Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/quelKPvHw6YOrp230FtFbOSf3r0.roa
File:                     quelKPvHw6YOrp230FtFbOSf3r0.roa (raw, json)
Hash identifier:          EFvTVqY85iMEdIVovCNIjlDZ2aZhIVX5OI8oVISPx4s=
Subject key identifier:   AA:E7:A5:28:FB:C7:C3:A6:0E:AE:9D:B7:D0:5B:45:6C:E4:9F:DE:BD
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019933F22F3078D9D4BEAE7D7E72673EA6D3
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/quelKPvHw6YOrp230FtFbOSf3r0.roa
Signing time:             Wed 10 Sep 2025 14:05:33 +0000
ROA not before:           Wed 10 Sep 2025 14:05:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213035
IP address blocks:        206.245.152.0/22 maxlen: 22
                          212.192.218.0/24 maxlen: 24
                          212.192.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Sep 2025 02:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:33:f2:2f:30:78:d9:d4:be:ae:7d:7e:72:67:3e:a6:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Sep 10 14:05:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aae7a528fbc7c3a60eae9db7d05b456ce49fdebd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d0:f0:eb:94:ff:53:29:29:d9:18:08:3a:dd:
                    fa:a7:f6:65:33:e2:73:37:43:18:ea:6d:83:7f:a1:
                    27:b6:35:51:1c:19:d8:4a:95:1a:a1:14:a9:6a:34:
                    af:9f:c8:f8:b3:34:fa:06:f6:63:25:a9:4d:71:a6:
                    37:0a:30:65:e8:73:6d:bc:95:9a:f5:f3:09:cc:0b:
                    b9:a3:5a:9a:70:ea:83:ae:0d:b2:44:98:a8:07:3a:
                    40:24:8d:0a:f3:b3:59:4a:77:80:af:10:29:eb:ec:
                    9d:f7:86:ac:c3:f8:7d:a8:11:0c:aa:f6:0c:4c:5a:
                    e6:84:e2:29:2e:0a:13:e1:9a:2f:6f:ef:52:bd:23:
                    dc:5a:0c:c2:b0:6f:96:60:7c:26:25:c8:d5:b3:f5:
                    aa:42:dc:b3:e6:7e:3b:c6:fd:16:d9:51:06:f3:4e:
                    50:bd:8e:df:84:7c:6d:80:3b:1a:14:d9:90:53:81:
                    de:5a:65:d8:50:3b:12:31:40:57:ad:0c:4e:00:c0:
                    b4:a9:0f:81:a6:b7:f6:60:89:65:a9:ed:13:a0:d2:
                    7c:cf:3c:91:d2:e0:db:f3:0d:88:b2:17:2b:09:ba:
                    61:ef:83:1c:27:09:39:20:7a:8a:b4:89:c5:c9:55:
                    0a:38:1d:73:a5:30:2e:37:ab:2b:69:0a:eb:2c:c2:
                    69:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:E7:A5:28:FB:C7:C3:A6:0E:AE:9D:B7:D0:5B:45:6C:E4:9F:DE:BD
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/quelKPvHw6YOrp230FtFbOSf3r0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.245.152.0/22
                  212.192.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:49:71:7d:1f:9b:e5:2c:02:32:ee:8e:33:4f:e2:13:63:8f:
         ee:15:8f:3e:fb:12:04:a2:0f:f9:0e:b9:44:87:80:7d:85:52:
         16:53:0c:a6:7d:6f:df:8a:e2:eb:25:5a:64:b8:10:03:d5:bf:
         a0:4d:1b:66:00:8b:53:8c:d1:2b:13:c9:b0:94:ed:eb:80:94:
         f6:06:f1:c2:52:a2:c6:b1:a8:08:68:f1:31:49:40:2c:b8:8f:
         a8:3f:d9:46:93:2c:53:49:21:53:4e:73:d5:e2:2f:41:85:83:
         86:06:b3:38:1e:bc:86:4e:03:75:28:c2:36:82:c4:f6:0b:e0:
         02:68:9b:cc:8b:14:33:4f:4b:98:ee:4b:f6:85:85:91:8b:5e:
         8a:2e:1d:21:52:19:d9:37:9b:8b:e7:57:4d:a1:1f:e8:17:ab:
         46:d8:bd:bd:48:82:15:47:c6:ee:93:00:ca:78:a6:b5:fe:93:
         8d:9a:11:d8:80:43:e0:f2:94:82:d1:5c:d6:98:e0:cf:4b:4e:
         28:3c:4c:f5:8a:10:ec:e6:c2:d9:18:b4:61:51:30:7f:86:ab:
         b8:02:3f:84:f0:4a:27:b8:06:81:ff:da:7b:15:f9:f1:f4:be:
         52:d3:e5:7b:85:9c:7c:b1:13:d5:15:27:87:6d:48:03:0c:9f:
         94:a8:c5:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkz8i8weNnUvq59fnJnPqbTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwOTEwMTQwNTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWU3YTUyOGZiYzdjM2E2MGVhZTlkYjdkMDViNDU2Y2U0OWZkZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdDw65T/Uykp2RgIOt36p/ZlM+Jz
N0MY6m2Df6EntjVRHBnYSpUaoRSpajSvn8j4szT6BvZjJalNcaY3CjBl6HNtvJWa
9fMJzAu5o1qacOqDrg2yRJioBzpAJI0K87NZSneArxAp6+yd94asw/h9qBEMqvYM
TFrmhOIpLgoT4Zovb+9SvSPcWgzCsG+WYHwmJcjVs/WqQtyz5n47xv0W2VEG805Q
vY7fhHxtgDsaFNmQU4HeWmXYUDsSMUBXrQxOAMC0qQ+Bprf2YIllqe0ToNJ8zzyR
0uDb8w2IshcrCbph74McJwk5IHqKtInFyVUKOB1zpTAuN6sraQrrLMJpTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKrnpSj7x8OmDq6dt9BbRWzkn969MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvcXVlbEtQdkh3NllPcnAyMzBGdEZiT1NmM3IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCzvWYAwQB
1MDaMA0GCSqGSIb3DQEBCwUAA4IBAQBKSXF9H5vlLAIy7o4zT+ITY4/uFY8++xIE
og/5DrlEh4B9hVIWUwymfW/fiuLrJVpkuBAD1b+gTRtmAItTjNErE8mwlO3rgJT2
BvHCUqLGsagIaPExSUAsuI+oP9lGkyxTSSFTTnPV4i9BhYOGBrM4HryGTgN1KMI2
gsT2C+ACaJvMixQzT0uY7kv2hYWRi16KLh0hUhnZN5uL51dNoR/oF6tG2L29SIIV
R8bukwDKeKa1/pONmhHYgEPg8pSC0VzWmODPS04oPEz1ihDs5sLZGLRhUTB/hqu4
Aj+E8EonuAaB/9p7Ffnx9L5S0+V7hZx8sRPVFSeHbUgDDJ+UqMXX
-----END CERTIFICATE-----