Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/QlCAuh3BwFi93CNRR2QudW6h7wo.roa
File:                     QlCAuh3BwFi93CNRR2QudW6h7wo.roa (raw, json)
Hash identifier:          uncTgnvemQx/dxWm/t6XkV69Yo1FQ8Xd52H7MNubFsU=
Subject key identifier:   42:50:80:BA:1D:C1:C0:58:BD:DC:23:51:47:64:2E:75:6E:A1:EF:0A
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0196F34C1F7E5EF7821BC9DBB96D2BECB2FE
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/QlCAuh3BwFi93CNRR2QudW6h7wo.roa
Signing time:             Wed 21 May 2025 14:42:54 +0000
ROA not before:           Wed 21 May 2025 14:42:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216366
IP address blocks:        62.76.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f3:4c:1f:7e:5e:f7:82:1b:c9:db:b9:6d:2b:ec:b2:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 21 14:42:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=425080ba1dc1c058bddc235147642e756ea1ef0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a0:43:9f:aa:63:12:0e:55:7a:5f:9f:3a:14:
                    84:0c:d8:d0:6f:31:39:75:9b:c8:a3:2c:42:72:4e:
                    9a:54:8b:c4:11:2e:ff:c6:20:ab:16:4b:67:90:52:
                    a8:0e:99:17:c6:85:2b:41:2f:85:ac:73:dd:ef:fc:
                    c0:4c:e6:bc:49:4b:da:4c:d9:e9:f6:af:a0:1e:05:
                    f2:fb:55:2f:4d:cf:4a:36:a3:44:ce:a8:9c:fa:d9:
                    bf:fb:42:8b:03:72:ec:3e:63:48:3b:42:a2:8d:24:
                    80:2b:a5:fa:e0:76:49:6d:63:7e:8f:b6:9e:b7:ac:
                    a6:b3:d4:c5:66:11:22:0b:89:97:14:dc:26:c1:6d:
                    c6:87:90:b3:4e:6e:ac:50:8e:7b:a0:74:bd:3a:ac:
                    7b:60:0e:ff:5b:a7:af:6e:02:98:04:8f:a2:01:6b:
                    a9:17:bd:34:d6:cb:6d:72:e5:29:6f:91:4a:ec:86:
                    c4:0c:0b:ab:1c:66:34:cf:97:a6:51:78:86:c5:34:
                    b8:ef:39:84:0a:cd:08:dd:ca:a4:ec:9f:1f:6c:67:
                    63:85:c3:75:a0:da:92:a6:99:d9:e5:59:19:10:23:
                    c5:f8:52:08:c6:18:b9:d1:62:55:b2:2c:12:2b:d8:
                    b5:3f:c8:47:c2:c4:c6:53:2c:c5:c0:33:e3:e4:82:
                    2f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:50:80:BA:1D:C1:C0:58:BD:DC:23:51:47:64:2E:75:6E:A1:EF:0A
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/QlCAuh3BwFi93CNRR2QudW6h7wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:a5:34:d4:3f:c4:d0:b0:f1:ec:c2:34:84:07:90:08:a7:2c:
         1e:e5:ee:21:f1:df:48:49:1a:49:89:e8:e3:a2:91:0e:e3:23:
         d5:4b:49:51:f4:56:62:6f:dc:dc:aa:92:60:59:d0:96:ed:0e:
         0f:65:6e:21:f2:bc:95:77:f8:6d:94:e3:44:e1:03:e2:4c:cb:
         f8:42:49:6d:3c:ac:53:97:84:3a:1c:0d:39:37:4e:bd:8f:5d:
         94:90:3a:48:78:d6:db:5d:34:c1:f7:9c:8f:2d:e5:bf:dc:bd:
         2f:6c:64:a2:d2:0e:83:d8:f9:e3:50:36:53:7a:f9:ed:14:81:
         81:00:b4:bc:33:ca:b6:98:68:d0:bb:c1:30:62:35:12:bf:79:
         b4:8a:01:45:36:70:cc:38:31:b7:22:46:4b:73:15:af:9b:d5:
         ac:3b:9c:63:a3:7d:bf:57:ad:99:9c:a4:e9:13:b3:cd:6b:f8:
         4a:95:33:b0:99:30:17:1c:08:9e:b3:39:dd:b4:db:38:56:e5:
         c3:c5:b9:ee:5f:3e:c0:26:54:1b:08:2f:de:19:93:b4:15:e9:
         80:8c:d3:02:c1:d6:c6:95:d1:e4:31:ed:60:96:f5:e4:28:80:
         53:24:1d:8b:14:e2:b2:cf:94:e1:93:ee:96:08:29:b5:7a:4a:
         c0:a2:89:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbzTB9+XveCG8nbuW0r7LL+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNTIxMTQ0MjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjUwODBiYTFkYzFjMDU4YmRkYzIzNTE0NzY0MmU3NTZlYTFlZjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6BDn6pjEg5Vel+fOhSEDNjQbzE5
dZvIoyxCck6aVIvEES7/xiCrFktnkFKoDpkXxoUrQS+FrHPd7/zATOa8SUvaTNnp
9q+gHgXy+1UvTc9KNqNEzqic+tm/+0KLA3LsPmNIO0KijSSAK6X64HZJbWN+j7ae
t6yms9TFZhEiC4mXFNwmwW3Gh5CzTm6sUI57oHS9Oqx7YA7/W6evbgKYBI+iAWup
F7001sttcuUpb5FK7IbEDAurHGY0z5emUXiGxTS47zmECs0I3cqk7J8fbGdjhcN1
oNqSppnZ5VkZECPF+FIIxhi50WJVsiwSK9i1P8hHwsTGUyzFwDPj5IIv5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJQgLodwcBYvdwjUUdkLnVuoe8KMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUWxDQXVoM0J3Rmk5M0NOUlIyUXVkVzZoN3dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkzhMA0G
CSqGSIb3DQEBCwUAA4IBAQAXpTTUP8TQsPHswjSEB5AIpywe5e4h8d9ISRpJiejj
opEO4yPVS0lR9FZib9zcqpJgWdCW7Q4PZW4h8ryVd/htlONE4QPiTMv4QkltPKxT
l4Q6HA05N069j12UkDpIeNbbXTTB95yPLeW/3L0vbGSi0g6D2PnjUDZTevntFIGB
ALS8M8q2mGjQu8EwYjUSv3m0igFFNnDMODG3IkZLcxWvm9WsO5xjo32/V62ZnKTp
E7PNa/hKlTOwmTAXHAieszndtNs4VuXDxbnuXz7AJlQbCC/eGZO0FemAjNMCwdbG
ldHkMe1glvXkKIBTJB2LFOKyz5Thk+6WCCm1ekrAoolN
-----END CERTIFICATE-----