Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/e4e531-6bee-4189-ba7c-203e45616306/1/QCvbSuskCQwLxFQrUoOouHi3diY.roa
File:                     QCvbSuskCQwLxFQrUoOouHi3diY.roa (raw, json)
Hash identifier:          sXGvHwha1X8v4xaWgUMHB+2ZrDbhHWTJfZknYl2gSe0=
Subject key identifier:   40:2B:DB:4A:EB:24:09:0C:0B:C4:54:2B:52:83:A8:B8:78:B7:76:26
Certificate issuer:       /CN=13764a52c85e07e33749743d23a5a24d096df147
Certificate serial:       0194258F9BD68D48E146C131BC7E71FD05C9
Authority key identifier: 13:76:4A:52:C8:5E:07:E3:37:49:74:3D:23:A5:A2:4D:09:6D:F1:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E3ZKUsheB-M3SXQ9I6WiTQlt8Uc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/e4e531-6bee-4189-ba7c-203e45616306/1/QCvbSuskCQwLxFQrUoOouHi3diY.roa
Signing time:             Thu 02 Jan 2025 05:49:15 +0000
ROA not before:           Thu 02 Jan 2025 05:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        95.131.240.0/21 maxlen: 24
                          185.147.148.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/e4e531-6bee-4189-ba7c-203e45616306/1/E3ZKUsheB-M3SXQ9I6WiTQlt8Uc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/e4e531-6bee-4189-ba7c-203e45616306/1/E3ZKUsheB-M3SXQ9I6WiTQlt8Uc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E3ZKUsheB-M3SXQ9I6WiTQlt8Uc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:9b:d6:8d:48:e1:46:c1:31:bc:7e:71:fd:05:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13764a52c85e07e33749743d23a5a24d096df147
        Validity
            Not Before: Jan  2 05:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=402bdb4aeb24090c0bc4542b5283a8b878b77626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:58:be:4c:0b:94:37:f9:16:4f:d2:7e:0f:55:
                    6f:3d:7d:f9:c5:92:b4:19:6e:c3:f2:ba:74:11:b5:
                    40:bc:fd:ae:20:0f:61:f0:98:bd:cd:a5:5b:20:82:
                    16:bd:83:3c:b2:9b:c4:f9:5f:01:c0:5d:cb:37:aa:
                    d0:27:2a:d4:d7:c2:19:65:e2:18:a2:3a:55:f7:6f:
                    1f:a9:7d:51:ce:f5:dc:a9:f3:67:2f:b7:2c:96:b3:
                    1f:ab:49:a1:98:04:6b:fb:ef:37:b2:6f:da:e8:5f:
                    89:33:dd:2f:c7:4b:fc:71:e3:33:4c:6c:2e:45:0b:
                    93:3e:ab:9e:ec:4c:e8:a0:e1:9c:e3:46:53:18:e7:
                    b0:84:7b:8e:f4:50:12:11:c6:8f:fc:e7:bd:39:e5:
                    ec:c6:95:6e:f0:54:88:37:42:f3:f1:ea:3b:31:fa:
                    c4:49:16:54:5f:76:b9:1c:70:9e:62:ff:9e:d7:b7:
                    15:fa:59:a0:d3:8e:67:32:ef:ea:ca:33:49:54:6b:
                    2e:42:e3:d8:41:e1:0f:b9:e4:b7:2b:b1:43:6a:06:
                    d9:29:94:50:f0:f2:d6:45:a9:7b:c4:0f:9e:db:cc:
                    df:4b:34:4f:48:06:35:04:9e:28:0d:e3:68:1b:5d:
                    18:8e:34:4e:7b:ca:ae:1a:39:ab:1e:3f:9d:09:01:
                    74:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:2B:DB:4A:EB:24:09:0C:0B:C4:54:2B:52:83:A8:B8:78:B7:76:26
            X509v3 Authority Key Identifier:
