Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/219c6f-e30f-4a9e-acc0-e0d576d5577a/1/qiHseL5QNBr0ljtA1n67Zzhb23E.roa
File:                     qiHseL5QNBr0ljtA1n67Zzhb23E.roa (raw, json)
Hash identifier:          f3Ji+k6cbuqzipMY/jZo7k6SwFUef/UEbx+KEGsmxfk=
Subject key identifier:   AA:21:EC:78:BE:50:34:1A:F4:96:3B:40:D6:7E:BB:67:38:5B:DB:71
Certificate issuer:       /CN=2450ca4aab2a3f8abc6c973aa7c0fa13f2571081
Certificate serial:       01979C14926FF446441A2203123A5F0A5B04
Authority key identifier: 24:50:CA:4A:AB:2A:3F:8A:BC:6C:97:3A:A7:C0:FA:13:F2:57:10:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFDKSqsqP4q8bJc6p8D6E_JXEIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/219c6f-e30f-4a9e-acc0-e0d576d5577a/1/qiHseL5QNBr0ljtA1n67Zzhb23E.roa
Signing time:             Mon 23 Jun 2025 09:18:03 +0000
ROA not before:           Mon 23 Jun 2025 09:18:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216058
IP address blocks:        2.56.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/219c6f-e30f-4a9e-acc0-e0d576d5577a/1/JFDKSqsqP4q8bJc6p8D6E_JXEIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/219c6f-e30f-4a9e-acc0-e0d576d5577a/1/JFDKSqsqP4q8bJc6p8D6E_JXEIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFDKSqsqP4q8bJc6p8D6E_JXEIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9c:14:92:6f:f4:46:44:1a:22:03:12:3a:5f:0a:5b:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2450ca4aab2a3f8abc6c973aa7c0fa13f2571081
        Validity
            Not Before: Jun 23 09:18:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa21ec78be50341af4963b40d67ebb67385bdb71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ae:ba:c7:a7:35:9a:71:3f:cf:34:1f:27:20:
                    bc:db:ea:f3:5c:9a:03:b2:ea:31:6c:0c:f2:dc:02:
                    79:5c:fa:2f:79:bd:37:ec:02:29:5b:75:e0:33:66:
                    61:ef:11:2c:e6:cf:d4:b6:06:1d:65:92:e3:ee:72:
                    82:e3:2f:36:71:96:f9:2d:ed:2a:97:15:0a:f8:8f:
                    69:9c:c5:ec:be:3c:a8:ab:5a:e9:eb:7f:e6:98:7b:
                    be:a6:28:2a:4e:bc:02:4a:2e:67:23:7b:43:cc:84:
                    1d:0a:c5:a0:c9:d0:f2:97:2b:21:6d:f0:6b:15:b3:
                    3b:5f:f7:10:e0:36:a1:15:e1:a0:b2:1e:75:d6:a8:
                    9c:d7:43:dc:3a:fb:32:8d:51:8a:0a:11:7c:be:a2:
                    43:fd:c0:88:b6:12:a1:09:1d:a1:a1:74:4a:10:ab:
                    f1:fb:a9:ed:04:4f:a9:cb:bd:5e:ba:43:2d:6d:90:
                    27:d8:56:3f:8d:c8:5b:58:d8:bb:26:2c:78:11:9d:
                    66:d7:0f:0f:b5:c5:6f:b3:21:d6:ab:78:ef:26:00:
                    9c:7f:5f:51:0e:74:8a:e3:25:e6:5f:87:a3:94:3a:
                    a8:ab:cc:4d:fd:2e:cd:4e:c3:7f:0c:78:c9:f0:28:
                    3f:82:43:16:21:c0:79:63:de:55:0b:9b:f5:02:3d:
                    6c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:21:EC:78:BE:50:34:1A:F4:96:3B:40:D6:7E:BB:67:38:5B:DB:71
            X509v3 Authority Key Identifier:
