Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/Qw_MgL0jZxAEcUaQV1xqF4PVe2w.roa
File:                     Qw_MgL0jZxAEcUaQV1xqF4PVe2w.roa (raw, json)
Hash identifier:          K6DZu82eoM3254ECuNlV9U+0ldDohrzL2NCBM61LLzM=
Subject key identifier:   43:0F:CC:80:BD:23:67:10:04:71:46:90:57:5C:6A:17:83:D5:7B:6C
Certificate issuer:       /CN=a42000c4f4ec4a03cd4d3657e01b70034ec23b97
Certificate serial:       019422FC0760B0D2DB8E43CE9A114B88D37E
Authority key identifier: A4:20:00:C4:F4:EC:4A:03:CD:4D:36:57:E0:1B:70:03:4E:C2:3B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pCAAxPTsSgPNTTZX4BtwA07CO5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/Qw_MgL0jZxAEcUaQV1xqF4PVe2w.roa
Signing time:             Wed 01 Jan 2025 17:48:49 +0000
ROA not before:           Wed 01 Jan 2025 17:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15533
IP address blocks:        178.218.242.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/pCAAxPTsSgPNTTZX4BtwA07CO5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/pCAAxPTsSgPNTTZX4BtwA07CO5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pCAAxPTsSgPNTTZX4BtwA07CO5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:07:60:b0:d2:db:8e:43:ce:9a:11:4b:88:d3:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a42000c4f4ec4a03cd4d3657e01b70034ec23b97
        Validity
            Not Before: Jan  1 17:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=430fcc80bd23671004714690575c6a1783d57b6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:99:6b:b0:e2:21:79:7b:c7:c7:4f:19:9d:74:
                    82:b4:c7:93:51:5d:d0:e9:14:c4:2b:26:46:af:b6:
                    c8:68:64:82:0a:2c:74:40:75:60:dd:c4:b4:46:2a:
                    b7:c3:59:ba:eb:c0:03:15:67:29:83:77:2d:66:0e:
                    e8:97:1e:49:70:91:98:c6:c5:ec:a4:fc:ff:cd:31:
                    13:36:18:54:c2:63:3b:9b:62:66:ad:68:7f:2d:47:
                    8d:8f:a8:24:ae:a9:1e:2e:4a:19:42:bf:76:8b:fa:
                    3f:28:03:05:15:cd:38:7e:89:c8:45:80:db:c3:9e:
                    e9:43:d0:5f:44:16:d2:ae:25:0c:88:8b:2b:ab:a7:
                    ec:86:32:0d:a8:89:c6:6b:d4:64:dd:3a:7f:5d:18:
                    99:c0:31:72:e7:62:50:25:91:04:a0:cf:aa:d6:bd:
                    d9:86:3a:10:9c:2b:32:46:46:d5:0d:a8:2b:85:e5:
                    c5:88:2f:d5:51:c4:f7:df:db:10:d7:b4:81:aa:62:
                    0d:39:6e:35:76:a6:bd:a6:b4:fa:e8:0d:31:86:89:
                    f2:d6:ea:ac:ae:63:2f:10:32:4b:f8:d9:4a:1e:93:
                    97:b8:13:00:80:8b:14:69:75:6e:a4:5c:2f:4d:b5:
                    30:24:79:15:75:79:54:85:6b:80:d4:81:eb:dd:af:
                    30:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:0F:CC:80:BD:23:67:10:04:71:46:90:57:5C:6A:17:83:D5:7B:6C
            X509v3 Authority Key Identifier:
