Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/Qxvf4dambUM4wGGmpG65pgeoc3M.roa
File:                     Qxvf4dambUM4wGGmpG65pgeoc3M.roa (raw, json)
Hash identifier:          dkmpKTZscpBI0IsTqLbisMD9yO7kEmJGfj1/YKPtkuc=
Subject key identifier:   43:1B:DF:E1:D6:A6:6D:43:38:C0:61:A6:A4:6E:B9:A6:07:A8:73:73
Certificate issuer:       /CN=90620638ca1d835650e08ddcf363f10789b53057
Certificate serial:       0194228DC3F0D455508DD82289BC44BE34BE
Authority key identifier: 90:62:06:38:CA:1D:83:56:50:E0:8D:DC:F3:63:F1:07:89:B5:30:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kGIGOModg1ZQ4I3c82PxB4m1MFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/Qxvf4dambUM4wGGmpG65pgeoc3M.roa
Signing time:             Wed 01 Jan 2025 15:48:23 +0000
ROA not before:           Wed 01 Jan 2025 15:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7015
IP address blocks:        206.195.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/kGIGOModg1ZQ4I3c82PxB4m1MFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/kGIGOModg1ZQ4I3c82PxB4m1MFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kGIGOModg1ZQ4I3c82PxB4m1MFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:c3:f0:d4:55:50:8d:d8:22:89:bc:44:be:34:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90620638ca1d835650e08ddcf363f10789b53057
        Validity
            Not Before: Jan  1 15:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=431bdfe1d6a66d4338c061a6a46eb9a607a87373
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ee:eb:d8:d6:96:12:df:12:18:9b:9f:03:92:
                    ee:85:e7:a0:7c:1c:37:36:21:8b:19:b8:36:6b:58:
                    4c:15:71:d1:c5:50:0b:25:cc:fe:38:ad:54:b2:e1:
                    fc:98:48:40:79:ed:4a:6c:70:04:0d:fb:ac:c0:73:
                    a9:e8:93:ef:55:72:39:c9:28:a0:9d:65:50:8a:da:
                    98:99:f3:95:a0:ec:d0:a9:94:4b:ee:f0:a6:c8:ea:
                    7f:97:76:3b:30:f2:3b:13:93:81:69:60:3a:9b:77:
                    5e:c7:e1:f5:57:ab:85:d5:2a:d6:13:a8:ff:50:fd:
                    1f:c8:31:00:f9:65:71:fb:d1:95:ec:a0:66:a9:f4:
                    be:e0:14:44:29:af:9e:01:1a:62:fd:48:89:b1:9f:
                    78:f4:80:0f:22:20:7a:74:24:e3:23:9a:4e:7b:30:
                    09:57:54:32:27:f0:ac:a6:42:04:5f:de:ef:12:46:
                    76:44:3d:ed:e3:d1:2b:fb:79:2d:01:2d:7c:e2:c4:
                    c0:80:c7:77:f0:01:a3:3b:74:a5:c9:6b:a6:f5:97:
                    43:aa:06:ce:9f:ce:c0:db:d3:47:3e:df:29:57:f6:
                    0a:be:4c:f6:ef:b5:f5:8f:90:56:d4:4f:c0:86:4f:
                    3b:af:a7:73:66:ab:66:64:eb:71:64:36:d8:51:b9:
                    73:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:1B:DF:E1:D6:A6:6D:43:38:C0:61:A6:A4:6E:B9:A6:07:A8:73:73
            X509v3 Authority Key Identifier:
