:bd:17:ec:9e:2d:b5:7d:
         01:60:5d:cd:01:0f:83:10:9b:2c:e0:31:1e:82:63:d3:87:06:
         57:0e:fb:30:0e:dd:b7:a5:5b:d0:d5:77:e1:11:b3:10:7c:6e:
         e4:39:3e:30:dc:3d:44:89:80:93:21:64:58:3f:71:2c:50:82:
         8a:a3:e7:7a:ec:9a:ab:38:00:0f:e1:52:ef:80:66:1d:53:14:
         08:d5:ee:06:fb:3b:f3:19:9f:08:a2:38:ab:b1:d9:e5:d4:94:
         da:d2:e4:89:34:e2:2b:d6:72:fe:5b:d4:51:50:44:7b:06:6e:
         53:c1:9c:94:03:f8:2e:63:b0:00:ac:3f:dd:16:2c:bf:a7:25:
         25:2b:80:86:28:23:3f:74:46:75:67:cc:d4:11:d2:b9:e3:33:
         2d:ab:64:e5:e1:99:d8:26:e2:4f:e2:69:88:47:b9:ae:a4:01:
         b2:23:95:b6:74:34:af:78:48:c6:ca:e6:3f:f0:03:bb:72:d2:
         61:8b:9c:2e:42:f6:bb:a9:3a:af:ec:1b:22:96:e6:15:9e:5a:
         ce:35:65:4e:43:b9:78:01:48:5d:23:37:f6:60:77:6e:6e:8d:
         f4:43:59:bf:87:46:50:9a:8a:bd:af:e0:d7:e3:23:33:62:4b:
         e6:37:74:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj3cWfjPzK04+mqCBCVmXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTgyNzdkMWZlYWI1MjM4N2VhYjI2ZjhkY2NhOTI2MGMy
NThhM2QwHhcNMjUwMTAyMDU0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDlmYWFlMjM2MzllZDcwNGY3ZWRhYmM5YTA3Y2JjODFiYjFlMGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4fC8stE7dwaCVpvmH+QAonse287
QVWFpLKByWshTQqfuZRkxeQCcRUp0j87QZc/WqjN9SokHhqD/0lYCgpUuklCW5hk
ygm3kyIvtdzwgVc1UaqRcC+ta9Ng43EXEDV7I8aRq114WSvBCnhDf7S5IOIS4Hnp
FLgDED3+14Nvz9N4UlTt1JfWhxl9yXFM3RjRDVjKj1DP87WrMkAM/rtDq8tt88gC
zTFUujZc8WRGkwtHOu+8f+oRcLeYGo1a4FL28Iw54l8YnwtASL2GnqZC9W4f2pJh
xA1vd76heVdLPqXqmKfALmSg4/G7D5at+1VGT293QutrBgFIRFTk2NUGBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECfquI2Oe1wT37avJoHy8gbseCjMB8GA1UdIwQY
MBaAFCXoJ30f6rUjh+qyb43MqSYMJYo9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVnbmZSX3F0U09INnJKdmpjeXBKZ3dsaWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9jZTBlZGQtODBkNC00YWY2LWJhZWMt
YmFmMjU3MmU4MDkzLzEvUUotcTRqWTU3WEJQZnRxOG1nZkx5QnV4NEtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9jZTBlZGQtODBkNC00YWY2LWJhZWMtYmFmMjU3MmU4MDkz
LzEvSmVnbmZSX3F0U09INnJKdmpjeXBKZ3dsaWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEbcQAMA0G
CSqGSIb3DQEBCwUAA4IBAQAETIdka950lJrVK70X7J4ttX0BYF3NAQ+DEJss4DEe
gmPThwZXDvswDt23pVvQ1XfhEbMQfG7kOT4w3D1EiYCTIWRYP3EsUIKKo+d67Jqr
OAAP4VLvgGYdUxQI1e4G+zvzGZ8Iojirsdnl1JTa0uSJNOIr1nL+W9RRUER7Bm5T
wZyUA/guY7AArD/dFiy/pyUlK4CGKCM/dEZ1Z8zUEdK54zMtq2Tl4ZnYJuJP4mmI
R7mupAGyI5W2dDSveEjGyuY/8AO7ctJhi5wuQva7qTqv7BsiluYVnlrONWVOQ7l4
AUhdIzf2YHdubo30Q1m/h0ZQmoq9r+DX4yMzYkvmN3Ta
-----END CERTIFICATE-----