Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/pshq4_QA-qLSghM03EWquGAt7rc.roa
File:                     pshq4_QA-qLSghM03EWquGAt7rc.roa (raw, json)
Hash identifier:          rpLjV1rbxm+W2cg04ypjM5dgXLvT0vLct5eUeqe0Yfs=
Subject key identifier:   A6:C8:6A:E3:F4:00:FA:A2:D2:82:13:34:DC:45:AA:B8:60:2D:EE:B7
Certificate issuer:       /CN=7af57dd52c75fce39ffe2915469d9e656dbcb873
Certificate serial:       019A153149C018CA421C07052DD26B550C7D
Authority key identifier: 7A:F5:7D:D5:2C:75:FC:E3:9F:FE:29:15:46:9D:9E:65:6D:BC:B8:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/evV91Sx1_OOf_ikVRp2eZW28uHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/pshq4_QA-qLSghM03EWquGAt7rc.roa
Signing time:             Fri 24 Oct 2025 07:49:02 +0000
ROA not before:           Fri 24 Oct 2025 07:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201746
IP address blocks:        103.226.194.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/evV91Sx1_OOf_ikVRp2eZW28uHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/evV91Sx1_OOf_ikVRp2eZW28uHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/evV91Sx1_OOf_ikVRp2eZW28uHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Oct 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:15:31:49:c0:18:ca:42:1c:07:05:2d:d2:6b:55:0c:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7af57dd52c75fce39ffe2915469d9e656dbcb873
        Validity
            Not Before: Oct 24 07:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6c86ae3f400faa2d2821334dc45aab8602deeb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a0:95:6e:68:95:39:24:d2:b6:73:cf:c3:de:
                    b0:32:d8:21:4e:41:49:53:85:ff:8c:d8:0d:f6:c7:
                    4e:48:19:f3:5b:63:31:8f:76:77:6a:a0:81:12:cb:
                    25:2e:cf:9a:46:25:66:a7:39:29:a3:37:db:f1:b1:
                    e3:ac:85:1a:7d:dd:91:61:e1:eb:2a:e9:ef:8b:7c:
                    51:37:61:bd:ef:7c:01:33:05:b5:6d:52:20:9e:5a:
                    d9:2d:61:8c:02:b6:c7:08:89:7a:a8:8d:95:ae:31:
                    d8:e8:08:6d:e0:97:4a:87:fb:a1:81:99:67:78:68:
                    ea:98:1c:d7:2f:0a:f9:47:30:5b:3b:0d:59:ae:0f:
                    1d:b3:8c:48:44:17:56:ef:bd:3e:48:13:8e:82:a8:
                    44:df:75:9e:39:e6:dc:73:3f:b4:22:70:ba:2b:cd:
                    85:a0:53:31:86:35:f0:0f:23:1e:1f:e6:9d:00:70:
                    e7:55:e4:00:5c:91:bb:27:31:2a:0d:11:dd:51:fd:
                    8e:ae:8c:eb:04:42:1b:87:fb:00:6f:94:98:ad:9c:
                    fa:28:c3:a8:1b:b5:31:70:90:59:77:ce:9d:3e:cb:
                    b4:6d:0c:95:03:d3:18:16:46:57:82:8d:d7:81:39:
                    8e:bc:50:81:8c:09:a3:60:ce:b7:4d:76:bb:f9:04:
                    f5:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:C8:6A:E3:F4:00:FA:A2:D2:82:13:34:DC:45:AA:B8:60:2D:EE:B7
            X509v3 Authority Key Identifier:
