Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/d81f14-1ff4-42b1-9b9f-34cd0575e1cb/1/qrZKSOFpAICcNRLOx5AIirWqvBo.roa
File:                     qrZKSOFpAICcNRLOx5AIirWqvBo.roa (raw, json)
Hash identifier:          h3wCdr8A46DdDE5I42tcnvu/LE64VypZvT4djSXNycs=
Subject key identifier:   AA:B6:4A:48:E1:69:00:80:9C:35:12:CE:C7:90:08:8A:B5:AA:BC:1A
Certificate issuer:       /CN=cc55f76cfe9dafb2d94190142bc8aab0d32806ee
Certificate serial:       01942747A83BA740172FD75A297AE5D9726D
Authority key identifier: CC:55:F7:6C:FE:9D:AF:B2:D9:41:90:14:2B:C8:AA:B0:D3:28:06:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zFX3bP6dr7LZQZAUK8iqsNMoBu4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/d81f14-1ff4-42b1-9b9f-34cd0575e1cb/1/qrZKSOFpAICcNRLOx5AIirWqvBo.roa
Signing time:             Thu 02 Jan 2025 13:49:55 +0000
ROA not before:           Thu 02 Jan 2025 13:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44576
IP address blocks:        194.8.76.0/24 maxlen: 24
                          194.8.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/d81f14-1ff4-42b1-9b9f-34cd0575e1cb/1/zFX3bP6dr7LZQZAUK8iqsNMoBu4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/d81f14-1ff4-42b1-9b9f-34cd0575e1cb/1/zFX3bP6dr7LZQZAUK8iqsNMoBu4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zFX3bP6dr7LZQZAUK8iqsNMoBu4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:a8:3b:a7:40:17:2f:d7:5a:29:7a:e5:d9:72:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc55f76cfe9dafb2d94190142bc8aab0d32806ee
        Validity
            Not Before: Jan  2 13:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aab64a48e16900809c3512cec790088ab5aabc1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:35:fe:f2:02:ef:aa:9c:9b:8e:96:7b:63:df:
                    ca:27:de:a9:8a:c2:83:d6:fe:8c:54:e1:b3:f5:6d:
                    8f:12:57:4c:6b:4d:3b:85:e5:0d:06:ac:39:e5:20:
                    89:c8:68:b0:4e:6e:20:b0:44:7f:a6:5b:55:13:4c:
                    93:32:cd:48:a1:df:ab:98:9c:16:49:bf:50:50:af:
                    53:3d:1f:8b:a1:06:f3:3c:3f:ef:9a:e0:2c:14:a8:
                    81:39:d4:0c:16:89:93:f1:6b:8a:08:ef:e5:3e:33:
                    f9:02:01:0e:19:65:f6:01:8e:7b:27:b7:91:13:0c:
                    b3:59:9a:5b:67:bb:00:b4:85:46:42:e6:91:40:f9:
                    c1:cd:6e:ae:c4:df:71:71:db:ff:7b:75:c8:3c:8b:
                    98:af:2f:7d:a7:99:20:8c:3c:21:d1:3b:50:5d:a4:
                    65:c9:7f:e3:b0:41:82:3a:c8:6d:f2:62:2f:6e:cb:
                    fe:c3:7b:28:52:7b:85:99:25:e1:5c:1e:4a:5e:4b:
                    f1:89:df:4d:a7:96:98:e9:b3:14:34:22:aa:60:67:
                    0c:35:7c:c4:79:ad:63:79:66:fd:10:bd:92:7d:03:
                    ac:29:83:34:cb:25:7f:44:89:0d:87:78:63:8d:21:
                    d3:9d:65:44:b7:69:96:d5:5c:06:ac:73:8f:40:23:
                    30:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:B6:4A:48:E1:69:00:80:9C:35:12:CE:C7:90:08:8A:B5:AA:BC:1A
            X509v3 Authority Key Identifier:
