Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Q05SpEuPdYENagwEruL_Pdmk4Ic.roa
File:                     Q05SpEuPdYENagwEruL_Pdmk4Ic.roa (raw, json)
Hash identifier:          Hn9l324wqCyH2UTp0Wfe2eaJq4PVzviY5zOaDbb78zE=
Subject key identifier:   43:4E:52:A4:4B:8F:75:81:0D:6A:0C:04:AE:E2:FF:3D:D9:A4:E0:87
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0197101DD4A44CAEE09372CE86E180CCB84E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Q05SpEuPdYENagwEruL_Pdmk4Ic.roa
Signing time:             Tue 27 May 2025 05:01:19 +0000
ROA not before:           Tue 27 May 2025 05:01:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201949
IP address blocks:        93.88.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:10:1d:d4:a4:4c:ae:e0:93:72:ce:86:e1:80:cc:b8:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: May 27 05:01:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=434e52a44b8f75810d6a0c04aee2ff3dd9a4e087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f2:8d:bf:2f:22:82:8c:cb:5d:5a:ca:1b:82:
                    df:a3:20:66:3f:5b:7e:81:f2:7a:c8:25:f8:03:f8:
                    ab:49:b2:b2:6b:6d:79:49:1c:fd:5f:24:04:91:62:
                    51:90:ae:7a:ba:2a:ef:7c:69:e9:2e:c9:25:1c:60:
                    5e:b7:91:5e:e7:a3:36:29:0c:16:61:92:33:26:51:
                    6f:e4:ab:43:09:92:f9:a6:3e:ec:d3:75:4e:1e:9d:
                    79:69:6b:02:ec:c3:8b:7b:97:24:fe:03:32:a4:c1:
                    bd:0c:92:3a:ad:17:ea:9f:7c:bc:95:b5:2c:f7:74:
                    46:cc:8b:26:1f:1f:95:c6:b2:0f:f9:e0:f8:34:4f:
                    27:96:62:8e:24:c0:ac:bf:d3:4d:c3:35:4e:d7:36:
                    e2:62:65:fd:4f:95:7b:00:ff:be:3e:e4:19:75:b2:
                    91:24:3f:d8:28:c9:72:7f:a3:ac:f6:e1:2b:e2:6f:
                    43:41:3f:4e:97:7d:b6:1f:1b:e4:d3:7c:26:39:6e:
                    05:10:5f:6a:e1:90:35:b4:d8:4b:1a:78:88:13:fa:
                    7a:de:9d:fc:d9:07:de:f4:01:72:36:01:37:63:ef:
                    ef:64:b9:b3:d2:30:ff:23:c4:93:62:0a:21:fc:e3:
                    59:74:6e:b7:7e:e8:b4:da:24:65:22:e9:06:29:41:
                    97:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:4E:52:A4:4B:8F:75:81:0D:6A:0C:04:AE:E2:FF:3D:D9:A4:E0:87
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Q05SpEuPdYENagwEruL_Pdmk4Ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.88.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:62:a9:51:26:0b:c6:ed:69:8e:8b:ea:8f:62:49:81:48:31:
         11:ea:53:86:a8:df:bd:ee:a2:31:32:9d:1b:02:9d:1c:e8:6e:
         fe:fe:51:3e:73:8a:2f:40:a1:97:16:13:57:7c:d0:99:32:60:
         f8:cc:2c:ac:64:0d:ea:93:a1:1f:9d:a6:71:12:f2:40:53:94:
         14:c8:27:a8:37:9a:86:64:ac:c0:3e:80:54:23:50:e2:3c:be:
         a4:66:21:46:4a:77:52:58:01:35:b2:a4:41:3e:b9:05:15:04:
         a8:8b:16:32:1b:b8:b9:8c:b6:f1:df:e8:e6:42:ee:26:ed:06:
         af:59:80:e1:a4:ed:e9:39:18:5b:61:66:4e:79:7a:57:d1:dd:
         a2:26:56:18:89:09:d1:d8:06:78:f4:cf:f2:4f:6f:6d:9f:80:
         a2:61:3f:ee:42:86:cc:a7:5a:3d:1e:35:2a:8a:f3:ae:3f:dd:
         d6:de:94:03:1e:af:43:b5:ed:bd:3a:37:cd:ff:43:45:94:a6:
         69:20:d7:80:d0:52:3c:1f:96:8e:7b:08:c5:96:a2:35:d4:5c:
         d4:45:d1:b8:ec:f5:a0:7e:02:ba:af:33:0c:56:6b:5d:a0:ac:
         f6:c1:e0:51:06:40:59:22:b5:04:c8:ca:7f:7c:9f:98:d0:d6:
         4a:a7:d4:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcQHdSkTK7gk3LOhuGAzLhOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNTI3MDUwMTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzRlNTJhNDRiOGY3NTgxMGQ2YTBjMDRhZWUyZmYzZGQ5YTRlMDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPKNvy8igozLXVrKG4LfoyBmP1t+
gfJ6yCX4A/irSbKya215SRz9XyQEkWJRkK56uirvfGnpLsklHGBet5Fe56M2KQwW
YZIzJlFv5KtDCZL5pj7s03VOHp15aWsC7MOLe5ck/gMypMG9DJI6rRfqn3y8lbUs
93RGzIsmHx+VxrIP+eD4NE8nlmKOJMCsv9NNwzVO1zbiYmX9T5V7AP++PuQZdbKR
JD/YKMlyf6Os9uEr4m9DQT9Ol322Hxvk03wmOW4FEF9q4ZA1tNhLGniIE/p63p38
2Qfe9AFyNgE3Y+/vZLmz0jD/I8STYgoh/ONZdG63fui02iRlIukGKUGXgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENOUqRLj3WBDWoMBK7i/z3ZpOCHMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUTA1U3BFdVBkWUVOYWd3RXJ1TF9QZG1rNEljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXVjNMA0G
CSqGSIb3DQEBCwUAA4IBAQB6YqlRJgvG7WmOi+qPYkmBSDER6lOGqN+97qIxMp0b
Ap0c6G7+/lE+c4ovQKGXFhNXfNCZMmD4zCysZA3qk6EfnaZxEvJAU5QUyCeoN5qG
ZKzAPoBUI1DiPL6kZiFGSndSWAE1sqRBPrkFFQSoixYyG7i5jLbx3+jmQu4m7Qav
WYDhpO3pORhbYWZOeXpX0d2iJlYYiQnR2AZ49M/yT29tn4CiYT/uQobMp1o9HjUq
ivOuP93W3pQDHq9Dte29OjfN/0NFlKZpINeA0FI8H5aOewjFlqI11FzURdG47PWg
fgK6rzMMVmtdoKz2weBRBkBZIrUEyMp/fJ+Y0NZKp9S7
-----END CERTIFICATE-----