Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/QRsEK7Mm82AysiVwrsI0fcQwGZk.roa
File:                     QRsEK7Mm82AysiVwrsI0fcQwGZk.roa (raw, json)
Hash identifier:          +14a6gbAtC3j39lO1seQMdbzRZUzjrGGX9KqhXCRQaA=
Subject key identifier:   41:1B:04:2B:B3:26:F3:60:32:B2:25:70:AE:C2:34:7D:C4:30:19:99
Certificate issuer:       /CN=845c58752f3336422ff0ee1726474591e7a41e5f
Certificate serial:       019424454CA17EAE33A93510D0253C1C21AC
Authority key identifier: 84:5C:58:75:2F:33:36:42:2F:F0:EE:17:26:47:45:91:E7:A4:1E:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFxYdS8zNkIv8O4XJkdFkeekHl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/QRsEK7Mm82AysiVwrsI0fcQwGZk.roa
Signing time:             Wed 01 Jan 2025 23:48:28 +0000
ROA not before:           Wed 01 Jan 2025 23:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215547
IP address blocks:        185.91.24.0/22 maxlen: 24
                          2a00:1932::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/hFxYdS8zNkIv8O4XJkdFkeekHl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/hFxYdS8zNkIv8O4XJkdFkeekHl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hFxYdS8zNkIv8O4XJkdFkeekHl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4c:a1:7e:ae:33:a9:35:10:d0:25:3c:1c:21:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=845c58752f3336422ff0ee1726474591e7a41e5f
        Validity
            Not Before: Jan  1 23:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=411b042bb326f36032b22570aec2347dc4301999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:5a:f0:4f:0c:44:6f:08:3a:22:31:dc:c4:be:
                    b7:5c:97:ca:99:f3:50:82:22:a8:cf:fd:fd:9c:dd:
                    7e:1b:a4:2f:5b:c8:26:ba:cb:40:36:da:a2:35:9e:
                    eb:93:ff:e5:1f:8c:f2:34:dd:4a:13:1c:90:a9:c8:
                    8d:a1:7f:93:88:8e:f7:03:15:59:f5:33:31:31:36:
                    60:d8:4a:f0:45:13:36:fd:32:72:dc:de:04:d1:c5:
                    84:3e:26:5f:56:0b:32:83:40:9e:fc:aa:2a:b1:0f:
                    4f:e3:8c:eb:c1:9d:bb:f9:0c:66:ac:92:e7:0e:98:
                    91:d5:f3:b6:b4:11:94:88:d5:4e:95:ee:37:2c:92:
                    d3:8d:a9:45:c5:b9:96:bb:ea:e3:e2:61:68:f2:60:
                    97:72:9e:d5:a7:60:3b:3a:e4:a1:07:56:ef:35:f2:
                    a1:78:e1:4e:a4:a0:f0:7a:c1:ab:00:99:dc:97:48:
                    d2:ed:17:9f:97:20:f8:b5:5b:4d:f3:67:6b:59:4a:
                    10:63:df:5f:95:61:d8:03:25:87:1e:74:30:08:8e:
                    6b:37:be:02:6d:6b:79:d7:cb:8f:09:ac:c1:96:e4:
                    df:29:c9:f3:c6:48:43:32:8a:4f:62:5e:8f:b7:25:
                    93:25:61:8d:68:0c:74:87:cd:f5:6a:d6:10:d3:be:
                    d6:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:1B:04:2B:B3:26:F3:60:32:B2:25:70:AE:C2:34:7D:C4:30:19:99
            X509v3 Authority Key Identifier:
