Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/QvYuctjlOUmpEgpvzgB4c1se_Qc.roa
File:                     QvYuctjlOUmpEgpvzgB4c1se_Qc.roa (raw, json)
Hash identifier:          eYNoK8Wy+9Zr1JqWLRbHBLeE5t+d/AXQdx/gVhz5wA0=
Subject key identifier:   42:F6:2E:72:D8:E5:39:49:A9:12:0A:6F:CE:00:78:73:5B:1E:FD:07
Certificate issuer:       /CN=f73cdc6751d7c59073e4b706402d3691af09086f
Certificate serial:       0196E78673610BAA3E48D30D5CD30C11CEC6
Authority key identifier: F7:3C:DC:67:51:D7:C5:90:73:E4:B7:06:40:2D:36:91:AF:09:08:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9zzcZ1HXxZBz5LcGQC02ka8JCG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/QvYuctjlOUmpEgpvzgB4c1se_Qc.roa
Signing time:             Mon 19 May 2025 07:51:10 +0000
ROA not before:           Mon 19 May 2025 07:51:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21348
IP address blocks:        80.95.128.0/20 maxlen: 20
                          80.246.144.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/9zzcZ1HXxZBz5LcGQC02ka8JCG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/9zzcZ1HXxZBz5LcGQC02ka8JCG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9zzcZ1HXxZBz5LcGQC02ka8JCG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 11:44:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e7:86:73:61:0b:aa:3e:48:d3:0d:5c:d3:0c:11:ce:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f73cdc6751d7c59073e4b706402d3691af09086f
        Validity
            Not Before: May 19 07:51:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42f62e72d8e53949a9120a6fce0078735b1efd07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:07:eb:1b:ca:62:90:e9:3e:12:67:34:82:98:
                    9d:98:3c:d9:bf:f3:51:24:ed:a4:2d:15:f7:de:c0:
                    0d:3f:aa:c0:fa:9a:73:1e:6e:63:6d:2c:06:f8:2c:
                    8e:e3:1b:07:ce:ad:f9:45:19:74:6b:fb:2c:66:60:
                    91:3f:ad:dd:ed:7b:7d:b9:6c:63:51:45:29:30:46:
                    4d:3f:70:71:bc:57:68:27:58:32:fc:81:b5:5d:30:
                    5e:b6:16:ba:5e:a9:23:9f:11:57:3f:68:91:e8:d1:
                    3d:0d:d6:a0:6e:45:d9:9c:98:4b:6b:70:f1:0c:6f:
                    ef:2e:41:5b:a7:b1:7a:7e:77:67:67:e1:64:5e:09:
                    fa:76:53:f1:f6:d6:e9:0b:cd:ac:93:84:82:01:47:
                    b8:8f:91:a8:ea:e7:9a:cf:05:f9:e4:bc:49:8d:1b:
                    fa:f8:8e:2a:d1:28:36:38:58:c6:03:67:48:ff:68:
                    df:02:2b:21:61:ca:56:8f:ef:92:f3:12:29:3c:cc:
                    4f:7d:a3:eb:fe:95:78:0a:7c:f7:59:d4:e2:8c:0d:
                    fa:84:39:44:21:cf:88:28:10:9e:5c:52:7d:01:05:
                    aa:df:2e:ec:a1:e3:5a:f2:eb:8b:bf:c7:59:e5:c5:
                    a0:74:d5:93:c7:15:bf:34:a0:ec:8f:f6:5a:dc:69:
                    fa:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:F6:2E:72:D8:E5:39:49:A9:12:0A:6F:CE:00:78:73:5B:1E:FD:07
            X509v3 Authority Key Identifier:
                keyid:F7:3C:DC:67:51:D7:C5:90:73:E4:B7:06:40:2D:36:91:AF:09:08:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zzcZ1HXxZBz5LcGQC02ka8JCG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/QvYuctjlOUmpEgpvzgB4c1se_Qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/9zzcZ1HXxZBz5LcGQC02ka8JCG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.95.128.0/20
                  80.246.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         88:25:cd:19:da:87:1e:ab:1f:4c:32:8c:47:7e:12:2f:b0:f0:
         6c:42:c4:6d:1a:d2:15:67:10:cd:8c:c3:90:1a:a2:b9:ec:75:
         dd:2d:81:bb:25:e6:28:5e:4f:18:cd:99:d2:f3:d3:54:cc:e4:
         fc:a3:6a:55:e2:ab:f7:1f:d1:eb:46:c5:e7:81:67:83:25:fc:
         e1:11:27:9d:de:ed:0c:6e:21:95:4d:6d:04:8a:e5:20:37:23:
         08:20:e8:47:2c:aa:f8:5a:07:b4:a8:94:6c:ed:d7:a4:18:da:
         c2:d3:ab:ee:ce:35:0e:19:74:0d:1c:a9:29:f0:7b:63:e7:33:
         1a:47:58:55:4b:16:48:c6:2d:a0:69:7a:50:94:fc:26:e2:e7:
         49:c4:71:41:13:c8:51:b2:31:96:27:5d:3c:c7:8d:0c:07:f1:
         44:47:fb:3d:cc:95:30:c3:67:d3:75:54:88:b8:10:a1:78:d8:
         87:21:60:db:a8:c6:8c:e9:5a:01:ab:20:af:01:f9:d6:8e:e9:
         a8:a5:d2:61:21:c7:34:b6:c6:de:8f:a3:40:1f:b3:1e:6b:ef:
         2c:bc:bb:0d:c4:0b:0b:89:01:33:6c:4a:07:40:09:b4:88:50:
         7c:69:64:b5:a7:9a:8b:04:fd:e6:93:cf:d5:0b:aa:8e:15:33:
         3e:65:23:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbnhnNhC6o+SNMNXNMMEc7GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3M2NkYzY3NTFkN2M1OTA3M2U0YjcwNjQwMmQzNjkxYWYw
OTA4NmYwHhcNMjUwNTE5MDc1MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmY2MmU3MmQ4ZTUzOTQ5YTkxMjBhNmZjZTAwNzg3MzViMWVmZDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngfrG8pikOk+Emc0gpidmDzZv/NR
JO2kLRX33sANP6rA+ppzHm5jbSwG+CyO4xsHzq35RRl0a/ssZmCRP63d7Xt9uWxj
UUUpMEZNP3BxvFdoJ1gy/IG1XTBetha6XqkjnxFXP2iR6NE9DdagbkXZnJhLa3Dx
DG/vLkFbp7F6fndnZ+FkXgn6dlPx9tbpC82sk4SCAUe4j5Go6ueazwX55LxJjRv6
+I4q0Sg2OFjGA2dI/2jfAishYcpWj++S8xIpPMxPfaPr/pV4Cnz3WdTijA36hDlE
Ic+IKBCeXFJ9AQWq3y7soeNa8uuLv8dZ5cWgdNWTxxW/NKDsj/Za3Gn6PwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEL2LnLY5TlJqRIKb84AeHNbHv0HMB8GA1UdIwQY
MBaAFPc83GdR18WQc+S3BkAtNpGvCQhvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXp6Y1oxSFh4WkJ6NUxjR1FDMDJrYThKQ0c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS84NTUwMDItZDgyMy00MWZlLThmOWEt
NzE4ZmQxOTVjNWViLzEvUXZZdWN0amxPVW1wRWdwdnpnQjRjMXNlX1FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS84NTUwMDItZDgyMy00MWZlLThmOWEtNzE4ZmQxOTVjNWVi
LzEvOXp6Y1oxSFh4WkJ6NUxjR1FDMDJrYThKQ0c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUF+AAwQE
UPaQMA0GCSqGSIb3DQEBCwUAA4IBAQCIJc0Z2oceqx9MMoxHfhIvsPBsQsRtGtIV
ZxDNjMOQGqK57HXdLYG7JeYoXk8YzZnS89NUzOT8o2pV4qv3H9HrRsXngWeDJfzh
ESed3u0MbiGVTW0EiuUgNyMIIOhHLKr4Wge0qJRs7dekGNrC06vuzjUOGXQNHKkp
8Htj5zMaR1hVSxZIxi2gaXpQlPwm4udJxHFBE8hRsjGWJ108x40MB/FER/s9zJUw
w2fTdVSIuBCheNiHIWDbqMaM6VoBqyCvAfnWjumopdJhIcc0tsbej6NAH7Mea+8s
vLsNxAsLiQEzbEoHQAm0iFB8aWS1p5qLBP3mk8/VC6qOFTM+ZSO3
-----END CERTIFICATE-----