                keyid:90:62:06:38:CA:1D:83:56:50:E0:8D:DC:F3:63:F1:07:89:B5:30:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kGIGOModg1ZQ4I3c82PxB4m1MFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/Qxvf4dambUM4wGGmpG65pgeoc3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/kGIGOModg1ZQ4I3c82PxB4m1MFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.195.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:35:4b:96:d4:dc:cf:41:ba:20:8e:e0:fb:2a:32:9b:13:84:
         5d:e5:26:34:ea:c2:7c:18:22:3f:4f:1c:fc:95:3a:4f:09:50:
         15:88:87:ff:40:8e:70:bf:08:e8:37:70:0d:94:4d:3f:af:10:
         59:39:32:73:36:a9:c3:05:92:99:f8:8d:63:57:c5:a3:45:82:
         1f:05:8e:11:3e:c5:7f:3d:6b:00:ce:76:da:b6:3f:29:0d:93:
         8a:8b:26:6d:73:8b:ab:5b:67:cf:a8:a7:61:fb:e8:29:40:21:
         e9:7c:0b:b5:e7:bb:4f:1a:6e:a5:53:3e:55:82:e6:df:c9:80:
         bd:ad:78:da:a5:e5:f3:32:c0:4b:7f:df:9e:64:d8:4d:c8:85:
         1e:c5:13:61:85:91:de:fd:db:46:0a:69:a6:f1:f9:bb:b2:ac:
         22:fc:fa:a6:fe:9f:4a:79:b1:5c:72:92:c4:2a:ed:3d:a7:09:
         1e:63:9e:ba:e8:b4:a1:2e:5a:db:6b:4b:5c:2b:c5:90:cb:18:
         22:09:84:a8:bd:b3:32:27:fd:af:47:6d:96:f6:70:c5:5f:4b:
         0a:62:44:7b:f9:94:1b:a8:d2:4f:bd:37:20:1d:2d:dd:16:51:
         ad:91:0b:31:ee:96:40:53:a6:9f:38:71:25:ee:8f:fc:2e:62:
         e3:e0:ab:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijcPw1FVQjdgiibxEvjS+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNjIwNjM4Y2ExZDgzNTY1MGUwOGRkY2YzNjNmMTA3ODli
NTMwNTcwHhcNMjUwMTAxMTU0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzFiZGZlMWQ2YTY2ZDQzMzhjMDYxYTZhNDZlYjlhNjA3YTg3MzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzO7r2NaWEt8SGJufA5LuheegfBw3
NiGLGbg2a1hMFXHRxVALJcz+OK1UsuH8mEhAee1KbHAEDfuswHOp6JPvVXI5ySig
nWVQitqYmfOVoOzQqZRL7vCmyOp/l3Y7MPI7E5OBaWA6m3dex+H1V6uF1SrWE6j/
UP0fyDEA+WVx+9GV7KBmqfS+4BREKa+eARpi/UiJsZ949IAPIiB6dCTjI5pOezAJ
V1QyJ/CspkIEX97vEkZ2RD3t49Er+3ktAS184sTAgMd38AGjO3SlyWum9ZdDqgbO
n87A29NHPt8pV/YKvkz277X1j5BW1E/Ahk87r6dzZqtmZOtxZDbYUblzkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMb3+HWpm1DOMBhpqRuuaYHqHNzMB8GA1UdIwQY
MBaAFJBiBjjKHYNWUOCN3PNj8QeJtTBXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0dJR09Nb2RnMVpRNEkzYzgyUHhCNG0xTUZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS80MWFmMmQtZjNkZS00NWQ1LTk0MWMt
YzQzYWM0MjllNTNmLzEvUXh2ZjRkYW1iVU00d0dHbXBHNjVwZ2VvYzNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS80MWFmMmQtZjNkZS00NWQ1LTk0MWMtYzQzYWM0MjllNTNm
LzEva0dJR09Nb2RnMVpRNEkzYzgyUHhCNG0xTUZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAzsM0MA0G
CSqGSIb3DQEBCwUAA4IBAQBINUuW1NzPQbogjuD7KjKbE4Rd5SY06sJ8GCI/Txz8
lTpPCVAViIf/QI5wvwjoN3ANlE0/rxBZOTJzNqnDBZKZ+I1jV8WjRYIfBY4RPsV/
PWsAznbatj8pDZOKiyZtc4urW2fPqKdh++gpQCHpfAu157tPGm6lUz5VgubfyYC9
rXjapeXzMsBLf9+eZNhNyIUexRNhhZHe/dtGCmmm8fm7sqwi/Pqm/p9KebFccpLE
Ku09pwkeY5666LShLlrba0tcK8WQyxgiCYSovbMyJ/2vR22W9nDFX0sKYkR7+ZQb
qNJPvTcgHS3dFlGtkQsx7pZAU6afOHEl7o/8LmLj4Ksc
-----END CERTIFICATE-----