Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/5efa2c-9845-4b07-98d6-38d971c13441/1/Q_OYedJWMY4R6WjcRHhbze4rY30.roa
File:                     Q_OYedJWMY4R6WjcRHhbze4rY30.roa (raw, json)
Hash identifier:          I5gaAF/DaFJrmNnPn+q8QcrAIPjnX3NXACdoAl2BzTs=
Subject key identifier:   43:F3:98:79:D2:56:31:8E:11:E9:68:DC:44:78:5B:CD:EE:2B:63:7D
Certificate issuer:       /CN=f7dea2c15993d6831750aa630e0e680d9eef888a
Certificate serial:       0196ED83497CD2AED1BAC6397673935209D5
Authority key identifier: F7:DE:A2:C1:59:93:D6:83:17:50:AA:63:0E:0E:68:0D:9E:EF:88:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/996iwVmT1oMXUKpjDg5oDZ7viIo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/5efa2c-9845-4b07-98d6-38d971c13441/1/Q_OYedJWMY4R6WjcRHhbze4rY30.roa
Signing time:             Tue 20 May 2025 11:45:26 +0000
ROA not before:           Tue 20 May 2025 11:45:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199222
IP address blocks:        194.0.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/5efa2c-9845-4b07-98d6-38d971c13441/1/996iwVmT1oMXUKpjDg5oDZ7viIo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/5efa2c-9845-4b07-98d6-38d971c13441/1/996iwVmT1oMXUKpjDg5oDZ7viIo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/996iwVmT1oMXUKpjDg5oDZ7viIo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:83:49:7c:d2:ae:d1:ba:c6:39:76:73:93:52:09:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7dea2c15993d6831750aa630e0e680d9eef888a
        Validity
            Not Before: May 20 11:45:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43f39879d256318e11e968dc44785bcdee2b637d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:96:dd:08:ec:42:ee:2f:b3:77:0d:84:41:a9:
                    6b:e2:0b:79:d3:f4:ae:29:8a:be:ab:a9:f9:b8:51:
                    ca:66:a5:d7:67:dd:67:da:2e:d1:df:eb:41:ed:2a:
                    85:96:ad:bc:77:1f:22:7b:0b:ec:be:1b:cd:30:46:
                    c7:32:46:3a:ae:b4:30:a9:b5:99:54:62:ba:a0:08:
                    1f:a9:68:5b:71:11:2f:92:58:a6:00:54:83:2e:f7:
                    f1:35:fe:28:ba:c1:f2:1d:c6:ac:96:f4:cb:34:37:
                    3d:8c:4e:13:95:59:3c:d8:94:55:e1:d1:c4:be:81:
                    56:0f:8f:bb:7a:b4:05:1b:6f:2f:5d:11:ba:5a:32:
                    3b:2f:23:ec:b0:98:b2:0c:7d:dd:24:97:c6:ba:ab:
                    d9:51:1b:c1:6b:ea:f9:c2:e6:9d:48:36:c0:76:5d:
                    08:ea:fe:ca:50:8f:df:0a:ba:3b:30:7e:74:f3:53:
                    9d:c1:47:80:84:c9:27:07:a8:a3:0a:b6:bd:32:65:
                    38:42:62:1b:dd:c4:ed:40:79:26:75:07:2f:39:65:
                    45:69:09:3e:ca:7f:a1:37:b1:f3:89:7c:67:63:6c:
                    17:32:1c:63:cf:30:f9:b4:33:30:74:62:2a:d2:13:
                    84:68:f9:72:a8:d4:7f:ec:1d:d4:bd:30:a4:36:8d:
                    5b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:F3:98:79:D2:56:31:8E:11:E9:68:DC:44:78:5B:CD:EE:2B:63:7D
            X509v3 Authority Key Identifier:
