Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/CQjh1lBawRmJhae_JCcLeC12ZMI.roa
File:                     CQjh1lBawRmJhae_JCcLeC12ZMI.roa (raw, json)
Hash identifier:          KA1ARhFPjxLO+oG4DPSa1yPcbz35e20t6XRERre7mO0=
Subject key identifier:   09:08:E1:D6:50:5A:C1:19:89:85:A7:BF:24:27:0B:78:2D:76:64:C2
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01992F81D7E3B5E0162C91BF80508CCDA34D
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/CQjh1lBawRmJhae_JCcLeC12ZMI.roa
Signing time:             Tue 09 Sep 2025 17:24:22 +0000
ROA not before:           Tue 09 Sep 2025 17:24:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215136
IP address blocks:        5.83.134.0/24 maxlen: 24
                          5.175.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 Oct 2025 04:05:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2f:81:d7:e3:b5:e0:16:2c:91:bf:80:50:8c:cd:a3:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Sep  9 17:24:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0908e1d6505ac1198985a7bf24270b782d7664c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:89:57:ec:00:4b:f9:64:b6:a0:1b:c4:a4:05:
                    af:4b:31:62:89:32:cb:81:7c:2b:79:56:92:b8:13:
                    b6:d6:e5:89:4f:03:d3:e9:e4:97:77:3a:6c:dc:71:
                    0c:11:ec:51:d4:5c:42:56:13:a9:9c:d3:b7:e0:70:
                    5c:63:8a:20:9a:a7:b0:a9:57:69:2b:97:fb:2b:d9:
                    33:2b:93:99:32:72:98:0f:35:87:67:0c:1c:a3:da:
                    55:17:35:fd:bf:c1:c1:8f:8a:43:9a:d1:5d:47:db:
                    b8:a1:d2:7e:80:9e:2c:cc:b8:e1:b1:19:28:31:1f:
                    40:19:fd:17:f7:49:fd:65:9e:91:1e:2c:bf:b6:da:
                    47:7d:d6:57:68:0d:07:7c:46:fc:45:f2:8a:a3:4f:
                    c0:16:0f:03:37:33:e1:89:b1:17:b3:bd:73:ec:a4:
                    a3:f2:90:62:b9:d4:59:99:f1:e2:54:ce:8a:6b:f9:
                    05:88:26:65:ba:63:b5:9f:72:6b:3f:76:3e:1d:62:
                    26:96:0a:1d:a3:d5:0b:dc:49:92:58:47:d2:c2:26:
                    37:50:a1:4c:52:a8:4a:d1:77:8a:31:1a:fa:c0:ad:
                    0e:7d:17:11:ce:c4:47:c6:9c:8d:9e:63:b0:11:83:
                    bf:5f:19:b2:a5:8a:6e:8d:72:31:48:91:c5:7f:9f:
                    56:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:08:E1:D6:50:5A:C1:19:89:85:A7:BF:24:27:0B:78:2D:76:64:C2
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/CQjh1lBawRmJhae_JCcLeC12ZMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.134.0/24
                  5.175.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:30:ac:be:29:1d:76:01:22:4a:7f:e5:15:66:64:a8:b4:ff:
         71:b5:c3:c3:1f:ef:fc:67:fa:86:ab:b4:ad:8b:16:ea:8c:b5:
         d3:fb:cf:4b:ea:c4:7c:63:fb:ec:30:3a:24:47:74:3b:4f:dc:
         27:02:f0:cf:5b:49:b0:06:12:02:be:d1:5e:8e:a0:31:0c:51:
         8e:33:e9:81:d2:4c:cb:cd:23:5e:f9:63:1b:d3:de:99:ad:3e:
         05:d8:a2:8e:cf:7f:a3:5e:d4:fc:78:6f:c3:04:01:f0:5b:17:
         f2:95:c5:f8:62:dd:c7:c8:53:93:34:c5:7d:34:0a:a2:8f:9b:
         8b:49:e8:95:f2:23:d4:2d:a1:b5:ff:cb:b6:1a:d9:80:65:4d:
         b7:d0:2e:ea:0a:ab:ba:8b:f6:28:6c:eb:4d:d0:fe:4d:da:e4:
         62:16:88:b3:ea:59:f3:49:13:b6:fa:1f:b6:45:78:b3:58:b9:
         19:8a:ad:75:12:82:b1:af:50:c0:ba:59:4e:07:25:ce:13:31:
         18:fa:7e:9d:79:41:a4:9c:f6:e4:7f:87:13:cb:d0:84:30:e6:
         95:68:05:c4:d5:1c:f0:af:03:2d:6c:87:5d:ea:d4:e8:16:a4:
         aa:99:94:b7:fd:b5:dc:46:7f:64:ca:dd:88:21:70:a3:86:ca:
         53:5c:e3:7b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkvgdfjteAWLJG/gFCMzaNNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwOTA5MTcyNDIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTA4ZTFkNjUwNWFjMTE5ODk4NWE3YmYyNDI3MGI3ODJkNzY2NGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4lX7ABL+WS2oBvEpAWvSzFiiTLL
gXwreVaSuBO21uWJTwPT6eSXdzps3HEMEexR1FxCVhOpnNO34HBcY4ogmqewqVdp
K5f7K9kzK5OZMnKYDzWHZwwco9pVFzX9v8HBj4pDmtFdR9u4odJ+gJ4szLjhsRko
MR9AGf0X90n9ZZ6RHiy/ttpHfdZXaA0HfEb8RfKKo0/AFg8DNzPhibEXs71z7KSj
8pBiudRZmfHiVM6Ka/kFiCZlumO1n3JrP3Y+HWImlgodo9UL3EmSWEfSwiY3UKFM
UqhK0XeKMRr6wK0OfRcRzsRHxpyNnmOwEYO/XxmypYpujXIxSJHFf59WtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAkI4dZQWsEZiYWnvyQnC3gtdmTCMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvQ1FqaDFsQmF3Um1KaGFlX0pDY0xlQzEyWk1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABVOGAwQA
Ba+MMA0GCSqGSIb3DQEBCwUAA4IBAQB9MKy+KR12ASJKf+UVZmSotP9xtcPDH+/8
Z/qGq7StixbqjLXT+89L6sR8Y/vsMDokR3Q7T9wnAvDPW0mwBhICvtFejqAxDFGO
M+mB0kzLzSNe+WMb096ZrT4F2KKOz3+jXtT8eG/DBAHwWxfylcX4Yt3HyFOTNMV9
NAqij5uLSeiV8iPULaG1/8u2GtmAZU230C7qCqu6i/YobOtN0P5N2uRiFoiz6lnz
SRO2+h+2RXizWLkZiq11EoKxr1DAullOByXOEzEY+n6deUGknPbkf4cTy9CEMOaV
aAXE1RzwrwMtbIdd6tToFqSqmZS3/bXcRn9kyt2IIXCjhspTXON7
-----END CERTIFICATE-----