Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/QzQU3ZGZ8hKGnEpd1FBDBLaC54I.roa
File:                     QzQU3ZGZ8hKGnEpd1FBDBLaC54I.roa (raw, json)
Hash identifier:          hwGGHotb5LYjRlv6CVYdkeylIRe1Cifyeb3uVRZFRw8=
Subject key identifier:   43:34:14:DD:91:99:F2:12:86:9C:4A:5D:D4:50:43:04:B6:82:E7:82
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       0195A2C22FB515B9609594C86F6D85CBEAAF
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/QzQU3ZGZ8hKGnEpd1FBDBLaC54I.roa
Signing time:             Mon 17 Mar 2025 06:19:49 +0000
ROA not before:           Mon 17 Mar 2025 06:19:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197537
IP address blocks:        194.116.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 10:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a2:c2:2f:b5:15:b9:60:95:94:c8:6f:6d:85:cb:ea:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Mar 17 06:19:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=433414dd9199f212869c4a5dd4504304b682e782
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:2b:81:7c:11:be:55:de:c2:aa:03:50:99:0e:
                    ee:68:c3:2c:52:4a:76:38:29:52:ed:af:8e:f2:5b:
                    db:03:7e:0f:24:a2:97:8c:fe:ce:2a:ac:7f:d8:a5:
                    c2:e0:22:6e:64:b2:a1:9a:bd:3a:5f:99:cd:9a:38:
                    45:c1:5e:aa:36:1e:7f:73:0a:3d:ca:a4:96:07:67:
                    38:b1:ae:4a:6a:c1:99:05:df:d9:0b:51:ce:fd:47:
                    26:27:3a:0b:76:ec:20:be:4b:03:c8:c1:08:5e:46:
                    f6:6e:1f:6b:5b:b7:51:83:98:83:0f:36:45:25:28:
                    bb:00:f2:4a:9f:7c:aa:73:92:28:d9:ea:33:6b:07:
                    b8:92:e8:10:2c:c5:d5:5e:da:0b:4d:c5:35:1a:0b:
                    cd:4e:c6:36:f0:ee:93:55:8a:20:48:15:17:93:88:
                    c5:9b:b8:51:da:e4:ff:b3:d0:be:7e:a1:3b:7e:62:
                    ff:07:5e:ca:f4:39:71:89:c2:3c:de:fe:f8:10:c1:
                    92:e2:04:33:3a:24:b3:e2:20:5f:1b:1a:2e:c3:36:
                    23:74:4f:5b:e3:be:b2:1d:91:dc:29:fe:da:5e:d2:
                    0a:c8:72:a6:8b:f0:00:cf:70:be:79:b8:ac:02:d8:
                    08:d8:f2:57:2e:52:b0:33:a7:d1:ea:b3:62:9f:3d:
                    09:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:34:14:DD:91:99:F2:12:86:9C:4A:5D:D4:50:43:04:B6:82:E7:82
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/QzQU3ZGZ8hKGnEpd1FBDBLaC54I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:82:dc:fa:7b:ff:88:10:65:eb:de:ad:7e:e5:34:d5:16:89:
         5c:66:dd:64:92:aa:6e:63:fe:78:89:9a:58:1e:9c:fc:42:f3:
         52:a7:df:f7:11:6b:63:2b:eb:df:a0:78:27:ca:1c:ee:a8:ef:
         42:11:32:f1:0e:5c:8e:67:2c:ae:e8:36:ac:e9:01:38:07:5d:
         03:6e:51:ab:52:10:2d:52:a1:be:63:87:59:d0:77:fc:36:e7:
         96:ba:9a:8f:25:f7:77:53:91:f0:47:f3:31:cb:e3:ac:68:57:
         d7:35:ec:8a:a4:4f:4e:63:05:67:ea:6c:0c:c3:a9:a4:b4:52:
         25:d0:26:4c:6a:cc:cf:73:d0:34:7e:3a:0b:22:6a:6a:f4:ff:
         bc:1a:6a:39:3c:0a:0f:02:76:0d:35:f1:b2:de:93:38:dd:b0:
         c0:68:36:23:c4:87:13:24:91:f1:f6:9b:e8:b5:fa:3d:d3:e3:
         b1:e2:17:06:23:60:c3:ee:12:b7:b2:20:a1:58:2e:49:7d:33:
         e4:7d:f2:5c:62:ae:78:0f:c4:12:52:f6:d0:45:c6:4b:f5:b3:
         61:e7:bf:67:01:1d:79:7a:06:33:87:71:51:ce:5f:17:aa:1c:
         47:0c:12:7e:bf:4e:78:ee:df:e4:59:c4:a1:c9:a4:b8:19:f2:
         90:c3:bb:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWiwi+1FblglZTIb22Fy+qvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjUwMzE3MDYxOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzM0MTRkZDkxOTlmMjEyODY5YzRhNWRkNDUwNDMwNGI2ODJlNzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyuBfBG+Vd7CqgNQmQ7uaMMsUkp2
OClS7a+O8lvbA34PJKKXjP7OKqx/2KXC4CJuZLKhmr06X5nNmjhFwV6qNh5/cwo9
yqSWB2c4sa5KasGZBd/ZC1HO/UcmJzoLduwgvksDyMEIXkb2bh9rW7dRg5iDDzZF
JSi7APJKn3yqc5Io2eozawe4kugQLMXVXtoLTcU1GgvNTsY28O6TVYogSBUXk4jF
m7hR2uT/s9C+fqE7fmL/B17K9DlxicI83v74EMGS4gQzOiSz4iBfGxouwzYjdE9b
476yHZHcKf7aXtIKyHKmi/AAz3C+ebisAtgI2PJXLlKwM6fR6rNinz0JywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEM0FN2RmfIShpxKXdRQQwS2gueCMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvUXpRVTNaR1o4aEtHbkVwZDFGQkRCTGFDNTRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnTrMA0G
CSqGSIb3DQEBCwUAA4IBAQBPgtz6e/+IEGXr3q1+5TTVFolcZt1kkqpuY/54iZpY
Hpz8QvNSp9/3EWtjK+vfoHgnyhzuqO9CETLxDlyOZyyu6Das6QE4B10DblGrUhAt
UqG+Y4dZ0Hf8NueWupqPJfd3U5HwR/Mxy+OsaFfXNeyKpE9OYwVn6mwMw6mktFIl
0CZMaszPc9A0fjoLImpq9P+8Gmo5PAoPAnYNNfGy3pM43bDAaDYjxIcTJJHx9pvo
tfo90+Ox4hcGI2DD7hK3siChWC5JfTPkffJcYq54D8QSUvbQRcZL9bNh579nAR15
egYzh3FRzl8XqhxHDBJ+v0547t/kWcShyaS4GfKQw7uh
-----END CERTIFICATE-----