Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/qBN5XbPh8yl_8VyYB3Apy2Ljt1U.roa
File:                     qBN5XbPh8yl_8VyYB3Apy2Ljt1U.roa (raw, json)
Hash identifier:          oI3mLf6Q+lElKzzbck7YB+dApjShyguGp+jMz5gs1SQ=
Subject key identifier:   A8:13:79:5D:B3:E1:F3:29:7F:F1:5C:98:07:70:29:CB:62:E3:B7:55
Certificate issuer:       /CN=5f1f213b8c792b7e013fa5041f5b89971e6f62d6
Certificate serial:       01982F07EEB2602BE4E862DE32C096204EAF
Authority key identifier: 5F:1F:21:3B:8C:79:2B:7E:01:3F:A5:04:1F:5B:89:97:1E:6F:62:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/qBN5XbPh8yl_8VyYB3Apy2Ljt1U.roa
Signing time:             Mon 21 Jul 2025 22:08:25 +0000
ROA not before:           Mon 21 Jul 2025 22:08:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        193.8.236.0/23 maxlen: 23
                          193.8.236.0/24 maxlen: 24
                          193.8.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 Aug 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2f:07:ee:b2:60:2b:e4:e8:62:de:32:c0:96:20:4e:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f1f213b8c792b7e013fa5041f5b89971e6f62d6
        Validity
            Not Before: Jul 21 22:08:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a813795db3e1f3297ff15c98077029cb62e3b755
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:bd:8f:63:5c:ae:45:7e:53:9b:55:e0:ba:11:
                    7c:06:e3:56:03:c8:f1:e7:d1:ff:1b:ea:a5:d6:ae:
                    11:00:c7:fa:aa:98:4f:3e:bf:fb:d4:26:55:09:9e:
                    d5:cb:e9:8c:ae:41:f4:d4:4c:f3:8d:0b:13:0e:23:
                    34:6c:ce:e5:f6:9f:44:5a:e0:97:87:cb:f4:27:96:
                    32:66:33:32:89:b2:fe:82:fa:20:44:1d:20:c5:a5:
                    5f:1c:1d:26:04:66:77:d4:df:17:d6:8a:1a:12:27:
                    32:a6:03:a8:36:24:61:a8:d1:73:fa:5d:64:e5:66:
                    e0:3d:3e:2f:59:17:b5:da:bc:44:b3:97:36:06:d1:
                    bb:a7:fc:b2:19:22:4a:ca:9e:69:b6:71:8b:f3:b5:
                    5e:01:2c:46:c5:f0:26:e4:5c:ff:b4:be:0e:67:05:
                    82:19:00:bb:c8:7b:1f:da:22:55:83:bb:26:df:82:
                    cc:7e:ce:d4:9d:7d:29:6f:09:e3:b1:75:85:74:56:
                    a6:6d:29:c5:ad:0f:f4:e6:eb:79:67:e9:41:2e:18:
                    55:40:03:61:05:1e:5f:1c:b1:4e:a2:49:d2:13:f0:
                    59:c2:57:8d:34:c2:29:82:e7:08:ef:ef:e1:3d:ee:
                    46:78:a7:de:29:70:be:3f:f2:15:65:82:2b:6a:77:
                    72:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:13:79:5D:B3:E1:F3:29:7F:F1:5C:98:07:70:29:CB:62:E3:B7:55
            X509v3 Authority Key Identifier:
                keyid:5F:1F:21:3B:8C:79:2B:7E:01:3F:A5:04:1F:5B:89:97:1E:6F:62:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/qBN5XbPh8yl_8VyYB3Apy2Ljt1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:e6:c6:ca:a0:a6:90:59:0d:e1:98:60:75:9b:6f:6b:13:cb:
         16:69:95:89:23:58:37:1e:da:18:de:f3:29:ec:33:73:57:8c:
         97:c9:39:1a:3c:ab:24:6f:af:d3:d9:4d:5c:9d:db:f6:02:8d:
         16:8b:a4:53:e0:30:da:e1:93:8d:ae:58:3c:5d:09:c6:eb:8c:
         46:6c:5a:5d:6b:ee:e3:d4:4e:9d:b7:c3:23:c2:91:38:2b:d0:
         aa:dd:70:a9:e4:2d:27:b7:9e:91:cb:80:9e:8a:64:22:cc:e6:
         c8:ba:36:73:97:61:1d:57:4f:17:4e:f2:45:a1:41:01:5e:21:
         47:77:c8:92:90:2c:9b:ac:a8:be:f7:b2:54:12:05:2e:26:c0:
         e3:9a:75:4f:a8:92:bf:eb:81:a3:4a:70:06:8d:ba:93:cc:62:
         98:f6:7c:54:94:37:9d:48:54:51:01:69:f5:c1:04:6f:c9:4f:
         93:f0:0a:6a:a1:2c:64:6c:4b:19:11:04:e0:7b:2e:89:6e:cc:
         0d:72:d4:d9:36:ff:23:93:49:6c:e7:7f:bf:94:41:44:40:c0:
         ea:be:85:29:82:28:d8:cb:fb:34:4f:0a:0b:e5:5c:ac:fd:9e:
         40:39:ed:d8:f7:18:46:83:c3:18:78:13:b6:45:c8:6d:bb:45:
         3a:d2:91:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgvB+6yYCvk6GLeMsCWIE6vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMWYyMTNiOGM3OTJiN2UwMTNmYTUwNDFmNWI4OTk3MWU2
ZjYyZDYwHhcNMjUwNzIxMjIwODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODEzNzk1ZGIzZTFmMzI5N2ZmMTVjOTgwNzcwMjljYjYyZTNiNzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAor2PY1yuRX5Tm1XguhF8BuNWA8jx
59H/G+ql1q4RAMf6qphPPr/71CZVCZ7Vy+mMrkH01EzzjQsTDiM0bM7l9p9EWuCX
h8v0J5YyZjMyibL+gvogRB0gxaVfHB0mBGZ31N8X1ooaEicypgOoNiRhqNFz+l1k
5WbgPT4vWRe12rxEs5c2BtG7p/yyGSJKyp5ptnGL87VeASxGxfAm5Fz/tL4OZwWC
GQC7yHsf2iJVg7sm34LMfs7UnX0pbwnjsXWFdFambSnFrQ/05ut5Z+lBLhhVQANh
BR5fHLFOoknSE/BZwleNNMIpgucI7+/hPe5GeKfeKXC+P/IVZYIrandyLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKgTeV2z4fMpf/FcmAdwKcti47dVMB8GA1UdIwQY
MBaAFF8fITuMeSt+AT+lBB9biZceb2LWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHg4aE80eDVLMzRCUDZVRUgxdUpseDV2WXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zMmY4ZDMtNzMyOC00NWYwLWEwMDct
NDAyMjM4NjM4ZWEzLzEvcUJONVhiUGg4eWxfOFZ5WUIzQXB5MkxqdDFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zMmY4ZDMtNzMyOC00NWYwLWEwMDctNDAyMjM4NjM4ZWEz
LzEvWHg4aE80eDVLMzRCUDZVRUgxdUpseDV2WXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwQjsMA0G
CSqGSIb3DQEBCwUAA4IBAQAr5sbKoKaQWQ3hmGB1m29rE8sWaZWJI1g3HtoY3vMp
7DNzV4yXyTkaPKskb6/T2U1cndv2Ao0Wi6RT4DDa4ZONrlg8XQnG64xGbFpda+7j
1E6dt8MjwpE4K9Cq3XCp5C0nt56Ry4CeimQizObIujZzl2EdV08XTvJFoUEBXiFH
d8iSkCybrKi+97JUEgUuJsDjmnVPqJK/64GjSnAGjbqTzGKY9nxUlDedSFRRAWn1
wQRvyU+T8ApqoSxkbEsZEQTgey6JbswNctTZNv8jk0ls53+/lEFEQMDqvoUpgijY
y/s0TwoL5Vys/Z5AOe3Y9xhGg8MYeBO2Rchtu0U60pFz
-----END CERTIFICATE-----