Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/q_VxYTNksLn-A2DiKrfsqvcSMaw.roa
File:                     q_VxYTNksLn-A2DiKrfsqvcSMaw.roa (raw, json)
Hash identifier:          9v/49noAVbeRiYCi+xkrBzJwESjZSadJSkvsw1PN9x8=
Subject key identifier:   AB:F5:71:61:33:64:B0:B9:FE:03:60:E2:2A:B7:EC:AA:F7:12:31:AC
Certificate issuer:       /CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
Certificate serial:       01942521FA84AD2D9D6BFC94032103CE1D76
Authority key identifier: D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/q_VxYTNksLn-A2DiKrfsqvcSMaw.roa
Signing time:             Thu 02 Jan 2025 03:49:31 +0000
ROA not before:           Thu 02 Jan 2025 03:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.205.0/24 maxlen: 24
                          2001:7f8:111::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:fa:84:ad:2d:9d:6b:fc:94:03:21:03:ce:1d:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
        Validity
            Not Before: Jan  2 03:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abf571613364b0b9fe0360e22ab7ecaaf71231ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:69:1d:09:d7:e0:14:e4:c9:ad:5f:a5:91:a2:
                    a3:70:bf:21:5a:d8:14:29:48:d8:7d:54:58:69:90:
                    02:2b:82:eb:c1:ec:33:09:a2:87:33:db:ca:c1:43:
                    e0:54:22:05:24:0b:40:b4:a0:7c:0d:d2:17:64:eb:
                    de:fe:ec:74:df:c0:a9:08:a0:f4:3e:23:50:77:de:
                    ac:59:4a:f3:42:d3:eb:8c:60:74:ca:84:49:f2:3b:
                    b7:90:2b:8f:cb:72:99:30:b5:49:55:98:d5:07:b3:
                    27:1d:1e:77:19:d7:e4:d3:64:3b:b4:a4:c8:d4:5a:
                    b1:ee:6e:3b:81:e4:f4:e2:ed:10:ac:da:de:f0:c8:
                    ee:a8:d0:7e:40:c2:2a:40:f5:9c:06:b0:4a:a9:d6:
                    0e:3b:8a:52:4f:8a:85:b8:12:71:82:81:cf:ab:44:
                    af:16:a6:85:72:74:1a:d7:3d:2e:fe:e5:26:10:43:
                    06:49:e7:4f:24:76:8b:db:7a:05:08:b4:28:66:ed:
                    91:6e:c2:15:6d:65:3c:94:53:8d:6a:b5:15:9f:06:
                    cb:00:15:29:88:76:14:f5:a3:d1:17:52:fd:67:6a:
                    89:3d:31:b9:c7:ae:62:9d:9c:1e:7c:8c:e8:19:c4:
                    bb:85:4b:8c:6d:07:a5:6a:3b:6e:13:26:1a:1f:26:
                    4b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:F5:71:61:33:64:B0:B9:FE:03:60:E2:2A:B7:EC:AA:F7:12:31:AC
            X509v3 Authority Key Identifier:
                keyid:D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/q_VxYTNksLn-A2DiKrfsqvcSMaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.205.0/24
                IPv6:
                  2001:7f8:111::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:3c:08:63:91:aa:ea:39:96:25:12:c9:2a:0b:59:1a:34:99:
         47:e5:9f:24:60:75:61:f6:5d:5c:65:dd:8c:a9:49:e9:ef:0e:
         de:ad:ab:ca:8a:75:35:59:be:80:05:d8:c2:20:92:88:ff:6e:
         bd:4c:21:4a:90:9b:08:07:4f:a3:a5:76:d0:6b:ec:a8:9e:83:
         5a:67:9e:db:d0:7e:4f:73:2c:9e:fe:64:b4:72:de:84:bb:8b:
         c2:5a:a5:e7:a8:e6:bd:68:fb:ee:58:e9:1e:ee:0a:cf:df:ea:
         c6:70:63:8b:da:d5:55:41:ee:49:04:84:be:68:20:48:84:9b:
         1d:4e:bc:39:c5:66:01:f0:a6:fc:82:c9:b9:6c:50:ce:ff:ce:
         cb:e8:27:d0:a3:92:33:3b:76:b2:7e:67:e4:65:d2:1b:cd:48:
         e1:c4:ac:4c:82:c8:26:0a:07:f8:49:15:1b:e1:25:32:0e:f8:
         d8:c9:ad:e0:a4:39:24:65:80:d6:77:f8:ea:03:b4:4e:c4:62:
         b4:db:e3:b0:72:b0:d4:5e:a0:a1:3d:92:a5:9d:41:ee:8f:e5:
         f0:1f:f3:e1:e6:01:50:bb:33:d7:a4:e5:15:18:b7:52:9e:fc:
         ac:49:52:3b:53:95:a7:79:44:58:84:0b:43:ba:44:ad:f3:0a:
         8c:6f:4a:d0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlIfqErS2da/yUAyEDzh12MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZmMwYmVjNjBkMGJhY2UxODg5Njc3YmQ5YmI5MDE5MGNj
NGZkMjIwHhcNMjUwMTAyMDM0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmY1NzE2MTMzNjRiMGI5ZmUwMzYwZTIyYWI3ZWNhYWY3MTIzMWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5mkdCdfgFOTJrV+lkaKjcL8hWtgU
KUjYfVRYaZACK4LrwewzCaKHM9vKwUPgVCIFJAtAtKB8DdIXZOve/ux038CpCKD0
PiNQd96sWUrzQtPrjGB0yoRJ8ju3kCuPy3KZMLVJVZjVB7MnHR53Gdfk02Q7tKTI
1Fqx7m47geT04u0QrNre8MjuqNB+QMIqQPWcBrBKqdYOO4pST4qFuBJxgoHPq0Sv
FqaFcnQa1z0u/uUmEEMGSedPJHaL23oFCLQoZu2RbsIVbWU8lFONarUVnwbLABUp
iHYU9aPRF1L9Z2qJPTG5x65inZwefIzoGcS7hUuMbQelajtuEyYaHyZLnQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKv1cWEzZLC5/gNg4iq37Kr3EjGsMB8GA1UdIwQY
MBaAFNn8C+xg0LrOGIlne9m7kBkMxP0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjkt
MzQ2OTAzNGZhNDQxLzEvcV9WeFlUTmtzTG4tQTJEaUtyZnNxdmNTTWF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjktMzQ2OTAzNGZhNDQx
LzEvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQHNMA8E
AgACMAkDBwAgAQf4AREwDQYJKoZIhvcNAQELBQADggEBABE8CGORquo5liUSySoL
WRo0mUflnyRgdWH2XVxl3YypSenvDt6tq8qKdTVZvoAF2MIgkoj/br1MIUqQmwgH
T6OldtBr7Kieg1pnntvQfk9zLJ7+ZLRy3oS7i8Japeeo5r1o++5Y6R7uCs/f6sZw
Y4va1VVB7kkEhL5oIEiEmx1OvDnFZgHwpvyCyblsUM7/zsvoJ9CjkjM7drJ+Z+Rl
0hvNSOHErEyCyCYKB/hJFRvhJTIO+NjJreCkOSRlgNZ3+OoDtE7EYrTb47BysNRe
oKE9kqWdQe6P5fAf8+HmAVC7M9ek5RUYt1Ke/KxJUjtTlad5RFiEC0O6RK3zCoxv
StA=
-----END CERTIFICATE-----