Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/QZRImZcJfh5Rs-KyqN-hVpi16kg.roa
File:                     QZRImZcJfh5Rs-KyqN-hVpi16kg.roa (raw, json)
Hash identifier:          MmbWMRjbWTAeW063pf9sig1YCHR9YwgTPc79vzpgNLo=
Subject key identifier:   41:94:48:99:97:09:7E:1E:51:B3:E2:B2:A8:DF:A1:56:98:B5:EA:48
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       0195FF30E70EB89899AE62BA9D6A8D40767C
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/QZRImZcJfh5Rs-KyqN-hVpi16kg.roa
Signing time:             Fri 04 Apr 2025 05:05:49 +0000
ROA not before:           Fri 04 Apr 2025 05:05:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        91.221.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ff:30:e7:0e:b8:98:99:ae:62:ba:9d:6a:8d:40:76:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Apr  4 05:05:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4194489997097e1e51b3e2b2a8dfa15698b5ea48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:2f:6b:3a:d1:ec:d1:99:cf:04:7d:76:ed:23:
                    9d:33:b0:2f:62:f4:d0:ea:e5:51:0d:40:a8:e1:7e:
                    df:93:60:b5:2f:bf:21:8e:1a:74:ee:ba:d3:f7:d6:
                    d0:3b:6d:4b:82:ef:ff:ee:3d:dc:90:2a:fd:29:b6:
                    12:d4:5b:ab:8e:2c:c5:1a:ca:c8:d4:24:4c:bc:15:
                    12:9d:4f:85:ef:c1:04:22:7e:69:b0:a6:b0:b7:0e:
                    9c:6d:b4:83:80:6b:d9:29:91:8f:13:68:56:f4:6a:
                    18:1f:e6:72:ca:7a:85:11:3d:40:85:a1:20:99:de:
                    97:47:97:5f:d4:d2:d7:41:1d:d4:2d:45:16:15:02:
                    2d:3e:f0:7c:59:c6:f5:3c:b4:80:37:a6:35:a4:e4:
                    98:e0:77:84:d1:91:dd:f3:97:d3:ef:e2:59:96:8f:
                    00:78:f8:64:d1:fa:79:2e:ac:e8:2f:be:62:08:a2:
                    d1:2b:0b:65:c1:2e:60:c6:2a:5e:f0:13:3c:bf:8b:
                    0e:82:92:43:ea:1f:00:a7:95:5b:d6:8e:82:7d:e8:
                    73:c4:07:42:dd:b2:cc:7e:9a:d0:71:2a:81:e8:4c:
                    28:54:19:b5:f5:96:05:80:5e:06:f6:29:ff:39:f1:
                    41:bb:46:f3:0d:6f:8d:19:80:54:93:a8:6f:4a:51:
                    6f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:94:48:99:97:09:7E:1E:51:B3:E2:B2:A8:DF:A1:56:98:B5:EA:48
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/QZRImZcJfh5Rs-KyqN-hVpi16kg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:f6:92:cc:8e:43:83:81:19:0a:4e:3d:21:89:c0:54:24:cb:
         04:46:4b:d8:4f:ea:5f:82:7d:3b:f6:1c:42:59:ed:3f:30:7e:
         87:c5:51:3a:c4:0f:3a:09:1f:cb:be:48:a0:92:3b:e1:66:17:
         fb:9f:a2:0e:27:d6:2d:59:f3:5d:9d:73:c7:fa:85:ae:f5:be:
         d2:fe:a3:61:51:a5:1d:9b:97:13:13:3b:0e:e9:db:12:40:a5:
         e7:ea:c5:6e:65:43:a8:fd:16:e9:b6:76:3e:41:9f:4c:61:30:
         42:55:1a:07:f3:f0:ae:62:23:aa:7d:42:9d:c6:a1:e8:29:c5:
         be:6a:e0:60:7d:86:e2:2d:5d:7f:23:01:a8:5b:d2:85:36:f8:
         1f:81:ef:82:c6:28:28:a1:f4:f4:b3:90:cd:39:c3:3f:36:89:
         e2:7b:a1:3d:2c:38:fa:60:1e:bf:41:2f:3f:26:12:4c:5f:f5:
         27:f9:fe:65:64:d0:cf:fd:96:2d:0e:58:c7:87:b6:f6:92:90:
         ab:0f:61:26:3c:07:2b:6d:60:a1:70:86:bf:4d:8b:33:d9:65:
         32:c7:a0:3f:44:ec:a6:02:36:e1:99:fb:c7:89:04:58:a8:86:
         0e:0f:9c:17:b5:ba:71:02:d3:65:92:95:67:18:a5:cc:7e:f4:
         c1:0f:7a:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX/MOcOuJiZrmK6nWqNQHZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjUwNDA0MDUwNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTk0NDg5OTk3MDk3ZTFlNTFiM2UyYjJhOGRmYTE1Njk4YjVlYTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAky9rOtHs0ZnPBH127SOdM7AvYvTQ
6uVRDUCo4X7fk2C1L78hjhp07rrT99bQO21Lgu//7j3ckCr9KbYS1FurjizFGsrI
1CRMvBUSnU+F78EEIn5psKawtw6cbbSDgGvZKZGPE2hW9GoYH+ZyynqFET1AhaEg
md6XR5df1NLXQR3ULUUWFQItPvB8Wcb1PLSAN6Y1pOSY4HeE0ZHd85fT7+JZlo8A
ePhk0fp5LqzoL75iCKLRKwtlwS5gxipe8BM8v4sOgpJD6h8Ap5Vb1o6CfehzxAdC
3bLMfprQcSqB6EwoVBm19ZYFgF4G9in/OfFBu0bzDW+NGYBUk6hvSlFvXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGUSJmXCX4eUbPisqjfoVaYtepIMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvUVpSSW1aY0pmaDVScy1LeXFOLWhWcGkxNmtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW910MA0G
CSqGSIb3DQEBCwUAA4IBAQBa9pLMjkODgRkKTj0hicBUJMsERkvYT+pfgn079hxC
We0/MH6HxVE6xA86CR/LvkigkjvhZhf7n6IOJ9YtWfNdnXPH+oWu9b7S/qNhUaUd
m5cTEzsO6dsSQKXn6sVuZUOo/RbptnY+QZ9MYTBCVRoH8/CuYiOqfUKdxqHoKcW+
auBgfYbiLV1/IwGoW9KFNvgfge+CxigoofT0s5DNOcM/Nonie6E9LDj6YB6/QS8/
JhJMX/Un+f5lZNDP/ZYtDljHh7b2kpCrD2EmPAcrbWChcIa/TYsz2WUyx6A/ROym
AjbhmfvHiQRYqIYOD5wXtbpxAtNlkpVnGKXMfvTBD3qR
-----END CERTIFICATE-----