Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/QdfhpKIKlcTR38yzLxH9RRvBSR4.roa
File:                     QdfhpKIKlcTR38yzLxH9RRvBSR4.roa (raw, json)
Hash identifier:          mSy2XkhCALt/lyVqBnl0n7Yn6bh+lGsEurO+w0zuUdA=
Subject key identifier:   41:D7:E1:A4:A2:0A:95:C4:D1:DF:CC:B3:2F:11:FD:45:1B:C1:49:1E
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       01987E95E3C72F48AB4BA9C482CDBFCDB56C
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/QdfhpKIKlcTR38yzLxH9RRvBSR4.roa
Signing time:             Wed 06 Aug 2025 08:53:29 +0000
ROA not before:           Wed 06 Aug 2025 08:53:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        147.161.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 23:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7e:95:e3:c7:2f:48:ab:4b:a9:c4:82:cd:bf:cd:b5:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: Aug  6 08:53:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41d7e1a4a20a95c4d1dfccb32f11fd451bc1491e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:7b:00:91:3c:be:ee:7d:8b:58:be:f4:52:14:
                    83:07:4b:ac:3f:d5:76:5b:f6:03:c9:46:86:a4:ee:
                    07:cf:b1:04:70:c8:1e:2a:1d:c7:8a:75:e3:f7:5e:
                    94:80:ba:38:d6:ea:86:85:8c:36:a5:b0:c4:3a:ac:
                    cc:bc:d4:09:34:4f:c4:c3:de:98:6e:02:f7:48:b8:
                    cd:b5:83:bf:51:c9:f3:74:de:b2:6b:9b:3b:16:40:
                    45:fa:e4:04:ac:f3:5f:19:45:e2:3f:e7:d1:4e:4a:
                    96:23:8a:0b:0d:c5:e6:6e:3a:3f:78:08:49:42:0e:
                    6d:6a:7e:27:a0:86:cd:99:ea:fa:ca:8b:45:09:b7:
                    af:59:a5:92:54:eb:e8:78:ee:1b:fd:dd:33:9d:39:
                    37:b1:58:b0:d4:09:43:fc:1f:d2:2b:d8:83:98:8e:
                    d9:f7:b6:2e:22:4f:24:2e:74:fe:95:55:e6:cb:17:
                    85:f4:ce:a1:ef:2e:57:17:df:31:85:96:82:9c:3f:
                    0d:db:d7:67:11:0d:65:f7:b2:b5:90:05:9c:ac:d4:
                    f9:1a:31:e9:82:3c:3d:65:74:a2:e4:1f:f8:a9:d9:
                    da:53:55:48:88:95:45:5e:88:c5:35:82:68:e5:77:
                    a9:b8:da:9d:72:69:81:e3:da:43:0e:f5:f3:af:3e:
                    3b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:D7:E1:A4:A2:0A:95:C4:D1:DF:CC:B3:2F:11:FD:45:1B:C1:49:1E
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/QdfhpKIKlcTR38yzLxH9RRvBSR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.161.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:4b:51:d9:cf:c1:8f:6d:20:09:bf:60:4e:1e:b2:83:b7:7b:
         f9:d8:f3:35:78:3e:90:71:ad:b8:70:df:6d:3f:cd:99:1a:b6:
         55:f7:24:15:a6:70:27:77:45:73:0d:80:3e:f9:75:35:34:66:
         89:14:3a:00:b9:f0:a4:45:61:d4:ff:8f:6d:f5:9d:d4:0a:b8:
         ed:65:a0:93:4e:12:23:08:95:35:a6:70:1f:38:98:25:65:32:
         51:f4:f4:aa:06:77:6e:00:ee:1b:cf:87:7e:05:87:50:77:c2:
         86:cf:e5:44:8f:72:94:c3:bc:46:fa:d0:53:48:25:33:13:ab:
         b6:f2:33:1b:77:5e:7a:41:35:2b:cd:94:b3:01:89:48:58:d3:
         d0:a7:4e:b0:04:a7:06:b9:38:58:00:d6:9a:99:a0:c0:a4:9e:
         07:d0:69:9a:54:39:d3:c5:7f:f2:6e:0b:75:b4:88:45:15:d1:
         24:2c:cc:c4:ce:fd:10:ff:01:90:b6:81:a8:1f:d0:f8:08:6b:
         91:0c:14:39:8a:94:3e:81:0f:98:5b:57:dc:f4:ee:50:53:37:
         c7:fb:a0:2f:31:b6:09:e5:7c:2e:0b:1f:b8:91:fb:9d:f8:89:
         24:32:c8:a4:ae:c3:73:28:b1:10:09:22:ab:c7:b6:c4:36:ee:
         a9:65:b3:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh+lePHL0irS6nEgs2/zbVsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTcyMDQ2NWM1Y2QwZGE5YzZhMTNiNDRmYTBkODZmNjQ5
ZTUwNTUwHhcNMjUwODA2MDg1MzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWQ3ZTFhNGEyMGE5NWM0ZDFkZmNjYjMyZjExZmQ0NTFiYzE0OTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0nsAkTy+7n2LWL70UhSDB0usP9V2
W/YDyUaGpO4Hz7EEcMgeKh3HinXj916UgLo41uqGhYw2pbDEOqzMvNQJNE/Ew96Y
bgL3SLjNtYO/UcnzdN6ya5s7FkBF+uQErPNfGUXiP+fRTkqWI4oLDcXmbjo/eAhJ
Qg5tan4noIbNmer6yotFCbevWaWSVOvoeO4b/d0znTk3sViw1AlD/B/SK9iDmI7Z
97YuIk8kLnT+lVXmyxeF9M6h7y5XF98xhZaCnD8N29dnEQ1l97K1kAWcrNT5GjHp
gjw9ZXSi5B/4qdnaU1VIiJVFXojFNYJo5XepuNqdcmmB49pDDvXzrz47pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHX4aSiCpXE0d/Msy8R/UUbwUkeMB8GA1UdIwQY
MBaAFJLnIEZcXNDanGoTtE+g2G9knlBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDkt
OTA5NmUxNjc0ZTIyLzEvUWRmaHBLSUtsY1RSMzh5ekx4SDlSUnZCU1I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDktOTA5NmUxNjc0ZTIy
LzEva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk6EDMA0G
CSqGSIb3DQEBCwUAA4IBAQARS1HZz8GPbSAJv2BOHrKDt3v52PM1eD6Qca24cN9t
P82ZGrZV9yQVpnAnd0VzDYA++XU1NGaJFDoAufCkRWHU/49t9Z3UCrjtZaCTThIj
CJU1pnAfOJglZTJR9PSqBnduAO4bz4d+BYdQd8KGz+VEj3KUw7xG+tBTSCUzE6u2
8jMbd156QTUrzZSzAYlIWNPQp06wBKcGuThYANaamaDApJ4H0GmaVDnTxX/ybgt1
tIhFFdEkLMzEzv0Q/wGQtoGoH9D4CGuRDBQ5ipQ+gQ+YW1fc9O5QUzfH+6AvMbYJ
5XwuCx+4kfud+IkkMsikrsNzKLEQCSKrx7bENu6pZbNH
-----END CERTIFICATE-----