Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/Qhq_Pkdg0_FY8PGZVpcBxgOpInw.roa
File:                     Qhq_Pkdg0_FY8PGZVpcBxgOpInw.roa (raw, json)
Hash identifier:          B2o4MvsdpbkjfyfBKv+85v4Kp2E1LTKylYWaH/ffkEQ=
Subject key identifier:   42:1A:BF:3E:47:60:D3:F1:58:F0:F1:99:56:97:01:C6:03:A9:22:7C
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       0196FAC67F37FE7CF9643693690376E9B27B
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/Qhq_Pkdg0_FY8PGZVpcBxgOpInw.roa
Signing time:             Fri 23 May 2025 01:33:54 +0000
ROA not before:           Fri 23 May 2025 01:33:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215224
IP address blocks:        194.126.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fa:c6:7f:37:fe:7c:f9:64:36:93:69:03:76:e9:b2:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: May 23 01:33:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=421abf3e4760d3f158f0f199569701c603a9227c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:3a:48:ac:36:0f:94:4f:05:a9:3b:de:46:5b:
                    db:d1:51:1f:d1:65:d1:e2:e3:2f:c8:71:b6:97:8e:
                    73:e4:9b:98:af:53:4d:8e:e1:47:76:37:fc:44:a8:
                    c0:5a:1a:70:3a:61:c4:27:12:04:60:af:38:15:10:
                    48:98:20:bb:0c:53:ef:2b:24:4c:13:6a:6e:58:ee:
                    3c:65:32:24:be:3c:8b:09:74:98:cc:5e:6a:5b:88:
                    2b:ad:fa:d9:3f:ec:52:de:91:06:01:85:ad:2a:c6:
                    69:6f:ce:b8:79:f2:6f:e7:b9:74:f7:61:ac:7b:79:
                    27:31:b4:05:c3:87:87:a4:3a:b7:d8:14:03:ce:e6:
                    ca:e8:c7:0b:7d:9b:eb:94:f2:85:fb:31:e7:80:06:
                    85:08:9f:72:c5:ac:1d:10:7c:d0:63:41:d5:fd:e5:
                    bb:06:87:2d:e9:e1:71:8c:be:2b:da:38:7a:dd:77:
                    53:ae:30:53:40:83:a5:9f:5a:b5:c8:a6:72:34:00:
                    e0:bd:2a:c5:41:6a:bd:ea:b7:7f:62:eb:ce:f1:ad:
                    37:32:04:6b:a0:32:4d:14:91:8b:29:f1:70:f0:29:
                    f3:45:9a:c0:59:f1:10:7f:6c:d6:41:ca:ed:27:0d:
                    04:3c:ec:58:67:6c:70:53:28:e0:b2:be:36:79:3e:
                    ae:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:1A:BF:3E:47:60:D3:F1:58:F0:F1:99:56:97:01:C6:03:A9:22:7C
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/Qhq_Pkdg0_FY8PGZVpcBxgOpInw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:90:2b:6e:10:2c:10:43:0f:47:a9:09:85:03:ea:ce:d4:7c:
         43:f9:cb:44:a7:90:e1:c3:34:4b:68:7d:5d:f6:bb:56:20:17:
         a5:44:f8:57:0f:7e:8a:5b:45:4f:a4:8e:ff:f6:88:90:f5:16:
         a4:59:80:dc:7c:2f:7c:ca:e0:36:32:16:50:6b:31:ec:e0:83:
         eb:73:d5:84:3a:d2:38:2d:a5:99:0c:2d:e4:75:0b:4e:5d:ae:
         6e:dd:9d:0f:7c:74:7a:9a:97:0d:39:dd:a5:e3:e7:4b:49:1f:
         22:81:fe:f4:4d:98:47:1e:49:e4:1d:b6:ef:35:5f:b0:36:0a:
         1b:45:60:0e:57:64:80:40:01:0b:ea:97:74:cf:df:a8:2f:7f:
         5c:74:9a:2d:0b:53:d7:54:6e:bd:c9:5f:db:46:22:af:b3:c8:
         92:b5:37:22:15:d1:b4:eb:80:17:60:88:b6:ff:cc:f5:0a:64:
         7b:c5:18:77:4e:36:20:6a:4e:04:7c:55:c7:55:15:1a:9d:5e:
         0d:77:59:47:21:86:33:f7:50:5a:11:ce:12:3b:ec:3a:91:b1:
         0b:41:1d:3a:db:4f:dc:16:13:55:6f:12:52:35:4c:6b:79:02:
         bd:5c:0d:5d:5f:98:47:70:70:be:02:97:1c:1b:7f:c5:b2:b5:
         5b:dd:60:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb6xn83/nz5ZDaTaQN26bJ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjUwNTIzMDEzMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjFhYmYzZTQ3NjBkM2YxNThmMGYxOTk1Njk3MDFjNjAzYTkyMjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jpIrDYPlE8FqTveRlvb0VEf0WXR
4uMvyHG2l45z5JuYr1NNjuFHdjf8RKjAWhpwOmHEJxIEYK84FRBImCC7DFPvKyRM
E2puWO48ZTIkvjyLCXSYzF5qW4grrfrZP+xS3pEGAYWtKsZpb864efJv57l092Gs
e3knMbQFw4eHpDq32BQDzubK6McLfZvrlPKF+zHngAaFCJ9yxawdEHzQY0HV/eW7
Boct6eFxjL4r2jh63XdTrjBTQIOln1q1yKZyNADgvSrFQWq96rd/YuvO8a03MgRr
oDJNFJGLKfFw8CnzRZrAWfEQf2zWQcrtJw0EPOxYZ2xwUyjgsr42eT6uWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIavz5HYNPxWPDxmVaXAcYDqSJ8MB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvUWhxX1BrZGcwX0ZZOFBHWlZwY0J4Z09wSW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn7jMA0G
CSqGSIb3DQEBCwUAA4IBAQA+kCtuECwQQw9HqQmFA+rO1HxD+ctEp5DhwzRLaH1d
9rtWIBelRPhXD36KW0VPpI7/9oiQ9RakWYDcfC98yuA2MhZQazHs4IPrc9WEOtI4
LaWZDC3kdQtOXa5u3Z0PfHR6mpcNOd2l4+dLSR8igf70TZhHHknkHbbvNV+wNgob
RWAOV2SAQAEL6pd0z9+oL39cdJotC1PXVG69yV/bRiKvs8iStTciFdG064AXYIi2
/8z1CmR7xRh3TjYgak4EfFXHVRUanV4Nd1lHIYYz91BaEc4SO+w6kbELQR0620/c
FhNVbxJSNUxreQK9XA1dX5hHcHC+ApccG3/FsrVb3WCe
-----END CERTIFICATE-----