Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dQNT7klJN-VYE1OT0U7zaPRCgO4.roa
File:                     dQNT7klJN-VYE1OT0U7zaPRCgO4.roa (raw, json)
Hash identifier:          xPcsuNMFMjFu1rl93X0B57WwnZMNtNqcu/V/hFNWi1A=
Subject key identifier:   75:03:53:EE:49:49:37:E5:58:13:53:93:D1:4E:F3:68:F4:42:80:EE
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019986ECB24D319560FD94B1BB878786600D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dQNT7klJN-VYE1OT0U7zaPRCgO4.roa
Signing time:             Fri 26 Sep 2025 16:48:03 +0000
ROA not before:           Fri 26 Sep 2025 16:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213751
IP address blocks:        193.124.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 22:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:86:ec:b2:4d:31:95:60:fd:94:b1:bb:87:87:86:60:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 26 16:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=750353ee494937e558135393d14ef368f44280ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:3d:62:b9:0f:e4:c3:36:71:53:ba:ae:0a:97:
                    4c:c7:68:7e:2b:ec:53:fe:b7:cd:54:67:c2:cb:dc:
                    bf:63:0b:0c:11:11:57:04:ff:05:fa:fc:dd:3a:a5:
                    b7:57:3a:b9:33:34:e6:68:61:28:83:91:cc:af:82:
                    1e:e8:e0:6a:a4:96:11:e1:3c:6d:10:ef:3d:96:36:
                    f1:38:81:4a:4e:30:8a:3a:d2:0e:47:e8:bb:9a:93:
                    a0:c5:bd:7a:46:73:e5:c0:70:30:e2:03:de:36:bb:
                    60:f7:0f:fe:0c:2b:9b:21:37:c4:ae:8d:45:d7:c9:
                    2d:46:17:8b:77:0b:bc:46:c0:c4:4b:8c:ad:3b:a4:
                    af:cc:68:6f:82:b9:ac:6f:f0:d4:dc:ed:a8:e1:e8:
                    b8:4d:fc:ec:cd:01:9d:75:fb:35:0e:0a:87:b4:cb:
                    b7:7f:f8:a0:e1:6f:b6:41:7a:e0:ad:a5:0f:4c:30:
                    17:a2:cc:17:66:bf:e3:f2:7f:fa:5b:46:c5:ce:d6:
                    3f:83:5d:17:d7:23:5b:26:34:0d:68:1b:b3:3b:93:
                    78:90:73:89:1d:5f:ae:b9:a7:1a:d8:42:30:f1:ae:
                    c7:b6:f2:46:ed:c5:aa:e9:db:8e:ef:a0:f4:25:b4:
                    7b:f2:e2:b0:ad:da:13:da:c6:51:b1:99:d7:75:96:
                    d0:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:03:53:EE:49:49:37:E5:58:13:53:93:D1:4E:F3:68:F4:42:80:EE
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dQNT7klJN-VYE1OT0U7zaPRCgO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:4d:4d:86:d5:84:1e:a3:b4:dc:67:41:00:62:1f:a8:a3:65:
         55:fd:4d:4a:5e:e8:03:a9:20:cb:a6:77:a0:e1:ba:f3:df:47:
         d5:0b:fa:f1:d1:6b:df:5a:93:38:4c:c9:60:2b:64:98:65:55:
         8e:2f:d4:7e:03:0c:48:33:d4:88:94:5f:dd:82:4c:44:69:d5:
         8f:2f:af:cb:21:11:b9:fa:08:32:fe:1e:a9:7d:e2:69:f0:80:
         09:3e:a1:77:2a:44:5e:5a:76:2f:c6:d6:f4:b7:79:5a:88:67:
         22:fe:2c:cb:7f:4d:75:5c:cd:96:f3:1c:a4:cf:e8:8f:39:69:
         44:a4:47:f9:72:ef:ca:e3:dc:7e:19:88:f0:7f:c7:81:28:74:
         d2:1c:01:d6:8c:03:b4:f4:59:25:82:59:08:4d:ab:d1:ac:07:
         e8:84:9a:55:19:9d:c1:3a:2a:17:d9:67:25:2f:ad:39:de:10:
         46:5f:a3:b1:f0:36:69:76:8d:bf:60:dc:73:b8:a4:a5:31:ee:
         ad:1c:8a:86:77:cc:0b:ab:75:a3:af:56:da:5e:53:3b:22:4a:
         48:2e:2b:e1:d8:36:bc:41:3e:c7:b5:74:ed:df:fd:b5:87:86:
         fe:6d:17:6c:19:31:44:95:7d:22:7a:23:24:2d:a2:6a:8f:50:
         ba:e7:71:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmG7LJNMZVg/ZSxu4eHhmANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwOTI2MTY0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTAzNTNlZTQ5NDkzN2U1NTgxMzUzOTNkMTRlZjM2OGY0NDI4MGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5D1iuQ/kwzZxU7quCpdMx2h+K+xT
/rfNVGfCy9y/YwsMERFXBP8F+vzdOqW3Vzq5MzTmaGEog5HMr4Ie6OBqpJYR4Txt
EO89ljbxOIFKTjCKOtIOR+i7mpOgxb16RnPlwHAw4gPeNrtg9w/+DCubITfEro1F
18ktRheLdwu8RsDES4ytO6SvzGhvgrmsb/DU3O2o4ei4TfzszQGddfs1DgqHtMu3
f/ig4W+2QXrgraUPTDAXoswXZr/j8n/6W0bFztY/g10X1yNbJjQNaBuzO5N4kHOJ
HV+uuaca2EIw8a7HtvJG7cWq6duO76D0JbR78uKwrdoT2sZRsZnXdZbQoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUDU+5JSTflWBNTk9FO82j0QoDuMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZFFOVDdrbEpOLVZZRTFPVDBVN3phUFJDZ080LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXx8MA0G
CSqGSIb3DQEBCwUAA4IBAQB2TU2G1YQeo7TcZ0EAYh+oo2VV/U1KXugDqSDLpneg
4brz30fVC/rx0WvfWpM4TMlgK2SYZVWOL9R+AwxIM9SIlF/dgkxEadWPL6/LIRG5
+ggy/h6pfeJp8IAJPqF3KkReWnYvxtb0t3laiGci/izLf011XM2W8xykz+iPOWlE
pEf5cu/K49x+GYjwf8eBKHTSHAHWjAO09FklglkITavRrAfohJpVGZ3BOioX2Wcl
L6053hBGX6Ox8DZpdo2/YNxzuKSlMe6tHIqGd8wLq3Wjr1baXlM7IkpILivh2Da8
QT7HtXTt3/21h4b+bRdsGTFElX0ieiMkLaJqj1C653GS
-----END CERTIFICATE-----