Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/0d1c33-9117-4a11-bbfe-db81a18e242e/1/QHrCJn-3TWWMCJDQELy3q8dJt_4.roa
File:                     QHrCJn-3TWWMCJDQELy3q8dJt_4.roa (raw, json)
Hash identifier:          DTg0RQCOqWT4OxprKyTz2OGsk5mW9uMRzOSYKDRAWp0=
Subject key identifier:   40:7A:C2:26:7F:B7:4D:65:8C:08:90:D0:10:BC:B7:AB:C7:49:B7:FE
Certificate issuer:       /CN=7d645e584f1ef9a881f1fbbc4d27a3423de3dff1
Certificate serial:       0194221FB76BAAB9C9D597B2714A89F1541B
Authority key identifier: 7D:64:5E:58:4F:1E:F9:A8:81:F1:FB:BC:4D:27:A3:42:3D:E3:DF:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fWReWE8e-aiB8fu8TSejQj3j3_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/0d1c33-9117-4a11-bbfe-db81a18e242e/1/QHrCJn-3TWWMCJDQELy3q8dJt_4.roa
Signing time:             Wed 01 Jan 2025 13:48:11 +0000
ROA not before:           Wed 01 Jan 2025 13:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12605
IP address blocks:        83.164.0.0/17 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/0d1c33-9117-4a11-bbfe-db81a18e242e/1/fWReWE8e-aiB8fu8TSejQj3j3_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/0d1c33-9117-4a11-bbfe-db81a18e242e/1/fWReWE8e-aiB8fu8TSejQj3j3_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fWReWE8e-aiB8fu8TSejQj3j3_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 14:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b7:6b:aa:b9:c9:d5:97:b2:71:4a:89:f1:54:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d645e584f1ef9a881f1fbbc4d27a3423de3dff1
        Validity
            Not Before: Jan  1 13:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=407ac2267fb74d658c0890d010bcb7abc749b7fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:7a:12:6a:1a:fc:75:67:a8:a8:f8:2f:54:14:
                    6c:60:93:8e:45:1a:58:e8:67:93:ed:0c:79:0b:80:
                    e0:4f:79:cc:59:c2:d8:1b:96:2b:ac:47:45:25:b2:
                    c3:5a:35:cb:65:01:09:61:60:48:90:42:a6:54:21:
                    f2:a3:75:8a:20:fb:db:3a:25:c8:14:e8:62:a1:68:
                    51:f4:16:7b:6e:3c:57:8d:84:7f:cf:dd:a9:99:7d:
                    92:ee:25:02:7d:7c:46:82:30:a3:92:d2:3a:51:b4:
                    18:7d:35:e2:51:ce:cc:24:6f:85:b1:57:62:5e:83:
                    40:27:32:66:02:80:37:2c:f8:96:d6:e4:88:86:81:
                    58:3c:0f:e3:4d:73:e0:93:51:5e:ff:06:15:07:ed:
                    b1:ec:f1:62:cf:63:4e:4a:42:c3:77:4e:c3:dc:0a:
                    67:0d:8e:cd:fb:af:95:ce:e3:42:c0:ca:6b:b4:22:
                    10:32:8f:e9:3a:a4:30:eb:81:da:ca:e1:97:cc:01:
                    62:ba:1d:74:96:20:8e:ec:a7:99:43:ab:36:07:30:
                    11:86:38:f1:17:3a:fa:d5:64:6b:b7:b4:db:94:96:
                    1d:ff:b1:3b:d9:0b:83:7d:fc:67:2c:74:58:2b:e2:
                    8a:ff:6e:d7:a0:ba:0f:36:5c:e9:52:52:39:6b:2f:
                    76:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:7A:C2:26:7F:B7:4D:65:8C:08:90:D0:10:BC:B7:AB:C7:49:B7:FE
            X509v3 Authority Key Identifier:
