Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/qmwOcaFnk8hvjikjG2nZoBfPZlE.roa
File:                     qmwOcaFnk8hvjikjG2nZoBfPZlE.roa (raw, json)
Hash identifier:          x0fSVCqcFPtWRIm16w0UZsIJ/36VDiSkIR5lVr0ml4o=
Subject key identifier:   AA:6C:0E:71:A1:67:93:C8:6F:8E:29:23:1B:69:D9:A0:17:CF:66:51
Certificate issuer:       /CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Certificate serial:       01967B4ED5277C29FD3ECC5C19DE11425F27
Authority key identifier: AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/qmwOcaFnk8hvjikjG2nZoBfPZlE.roa
Signing time:             Mon 28 Apr 2025 07:31:26 +0000
ROA not before:           Mon 28 Apr 2025 07:31:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49791
IP address blocks:        91.224.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 19:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:4e:d5:27:7c:29:fd:3e:cc:5c:19:de:11:42:5f:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
        Validity
            Not Before: Apr 28 07:31:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa6c0e71a16793c86f8e29231b69d9a017cf6651
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b9:ca:e8:4a:44:56:6e:68:fe:eb:fb:d0:2c:
                    7b:3f:6b:c0:68:31:86:6a:c3:78:95:48:cf:00:0e:
                    2d:0a:3c:f1:76:5f:8b:bb:88:6f:64:44:ea:9e:06:
                    53:8f:81:ab:04:56:76:3d:69:a2:5e:52:b9:db:85:
                    3a:17:e5:15:7a:89:58:49:13:ec:ce:11:f5:a6:a7:
                    e0:4f:f9:de:42:4d:70:06:4c:34:2b:6a:5a:b2:51:
                    33:52:2f:67:13:0e:ce:4a:27:47:1e:21:46:d7:6d:
                    d9:49:32:03:5d:f1:ca:ee:13:5f:84:33:7d:7d:d8:
                    15:8d:2f:79:f5:9c:f9:4f:e7:67:f1:b5:d1:50:52:
                    9a:ae:35:09:ee:8c:98:78:1c:e7:7a:63:cf:b4:b1:
                    d2:f8:ae:71:cd:88:8d:2a:5d:c7:54:8b:8a:b6:73:
                    c8:4f:7c:63:48:06:61:97:10:d2:21:be:8b:bd:95:
                    a7:42:37:4b:18:6a:77:40:b2:8a:da:96:84:00:3b:
                    b4:88:60:8b:45:78:15:df:4d:77:d6:8d:77:54:75:
                    57:67:95:51:fe:b5:0e:b0:93:6f:0d:cf:ae:dc:55:
                    00:90:7b:0e:a6:05:82:6a:4b:76:a4:ac:84:3b:17:
                    e1:69:6d:cd:a0:6e:86:bf:ea:20:86:0a:39:90:c2:
                    7e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:6C:0E:71:A1:67:93:C8:6F:8E:29:23:1B:69:D9:A0:17:CF:66:51
            X509v3 Authority Key Identifier:
                keyid:AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/qmwOcaFnk8hvjikjG2nZoBfPZlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:f7:60:2e:f3:1c:9a:a5:de:d1:34:6d:ea:7b:08:a4:fe:d7:
         32:0e:ad:cb:02:05:a7:33:11:3d:5e:3a:63:f5:a6:aa:dd:8c:
         94:6e:bc:9b:d0:8d:b5:54:83:3c:36:f4:9c:d0:9e:c8:16:0d:
         5f:39:9b:14:ae:e0:0c:c1:c4:7f:d8:e0:07:b4:76:57:5c:c0:
         75:fc:28:c8:63:e4:d7:57:fb:9f:a1:9e:1b:bb:c6:f2:b1:0e:
         95:b7:f8:8d:b0:d5:19:ab:d9:7b:ef:40:5f:37:2b:bc:2b:5d:
         0d:4a:9e:d2:25:43:79:ae:da:9b:8a:cc:e8:0e:6b:4b:29:3b:
         57:b7:e1:40:94:7a:86:4a:22:74:a0:81:3d:68:4b:4f:0c:78:
         8e:a9:e0:2f:a0:2a:a6:80:fa:0b:39:8f:3e:2b:23:42:4b:dd:
         de:e3:d8:c9:3c:d5:71:86:79:91:10:ec:6e:11:92:f7:80:28:
         af:79:49:fb:72:ae:44:9c:52:fe:d3:ce:73:78:72:14:13:d9:
         94:23:65:9e:4f:56:b2:41:70:3a:37:6a:02:80:a1:1d:46:be:
         44:e9:ac:3b:c7:2a:89:38:1f:a8:29:c5:9f:90:c7:1e:02:6e:
         95:d9:d1:2f:42:af:df:91:d4:06:bf:3a:77:fc:91:7c:8e:26:
         d8:c6:b9:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ7TtUnfCn9PsxcGd4RQl8nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNWU5M2Y5MDIzNTRjZTQ4MDRiNGNiMDQ5Y2Y2OGIyMGY3
NmFlYjIwHhcNMjUwNDI4MDczMTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTZjMGU3MWExNjc5M2M4NmY4ZTI5MjMxYjY5ZDlhMDE3Y2Y2NjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7nK6EpEVm5o/uv70Cx7P2vAaDGG
asN4lUjPAA4tCjzxdl+Lu4hvZETqngZTj4GrBFZ2PWmiXlK524U6F+UVeolYSRPs
zhH1pqfgT/neQk1wBkw0K2paslEzUi9nEw7OSidHHiFG123ZSTIDXfHK7hNfhDN9
fdgVjS959Zz5T+dn8bXRUFKarjUJ7oyYeBznemPPtLHS+K5xzYiNKl3HVIuKtnPI
T3xjSAZhlxDSIb6LvZWnQjdLGGp3QLKK2paEADu0iGCLRXgV30131o13VHVXZ5VR
/rUOsJNvDc+u3FUAkHsOpgWCakt2pKyEOxfhaW3NoG6Gv+oghgo5kMJ+KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpsDnGhZ5PIb44pIxtp2aAXz2ZRMB8GA1UdIwQY
MBaAFK9ek/kCNUzkgEtMsEnPaLIPdq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWIt
N2UwNWFkMDE5MGNlLzEvcW13T2NhRm5rOGh2amlrakcyblpvQmZQWmxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWItN2UwNWFkMDE5MGNl
LzEvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+BLMA0G
CSqGSIb3DQEBCwUAA4IBAQBw92Au8xyapd7RNG3qewik/tcyDq3LAgWnMxE9Xjpj
9aaq3YyUbryb0I21VIM8NvSc0J7IFg1fOZsUruAMwcR/2OAHtHZXXMB1/CjIY+TX
V/ufoZ4bu8bysQ6Vt/iNsNUZq9l770BfNyu8K10NSp7SJUN5rtqbiszoDmtLKTtX
t+FAlHqGSiJ0oIE9aEtPDHiOqeAvoCqmgPoLOY8+KyNCS93e49jJPNVxhnmREOxu
EZL3gCiveUn7cq5EnFL+085zeHIUE9mUI2WeT1ayQXA6N2oCgKEdRr5E6aw7xyqJ
OB+oKcWfkMceAm6V2dEvQq/fkdQGvzp3/JF8jibYxrmM
-----END CERTIFICATE-----