Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/QMgP50QUErIVfe6bHrHbEcBqS0o.roa
File:                     QMgP50QUErIVfe6bHrHbEcBqS0o.roa (raw, json)
Hash identifier:          SzUA4iffOvayoUI6Lybdi08Ue69lvJ7eeJxQaa9p+NY=
Subject key identifier:   40:C8:0F:E7:44:14:12:B2:15:7D:EE:9B:1E:B1:DB:11:C0:6A:4B:4A
Certificate issuer:       /CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
Certificate serial:       0195AA02E04A7F028DC719F269858C09CCFD
Authority key identifier: 27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/QMgP50QUErIVfe6bHrHbEcBqS0o.roa
Signing time:             Tue 18 Mar 2025 16:07:49 +0000
ROA not before:           Tue 18 Mar 2025 16:07:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393942
IP address blocks:        91.102.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:aa:02:e0:4a:7f:02:8d:c7:19:f2:69:85:8c:09:cc:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
        Validity
            Not Before: Mar 18 16:07:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40c80fe7441412b2157dee9b1eb1db11c06a4b4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a6:0d:d3:89:a5:53:94:91:d5:1a:41:fc:3c:
                    f9:83:00:9d:d3:93:92:18:7f:1e:3a:9a:34:7e:9a:
                    a8:0a:d8:d1:dc:28:a7:48:ca:cb:f4:ac:67:4f:8b:
                    d0:cd:a1:f2:13:cf:00:51:de:95:79:1e:7e:4b:ae:
                    a6:2b:5d:9d:7f:73:2c:26:31:e0:9b:df:50:a4:2f:
                    ec:e5:be:e4:80:53:99:b9:c9:2e:15:94:a8:99:e4:
                    b5:ed:82:11:38:3c:0c:21:19:3f:1a:4d:a6:07:d7:
                    7e:2b:c2:ad:92:75:d4:e0:94:48:b3:61:cf:20:02:
                    1d:ec:b0:1e:c3:54:5a:5b:ff:7d:fc:af:4c:c1:54:
                    b6:b3:ae:7b:5d:ed:a8:79:5d:76:52:d4:75:28:cb:
                    56:4b:75:e8:e0:01:50:72:a9:71:f5:ff:57:57:0c:
                    c3:cc:bf:16:e6:9c:2a:d3:b7:b3:64:e6:08:0a:24:
                    9f:c1:ea:80:81:0f:3a:4d:85:5c:89:ee:fc:5f:90:
                    fa:d5:6d:c5:33:78:b1:93:39:26:30:d3:2b:01:4b:
                    2a:88:68:64:08:2f:1d:a2:6f:7b:2e:e0:7f:cd:22:
                    33:c6:82:e2:6f:12:9a:ed:62:9d:d1:72:d1:d1:f4:
                    02:2c:da:17:93:7e:31:ab:03:86:f0:93:74:20:40:
                    f0:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:C8:0F:E7:44:14:12:B2:15:7D:EE:9B:1E:B1:DB:11:C0:6A:4B:4A
            X509v3 Authority Key Identifier:
                keyid:27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/QMgP50QUErIVfe6bHrHbEcBqS0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:0c:14:f6:85:17:3e:2b:52:88:0d:8c:16:a7:96:ff:65:be:
         8a:03:1e:14:ed:55:7a:e6:fe:fe:32:82:c0:e6:c8:8e:c3:fe:
         70:45:d0:b6:9b:ca:88:3e:ba:09:08:46:5b:db:de:52:9a:59:
         a0:be:9e:07:bf:19:df:11:a9:85:8c:d7:d3:e2:5b:55:66:06:
         e2:93:8f:5a:56:36:8c:55:1e:0c:05:7a:4e:ab:2a:fe:82:a8:
         32:23:8c:99:9d:55:e1:be:07:7c:2f:f6:59:5e:45:32:e6:38:
         cf:34:ac:cf:10:49:30:88:8d:85:ca:a0:0e:ce:ba:8b:42:bb:
         3b:66:97:52:76:03:96:62:8e:17:57:e4:a3:a2:5f:31:48:c7:
         58:ea:de:c2:5d:f9:03:0c:e3:ea:cf:12:58:c4:c7:1d:14:75:
         9e:ef:73:53:e7:fb:a0:25:a3:f2:e6:fa:fc:dd:7e:86:c8:41:
         bf:f3:a3:8e:b3:86:a8:b2:cb:d8:a2:68:3e:18:63:f3:93:d1:
         7d:ba:d4:fc:be:c2:71:91:37:d5:68:ec:5b:58:a6:ad:5a:81:
         10:3f:73:64:2f:65:cf:07:91:fb:2a:aa:9e:89:c4:02:52:57:
         44:cd:eb:25:3a:f6:85:f9:4e:43:49:4a:2e:9b:44:8e:b8:66:
         b5:ea:0e:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWqAuBKfwKNxxnyaYWMCcz9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzhiNDI3YzMxMzU5OGE5MmU4ZDhlYzYwZTI5NTBkYTM5
ZmMyYzkwHhcNMjUwMzE4MTYwNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGM4MGZlNzQ0MTQxMmIyMTU3ZGVlOWIxZWIxZGIxMWMwNmE0YjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKYN04mlU5SR1RpB/Dz5gwCd05OS
GH8eOpo0fpqoCtjR3CinSMrL9KxnT4vQzaHyE88AUd6VeR5+S66mK12df3MsJjHg
m99QpC/s5b7kgFOZuckuFZSomeS17YIRODwMIRk/Gk2mB9d+K8KtknXU4JRIs2HP
IAId7LAew1RaW/99/K9MwVS2s657Xe2oeV12UtR1KMtWS3Xo4AFQcqlx9f9XVwzD
zL8W5pwq07ezZOYICiSfweqAgQ86TYVcie78X5D61W3FM3ixkzkmMNMrAUsqiGhk
CC8dom97LuB/zSIzxoLibxKa7WKd0XLR0fQCLNoXk34xqwOG8JN0IEDwwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDID+dEFBKyFX3umx6x2xHAaktKMB8GA1UdIwQY
MBaAFCfItCfDE1mKkujY7GDilQ2jn8LJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzct
MWM2ZWU0NGUxMWFkLzEvUU1nUDUwUVVFcklWZmU2YkhySGJFY0JxUzBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzctMWM2ZWU0NGUxMWFk
LzEvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2amMA0G
CSqGSIb3DQEBCwUAA4IBAQACDBT2hRc+K1KIDYwWp5b/Zb6KAx4U7VV65v7+MoLA
5siOw/5wRdC2m8qIProJCEZb295Smlmgvp4HvxnfEamFjNfT4ltVZgbik49aVjaM
VR4MBXpOqyr+gqgyI4yZnVXhvgd8L/ZZXkUy5jjPNKzPEEkwiI2FyqAOzrqLQrs7
ZpdSdgOWYo4XV+Sjol8xSMdY6t7CXfkDDOPqzxJYxMcdFHWe73NT5/ugJaPy5vr8
3X6GyEG/86OOs4aossvYomg+GGPzk9F9utT8vsJxkTfVaOxbWKatWoEQP3NkL2XP
B5H7KqqeicQCUldEzeslOvaF+U5DSUoum0SOuGa16g6K
-----END CERTIFICATE-----