Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/QV_6DUkAdERVfw0yzUcHGV_bqz8.roa
File:                     QV_6DUkAdERVfw0yzUcHGV_bqz8.roa (raw, json)
Hash identifier:          c8b8x2TUbfNy9W2/B6dT+X68ZyaWk4xbwJtuGfbhOdc=
Subject key identifier:   41:5F:FA:0D:49:00:74:44:55:7F:0D:32:CD:47:07:19:5F:DB:AB:3F
Certificate issuer:       /CN=bf239c7790fc3d577626d5bbf1861e59c9b470ae
Certificate serial:       0199942564E6BA4634FB31A5F8C9A2199573
Authority key identifier: BF:23:9C:77:90:FC:3D:57:76:26:D5:BB:F1:86:1E:59:C9:B4:70:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vyOcd5D8PVd2JtW78YYeWcm0cK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/QV_6DUkAdERVfw0yzUcHGV_bqz8.roa
Signing time:             Mon 29 Sep 2025 06:25:02 +0000
ROA not before:           Mon 29 Sep 2025 06:25:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        93.174.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/vyOcd5D8PVd2JtW78YYeWcm0cK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/vyOcd5D8PVd2JtW78YYeWcm0cK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vyOcd5D8PVd2JtW78YYeWcm0cK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:94:25:64:e6:ba:46:34:fb:31:a5:f8:c9:a2:19:95:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf239c7790fc3d577626d5bbf1861e59c9b470ae
        Validity
            Not Before: Sep 29 06:25:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=415ffa0d49007444557f0d32cd4707195fdbab3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:2e:46:70:0b:49:05:93:9c:f1:1f:11:55:69:
                    f5:00:17:36:c7:d5:7a:21:b3:bc:8c:35:2b:af:cc:
                    c3:25:c1:dc:ab:60:43:75:4b:d8:6b:d0:b2:c8:44:
                    22:4e:79:79:bb:07:34:c3:b1:a0:a7:d4:56:dc:8d:
                    18:7e:50:36:c9:0a:22:76:e6:55:89:fe:65:a6:11:
                    6b:b9:34:ef:f8:07:fc:9f:64:f6:32:26:0b:9b:00:
                    b8:3f:26:41:47:74:42:be:de:e5:58:0e:ee:ee:98:
                    a9:c8:b6:e7:ff:28:2b:0b:6f:e4:30:14:48:03:4f:
                    3f:4a:d8:39:88:e9:8d:fd:b2:10:ec:b7:b9:0b:65:
                    9e:ed:44:75:41:0b:a9:ab:a4:a5:19:98:1f:5b:e2:
                    0c:54:27:24:49:d7:1d:58:d2:e7:00:eb:5a:c3:22:
                    a4:03:06:a0:87:0a:85:cf:6a:ac:d9:10:41:25:3f:
                    36:29:df:eb:2a:ba:c9:a7:d0:9d:04:cc:34:4c:f0:
                    23:26:87:49:db:50:f6:c4:ee:02:87:e9:c1:7e:b2:
                    56:97:b8:57:06:6d:8c:f5:00:6f:76:05:5c:a9:ba:
                    62:e2:2b:03:f5:b7:ca:00:75:14:8d:55:af:07:f7:
                    41:98:a8:fb:3a:d8:34:c5:e9:64:e4:21:02:75:f5:
                    18:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:5F:FA:0D:49:00:74:44:55:7F:0D:32:CD:47:07:19:5F:DB:AB:3F
            X509v3 Authority Key Identifier:
                keyid:BF:23:9C:77:90:FC:3D:57:76:26:D5:BB:F1:86:1E:59:C9:B4:70:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vyOcd5D8PVd2JtW78YYeWcm0cK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/QV_6DUkAdERVfw0yzUcHGV_bqz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/vyOcd5D8PVd2JtW78YYeWcm0cK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.174.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:1f:ac:d4:58:55:be:2d:eb:4c:40:fd:07:5b:af:1b:f7:31:
         00:89:4b:9c:f6:2b:a5:39:3c:f1:7f:12:fe:83:69:51:f8:63:
         fb:fa:90:34:d2:08:0a:55:2a:43:51:2a:e7:9f:ac:90:7f:8d:
         a4:2e:05:3f:3d:64:68:7e:a6:3e:c3:0f:8d:87:80:9e:fe:d9:
         94:5c:10:94:28:fc:dc:f2:48:d3:30:f0:05:de:4b:e9:0b:ad:
         92:37:43:80:a7:2c:71:9b:d9:aa:ee:16:c5:88:08:40:58:aa:
         4c:7a:47:f2:a7:13:f1:38:7c:64:6a:da:8b:79:ef:08:30:f1:
         92:7e:9b:74:89:c1:77:8f:e9:e1:cb:4c:7a:43:9b:54:cf:29:
         e8:2b:bb:95:5e:96:26:bd:9e:22:e4:cf:78:f4:2a:f4:ee:f1:
         44:fa:80:d2:c2:53:c0:64:30:25:47:b7:24:0a:01:77:93:aa:
         68:e9:7f:c4:14:cb:c5:e5:15:62:a9:33:12:e2:40:7c:2a:63:
         a0:c0:b7:6f:7b:68:b5:03:26:6f:ce:4e:79:2f:43:df:cd:d7:
         05:b5:ab:4b:11:4a:c4:a0:8a:28:ec:6d:5f:cf:a9:8c:89:da:
         c3:be:22:cd:88:a4:d4:bf:33:f8:8c:ba:aa:34:73:cc:ba:78:
         ba:4f:9d:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmUJWTmukY0+zGl+MmiGZVzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMjM5Yzc3OTBmYzNkNTc3NjI2ZDViYmYxODYxZTU5Yzli
NDcwYWUwHhcNMjUwOTI5MDYyNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTVmZmEwZDQ5MDA3NDQ0NTU3ZjBkMzJjZDQ3MDcxOTVmZGJhYjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5i5GcAtJBZOc8R8RVWn1ABc2x9V6
IbO8jDUrr8zDJcHcq2BDdUvYa9CyyEQiTnl5uwc0w7Ggp9RW3I0YflA2yQoiduZV
if5lphFruTTv+Af8n2T2MiYLmwC4PyZBR3RCvt7lWA7u7pipyLbn/ygrC2/kMBRI
A08/Stg5iOmN/bIQ7Le5C2We7UR1QQupq6SlGZgfW+IMVCckSdcdWNLnAOtawyKk
AwaghwqFz2qs2RBBJT82Kd/rKrrJp9CdBMw0TPAjJodJ21D2xO4Ch+nBfrJWl7hX
Bm2M9QBvdgVcqbpi4isD9bfKAHUUjVWvB/dBmKj7Otg0xelk5CECdfUYcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFf+g1JAHREVX8NMs1HBxlf26s/MB8GA1UdIwQY
MBaAFL8jnHeQ/D1XdibVu/GGHlnJtHCuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnlPY2Q1RDhQVmQySnRXNzhZWWVXY20wY0s0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9iMGRlZWMtNzIzMy00MmYzLTg3Njct
YjU1MDNhMzJlZGZlLzEvUVZfNkRVa0FkRVJWZncweXpVY0hHVl9icXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9iMGRlZWMtNzIzMy00MmYzLTg3NjctYjU1MDNhMzJlZGZl
LzEvdnlPY2Q1RDhQVmQySnRXNzhZWWVXY20wY0s0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXa7QMA0G
CSqGSIb3DQEBCwUAA4IBAQBPH6zUWFW+LetMQP0HW68b9zEAiUuc9iulOTzxfxL+
g2lR+GP7+pA00ggKVSpDUSrnn6yQf42kLgU/PWRofqY+ww+Nh4Ce/tmUXBCUKPzc
8kjTMPAF3kvpC62SN0OApyxxm9mq7hbFiAhAWKpMekfypxPxOHxkatqLee8IMPGS
fpt0icF3j+nhy0x6Q5tUzynoK7uVXpYmvZ4i5M949Cr07vFE+oDSwlPAZDAlR7ck
CgF3k6po6X/EFMvF5RViqTMS4kB8KmOgwLdve2i1AyZvzk55L0PfzdcFtatLEUrE
oIoo7G1fz6mMidrDviLNiKTUvzP4jLqqNHPMuni6T51Q
-----END CERTIFICATE-----