Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/bfbb2f-b671-4814-8627-ba2648f151d3/1/qn60XTUhVIHXIbT-HvehrrpwogU.roa
File:                     qn60XTUhVIHXIbT-HvehrrpwogU.roa (raw, json)
Hash identifier:          qJSoQQbXyMZY80sZe+6a8U7g7EqUHMfReU7Wd4AfetU=
Subject key identifier:   AA:7E:B4:5D:35:21:54:81:D7:21:B4:FE:1E:F7:A1:AE:BA:70:A2:05
Certificate issuer:       /CN=626752d870c6696f012b2f465d549f4000fe1858
Certificate serial:       019497AFC546468EC89A0C112B2B589CC67F
Authority key identifier: 62:67:52:D8:70:C6:69:6F:01:2B:2F:46:5D:54:9F:40:00:FE:18:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YmdS2HDGaW8BKy9GXVSfQAD-GFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/bfbb2f-b671-4814-8627-ba2648f151d3/1/qn60XTUhVIHXIbT-HvehrrpwogU.roa
Signing time:             Fri 24 Jan 2025 09:41:06 +0000
ROA not before:           Fri 24 Jan 2025 09:41:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48534
IP address blocks:        194.165.48.0/24 maxlen: 24
                          2001:678:5c4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/bfbb2f-b671-4814-8627-ba2648f151d3/1/YmdS2HDGaW8BKy9GXVSfQAD-GFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/bfbb2f-b671-4814-8627-ba2648f151d3/1/YmdS2HDGaW8BKy9GXVSfQAD-GFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YmdS2HDGaW8BKy9GXVSfQAD-GFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:97:af:c5:46:46:8e:c8:9a:0c:11:2b:2b:58:9c:c6:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626752d870c6696f012b2f465d549f4000fe1858
        Validity
            Not Before: Jan 24 09:41:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa7eb45d35215481d721b4fe1ef7a1aeba70a205
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:30:46:21:d1:3f:15:50:74:8c:b9:f4:82:54:
                    a8:4d:00:d1:88:64:74:1f:dc:a7:71:97:2a:21:31:
                    ac:8f:93:34:90:b7:1a:ee:27:8e:8b:ec:6f:b5:2b:
                    cd:58:6b:5a:76:f8:39:d1:b9:01:52:74:7c:11:95:
                    42:ef:2a:88:c5:66:50:14:5d:bd:82:ff:ca:58:28:
                    5d:68:50:56:8b:de:51:c1:4c:10:09:0f:ec:3e:bb:
                    77:3c:78:ba:d4:b0:57:d4:6b:f6:06:3e:37:64:12:
                    a0:db:f3:89:49:0e:9d:00:53:56:ff:31:71:b2:c3:
                    8a:8b:0c:83:9a:26:76:f8:4d:95:d6:f2:fc:7e:13:
                    67:51:8d:d3:e8:93:67:91:87:ac:52:ba:46:3a:b6:
                    42:27:a2:3e:82:14:f8:52:ed:5e:cb:6e:1a:a7:a7:
                    ed:54:dd:ac:00:22:43:ab:7a:78:89:3e:17:a3:90:
                    ad:7c:53:e8:fc:54:9c:ed:c8:d8:ee:24:e2:35:55:
                    c3:10:99:47:44:1c:88:b8:e6:77:71:46:97:1e:4f:
                    df:e2:72:ec:25:ca:c0:17:5e:e0:e4:90:32:dc:6d:
                    50:8f:02:f6:e9:9d:b6:d0:06:2a:f3:57:cc:39:99:
                    45:4c:ca:c2:42:22:5a:31:57:d1:8f:6f:85:f7:2b:
                    ca:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:7E:B4:5D:35:21:54:81:D7:21:B4:FE:1E:F7:A1:AE:BA:70:A2:05
            X509v3 Authority Key Identifier:
                keyid:62:67:52:D8:70:C6:69:6F:01:2B:2F:46:5D:54:9F:40:00:FE:18:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YmdS2HDGaW8BKy9GXVSfQAD-GFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bfbb2f-b671-4814-8627-ba2648f151d3/1/qn60XTUhVIHXIbT-HvehrrpwogU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bfbb2f-b671-4814-8627-ba2648f151d3/1/YmdS2HDGaW8BKy9GXVSfQAD-GFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.48.0/24
                IPv6:
                  2001:678:5c4::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:b8:99:45:ac:7d:cb:98:71:49:00:4c:ca:c0:f1:67:56:f9:
         18:72:7b:05:3b:09:08:45:0a:44:06:63:11:fd:5b:61:22:a5:
         81:6f:33:19:62:da:de:48:5f:4e:d2:66:c9:8c:9c:16:77:1b:
         61:7a:94:bc:7d:27:b7:ab:87:89:6d:df:5a:4e:0a:77:4b:1b:
         e6:9c:d6:cb:78:c7:18:e0:60:c1:92:92:97:89:35:3e:f1:ea:
         03:99:5a:3f:cb:8f:e2:ea:48:54:d1:20:7a:92:ec:62:0b:48:
         81:21:f8:f6:3e:0a:36:55:8f:48:63:f5:ea:67:21:5a:90:e6:
         9e:d0:96:e4:c6:7f:73:67:99:3a:e4:3f:08:a0:a6:38:09:fe:
         28:97:fd:cd:f8:1f:dd:7f:e1:ea:08:88:b8:33:71:8f:d8:b7:
         39:99:a5:49:70:80:85:8e:4e:16:31:42:c5:fc:8e:da:0d:1b:
         1c:c9:7e:a7:ad:96:c1:4e:cb:2f:c5:dd:35:89:b2:79:a4:57:
         c2:3f:d1:98:ed:10:47:56:a4:36:1f:81:75:07:3c:57:0f:33:
         c2:92:8f:46:f5:ed:db:4e:77:2f:ec:e5:1f:e9:ae:69:d2:e7:
         25:85:64:dd:28:b3:a3:66:12:eb:23:17:5b:6d:82:b8:8f:04:
         e6:37:21:17
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZSXr8VGRo7ImgwRKytYnMZ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNjc1MmQ4NzBjNjY5NmYwMTJiMmY0NjVkNTQ5ZjQwMDBm
ZTE4NTgwHhcNMjUwMTI0MDk0MTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTdlYjQ1ZDM1MjE1NDgxZDcyMWI0ZmUxZWY3YTFhZWJhNzBhMjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDBGIdE/FVB0jLn0glSoTQDRiGR0
H9yncZcqITGsj5M0kLca7ieOi+xvtSvNWGtadvg50bkBUnR8EZVC7yqIxWZQFF29
gv/KWChdaFBWi95RwUwQCQ/sPrt3PHi61LBX1Gv2Bj43ZBKg2/OJSQ6dAFNW/zFx
ssOKiwyDmiZ2+E2V1vL8fhNnUY3T6JNnkYesUrpGOrZCJ6I+ghT4Uu1ey24ap6ft
VN2sACJDq3p4iT4Xo5CtfFPo/FSc7cjY7iTiNVXDEJlHRByIuOZ3cUaXHk/f4nLs
JcrAF17g5JAy3G1QjwL26Z220AYq81fMOZlFTMrCQiJaMVfRj2+F9yvKAQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKp+tF01IVSB1yG0/h73oa66cKIFMB8GA1UdIwQY
MBaAFGJnUthwxmlvASsvRl1Un0AA/hhYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1kUzJIREdhVzhCS3k5R1hWU2ZRQUQtR0ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9iZmJiMmYtYjY3MS00ODE0LTg2Mjct
YmEyNjQ4ZjE1MWQzLzEvcW42MFhUVWhWSUhYSWJULUh2ZWhycnB3b2dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9iZmJiMmYtYjY3MS00ODE0LTg2MjctYmEyNjQ4ZjE1MWQz
LzEvWW1kUzJIREdhVzhCS3k5R1hWU2ZRQUQtR0ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwqUwMA8E
AgACMAkDBwAgAQZ4BcQwDQYJKoZIhvcNAQELBQADggEBACW4mUWsfcuYcUkATMrA
8WdW+RhyewU7CQhFCkQGYxH9W2EipYFvMxli2t5IX07SZsmMnBZ3G2F6lLx9J7er
h4lt31pOCndLG+ac1st4xxjgYMGSkpeJNT7x6gOZWj/Lj+LqSFTRIHqS7GILSIEh
+PY+CjZVj0hj9epnIVqQ5p7QluTGf3NnmTrkPwigpjgJ/iiX/c34H91/4eoIiLgz
cY/YtzmZpUlwgIWOThYxQsX8jtoNGxzJfqetlsFOyy/F3TWJsnmkV8I/0ZjtEEdW
pDYfgXUHPFcPM8KSj0b17dtOdy/s5R/prmnS5yWFZN0os6NmEusjF1ttgriPBOY3
IRc=
-----END CERTIFICATE-----