Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/0a4bc4-da4b-4f18-b4be-afc1ee4611a1/1/SqjmPfaLrtBpjmBn0-LK2-XYK6E.roa
File:                     SqjmPfaLrtBpjmBn0-LK2-XYK6E.roa (raw, json)
Hash identifier:          oP41hXDxiX++ad4HH6tMbCxCouHbTfiMX6JPBOFqfjw=
Subject key identifier:   4A:A8:E6:3D:F6:8B:AE:D0:69:8E:60:67:D3:E2:CA:DB:E5:D8:2B:A1
Certificate issuer:       /CN=d34bcf2127af0b2e0a246ae4574304c7ae7715e9
Certificate serial:       019560153B1AC8D363A6D36D829E57CA9DD9
Authority key identifier: D3:4B:CF:21:27:AF:0B:2E:0A:24:6A:E4:57:43:04:C7:AE:77:15:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/00vPISevCy4KJGrkV0MEx653Fek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/0a4bc4-da4b-4f18-b4be-afc1ee4611a1/1/SqjmPfaLrtBpjmBn0-LK2-XYK6E.roa
Signing time:             Tue 04 Mar 2025 07:35:58 +0000
ROA not before:           Tue 04 Mar 2025 07:35:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15532
IP address blocks:        91.206.104.0/23 maxlen: 23
                          91.206.104.0/24 maxlen: 24
                          194.11.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/0a4bc4-da4b-4f18-b4be-afc1ee4611a1/1/00vPISevCy4KJGrkV0MEx653Fek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/0a4bc4-da4b-4f18-b4be-afc1ee4611a1/1/00vPISevCy4KJGrkV0MEx653Fek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/00vPISevCy4KJGrkV0MEx653Fek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:60:15:3b:1a:c8:d3:63:a6:d3:6d:82:9e:57:ca:9d:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d34bcf2127af0b2e0a246ae4574304c7ae7715e9
        Validity
            Not Before: Mar  4 07:35:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4aa8e63df68baed0698e6067d3e2cadbe5d82ba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:95:66:3d:b5:aa:47:1f:6a:81:8c:39:47:6f:
                    9f:99:11:09:9d:09:23:2e:c0:60:c3:0f:9c:2e:11:
                    e7:b5:cd:ae:ea:47:44:e1:8d:b2:51:d8:99:2a:f9:
                    0a:17:a9:68:4d:e4:db:8d:3e:1c:3f:08:88:cd:36:
                    85:b2:8a:da:d9:c5:71:0a:ee:d2:32:da:e7:ee:22:
                    b4:73:00:8e:d4:2c:ea:0c:59:1b:7c:9f:d2:e0:eb:
                    ce:50:6c:07:bb:6f:53:8c:61:eb:0d:2a:af:d2:65:
                    d2:e4:71:99:53:7d:db:28:c8:4b:43:86:88:07:48:
                    da:28:d3:74:00:0b:b1:19:da:42:29:d8:c2:ed:6a:
                    a7:ed:92:75:8a:51:84:57:ee:c0:5b:fa:bf:e2:de:
                    be:be:c9:32:ae:62:02:09:cd:ca:ba:f9:3a:0f:a0:
                    0c:c8:a6:53:87:9a:8a:e3:ec:59:01:ed:36:c0:f3:
                    37:a9:a7:a6:e2:20:dd:ad:df:fa:11:35:a6:56:d0:
                    79:89:41:34:5e:72:ec:85:23:04:64:56:ea:46:93:
                    ef:91:54:f7:30:63:c4:19:85:90:92:b7:6a:6e:46:
                    eb:4c:50:a7:40:e1:5a:78:df:f6:76:6f:d9:8a:1a:
                    fb:87:13:ff:f4:43:a0:de:3f:29:89:7a:92:88:29:
                    f1:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:A8:E6:3D:F6:8B:AE:D0:69:8E:60:67:D3:E2:CA:DB:E5:D8:2B:A1
            X509v3 Authority Key Identifier:
                keyid:D3:4B:CF:21:27:AF:0B:2E:0A:24:6A:E4:57:43:04:C7:AE:77:15:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/00vPISevCy4KJGrkV0MEx653Fek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/0a4bc4-da4b-4f18-b4be-afc1ee4611a1/1/SqjmPfaLrtBpjmBn0-LK2-XYK6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/0a4bc4-da4b-4f18-b4be-afc1ee4611a1/1/00vPISevCy4KJGrkV0MEx653Fek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.104.0/23
                  194.11.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:1d:7d:5b:8d:8a:af:da:9b:2d:dc:47:42:8b:38:1a:a9:0c:
         ba:50:da:c8:9f:cb:3a:09:1a:6b:a9:03:38:d9:2a:3d:81:ae:
         18:56:b1:4f:46:37:f9:06:62:1a:d5:d8:af:04:99:ad:f7:a4:
         3a:34:18:0d:8f:28:fa:12:3e:ab:4c:68:a3:70:b0:d5:98:bc:
         eb:bc:04:2f:75:1f:93:ac:71:95:0f:59:38:d3:e3:53:0a:f8:
         c8:fd:41:3a:b2:8b:8a:db:7f:1d:10:26:79:ae:7b:d0:16:02:
         de:5e:fd:cc:f2:79:d8:e2:f5:57:de:70:f2:21:9f:2e:1f:e0:
         5b:a7:c4:4e:36:27:60:aa:a7:fb:fc:51:3a:7c:62:8b:6d:ca:
         08:cd:f0:cc:70:cf:a0:96:fe:8c:16:e7:32:c1:2f:8c:de:3f:
         02:2e:a8:ac:d7:0e:99:4b:4b:41:c6:8e:ee:e7:fe:e7:a2:6f:
         dc:24:44:67:30:79:b7:ba:7a:55:1e:32:d8:61:ec:de:03:3d:
         f1:24:d4:26:76:ed:ca:6d:45:5a:41:6c:68:d2:80:77:64:6c:
         ea:7c:5f:be:5b:b8:a1:c5:d6:a4:46:90:fe:95:e3:aa:f1:2b:
         ac:d1:86:d4:d3:7c:5a:87:d1:8d:f1:fa:22:22:4d:ca:83:cb:
         b5:d5:06:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZVgFTsayNNjptNtgp5Xyp3ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNGJjZjIxMjdhZjBiMmUwYTI0NmFlNDU3NDMwNGM3YWU3
NzE1ZTkwHhcNMjUwMzA0MDczNTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWE4ZTYzZGY2OGJhZWQwNjk4ZTYwNjdkM2UyY2FkYmU1ZDgyYmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJVmPbWqRx9qgYw5R2+fmREJnQkj
LsBgww+cLhHntc2u6kdE4Y2yUdiZKvkKF6loTeTbjT4cPwiIzTaFsora2cVxCu7S
Mtrn7iK0cwCO1CzqDFkbfJ/S4OvOUGwHu29TjGHrDSqv0mXS5HGZU33bKMhLQ4aI
B0jaKNN0AAuxGdpCKdjC7Wqn7ZJ1ilGEV+7AW/q/4t6+vskyrmICCc3Kuvk6D6AM
yKZTh5qK4+xZAe02wPM3qaem4iDdrd/6ETWmVtB5iUE0XnLshSMEZFbqRpPvkVT3
MGPEGYWQkrdqbkbrTFCnQOFaeN/2dm/Zihr7hxP/9EOg3j8piXqSiCnxMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEqo5j32i67QaY5gZ9Piytvl2CuhMB8GA1UdIwQY
MBaAFNNLzyEnrwsuCiRq5FdDBMeudxXpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDB2UElTZXZDeTRLSkdya1YwTUV4NjUzRmVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wYTRiYzQtZGE0Yi00ZjE4LWI0YmUt
YWZjMWVlNDYxMWExLzEvU3FqbVBmYUxydEJwam1CbjAtTEsyLVhZSzZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wYTRiYzQtZGE0Yi00ZjE4LWI0YmUtYWZjMWVlNDYxMWEx
LzEvMDB2UElTZXZDeTRLSkdya1YwTUV4NjUzRmVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW85oAwQA
wgvfMA0GCSqGSIb3DQEBCwUAA4IBAQAsHX1bjYqv2pst3EdCizgaqQy6UNrIn8s6
CRprqQM42So9ga4YVrFPRjf5BmIa1divBJmt96Q6NBgNjyj6Ej6rTGijcLDVmLzr
vAQvdR+TrHGVD1k40+NTCvjI/UE6souK238dECZ5rnvQFgLeXv3M8nnY4vVX3nDy
IZ8uH+Bbp8RONidgqqf7/FE6fGKLbcoIzfDMcM+glv6MFucywS+M3j8CLqis1w6Z
S0tBxo7u5/7nom/cJERnMHm3unpVHjLYYezeAz3xJNQmdu3KbUVaQWxo0oB3ZGzq
fF++W7ihxdakRpD+leOq8Sus0YbU03xah9GN8foiIk3Kg8u11QYZ
-----END CERTIFICATE-----