                keyid:7D:64:5E:58:4F:1E:F9:A8:81:F1:FB:BC:4D:27:A3:42:3D:E3:DF:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fWReWE8e-aiB8fu8TSejQj3j3_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0d1c33-9117-4a11-bbfe-db81a18e242e/1/QHrCJn-3TWWMCJDQELy3q8dJt_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0d1c33-9117-4a11-bbfe-db81a18e242e/1/fWReWE8e-aiB8fu8TSejQj3j3_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.164.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         65:f9:92:54:64:81:94:d9:77:b3:c8:11:09:33:db:09:59:cc:
         75:b8:f5:ed:3d:8c:da:5a:64:66:71:08:d0:bf:46:54:05:bd:
         1e:bf:15:20:fd:2d:c3:27:ee:bd:c3:af:1e:2d:e2:60:60:7e:
         9b:9e:e6:32:06:ce:e7:6e:91:16:41:80:19:5a:14:78:f2:46:
         e6:7e:6b:7a:09:f5:26:98:85:a8:4b:e3:e3:e6:e9:17:63:f1:
         a1:88:79:30:a5:cd:d9:90:03:27:74:e0:e5:04:fc:16:0b:93:
         6c:b0:78:3a:7d:74:2b:72:93:61:af:3d:6b:03:2c:f4:ca:dc:
         a4:dc:fc:42:cf:2d:45:5a:19:d5:e1:5d:d8:ad:dd:69:82:a0:
         e9:a4:a8:16:99:89:17:7a:ab:35:de:69:5c:37:25:e7:ca:e8:
         02:94:21:83:b6:30:4d:a4:fb:bd:18:97:74:0e:90:e8:bf:db:
         0e:80:2c:06:37:77:9a:35:a9:a6:c1:9c:11:3c:00:b7:b8:3e:
         d1:f9:b4:ab:8b:13:89:fe:a2:c9:57:a0:71:54:44:7f:52:9d:
         c5:c1:6a:ad:dd:e0:ed:fa:e3:4c:aa:2d:20:5a:12:79:2e:d1:
         00:fc:84:8e:04:d4:d6:5e:01:72:3c:6b:c0:19:6f:23:a1:00:
         8f:49:6e:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH7drqrnJ1ZeycUqJ8VQbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNjQ1ZTU4NGYxZWY5YTg4MWYxZmJiYzRkMjdhMzQyM2Rl
M2RmZjEwHhcNMjUwMTAxMTM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDdhYzIyNjdmYjc0ZDY1OGMwODkwZDAxMGJjYjdhYmM3NDliN2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03oSahr8dWeoqPgvVBRsYJOORRpY
6GeT7Qx5C4DgT3nMWcLYG5YrrEdFJbLDWjXLZQEJYWBIkEKmVCHyo3WKIPvbOiXI
FOhioWhR9BZ7bjxXjYR/z92pmX2S7iUCfXxGgjCjktI6UbQYfTXiUc7MJG+FsVdi
XoNAJzJmAoA3LPiW1uSIhoFYPA/jTXPgk1Fe/wYVB+2x7PFiz2NOSkLDd07D3Apn
DY7N+6+VzuNCwMprtCIQMo/pOqQw64HayuGXzAFiuh10liCO7KeZQ6s2BzARhjjx
Fzr61WRrt7TblJYd/7E72QuDffxnLHRYK+KK/27XoLoPNlzpUlI5ay92QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEB6wiZ/t01ljAiQ0BC8t6vHSbf+MB8GA1UdIwQY
MBaAFH1kXlhPHvmogfH7vE0no0I949/xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZldSZVdFOGUtYWlCOGZ1OFRTZWpRajNqM19FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wZDFjMzMtOTExNy00YTExLWJiZmUt
ZGI4MWExOGUyNDJlLzEvUUhyQ0puLTNUV1dNQ0pEUUVMeTNxOGRKdF80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wZDFjMzMtOTExNy00YTExLWJiZmUtZGI4MWExOGUyNDJl
LzEvZldSZVdFOGUtYWlCOGZ1OFRTZWpRajNqM19FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHU6QAMA0G
CSqGSIb3DQEBCwUAA4IBAQBl+ZJUZIGU2XezyBEJM9sJWcx1uPXtPYzaWmRmcQjQ
v0ZUBb0evxUg/S3DJ+69w68eLeJgYH6bnuYyBs7nbpEWQYAZWhR48kbmfmt6CfUm
mIWoS+Pj5ukXY/GhiHkwpc3ZkAMndODlBPwWC5NssHg6fXQrcpNhrz1rAyz0ytyk
3PxCzy1FWhnV4V3Yrd1pgqDppKgWmYkXeqs13mlcNyXnyugClCGDtjBNpPu9GJd0
DpDov9sOgCwGN3eaNammwZwRPAC3uD7R+bSrixOJ/qLJV6BxVER/Up3FwWqt3eDt
+uNMqi0gWhJ5LtEA/ISOBNTWXgFyPGvAGW8joQCPSW4s
-----END CERTIFICATE-----