                keyid:CC:55:F7:6C:FE:9D:AF:B2:D9:41:90:14:2B:C8:AA:B0:D3:28:06:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zFX3bP6dr7LZQZAUK8iqsNMoBu4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/d81f14-1ff4-42b1-9b9f-34cd0575e1cb/1/qrZKSOFpAICcNRLOx5AIirWqvBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/d81f14-1ff4-42b1-9b9f-34cd0575e1cb/1/zFX3bP6dr7LZQZAUK8iqsNMoBu4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c0:f6:3f:9a:5d:30:fa:58:87:08:66:06:82:3a:a4:36:9a:d5:
         f7:df:36:b3:4a:0b:b5:44:5b:a4:e6:b1:da:2a:1c:65:fc:ad:
         6b:2e:1c:9b:b2:96:8b:e3:cf:72:af:bc:b3:71:8d:f4:9e:dd:
         fa:47:7b:4a:8b:fc:f7:37:e5:e3:ee:f6:fd:71:98:cc:64:8e:
         b9:d4:6d:b7:92:f5:32:5c:73:31:7f:9f:e2:70:3a:f5:b4:7b:
         aa:79:5a:30:f9:b6:64:3f:27:76:5c:ce:55:d8:92:de:87:5c:
         94:30:79:dc:a6:2f:15:b2:d9:b3:56:e3:60:8c:b7:71:db:95:
         83:00:8b:9d:c8:78:2b:07:f2:ad:11:b3:ba:1f:76:48:42:c4:
         26:19:fc:67:6b:ae:59:ad:65:09:34:15:73:3b:f7:46:ab:a8:
         f4:02:2a:4a:c1:f4:9e:08:0f:b2:3b:8d:09:7c:36:8f:b3:29:
         5d:39:70:65:28:95:d8:02:5c:1f:c8:79:60:c4:f7:e7:8e:85:
         59:b7:fe:05:85:1e:57:66:85:7e:6c:1b:0f:a4:b8:36:fe:56:
         c8:8d:c1:1c:31:8c:91:44:a9:0c:11:99:d3:d9:5f:58:ad:6a:
         c7:a8:7b:4a:a6:52:05:fc:90:48:e9:5c:64:5f:0d:c0:d8:cc:
         93:2c:c0:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR6g7p0AXL9daKXrl2XJtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNTVmNzZjZmU5ZGFmYjJkOTQxOTAxNDJiYzhhYWIwZDMy
ODA2ZWUwHhcNMjUwMTAyMTM0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWI2NGE0OGUxNjkwMDgwOWMzNTEyY2VjNzkwMDg4YWI1YWFiYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTX+8gLvqpybjpZ7Y9/KJ96pisKD
1v6MVOGz9W2PEldMa007heUNBqw55SCJyGiwTm4gsER/pltVE0yTMs1Iod+rmJwW
Sb9QUK9TPR+LoQbzPD/vmuAsFKiBOdQMFomT8WuKCO/lPjP5AgEOGWX2AY57J7eR
EwyzWZpbZ7sAtIVGQuaRQPnBzW6uxN9xcdv/e3XIPIuYry99p5kgjDwh0TtQXaRl
yX/jsEGCOsht8mIvbsv+w3soUnuFmSXhXB5KXkvxid9Np5aY6bMUNCKqYGcMNXzE
ea1jeWb9EL2SfQOsKYM0yyV/RIkNh3hjjSHTnWVEt2mW1VwGrHOPQCMwKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKq2SkjhaQCAnDUSzseQCIq1qrwaMB8GA1UdIwQY
MBaAFMxV92z+na+y2UGQFCvIqrDTKAbuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekZYM2JQNmRyN0xaUVpBVUs4aXFzTk1vQnU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9kODFmMTQtMWZmNC00MmIxLTliOWYt
MzRjZDA1NzVlMWNiLzEvcXJaS1NPRnBBSUNjTlJMT3g1QUlpcldxdkJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9kODFmMTQtMWZmNC00MmIxLTliOWYtMzRjZDA1NzVlMWNi
LzEvekZYM2JQNmRyN0xaUVpBVUs4aXFzTk1vQnU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwghMMA0G
CSqGSIb3DQEBCwUAA4IBAQDA9j+aXTD6WIcIZgaCOqQ2mtX33zazSgu1RFuk5rHa
Khxl/K1rLhybspaL489yr7yzcY30nt36R3tKi/z3N+Xj7vb9cZjMZI651G23kvUy
XHMxf5/icDr1tHuqeVow+bZkPyd2XM5V2JLeh1yUMHncpi8VstmzVuNgjLdx25WD
AIudyHgrB/KtEbO6H3ZIQsQmGfxna65ZrWUJNBVzO/dGq6j0AipKwfSeCA+yO40J
fDaPsyldOXBlKJXYAlwfyHlgxPfnjoVZt/4FhR5XZoV+bBsPpLg2/lbIjcEcMYyR
RKkMEZnT2V9YrWrHqHtKplIF/JBI6VxkXw3A2MyTLMDG
-----END CERTIFICATE-----