Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/q3zcXrFdqz6-ebDLhi1lZJwtu5A.roa
File:                     q3zcXrFdqz6-ebDLhi1lZJwtu5A.roa (raw, json)
Hash identifier:          ffK0VRogNussudkwdDgXscE22ZXUPViHvyqZg4Vc5l4=
Subject key identifier:   AB:7C:DC:5E:B1:5D:AB:3E:BE:79:B0:CB:86:2D:65:64:9C:2D:BB:90
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       01967DE39B973B419A222C7008B10449A4D0
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/q3zcXrFdqz6-ebDLhi1lZJwtu5A.roa
Signing time:             Mon 28 Apr 2025 19:33:10 +0000
ROA not before:           Mon 28 Apr 2025 19:33:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213887
IP address blocks:        176.98.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 04:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7d:e3:9b:97:3b:41:9a:22:2c:70:08:b1:04:49:a4:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Apr 28 19:33:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab7cdc5eb15dab3ebe79b0cb862d65649c2dbb90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:59:bf:dc:d4:43:24:ed:85:e8:3b:e2:be:18:
                    74:39:fb:ea:01:ba:04:83:f0:73:26:15:5f:5b:65:
                    1a:5b:e9:59:91:c4:0a:f5:56:ac:66:81:bd:e5:2c:
                    e1:3a:31:25:38:cc:8d:17:b8:ea:6e:1c:0a:5d:62:
                    2c:b4:2f:18:60:d2:da:5a:3a:89:41:aa:ed:ed:6a:
                    e5:6e:78:04:47:24:95:a3:ab:b3:a4:29:6d:d8:e0:
                    36:85:f8:1c:89:0e:94:01:51:31:8f:d2:db:56:6e:
                    bb:43:5a:27:8a:24:70:32:46:9b:60:db:d6:2f:4f:
                    1e:ac:16:f0:ad:44:bd:2f:f9:36:79:d1:b0:48:81:
                    43:13:84:c7:a6:a2:2c:94:1b:e4:99:e5:82:89:95:
                    5f:79:ae:34:44:36:35:2c:b8:31:6f:3c:ba:73:47:
                    93:6f:44:86:e5:c0:60:87:cf:a9:b4:b9:0e:ef:5c:
                    92:37:e8:b4:20:c4:04:84:35:53:99:30:90:0d:7f:
                    c7:af:41:57:f8:fb:31:26:0f:f3:8e:1d:e1:e4:a8:
                    29:cb:fb:5a:32:f9:00:4f:8a:8b:af:12:2d:ea:b8:
                    fc:4c:81:49:0d:27:d5:1a:70:f2:fc:bd:40:1b:a6:
                    d8:93:5c:52:ef:88:1b:3f:6d:61:63:44:a4:00:0d:
                    9b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:7C:DC:5E:B1:5D:AB:3E:BE:79:B0:CB:86:2D:65:64:9C:2D:BB:90
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/q3zcXrFdqz6-ebDLhi1lZJwtu5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.98.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:1a:65:cc:f8:28:a9:af:33:5e:e1:0a:c3:57:f6:ec:b7:3d:
         b8:08:08:fb:b1:02:c4:34:12:ff:cc:9e:e7:c4:27:23:1c:4b:
         36:33:59:ee:fe:6f:0e:65:e2:12:97:6c:d8:61:a0:8e:76:f7:
         2f:a0:90:31:01:5a:a3:b8:15:27:f7:aa:f2:77:36:36:8a:da:
         16:9f:0a:ad:08:8d:08:83:60:ef:32:00:53:8f:e2:74:c5:38:
         43:a8:5c:e6:51:88:49:54:95:7b:36:39:85:ce:e7:ce:68:6a:
         f9:68:ea:ec:f3:d5:bc:56:10:41:d3:26:91:09:17:f9:41:5d:
         e5:57:7a:26:02:39:58:c8:51:85:04:1e:5d:c2:be:6e:7d:99:
         61:07:f3:fc:d6:12:65:f3:ab:2b:6d:8f:bd:99:ac:3f:ac:d3:
         1c:05:ab:8c:75:c8:8d:d3:6b:ec:d8:e0:69:9c:1a:73:3b:0e:
         41:88:b7:3f:75:e3:e7:2a:56:59:2a:45:4b:ea:d5:3b:2a:4b:
         2f:6e:de:37:7f:b2:2d:4d:d3:58:25:e8:6d:fe:bd:58:26:2e:
         c7:6e:52:bd:1d:f8:6a:c4:c0:11:f0:f9:af:4e:aa:b7:25:b9:
         66:58:94:22:13:bb:13:55:5f:80:bd:85:fb:44:ee:b3:b2:dd:
         29:61:c7:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ945uXO0GaIixwCLEESaTQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjUwNDI4MTkzMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjdjZGM1ZWIxNWRhYjNlYmU3OWIwY2I4NjJkNjU2NDljMmRiYjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1m/3NRDJO2F6Dvivhh0OfvqAboE
g/BzJhVfW2UaW+lZkcQK9VasZoG95SzhOjElOMyNF7jqbhwKXWIstC8YYNLaWjqJ
Qart7WrlbngERySVo6uzpClt2OA2hfgciQ6UAVExj9LbVm67Q1oniiRwMkabYNvW
L08erBbwrUS9L/k2edGwSIFDE4THpqIslBvkmeWCiZVfea40RDY1LLgxbzy6c0eT
b0SG5cBgh8+ptLkO71ySN+i0IMQEhDVTmTCQDX/Hr0FX+PsxJg/zjh3h5Kgpy/ta
MvkAT4qLrxIt6rj8TIFJDSfVGnDy/L1AG6bYk1xS74gbP21hY0SkAA2bMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKt83F6xXas+vnmwy4YtZWScLbuQMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvcTN6Y1hyRmRxejYtZWJETGhpMWxaSnd0dTVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGK/MA0G
CSqGSIb3DQEBCwUAA4IBAQAmGmXM+CiprzNe4QrDV/bstz24CAj7sQLENBL/zJ7n
xCcjHEs2M1nu/m8OZeISl2zYYaCOdvcvoJAxAVqjuBUn96rydzY2itoWnwqtCI0I
g2DvMgBTj+J0xThDqFzmUYhJVJV7NjmFzufOaGr5aOrs89W8VhBB0yaRCRf5QV3l
V3omAjlYyFGFBB5dwr5ufZlhB/P81hJl86srbY+9maw/rNMcBauMdciN02vs2OBp
nBpzOw5BiLc/dePnKlZZKkVL6tU7Kksvbt43f7ItTdNYJeht/r1YJi7HblK9Hfhq
xMAR8PmvTqq3JblmWJQiE7sTVV+AvYX7RO6zst0pYceU
-----END CERTIFICATE-----