Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CQxWaB1OicMMrqXCoQ0fopCoxdU.roa
File:                     CQxWaB1OicMMrqXCoQ0fopCoxdU.roa (raw, json)
Hash identifier:          WjfHWnkqbfHKaqxUShNyRq++rhQwjg3tNVjy17YQNc4=
Subject key identifier:   09:0C:56:68:1D:4E:89:C3:0C:AE:A5:C2:A1:0D:1F:A2:90:A8:C5:D5
Certificate issuer:       /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial:       019638C2758A90ED853DCC8C7589DAD3A31B
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CQxWaB1OicMMrqXCoQ0fopCoxdU.roa
Signing time:             Tue 15 Apr 2025 09:23:10 +0000
ROA not before:           Tue 15 Apr 2025 09:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210435
IP address blocks:        109.175.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 09:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:38:c2:75:8a:90:ed:85:3d:cc:8c:75:89:da:d3:a3:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
        Validity
            Not Before: Apr 15 09:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=090c56681d4e89c30caea5c2a10d1fa290a8c5d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:b3:f7:85:bb:6e:7e:c2:0c:d1:94:01:b7:53:
                    60:42:5a:fd:44:5d:60:39:4d:ab:82:2e:0d:55:f3:
                    63:f9:a7:39:15:85:d2:7a:7e:f6:5e:37:97:04:6e:
                    be:ec:6a:ec:44:af:56:e9:d2:79:fe:34:aa:30:f5:
                    d2:f2:95:b6:a1:c6:8f:3b:f1:f0:75:6f:53:37:da:
                    4f:60:ba:35:69:a2:a1:27:4a:89:e2:c5:10:88:4f:
                    43:ca:ab:68:8e:84:af:c3:8f:9f:4d:6a:be:d6:76:
                    66:54:a6:4d:43:0a:0a:47:f8:63:8a:db:65:ce:23:
                    c6:0b:dc:b7:73:99:1e:ce:e0:19:38:52:52:13:9b:
                    d0:8c:f3:d2:63:d8:b6:51:c0:8d:e2:2c:01:c9:29:
                    f6:3c:53:51:4c:86:86:ce:e5:5a:6a:3b:2d:81:e3:
                    3b:5e:9f:81:0b:10:2d:a6:87:f1:a5:ce:b6:49:f5:
                    02:28:18:34:75:aa:5f:d6:72:99:ea:e2:7f:e0:d5:
                    06:52:17:5f:b3:cf:8e:af:bd:85:1d:20:eb:bd:ce:
                    11:86:32:a5:e6:c8:49:68:f8:1a:d1:d9:5d:14:2c:
                    1e:01:98:79:d7:a9:c4:d9:9e:95:65:bf:73:cc:c6:
                    0c:f8:0d:eb:f9:98:39:2b:e6:e6:fc:5a:5c:53:22:
                    84:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:0C:56:68:1D:4E:89:C3:0C:AE:A5:C2:A1:0D:1F:A2:90:A8:C5:D5
            X509v3 Authority Key Identifier:
                keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CQxWaB1OicMMrqXCoQ0fopCoxdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.175.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:59:43:d2:c8:4a:3f:5d:de:06:29:76:f1:66:da:c5:1c:c8:
         7f:86:a1:a4:7a:07:8d:19:cd:8f:8d:c8:43:f6:9b:e1:c3:b7:
         51:58:36:68:e7:ee:b6:23:49:e5:b8:a8:76:8c:8d:47:3b:6d:
         57:df:e6:e4:aa:5e:c8:c5:1c:47:e2:47:eb:1b:f4:c9:4d:49:
         de:37:fa:27:c5:19:40:a3:10:48:47:5a:a5:40:07:ef:ca:b1:
         28:09:91:3d:3c:52:c0:f1:5d:b7:1c:a3:f6:eb:26:dd:fb:dd:
         6f:65:c3:5c:07:c1:67:68:a3:e9:02:14:81:16:50:40:83:a7:
         1c:e6:d9:95:aa:dd:25:44:75:93:a1:a5:78:7c:35:12:36:2f:
         5a:98:87:61:89:50:be:ec:0b:84:45:a0:79:9e:a6:1a:a2:39:
         1d:8f:4e:2d:a3:14:8b:44:e8:e4:56:b2:be:5b:1c:36:13:cd:
         03:ae:cb:46:50:d6:dd:24:23:af:f0:6d:ac:b8:98:d7:3c:8d:
         c2:7d:7f:71:f9:bc:dc:3d:e3:dc:eb:c0:d9:b1:23:27:3e:c5:
         49:2b:6c:b0:06:b8:a4:ba:b8:7c:fd:32:34:1e:d7:17:6d:f5:
         19:a2:30:43:89:d3:5b:c2:3b:15:c9:d9:1a:31:e6:c9:64:8f:
         2b:4c:33:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY4wnWKkO2FPcyMdYna06MbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjUwNDE1MDkyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTBjNTY2ODFkNGU4OWMzMGNhZWE1YzJhMTBkMWZhMjkwYThjNWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3bP3hbtufsIM0ZQBt1NgQlr9RF1g
OU2rgi4NVfNj+ac5FYXSen72XjeXBG6+7GrsRK9W6dJ5/jSqMPXS8pW2ocaPO/Hw
dW9TN9pPYLo1aaKhJ0qJ4sUQiE9DyqtojoSvw4+fTWq+1nZmVKZNQwoKR/hjittl
ziPGC9y3c5kezuAZOFJSE5vQjPPSY9i2UcCN4iwBySn2PFNRTIaGzuVaajstgeM7
Xp+BCxAtpofxpc62SfUCKBg0dapf1nKZ6uJ/4NUGUhdfs8+Or72FHSDrvc4RhjKl
5shJaPga0dldFCweAZh516nE2Z6VZb9zzMYM+A3r+Zg5K+bm/FpcUyKEFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkMVmgdTonDDK6lwqENH6KQqMXVMB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEvQ1F4V2FCMU9pY01NcnFYQ29RMGZvcENveGRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAba+uMA0G
CSqGSIb3DQEBCwUAA4IBAQCDWUPSyEo/Xd4GKXbxZtrFHMh/hqGkegeNGc2PjchD
9pvhw7dRWDZo5+62I0nluKh2jI1HO21X3+bkql7IxRxH4kfrG/TJTUneN/onxRlA
oxBIR1qlQAfvyrEoCZE9PFLA8V23HKP26ybd+91vZcNcB8FnaKPpAhSBFlBAg6cc
5tmVqt0lRHWToaV4fDUSNi9amIdhiVC+7AuERaB5nqYaojkdj04toxSLROjkVrK+
Wxw2E80DrstGUNbdJCOv8G2suJjXPI3CfX9x+bzcPePc68DZsSMnPsVJK2ywBrik
urh8/TI0HtcXbfUZojBDidNbwjsVydkaMebJZI8rTDNH
-----END CERTIFICATE-----