Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/QjaJHSSDpfkaW3VbsOBmx9Mwnzo.roa
File:                     QjaJHSSDpfkaW3VbsOBmx9Mwnzo.roa (raw, json)
Hash identifier:          lX+/PQmgzRGcO03gKK10JR9EWKqWcF8NtT9etzyJ8ik=
Subject key identifier:   42:36:89:1D:24:83:A5:F9:1A:5B:75:5B:B0:E0:66:C7:D3:30:9F:3A
Certificate issuer:       /CN=6d069e19e12c104004e8b4b75f8a7789b7e11396
Certificate serial:       019427B5A2C4D97032E4E6CE8F3014178ED1
Authority key identifier: 6D:06:9E:19:E1:2C:10:40:04:E8:B4:B7:5F:8A:77:89:B7:E1:13:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/QjaJHSSDpfkaW3VbsOBmx9Mwnzo.roa
Signing time:             Thu 02 Jan 2025 15:50:02 +0000
ROA not before:           Thu 02 Jan 2025 15:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212157
IP address blocks:        144.43.240.0/21 maxlen: 24
                          144.43.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:a2:c4:d9:70:32:e4:e6:ce:8f:30:14:17:8e:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d069e19e12c104004e8b4b75f8a7789b7e11396
        Validity
            Not Before: Jan  2 15:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4236891d2483a5f91a5b755bb0e066c7d3309f3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:09:00:73:bf:37:09:02:f4:74:01:bb:fb:8c:
                    04:1a:02:c2:ce:c5:60:99:26:fd:52:ba:c7:21:b4:
                    b2:03:9a:a3:46:6d:03:b0:86:ce:f2:42:65:20:21:
                    61:97:0e:e9:78:00:bb:48:19:6e:be:80:48:7e:c7:
                    99:ec:8a:44:13:c1:b7:fd:31:32:e7:5c:a6:1d:8e:
                    cd:95:e8:e4:a2:96:0b:66:8e:8a:36:9b:41:a6:09:
                    d3:01:54:9e:fb:1e:4c:44:ae:5b:7d:d3:bb:d4:7d:
                    4d:fe:c2:da:6d:0e:cc:d6:77:ad:7f:0d:e3:06:35:
                    33:50:ea:8b:60:b2:74:5d:29:3b:05:ef:8c:47:8b:
                    19:c3:4f:85:91:4a:a0:f8:12:94:07:be:f7:8d:50:
                    30:1e:56:fd:6e:b0:82:dc:60:c1:93:bc:9f:5d:55:
                    6b:92:55:b7:86:d7:43:e0:7c:03:e2:dd:03:dc:12:
                    eb:44:44:8e:60:94:40:c6:d6:01:9c:89:d9:ca:30:
                    e0:c3:0c:36:5f:05:f5:1a:d9:67:d3:0d:ad:fd:29:
                    63:fb:0b:ed:9c:88:1d:a6:35:bc:20:a3:79:25:c0:
                    56:61:36:23:76:9b:1b:db:fb:f3:05:bf:c9:74:0d:
                    0a:61:f7:d2:6a:7a:a4:46:e2:df:28:a9:7f:36:0a:
                    94:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:36:89:1D:24:83:A5:F9:1A:5B:75:5B:B0:E0:66:C7:D3:30:9F:3A
            X509v3 Authority Key Identifier:
                keyid:6D:06:9E:19:E1:2C:10:40:04:E8:B4:B7:5F:8A:77:89:B7:E1:13:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/QjaJHSSDpfkaW3VbsOBmx9Mwnzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.43.240.0/21
