Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/qXSDx6qMLmAkAg9CUQzF6i4iyY0.roa
File:                     qXSDx6qMLmAkAg9CUQzF6i4iyY0.roa (raw, json)
Hash identifier:          wdkB7sltE+pNfWEVP8+xe0pE2lM5C0vVvLdbwwyDf04=
Subject key identifier:   A9:74:83:C7:AA:8C:2E:60:24:02:0F:42:51:0C:C5:EA:2E:22:C9:8D
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       0197F2DB039D7E3B15916162B7C00F5ECAAE
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/qXSDx6qMLmAkAg9CUQzF6i4iyY0.roa
Signing time:             Thu 10 Jul 2025 05:42:08 +0000
ROA not before:           Thu 10 Jul 2025 05:42:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        91.221.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f2:db:03:9d:7e:3b:15:91:61:62:b7:c0:0f:5e:ca:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jul 10 05:42:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a97483c7aa8c2e6024020f42510cc5ea2e22c98d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ca:65:1d:bd:e7:50:0b:06:4a:85:a6:b7:54:
                    6a:24:d5:0c:4a:41:cc:19:40:9a:ea:bf:39:14:97:
                    60:b5:c4:32:ea:df:85:f2:78:34:c0:25:b8:86:13:
                    27:b4:ed:13:2b:f5:e1:6b:1c:a6:4a:0f:32:cc:83:
                    e1:ca:60:bd:f6:9d:57:39:56:39:fa:c2:70:38:13:
                    f3:1c:28:89:5f:ee:78:65:7a:fa:e7:5d:48:da:c5:
                    57:86:53:02:08:65:ea:72:08:cd:42:39:e4:51:f7:
                    3a:54:bf:d0:0a:f3:2f:dc:3a:f7:42:d7:49:29:ef:
                    92:17:f4:ff:e4:06:24:26:a0:3d:c8:98:91:3a:da:
                    8f:8c:57:82:26:f6:4d:5f:6e:fd:1f:78:54:80:e6:
                    dc:8d:09:23:3b:ea:d1:56:d7:49:f6:cc:28:3e:36:
                    3c:6d:a8:4e:11:3e:43:c7:73:b7:b8:31:f6:a0:1e:
                    54:8b:b7:5f:ab:8b:fe:09:a3:9c:c3:54:fd:a1:dc:
                    d3:f4:73:8e:54:d7:b1:a5:b1:f7:f5:49:96:9a:67:
                    cb:b4:bf:f8:28:49:09:9a:4c:aa:49:81:61:c1:2e:
                    4a:6e:68:d3:05:8a:5c:4c:1a:0b:a5:85:bd:c2:10:
                    de:c3:b6:ea:90:e4:50:05:5a:52:be:0f:d9:12:dd:
                    64:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:74:83:C7:AA:8C:2E:60:24:02:0F:42:51:0C:C5:EA:2E:22:C9:8D
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/qXSDx6qMLmAkAg9CUQzF6i4iyY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:4b:67:d0:a9:ee:71:ef:04:b9:0a:14:7a:5d:f1:0b:d1:91:
         3d:6a:12:e6:39:66:fc:20:11:59:57:67:23:08:ba:f3:6b:71:
         19:29:45:87:12:f8:0b:8e:9f:b8:cb:83:03:c8:4b:e2:90:38:
         f5:62:dd:ff:ed:5f:0e:51:1c:ed:f1:c0:82:86:40:ff:fd:6f:
         a2:7e:ca:d1:70:c9:61:d7:a4:99:52:76:46:a7:b4:78:f8:52:
         82:47:e5:a2:e8:34:44:db:4a:dd:3b:9a:be:0f:1d:5a:17:00:
         45:fb:55:d8:2b:3d:5f:54:e5:5d:37:b6:3b:d4:3a:6e:b2:18:
         95:3d:be:6b:ef:6f:b6:a5:40:1f:18:25:ce:ba:da:bf:98:05:
         a6:21:fc:1e:82:26:77:3f:7f:c8:cf:68:80:ac:70:9f:ff:12:
         fe:b1:31:68:9a:58:fc:03:3d:37:eb:28:af:7f:4f:87:5b:63:
         e9:f7:4a:da:6e:d2:4a:e7:bf:6f:00:89:de:f7:2c:d1:7f:6e:
         72:f0:6e:ef:e5:8f:a1:26:ee:b3:af:53:96:8c:9c:c6:ce:6b:
         72:39:2e:99:f6:da:f9:da:9f:9b:74:28:b0:da:5d:e2:e7:9e:
         fa:73:12:84:56:25:6f:e3:c4:9a:93:89:c8:fc:be:4f:a1:7d:
         5e:67:6b:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfy2wOdfjsVkWFit8APXsquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjUwNzEwMDU0MjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTc0ODNjN2FhOGMyZTYwMjQwMjBmNDI1MTBjYzVlYTJlMjJjOThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsplHb3nUAsGSoWmt1RqJNUMSkHM
GUCa6r85FJdgtcQy6t+F8ng0wCW4hhMntO0TK/XhaxymSg8yzIPhymC99p1XOVY5
+sJwOBPzHCiJX+54ZXr6511I2sVXhlMCCGXqcgjNQjnkUfc6VL/QCvMv3Dr3QtdJ
Ke+SF/T/5AYkJqA9yJiROtqPjFeCJvZNX279H3hUgObcjQkjO+rRVtdJ9swoPjY8
bahOET5Dx3O3uDH2oB5Ui7dfq4v+CaOcw1T9odzT9HOOVNexpbH39UmWmmfLtL/4
KEkJmkyqSYFhwS5KbmjTBYpcTBoLpYW9whDew7bqkORQBVpSvg/ZEt1kIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKl0g8eqjC5gJAIPQlEMxeouIsmNMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvcVhTRHg2cU1MbUFrQWc5Q1VRekY2aTRpeVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW910MA0G
CSqGSIb3DQEBCwUAA4IBAQCSS2fQqe5x7wS5ChR6XfEL0ZE9ahLmOWb8IBFZV2cj
CLrza3EZKUWHEvgLjp+4y4MDyEvikDj1Yt3/7V8OURzt8cCChkD//W+ifsrRcMlh
16SZUnZGp7R4+FKCR+Wi6DRE20rdO5q+Dx1aFwBF+1XYKz1fVOVdN7Y71DpushiV
Pb5r72+2pUAfGCXOutq/mAWmIfwegiZ3P3/Iz2iArHCf/xL+sTFomlj8Az036yiv
f0+HW2Pp90rabtJK579vAIne9yzRf25y8G7v5Y+hJu6zr1OWjJzGzmtyOS6Z9tr5
2p+bdCiw2l3i5576cxKEViVv48Sak4nI/L5PoX1eZ2tE
-----END CERTIFICATE-----