                keyid:24:50:CA:4A:AB:2A:3F:8A:BC:6C:97:3A:A7:C0:FA:13:F2:57:10:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFDKSqsqP4q8bJc6p8D6E_JXEIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/219c6f-e30f-4a9e-acc0-e0d576d5577a/1/qiHseL5QNBr0ljtA1n67Zzhb23E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/219c6f-e30f-4a9e-acc0-e0d576d5577a/1/JFDKSqsqP4q8bJc6p8D6E_JXEIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:b1:8e:65:e1:a5:f5:21:1c:b9:50:eb:d5:48:a9:4e:67:53:
         da:7d:67:95:f7:4d:f7:e5:b3:2e:ff:d6:49:59:34:31:ec:78:
         11:a3:36:d2:25:6d:4c:c5:e3:79:e5:47:f0:c2:cb:1e:51:0a:
         9d:a4:31:87:2a:e0:d5:52:c5:dc:bd:49:83:ed:1b:9b:b9:fe:
         e9:fb:68:a8:6a:27:e7:b6:d2:77:4d:2b:ee:ad:4f:e6:69:7c:
         c8:04:04:9e:55:c6:d8:fa:26:d5:3d:8f:e8:90:c9:b7:74:e3:
         e9:82:26:f7:a5:7e:55:97:cc:32:bd:50:8d:42:cc:57:af:da:
         27:39:bf:4d:65:9a:09:0e:f4:05:42:23:c0:d2:0a:cf:22:93:
         de:1a:a5:11:32:b3:24:57:76:2d:da:08:21:bf:e0:17:a4:00:
         58:d3:41:dd:99:c9:44:7c:07:7d:11:7c:89:30:61:ba:79:22:
         21:38:65:8f:47:da:78:ea:a6:ca:4a:33:45:11:1b:ef:a8:d9:
         80:c9:fb:ba:0e:3f:d7:2a:e7:40:6f:75:14:2a:c7:81:2c:78:
         d7:d0:db:50:fe:69:ae:f0:18:62:10:9d:93:75:5d:52:d4:bd:
         4d:88:19:cb:2b:0a:cb:61:74:77:5d:b6:f2:70:da:21:8a:59:
         f0:f5:63:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZecFJJv9EZEGiIDEjpfClsEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTBjYTRhYWIyYTNmOGFiYzZjOTczYWE3YzBmYTEzZjI1
NzEwODEwHhcNMjUwNjIzMDkxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTIxZWM3OGJlNTAzNDFhZjQ5NjNiNDBkNjdlYmI2NzM4NWJkYjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu666x6c1mnE/zzQfJyC82+rzXJoD
suoxbAzy3AJ5XPoveb037AIpW3XgM2Zh7xEs5s/UtgYdZZLj7nKC4y82cZb5Le0q
lxUK+I9pnMXsvjyoq1rp63/mmHu+pigqTrwCSi5nI3tDzIQdCsWgydDylyshbfBr
FbM7X/cQ4DahFeGgsh511qic10PcOvsyjVGKChF8vqJD/cCIthKhCR2hoXRKEKvx
+6ntBE+py71eukMtbZAn2FY/jchbWNi7Jix4EZ1m1w8PtcVvsyHWq3jvJgCcf19R
DnSK4yXmX4ejlDqoq8xN/S7NTsN/DHjJ8Cg/gkMWIcB5Y95VC5v1Aj1sAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKoh7Hi+UDQa9JY7QNZ+u2c4W9txMB8GA1UdIwQY
MBaAFCRQykqrKj+KvGyXOqfA+hPyVxCBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZES1Nxc3FQNHE4YkpjNnA4RDZFX0pYRUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yMTljNmYtZTMwZi00YTllLWFjYzAt
ZTBkNTc2ZDU1NzdhLzEvcWlIc2VMNVFOQnIwbGp0QTFuNjdaemhiMjNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yMTljNmYtZTMwZi00YTllLWFjYzAtZTBkNTc2ZDU1Nzdh
LzEvSkZES1Nxc3FQNHE4YkpjNnA4RDZFX0pYRUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjjMMA0G
CSqGSIb3DQEBCwUAA4IBAQBFsY5l4aX1IRy5UOvVSKlOZ1PafWeV90335bMu/9ZJ
WTQx7HgRozbSJW1MxeN55UfwwsseUQqdpDGHKuDVUsXcvUmD7Rubuf7p+2ioaifn
ttJ3TSvurU/maXzIBASeVcbY+ibVPY/okMm3dOPpgib3pX5Vl8wyvVCNQsxXr9on
Ob9NZZoJDvQFQiPA0grPIpPeGqURMrMkV3Yt2gghv+AXpABY00HdmclEfAd9EXyJ
MGG6eSIhOGWPR9p46qbKSjNFERvvqNmAyfu6Dj/XKudAb3UUKseBLHjX0NtQ/mmu
8BhiEJ2TdV1S1L1NiBnLKwrLYXR3XbbycNohilnw9WOD
-----END CERTIFICATE-----