Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/Qa5zEwk763K1EispcaZSdgxy5B4.roa
File:                     Qa5zEwk763K1EispcaZSdgxy5B4.roa (raw, json)
Hash identifier:          1hv3iMS5WTQuyU34tHM2fX7wAkcRaS7Ns9UFZhwEs8w=
Subject key identifier:   41:AE:73:13:09:3B:EB:72:B5:12:2B:29:71:A6:52:76:0C:72:E4:1E
Certificate issuer:       /CN=0e2e4fd219f5b77ce80cdfaf9e3a6441dec50042
Certificate serial:       01942143D6C7702D19A33A69F90431999635
Authority key identifier: 0E:2E:4F:D2:19:F5:B7:7C:E8:0C:DF:AF:9E:3A:64:41:DE:C5:00:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Di5P0hn1t3zoDN-vnjpkQd7FAEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/Qa5zEwk763K1EispcaZSdgxy5B4.roa
Signing time:             Wed 01 Jan 2025 09:48:01 +0000
ROA not before:           Wed 01 Jan 2025 09:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        193.227.246.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/Di5P0hn1t3zoDN-vnjpkQd7FAEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/Di5P0hn1t3zoDN-vnjpkQd7FAEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Di5P0hn1t3zoDN-vnjpkQd7FAEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 18:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:d6:c7:70:2d:19:a3:3a:69:f9:04:31:99:96:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e2e4fd219f5b77ce80cdfaf9e3a6441dec50042
        Validity
            Not Before: Jan  1 09:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41ae7313093beb72b5122b2971a652760c72e41e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7d:3e:87:fc:00:d6:8c:81:50:a3:d7:5e:43:
                    16:8e:cd:21:e7:47:86:19:76:a3:ef:4c:d4:f3:e3:
                    e6:f1:ee:1d:12:8b:b9:33:dc:43:82:b9:4e:05:20:
                    3c:03:6c:10:36:10:fe:b2:f6:df:0e:f0:4d:bc:d2:
                    60:fc:38:91:6f:75:c6:73:55:45:23:66:a9:15:d9:
                    9c:54:df:23:8e:18:f6:c2:b7:f8:30:f5:99:96:3c:
                    bb:1f:2a:eb:93:71:72:9e:d0:38:55:05:ba:69:41:
                    1f:86:fc:78:22:b1:1c:84:67:f7:ff:dc:3a:2c:69:
                    48:43:9b:14:2c:3c:53:ba:61:bc:86:5d:97:ce:17:
                    6d:a2:30:52:61:f7:cd:50:0f:55:a4:3a:e5:70:a5:
                    b4:ea:9d:06:f8:f6:02:90:ff:47:5f:0b:94:f4:46:
                    0f:f2:7a:bd:cf:f6:57:02:17:8d:bf:a3:31:65:bb:
                    6b:b8:cb:b9:36:81:9f:b5:68:06:2f:9a:9f:4b:8d:
                    1e:d1:46:1c:c7:f6:57:6b:76:ed:61:19:f8:b5:8d:
                    3c:d7:f9:2b:97:44:47:76:6e:3f:a0:84:f3:0c:2d:
                    49:54:48:09:ff:b0:8d:d4:2a:81:0a:b7:a5:29:1c:
                    b1:89:ad:9c:1c:94:aa:73:81:ab:53:82:f3:d6:57:
                    f6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:AE:73:13:09:3B:EB:72:B5:12:2B:29:71:A6:52:76:0C:72:E4:1E
            X509v3 Authority Key Identifier:
                keyid:0E:2E:4F:D2:19:F5:B7:7C:E8:0C:DF:AF:9E:3A:64:41:DE:C5:00:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Di5P0hn1t3zoDN-vnjpkQd7FAEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/Qa5zEwk763K1EispcaZSdgxy5B4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/Di5P0hn1t3zoDN-vnjpkQd7FAEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bc:73:88:92:cb:8a:cd:4d:26:14:7f:9b:dc:10:23:23:87:89:
         50:85:5a:fa:96:2e:b7:87:01:16:da:21:ee:38:1b:62:bf:d9:
         df:ce:91:07:94:4e:3b:93:56:66:7e:dc:89:01:d6:c3:9b:d5:
         e8:7d:2b:f9:3b:15:78:26:06:a2:c4:49:94:a3:6f:cf:89:78:
         c2:3b:d2:2d:04:f4:3e:31:70:7d:77:1c:15:ee:4d:90:6a:35:
         da:76:0b:08:3b:97:37:c0:f3:3d:92:f8:84:3e:63:de:1b:c8:
         de:42:4e:a3:9b:ec:44:fc:a6:3d:cb:c2:59:c9:1b:ba:23:1f:
         58:0b:15:01:f8:7d:64:41:b0:f6:17:9a:69:e6:f6:fe:76:05:
         62:24:d8:70:1e:81:b7:5f:25:3f:a8:5a:3c:0a:43:a4:ec:c4:
         fe:c7:2f:ee:19:63:31:e9:af:13:f3:cd:58:45:57:1c:84:cd:
         6b:d4:c4:8a:c7:93:61:0b:3c:7c:7b:da:7e:ce:cf:26:ea:3f:
         ca:58:94:6d:33:64:8a:96:5c:3a:20:a1:46:db:2f:b6:ac:7a:
         d8:e8:d0:5d:cf:42:1a:16:aa:d9:fb:7e:91:fe:af:ad:2d:6e:
         b5:fb:12:99:f9:ec:b3:f7:62:a7:d5:60:89:c2:1b:83:34:40:
         c1:0e:45:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ9bHcC0Zozpp+QQxmZY1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMmU0ZmQyMTlmNWI3N2NlODBjZGZhZjllM2E2NDQxZGVj
NTAwNDIwHhcNMjUwMTAxMDk0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWFlNzMxMzA5M2JlYjcyYjUxMjJiMjk3MWE2NTI3NjBjNzJlNDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsn0+h/wA1oyBUKPXXkMWjs0h50eG
GXaj70zU8+Pm8e4dEou5M9xDgrlOBSA8A2wQNhD+svbfDvBNvNJg/DiRb3XGc1VF
I2apFdmcVN8jjhj2wrf4MPWZljy7Hyrrk3FyntA4VQW6aUEfhvx4IrEchGf3/9w6
LGlIQ5sULDxTumG8hl2XzhdtojBSYffNUA9VpDrlcKW06p0G+PYCkP9HXwuU9EYP
8nq9z/ZXAheNv6MxZbtruMu5NoGftWgGL5qfS40e0UYcx/ZXa3btYRn4tY081/kr
l0RHdm4/oITzDC1JVEgJ/7CN1CqBCrelKRyxia2cHJSqc4GrU4Lz1lf2dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGucxMJO+tytRIrKXGmUnYMcuQeMB8GA1UdIwQY
MBaAFA4uT9IZ9bd86Azfr546ZEHexQBCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGk1UDBobjF0M3pvRE4tdm5qcGtRZDdGQUVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9lMTEyMjQtNjFjNy00Nzg2LTg2ZTkt
MjM4ZmVlNjkyNDMwLzEvUWE1ekV3azc2M0sxRWlzcGNhWlNkZ3h5NUI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9lMTEyMjQtNjFjNy00Nzg2LTg2ZTktMjM4ZmVlNjkyNDMw
LzEvRGk1UDBobjF0M3pvRE4tdm5qcGtRZDdGQUVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBweP2MA0G
CSqGSIb3DQEBCwUAA4IBAQC8c4iSy4rNTSYUf5vcECMjh4lQhVr6li63hwEW2iHu
OBtiv9nfzpEHlE47k1ZmftyJAdbDm9XofSv5OxV4JgaixEmUo2/PiXjCO9ItBPQ+
MXB9dxwV7k2QajXadgsIO5c3wPM9kviEPmPeG8jeQk6jm+xE/KY9y8JZyRu6Ix9Y
CxUB+H1kQbD2F5pp5vb+dgViJNhwHoG3XyU/qFo8CkOk7MT+xy/uGWMx6a8T881Y
RVcchM1r1MSKx5NhCzx8e9p+zs8m6j/KWJRtM2SKllw6IKFG2y+2rHrY6NBdz0Ia
FqrZ+36R/q+tLW61+xKZ+eyz92Kn1WCJwhuDNEDBDkVh
-----END CERTIFICATE-----