                keyid:84:5C:58:75:2F:33:36:42:2F:F0:EE:17:26:47:45:91:E7:A4:1E:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFxYdS8zNkIv8O4XJkdFkeekHl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/QRsEK7Mm82AysiVwrsI0fcQwGZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/hFxYdS8zNkIv8O4XJkdFkeekHl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.24.0/22
                IPv6:
                  2a00:1932::/32

    Signature Algorithm: sha256WithRSAEncryption
         bf:f5:dd:03:b2:ae:1d:31:e8:da:91:33:db:ea:4a:3b:51:1f:
         ff:e2:55:52:8b:24:ff:97:d2:25:37:a6:df:49:0f:99:a6:2b:
         f2:a5:cf:24:6b:8f:cd:f9:d2:54:d1:e0:49:e0:48:51:b8:b2:
         a7:09:c6:b2:51:4a:d3:09:a8:97:14:06:5a:f5:01:2c:c0:7f:
         29:32:7e:da:df:af:34:8e:ae:15:0c:37:d1:3e:cd:a8:11:38:
         31:86:1e:f0:01:4d:1a:7b:5b:0d:ee:4f:56:68:93:3a:ad:21:
         42:35:18:06:9c:f1:e1:3a:fa:fc:c2:bc:55:26:cb:48:d5:3a:
         9d:4d:a7:46:5e:32:a7:3e:bb:b5:53:70:ed:53:f9:e3:cb:b3:
         d2:83:e8:68:ea:7f:08:85:3e:d2:00:ed:91:d4:6d:af:1f:5e:
         59:40:81:bc:cb:9b:f9:04:72:8d:d8:a3:b0:ee:f2:fe:9e:45:
         32:13:43:07:33:d8:ea:44:d5:8f:7d:e6:eb:3a:1f:36:af:a6:
         30:d2:f4:47:d7:74:a0:8e:c0:a6:05:b6:3a:be:e1:35:04:f4:
         1f:eb:6b:29:65:e8:d7:9a:a3:ac:51:7c:07:33:0c:56:ed:b9:
         d5:a5:5a:31:5e:29:8f:d2:eb:b8:cb:bd:02:23:a5:e0:a4:fb:
         41:9d:2f:b0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRUyhfq4zqTUQ0CU8HCGsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NWM1ODc1MmYzMzM2NDIyZmYwZWUxNzI2NDc0NTkxZTdh
NDFlNWYwHhcNMjUwMTAxMjM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTFiMDQyYmIzMjZmMzYwMzJiMjI1NzBhZWMyMzQ3ZGM0MzAxOTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVrwTwxEbwg6IjHcxL63XJfKmfNQ
giKoz/39nN1+G6QvW8gmustANtqiNZ7rk//lH4zyNN1KExyQqciNoX+TiI73AxVZ
9TMxMTZg2ErwRRM2/TJy3N4E0cWEPiZfVgsyg0Ce/KoqsQ9P44zrwZ27+QxmrJLn
DpiR1fO2tBGUiNVOle43LJLTjalFxbmWu+rj4mFo8mCXcp7Vp2A7OuShB1bvNfKh
eOFOpKDwesGrAJncl0jS7ReflyD4tVtN82drWUoQY99flWHYAyWHHnQwCI5rN74C
bWt518uPCazBluTfKcnzxkhDMopPYl6PtyWTJWGNaAx0h831atYQ077WbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEEbBCuzJvNgMrIlcK7CNH3EMBmZMB8GA1UdIwQY
MBaAFIRcWHUvMzZCL/DuFyZHRZHnpB5fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZ4WWRTOHpOa0l2OE80WEprZEZrZWVrSGw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS82NGUzYWItMjI4Yy00YTIzLTkyMTYt
ZjEzNGU1MWNjMDViLzEvUVJzRUs3TW04MkF5c2lWd3JzSTBmY1F3R1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS82NGUzYWItMjI4Yy00YTIzLTkyMTYtZjEzNGU1MWNjMDVi
LzEvaEZ4WWRTOHpOa0l2OE80WEprZEZrZWVrSGw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVsYMA0E
AgACMAcDBQAqABkyMA0GCSqGSIb3DQEBCwUAA4IBAQC/9d0Dsq4dMejakTPb6ko7
UR//4lVSiyT/l9IlN6bfSQ+Zpivypc8ka4/N+dJU0eBJ4EhRuLKnCcayUUrTCaiX
FAZa9QEswH8pMn7a3680jq4VDDfRPs2oETgxhh7wAU0ae1sN7k9WaJM6rSFCNRgG
nPHhOvr8wrxVJstI1TqdTadGXjKnPru1U3DtU/njy7PSg+ho6n8IhT7SAO2R1G2v
H15ZQIG8y5v5BHKN2KOw7vL+nkUyE0MHM9jqRNWPfebrOh82r6Yw0vRH13SgjsCm
BbY6vuE1BPQf62spZejXmqOsUXwHMwxW7bnVpVoxXimP0uu4y70CI6XgpPtBnS+w
-----END CERTIFICATE-----