                keyid:A4:20:00:C4:F4:EC:4A:03:CD:4D:36:57:E0:1B:70:03:4E:C2:3B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pCAAxPTsSgPNTTZX4BtwA07CO5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/Qw_MgL0jZxAEcUaQV1xqF4PVe2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/pCAAxPTsSgPNTTZX4BtwA07CO5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.218.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:b9:50:e8:3b:6a:8a:23:17:b4:0e:c7:be:77:e9:af:dc:de:
         38:75:c0:e5:f5:e7:d3:94:36:3b:be:8e:1b:57:31:15:8a:0b:
         94:48:60:70:07:40:d1:0a:a1:ab:2d:3c:5d:f2:66:ce:54:9d:
         94:97:c7:12:b8:a0:ae:b7:83:96:75:f9:f9:b7:a5:9a:7a:dc:
         f0:ba:f8:96:81:48:4f:62:11:95:1b:65:69:06:d3:94:2f:3c:
         01:78:9b:ac:cd:b7:2d:75:c4:3f:14:aa:71:56:9f:22:d7:a2:
         9b:38:ef:0e:6f:7d:85:6d:75:97:ee:d9:3b:fd:05:74:fc:8e:
         a4:80:f4:00:b6:e2:58:02:36:b0:7f:c8:9c:bd:98:4c:73:d0:
         76:ae:96:32:8a:48:12:74:9d:2a:95:e8:0a:ad:15:4f:9f:0a:
         1c:73:74:6b:29:44:90:ab:e1:6f:b9:c4:cd:6a:e6:92:0d:cc:
         10:7f:2e:54:8d:e7:43:26:c7:44:7f:7b:a0:09:b5:cf:91:26:
         3b:be:26:7c:28:b3:f9:7c:d6:e7:88:0a:ef:be:14:0b:83:f5:
         53:19:1f:26:18:d2:c1:62:89:f3:f6:89:15:9f:86:a3:18:d3:
         86:7d:46:d4:7a:e0:52:1c:93:ab:fa:e4:fe:e7:76:1a:9c:af:
         30:1f:fd:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/AdgsNLbjkPOmhFLiNN+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MjAwMGM0ZjRlYzRhMDNjZDRkMzY1N2UwMWI3MDAzNGVj
MjNiOTcwHhcNMjUwMTAxMTc0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzBmY2M4MGJkMjM2NzEwMDQ3MTQ2OTA1NzVjNmExNzgzZDU3YjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5lrsOIheXvHx08ZnXSCtMeTUV3Q
6RTEKyZGr7bIaGSCCix0QHVg3cS0Riq3w1m668ADFWcpg3ctZg7olx5JcJGYxsXs
pPz/zTETNhhUwmM7m2JmrWh/LUeNj6gkrqkeLkoZQr92i/o/KAMFFc04fonIRYDb
w57pQ9BfRBbSriUMiIsrq6fshjINqInGa9Rk3Tp/XRiZwDFy52JQJZEEoM+q1r3Z
hjoQnCsyRkbVDagrheXFiC/VUcT339sQ17SBqmINOW41dqa9prT66A0xhony1uqs
rmMvEDJL+NlKHpOXuBMAgIsUaXVupFwvTbUwJHkVdXlUhWuA1IHr3a8w7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMPzIC9I2cQBHFGkFdcaheD1XtsMB8GA1UdIwQY
MBaAFKQgAMT07EoDzU02V+AbcANOwjuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcENBQXhQVHNTZ1BOVFRaWDRCdHdBMDdDTzVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xNjNkNzctNGZlYS00MTMxLWJlY2It
MGYyMmQ4OTY4OWEwLzEvUXdfTWdMMGpaeEFFY1VhUVYxeHFGNFBWZTJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xNjNkNzctNGZlYS00MTMxLWJlY2ItMGYyMmQ4OTY4OWEw
LzEvcENBQXhQVHNTZ1BOVFRaWDRCdHdBMDdDTzVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBstryMA0G
CSqGSIb3DQEBCwUAA4IBAQAVuVDoO2qKIxe0Dse+d+mv3N44dcDl9efTlDY7vo4b
VzEViguUSGBwB0DRCqGrLTxd8mbOVJ2Ul8cSuKCut4OWdfn5t6WaetzwuviWgUhP
YhGVG2VpBtOULzwBeJuszbctdcQ/FKpxVp8i16KbOO8Ob32FbXWX7tk7/QV0/I6k
gPQAtuJYAjawf8icvZhMc9B2rpYyikgSdJ0qlegKrRVPnwocc3RrKUSQq+FvucTN
auaSDcwQfy5UjedDJsdEf3ugCbXPkSY7viZ8KLP5fNbniArvvhQLg/VTGR8mGNLB
Yonz9okVn4ajGNOGfUbUeuBSHJOr+uT+53YanK8wH/3W
-----END CERTIFICATE-----