                keyid:13:76:4A:52:C8:5E:07:E3:37:49:74:3D:23:A5:A2:4D:09:6D:F1:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E3ZKUsheB-M3SXQ9I6WiTQlt8Uc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/e4e531-6bee-4189-ba7c-203e45616306/1/QCvbSuskCQwLxFQrUoOouHi3diY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/e4e531-6bee-4189-ba7c-203e45616306/1/E3ZKUsheB-M3SXQ9I6WiTQlt8Uc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.131.240.0/21
                  185.147.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:05:21:7c:a0:3b:3f:95:d7:dc:d0:c8:35:46:29:58:6d:b8:
         54:f2:34:a6:16:a5:1d:eb:38:db:cd:b0:bb:41:9f:80:40:5a:
         9e:22:01:4e:d0:d1:2b:8f:5d:f5:09:82:6e:2b:19:ff:25:bc:
         0f:6f:8c:b6:2c:f5:42:2c:a3:65:57:18:54:25:39:32:f5:f6:
         59:41:5e:ce:8c:1f:7c:0a:e9:fd:48:33:b2:ff:61:fc:3c:d2:
         5e:02:f5:a4:54:67:53:7e:25:ad:9d:94:35:36:96:d9:89:68:
         40:13:bf:8d:73:0b:69:1a:59:c3:d4:21:77:ac:00:06:4f:c6:
         18:ed:50:aa:c9:d1:e6:36:7c:8e:73:41:ef:eb:97:2d:2a:d8:
         1d:c1:03:9b:ea:bd:bc:f1:3c:a2:4f:e7:23:37:f7:64:72:4c:
         ba:58:45:3e:0c:98:b7:59:00:fb:9e:e6:28:c4:1e:e8:ea:14:
         ab:29:dd:a1:e2:42:b6:db:4a:4d:a0:ca:94:24:3e:25:9c:92:
         92:c5:20:10:fd:b1:dd:ea:50:cb:9b:85:9d:97:fa:cc:9a:d0:
         4c:dd:f8:ce:58:1b:ee:4d:81:6f:94:f6:34:dc:98:94:4f:b8:
         5d:f2:fd:2d:f5:6f:90:86:e8:7e:87:56:08:91:8e:25:da:2f:
         59:96:0a:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlj5vWjUjhRsExvH5x/QXJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNzY0YTUyYzg1ZTA3ZTMzNzQ5NzQzZDIzYTVhMjRkMDk2
ZGYxNDcwHhcNMjUwMTAyMDU0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDJiZGI0YWViMjQwOTBjMGJjNDU0MmI1MjgzYThiODc4Yjc3NjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1i+TAuUN/kWT9J+D1VvPX35xZK0
GW7D8rp0EbVAvP2uIA9h8Ji9zaVbIIIWvYM8spvE+V8BwF3LN6rQJyrU18IZZeIY
ojpV928fqX1RzvXcqfNnL7cslrMfq0mhmARr++83sm/a6F+JM90vx0v8ceMzTGwu
RQuTPque7EzooOGc40ZTGOewhHuO9FASEcaP/Oe9OeXsxpVu8FSIN0Lz8eo7MfrE
SRZUX3a5HHCeYv+e17cV+lmg045nMu/qyjNJVGsuQuPYQeEPueS3K7FDagbZKZRQ
8PLWRal7xA+e28zfSzRPSAY1BJ4oDeNoG10YjjROe8quGjmrHj+dCQF09QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEAr20rrJAkMC8RUK1KDqLh4t3YmMB8GA1UdIwQY
MBaAFBN2SlLIXgfjN0l0PSOlok0JbfFHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTNaS1VzaGVCLU0zU1hROUk2V2lUUWx0OFVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9lNGU1MzEtNmJlZS00MTg5LWJhN2Mt
MjAzZTQ1NjE2MzA2LzEvUUN2YlN1c2tDUXdMeEZRclVvT291SGkzZGlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9lNGU1MzEtNmJlZS00MTg5LWJhN2MtMjAzZTQ1NjE2MzA2
LzEvRTNaS1VzaGVCLU0zU1hROUk2V2lUUWx0OFVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDX4PwAwQC
uZOUMA0GCSqGSIb3DQEBCwUAA4IBAQCFBSF8oDs/ldfc0Mg1RilYbbhU8jSmFqUd
6zjbzbC7QZ+AQFqeIgFO0NErj131CYJuKxn/JbwPb4y2LPVCLKNlVxhUJTky9fZZ
QV7OjB98Cun9SDOy/2H8PNJeAvWkVGdTfiWtnZQ1NpbZiWhAE7+NcwtpGlnD1CF3
rAAGT8YY7VCqydHmNnyOc0Hv65ctKtgdwQOb6r288TyiT+cjN/dkcky6WEU+DJi3
WQD7nuYoxB7o6hSrKd2h4kK220pNoMqUJD4lnJKSxSAQ/bHd6lDLm4Wdl/rMmtBM
3fjOWBvuTYFvlPY03JiUT7hd8v0t9W+Qhuh+h1YIkY4l2i9Zlgp8
-----END CERTIFICATE-----