                keyid:F7:DE:A2:C1:59:93:D6:83:17:50:AA:63:0E:0E:68:0D:9E:EF:88:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/996iwVmT1oMXUKpjDg5oDZ7viIo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/5efa2c-9845-4b07-98d6-38d971c13441/1/Q_OYedJWMY4R6WjcRHhbze4rY30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/5efa2c-9845-4b07-98d6-38d971c13441/1/996iwVmT1oMXUKpjDg5oDZ7viIo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:47:82:3e:6c:df:dc:02:06:15:15:cf:a5:32:d7:9a:04:57:
         a7:c8:f4:a4:9b:72:70:d7:ff:9e:4f:ac:ef:08:2c:bc:e2:f4:
         95:42:5d:60:de:e0:6e:61:fc:11:b4:93:c1:43:b0:6a:24:b4:
         3e:9a:6b:be:0e:2d:f3:34:a1:84:bf:1f:52:62:68:6e:a4:2f:
         ee:9e:15:d8:bd:9a:1f:61:4c:d4:21:33:66:8a:f1:ff:88:2d:
         4e:3c:66:e3:c6:27:07:c2:c1:bb:2e:ae:c6:d2:b7:8e:37:83:
         5f:6b:70:8e:45:51:42:78:d9:cf:7f:dd:cf:c3:2f:b0:a7:39:
         d4:21:80:8b:2a:66:0e:c7:39:db:23:f5:4f:ed:fe:77:fc:7f:
         18:ad:7f:e2:90:4e:06:0b:66:d7:4c:3e:ec:9c:a8:a1:69:dd:
         a8:2c:b0:a6:78:df:f8:41:53:41:75:36:9a:38:8f:91:05:55:
         fd:f6:0b:84:1a:23:56:e4:b6:1e:7c:15:11:24:66:e6:3d:29:
         0f:41:48:09:91:0a:f3:c0:e2:b8:92:65:e4:c7:1d:d9:49:b4:
         dc:3a:15:48:25:12:5f:b9:c1:27:d6:82:dd:90:51:46:e2:e8:
         f3:f8:f8:dc:5f:12:eb:18:a1:a1:9d:93:47:17:99:58:0a:56:
         b6:e8:36:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbtg0l80q7RusY5dnOTUgnVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ZGVhMmMxNTk5M2Q2ODMxNzUwYWE2MzBlMGU2ODBkOWVl
Zjg4OGEwHhcNMjUwNTIwMTE0NTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2YzOTg3OWQyNTYzMThlMTFlOTY4ZGM0NDc4NWJjZGVlMmI2MzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJbdCOxC7i+zdw2EQalr4gt50/Su
KYq+q6n5uFHKZqXXZ91n2i7R3+tB7SqFlq28dx8iewvsvhvNMEbHMkY6rrQwqbWZ
VGK6oAgfqWhbcREvklimAFSDLvfxNf4ousHyHcaslvTLNDc9jE4TlVk82JRV4dHE
voFWD4+7erQFG28vXRG6WjI7LyPssJiyDH3dJJfGuqvZURvBa+r5wuadSDbAdl0I
6v7KUI/fCro7MH5081OdwUeAhMknB6ijCra9MmU4QmIb3cTtQHkmdQcvOWVFaQk+
yn+hN7HziXxnY2wXMhxjzzD5tDMwdGIq0hOEaPlyqNR/7B3UvTCkNo1bMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPzmHnSVjGOEelo3ER4W83uK2N9MB8GA1UdIwQY
MBaAFPfeosFZk9aDF1CqYw4OaA2e74iKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTk2aXdWbVQxb01YVUtwakRnNW9EWjd2aUlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC81ZWZhMmMtOTg0NS00YjA3LTk4ZDYt
MzhkOTcxYzEzNDQxLzEvUV9PWWVkSldNWTRSNldqY1JIaGJ6ZTRyWTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC81ZWZhMmMtOTg0NS00YjA3LTk4ZDYtMzhkOTcxYzEzNDQx
LzEvOTk2aXdWbVQxb01YVUtwakRnNW9EWjd2aUlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgA+MA0G
CSqGSIb3DQEBCwUAA4IBAQBoR4I+bN/cAgYVFc+lMteaBFenyPSkm3Jw1/+eT6zv
CCy84vSVQl1g3uBuYfwRtJPBQ7BqJLQ+mmu+Di3zNKGEvx9SYmhupC/unhXYvZof
YUzUITNmivH/iC1OPGbjxicHwsG7Lq7G0reON4Nfa3CORVFCeNnPf93Pwy+wpznU
IYCLKmYOxznbI/VP7f53/H8YrX/ikE4GC2bXTD7snKihad2oLLCmeN/4QVNBdTaa
OI+RBVX99guEGiNW5LYefBURJGbmPSkPQUgJkQrzwOK4kmXkxx3ZSbTcOhVIJRJf
ucEn1oLdkFFG4ujz+PjcXxLrGKGhnZNHF5lYCla26DaK
-----END CERTIFICATE-----