Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/qkm-dGrO1KB7zPSYZkfbAOZu2Jk.roa
File:                     qkm-dGrO1KB7zPSYZkfbAOZu2Jk.roa (raw, json)
Hash identifier:          4nzLJ3+1Nxzwd/rO/ckXGrhnSOi7MDSoWC6fmMd5N2o=
Subject key identifier:   AA:49:BE:74:6A:CE:D4:A0:7B:CC:F4:98:66:47:DB:00:E6:6E:D8:99
Certificate issuer:       /CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
Certificate serial:       0198F748226C9B2BF1FEC4B1AFA7D5AD6760
Authority key identifier: 4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/qkm-dGrO1KB7zPSYZkfbAOZu2Jk.roa
Signing time:             Fri 29 Aug 2025 19:22:36 +0000
ROA not before:           Fri 29 Aug 2025 19:22:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6205
IP address blocks:        185.174.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 10:02:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f7:48:22:6c:9b:2b:f1:fe:c4:b1:af:a7:d5:ad:67:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
        Validity
            Not Before: Aug 29 19:22:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa49be746aced4a07bccf4986647db00e66ed899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d4:04:76:46:26:6f:6e:cc:bf:93:67:6f:89:
                    04:fb:fb:e3:3d:1d:ee:da:1a:57:61:b1:bc:ae:99:
                    e8:65:b5:40:89:3f:cc:b1:34:e8:1f:cb:dd:bb:6c:
                    ff:5d:bd:d6:55:a7:55:cf:78:c4:7d:d5:53:c8:cc:
                    ce:fe:e1:60:56:42:bc:66:f0:f9:e5:01:68:9c:2c:
                    f3:0a:7f:8d:2e:3f:0c:5d:f9:a7:b8:38:32:52:da:
                    24:31:4b:57:1d:c0:86:86:aa:c2:cd:5e:6a:2d:2c:
                    45:7b:96:dd:75:0e:7f:e1:8c:60:a9:c5:cf:fe:71:
                    7a:21:cf:a5:72:60:67:c3:b3:49:90:34:95:ca:a7:
                    76:0e:df:e9:dd:31:30:92:0f:2e:72:3b:53:34:0b:
                    5e:4a:8f:f7:a6:47:dd:0a:6a:db:cb:fe:32:da:f1:
                    89:f7:9d:e5:86:e7:27:bf:be:03:47:93:a5:ee:06:
                    2b:d6:03:94:b0:82:3e:9a:f2:57:0c:b9:8d:72:b0:
                    03:c7:19:e0:d5:99:73:bb:21:fd:fa:64:c4:b2:3b:
                    5e:f9:4a:70:dc:44:16:09:d1:f2:65:00:1a:ad:d7:
                    b9:d1:0c:4e:2d:55:4e:d1:7d:db:84:e9:17:85:5b:
                    c9:05:42:fb:df:91:ba:f8:08:e7:b2:c5:5b:ed:82:
                    51:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:49:BE:74:6A:CE:D4:A0:7B:CC:F4:98:66:47:DB:00:E6:6E:D8:99
            X509v3 Authority Key Identifier:
                keyid:4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/qkm-dGrO1KB7zPSYZkfbAOZu2Jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.174.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:33:d5:c5:64:5e:e4:73:f4:4d:cf:05:e6:c7:44:60:f7:95:
         66:cc:0f:95:07:b6:36:80:fa:cf:aa:b2:1e:9e:9d:ab:20:7e:
         a6:b4:4e:4c:85:82:95:ff:a1:c4:07:23:99:75:63:b3:a4:ec:
         1d:bf:ed:a3:48:c2:c3:51:70:a6:fe:d3:64:cf:4c:3b:e3:f7:
         d3:17:49:cb:86:49:94:40:dd:60:8c:c2:9e:73:eb:2e:34:7f:
         b2:de:ce:f4:ae:ba:57:a7:58:1a:db:e3:af:0e:e3:a3:53:6c:
         d2:ba:cf:96:fc:39:d0:91:89:1a:ca:bf:b6:9c:ab:11:73:bf:
         5c:d6:ff:75:eb:ca:1f:fe:3f:c2:dc:16:f5:18:20:6d:02:96:
         e6:a7:8f:a9:b3:ae:5b:4e:5f:1b:7e:90:82:e2:3a:ab:4a:d0:
         47:37:e4:43:3b:f3:41:be:64:78:5b:70:85:fc:82:bd:44:22:
         e2:3e:05:c2:53:26:39:52:cc:a6:e0:7a:b4:f9:72:4d:24:2c:
         8b:15:b9:5d:be:28:58:25:df:5b:55:22:44:b6:7c:ff:77:e6:
         d6:46:3b:05:23:0c:c3:d9:23:1e:f0:b5:5c:31:dd:99:0c:f8:
         80:f5:8a:7d:ed:9d:d4:17:c5:9e:3d:b8:68:1d:7e:31:70:b0:
         f7:ee:18:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj3SCJsmyvx/sSxr6fVrWdgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTg0ZDI0N2NlMzdjZGNjZjA2ZTE1NzFkMjI2YTJiODU2
NzdiY2QwHhcNMjUwODI5MTkyMjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTQ5YmU3NDZhY2VkNGEwN2JjY2Y0OTg2NjQ3ZGIwMGU2NmVkODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdQEdkYmb27Mv5Nnb4kE+/vjPR3u
2hpXYbG8rpnoZbVAiT/MsTToH8vdu2z/Xb3WVadVz3jEfdVTyMzO/uFgVkK8ZvD5
5QFonCzzCn+NLj8MXfmnuDgyUtokMUtXHcCGhqrCzV5qLSxFe5bddQ5/4YxgqcXP
/nF6Ic+lcmBnw7NJkDSVyqd2Dt/p3TEwkg8ucjtTNAteSo/3pkfdCmrby/4y2vGJ
953lhucnv74DR5Ol7gYr1gOUsII+mvJXDLmNcrADxxng1ZlzuyH9+mTEsjte+Upw
3EQWCdHyZQAarde50QxOLVVO0X3bhOkXhVvJBUL735G6+AjnssVb7YJRPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpJvnRqztSge8z0mGZH2wDmbtiZMB8GA1UdIwQY
MBaAFE2oTSR843zczwbhVx0iaiuFZ3vNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGIt
NTU1OGE4YjUzZTNkLzEvcWttLWRHck8xS0I3elBTWVprZmJBT1p1MkprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGItNTU1OGE4YjUzZTNk
LzEvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAua5FMA0G
CSqGSIb3DQEBCwUAA4IBAQCdM9XFZF7kc/RNzwXmx0Rg95VmzA+VB7Y2gPrPqrIe
np2rIH6mtE5MhYKV/6HEByOZdWOzpOwdv+2jSMLDUXCm/tNkz0w74/fTF0nLhkmU
QN1gjMKec+suNH+y3s70rrpXp1ga2+OvDuOjU2zSus+W/DnQkYkayr+2nKsRc79c
1v9168of/j/C3Bb1GCBtApbmp4+ps65bTl8bfpCC4jqrStBHN+RDO/NBvmR4W3CF
/IK9RCLiPgXCUyY5Usym4Hq0+XJNJCyLFbldvihYJd9bVSJEtnz/d+bWRjsFIwzD
2SMe8LVcMd2ZDPiA9Yp97Z3UF8WePbhoHX4xcLD37hhX
-----END CERTIFICATE-----