Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Qbva1ItCsE91O_rrvfT9aDvDnL4.roa
File:                     Qbva1ItCsE91O_rrvfT9aDvDnL4.roa (raw, json)
Hash identifier:          2znGW91YGH3u6Ai2uRfeAwQwDItRIiyG1Q5yZ2XmCTQ=
Subject key identifier:   41:BB:DA:D4:8B:42:B0:4F:75:3B:FA:EB:BD:F4:FD:68:3B:C3:9C:BE
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0196F650D6A2CF5A48BCE3D0AC58E5C8410B
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Qbva1ItCsE91O_rrvfT9aDvDnL4.roa
Signing time:             Thu 22 May 2025 04:46:54 +0000
ROA not before:           Thu 22 May 2025 04:46:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20115
IP address blocks:        92.71.32.0/20 maxlen: 24
                          92.71.64.0/18 maxlen: 24
                          213.201.240.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 02:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f6:50:d6:a2:cf:5a:48:bc:e3:d0:ac:58:e5:c8:41:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: May 22 04:46:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41bbdad48b42b04f753bfaebbdf4fd683bc39cbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b0:3b:5c:8a:19:6b:49:4d:3a:cd:60:6f:91:
                    2a:7d:9a:6b:37:ac:e3:41:ab:a2:2c:f9:41:69:7b:
                    46:80:8d:78:36:7b:63:cd:77:e4:99:54:2b:f7:a0:
                    ab:bb:c8:f7:ae:45:fc:a5:56:2e:91:eb:5b:35:63:
                    33:f3:ab:66:50:85:4b:0d:13:3f:7f:ef:2b:50:ec:
                    36:f7:38:8e:6d:82:23:97:83:02:64:ab:11:e1:fd:
                    b8:1b:27:bc:69:8d:ee:b2:1a:8a:2c:1a:42:93:1c:
                    5c:81:2a:e4:d5:4a:e2:7b:3e:d2:26:2b:d4:42:05:
                    69:c1:60:de:85:a8:a9:15:e9:99:c4:50:e1:29:25:
                    7b:4d:10:63:fa:49:73:00:12:73:27:79:ee:f1:38:
                    be:a8:18:73:39:9d:20:34:2d:14:e9:cc:46:43:f1:
                    aa:38:6f:c7:b2:ba:02:43:d2:7a:8e:e1:c2:30:81:
                    6f:28:fd:f7:bf:e6:50:e1:06:d2:2d:e9:7c:2c:f9:
                    06:38:25:a9:bb:ea:a1:1a:5c:87:cb:12:13:96:88:
                    c6:81:d2:cb:91:04:80:d1:c5:b7:c3:b1:9d:2d:f1:
                    23:96:60:f5:53:fe:a9:65:a5:91:c6:ae:09:67:03:
                    b3:d7:b1:b7:85:67:69:85:fb:2b:ac:99:96:f6:d7:
                    b1:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:BB:DA:D4:8B:42:B0:4F:75:3B:FA:EB:BD:F4:FD:68:3B:C3:9C:BE
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Qbva1ItCsE91O_rrvfT9aDvDnL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.71.32.0/20
                  92.71.64.0/18
                  213.201.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         e4:b5:e1:1e:c4:e1:fe:1a:ed:39:69:92:cd:a3:8c:7e:9e:f5:
         b2:dc:00:c2:b1:d9:dd:8f:00:9d:15:00:44:40:e3:a4:cf:98:
         19:7b:06:ca:df:98:8b:37:25:d5:d2:f5:f8:b2:bb:77:28:1b:
         7b:80:43:29:38:0c:80:99:48:9c:af:eb:00:59:cd:d3:a5:b9:
         2c:02:97:dd:f6:68:74:21:6b:33:50:38:74:c4:1a:68:92:99:
         2a:ca:88:69:34:ac:d2:78:6c:e0:91:47:dd:cf:cb:54:c4:dc:
         f6:47:e6:48:f8:29:0e:98:87:4c:96:95:10:c5:8f:62:57:d9:
         e4:b6:80:63:68:1e:a3:27:c1:09:a7:e7:02:b4:eb:62:05:d0:
         e0:0b:b0:c9:8d:d9:66:32:57:aa:bd:d4:25:7a:bb:16:ba:6e:
         ce:0c:c2:81:1b:8b:cb:58:4d:7a:b0:51:e6:30:4c:66:75:46:
         81:2c:81:14:31:61:63:27:d1:50:f7:d8:83:92:49:21:10:37:
         94:41:41:19:e9:3e:a6:d5:34:39:c8:5d:05:7e:61:33:dc:f1:
         be:b7:1c:d3:bd:04:dc:fd:44:fe:f4:bd:8e:11:bf:a6:65:59:
         19:c8:c8:37:da:f2:f8:d3:e0:05:eb:ec:4c:1d:13:c1:ab:3c:
         c4:69:d4:b8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZb2UNaiz1pIvOPQrFjlyEELMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwNTIyMDQ0NjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWJiZGFkNDhiNDJiMDRmNzUzYmZhZWJiZGY0ZmQ2ODNiYzM5Y2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrA7XIoZa0lNOs1gb5EqfZprN6zj
QauiLPlBaXtGgI14NntjzXfkmVQr96Cru8j3rkX8pVYuketbNWMz86tmUIVLDRM/
f+8rUOw29ziObYIjl4MCZKsR4f24Gye8aY3ushqKLBpCkxxcgSrk1Uriez7SJivU
QgVpwWDehaipFemZxFDhKSV7TRBj+klzABJzJ3nu8Ti+qBhzOZ0gNC0U6cxGQ/Gq
OG/HsroCQ9J6juHCMIFvKP33v+ZQ4QbSLel8LPkGOCWpu+qhGlyHyxITlojGgdLL
kQSA0cW3w7GdLfEjlmD1U/6pZaWRxq4JZwOz17G3hWdphfsrrJmW9texGwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEG72tSLQrBPdTv66730/Wg7w5y+MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvUWJ2YTFJdENzRTkxT19ycnZmVDlhRHZEbkw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEXEcgAwQG
XEdAAwQE1cnwMA0GCSqGSIb3DQEBCwUAA4IBAQDkteEexOH+Gu05aZLNo4x+nvWy
3ADCsdndjwCdFQBEQOOkz5gZewbK35iLNyXV0vX4srt3KBt7gEMpOAyAmUicr+sA
Wc3TpbksApfd9mh0IWszUDh0xBpokpkqyohpNKzSeGzgkUfdz8tUxNz2R+ZI+CkO
mIdMlpUQxY9iV9nktoBjaB6jJ8EJp+cCtOtiBdDgC7DJjdlmMleqvdQlersWum7O
DMKBG4vLWE16sFHmMExmdUaBLIEUMWFjJ9FQ99iDkkkhEDeUQUEZ6T6m1TQ5yF0F
fmEz3PG+txzTvQTc/UT+9L2OEb+mZVkZyMg32vL40+AF6+xMHRPBqzzEadS4
-----END CERTIFICATE-----