                  144.43.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:72:d4:05:dd:a3:4d:1b:7c:54:d7:e9:91:28:31:b8:cb:48:
         fe:53:30:91:c2:2f:1d:eb:8b:f4:a0:5d:7c:27:15:1d:cf:4b:
         a3:e5:b1:bd:24:b1:9b:e5:af:9e:95:85:60:80:ea:b8:95:70:
         3d:c5:df:6a:46:c9:d7:a3:fd:49:74:e5:fa:72:af:bb:8a:34:
         86:1a:83:e1:73:4e:27:c3:03:77:fb:bd:e3:36:17:93:75:34:
         01:e7:13:32:f0:21:44:a8:07:8b:f7:6d:c3:62:8f:5e:22:9f:
         38:7a:67:e0:b0:1f:fa:43:f5:7e:81:0b:c3:43:96:b9:c0:6a:
         46:1d:41:e1:0a:95:e2:81:e9:d5:56:37:4a:74:53:f5:86:0d:
         56:b9:c8:c3:b8:e8:e6:b3:11:b0:32:58:35:04:a4:a0:7a:2e:
         e6:7a:87:10:8f:c1:25:b4:d3:80:a1:48:c7:5b:2b:7b:52:f3:
         00:27:be:51:a0:d9:66:37:2f:80:20:cb:d9:8a:58:c7:1a:ed:
         b3:87:20:5e:d6:9e:3e:4c:8c:00:5d:03:5d:06:1e:55:be:0f:
         8d:2d:4a:63:00:86:9f:c8:22:aa:b2:6b:18:91:63:70:28:51:
         d6:a0:e2:73:fd:19:9d:16:4a:b5:bf:6f:9d:57:2b:b6:76:80:
         2c:f4:da:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntaLE2XAy5ObOjzAUF47RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDY5ZTE5ZTEyYzEwNDAwNGU4YjRiNzVmOGE3Nzg5Yjdl
MTEzOTYwHhcNMjUwMTAyMTU1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjM2ODkxZDI0ODNhNWY5MWE1Yjc1NWJiMGUwNjZjN2QzMzA5ZjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwkAc783CQL0dAG7+4wEGgLCzsVg
mSb9UrrHIbSyA5qjRm0DsIbO8kJlICFhlw7peAC7SBluvoBIfseZ7IpEE8G3/TEy
51ymHY7NlejkopYLZo6KNptBpgnTAVSe+x5MRK5bfdO71H1N/sLabQ7M1netfw3j
BjUzUOqLYLJ0XSk7Be+MR4sZw0+FkUqg+BKUB773jVAwHlb9brCC3GDBk7yfXVVr
klW3htdD4HwD4t0D3BLrRESOYJRAxtYBnInZyjDgwww2XwX1Gtln0w2t/Slj+wvt
nIgdpjW8IKN5JcBWYTYjdpsb2/vzBb/JdA0KYffSanqkRuLfKKl/NgqULQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEI2iR0kg6X5Glt1W7DgZsfTMJ86MB8GA1UdIwQY
MBaAFG0GnhnhLBBABOi0t1+Kd4m34ROWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFhZUdlRXNFRUFFNkxTM1g0cDNpYmZoRTVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jZjY0ZjYtMDc4OS00M2UzLWJkNmIt
N2JmZjI5NmM2YjAyLzEvUWphSkhTU0RwZmthVzNWYnNPQm14OU13bnpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jZjY0ZjYtMDc4OS00M2UzLWJkNmItN2JmZjI5NmM2YjAy
LzEvYlFhZUdlRXNFRUFFNkxTM1g0cDNpYmZoRTVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDkCvwAwQC
kCv8MA0GCSqGSIb3DQEBCwUAA4IBAQAsctQF3aNNG3xU1+mRKDG4y0j+UzCRwi8d
64v0oF18JxUdz0uj5bG9JLGb5a+elYVggOq4lXA9xd9qRsnXo/1JdOX6cq+7ijSG
GoPhc04nwwN3+73jNheTdTQB5xMy8CFEqAeL923DYo9eIp84emfgsB/6Q/V+gQvD
Q5a5wGpGHUHhCpXigenVVjdKdFP1hg1WucjDuOjmsxGwMlg1BKSgei7meocQj8El
tNOAoUjHWyt7UvMAJ75RoNlmNy+AIMvZiljHGu2zhyBe1p4+TIwAXQNdBh5Vvg+N
LUpjAIafyCKqsmsYkWNwKFHWoOJz/RmdFkq1v2+dVyu2doAs9Nrh
-----END CERTIFICATE-----