                keyid:7A:F5:7D:D5:2C:75:FC:E3:9F:FE:29:15:46:9D:9E:65:6D:BC:B8:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evV91Sx1_OOf_ikVRp2eZW28uHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/pshq4_QA-qLSghM03EWquGAt7rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/evV91Sx1_OOf_ikVRp2eZW28uHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.226.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:61:55:95:a8:31:c6:8e:ad:1f:5c:c9:8a:b0:bf:dd:32:ac:
         2b:f8:1b:19:f2:80:92:28:63:cc:42:f4:39:54:40:70:da:c8:
         7d:89:f0:89:7b:f9:c2:74:14:8c:d7:a9:98:1a:eb:91:ac:6d:
         5f:2f:a6:2c:0d:7c:ee:a3:98:9f:ef:a9:5a:07:63:e9:0f:67:
         7c:df:fd:bd:3a:97:e2:03:c8:68:66:33:12:aa:c6:92:db:ad:
         d9:60:82:a0:b4:a7:0b:d6:55:fa:f7:68:9d:7a:fe:87:20:02:
         a7:95:5b:00:64:f6:f7:0b:3a:45:07:81:d7:83:d7:e7:c4:92:
         86:e2:e5:2a:78:20:82:48:ec:3a:3f:6c:ee:1a:a9:a9:ac:eb:
         92:0d:4b:f8:3d:22:0a:66:f6:f0:a7:0d:66:9c:94:79:83:f0:
         f2:be:1d:29:74:87:9f:82:dd:2d:c9:58:2a:f0:63:19:e0:fe:
         bf:9a:c8:bd:8d:10:0e:e7:f0:9e:f6:2b:77:a0:d6:01:77:3e:
         db:26:c2:3a:04:26:9b:7d:59:95:9d:54:a1:24:57:31:15:2b:
         07:6d:7a:da:c6:16:95:b4:b5:e6:1e:e5:fd:c2:a3:b6:69:23:
         b5:d5:d9:d9:68:65:f2:c6:fb:6a:fe:b1:28:6e:f1:ba:2e:da:
         23:28:3c:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoVMUnAGMpCHAcFLdJrVQx9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZjU3ZGQ1MmM3NWZjZTM5ZmZlMjkxNTQ2OWQ5ZTY1NmRi
Y2I4NzMwHhcNMjUxMDI0MDc0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmM4NmFlM2Y0MDBmYWEyZDI4MjEzMzRkYzQ1YWFiODYwMmRlZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKCVbmiVOSTStnPPw96wMtghTkFJ
U4X/jNgN9sdOSBnzW2Mxj3Z3aqCBEsslLs+aRiVmpzkpozfb8bHjrIUafd2RYeHr
Kunvi3xRN2G973wBMwW1bVIgnlrZLWGMArbHCIl6qI2VrjHY6Aht4JdKh/uhgZln
eGjqmBzXLwr5RzBbOw1Zrg8ds4xIRBdW770+SBOOgqhE33WeOebccz+0InC6K82F
oFMxhjXwDyMeH+adAHDnVeQAXJG7JzEqDRHdUf2OrozrBEIbh/sAb5SYrZz6KMOo
G7UxcJBZd86dPsu0bQyVA9MYFkZXgo3XgTmOvFCBjAmjYM63TXa7+QT1rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKbIauP0APqi0oITNNxFqrhgLe63MB8GA1UdIwQY
MBaAFHr1fdUsdfzjn/4pFUadnmVtvLhzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZWOTFTeDFfT09mX2lrVlJwMmVaVzI4dUhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi84Nzk3ZGUtM2FlOS00ZTA1LTgwZmYt
YzI1MzQwOTZjNjBkLzEvcHNocTRfUUEtcUxTZ2hNMDNFV3F1R0F0N3JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi84Nzk3ZGUtM2FlOS00ZTA1LTgwZmYtYzI1MzQwOTZjNjBk
LzEvZXZWOTFTeDFfT09mX2lrVlJwMmVaVzI4dUhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ+LCMA0G
CSqGSIb3DQEBCwUAA4IBAQCmYVWVqDHGjq0fXMmKsL/dMqwr+BsZ8oCSKGPMQvQ5
VEBw2sh9ifCJe/nCdBSM16mYGuuRrG1fL6YsDXzuo5if76laB2PpD2d83/29Opfi
A8hoZjMSqsaS263ZYIKgtKcL1lX692idev6HIAKnlVsAZPb3CzpFB4HXg9fnxJKG
4uUqeCCCSOw6P2zuGqmprOuSDUv4PSIKZvbwpw1mnJR5g/Dyvh0pdIefgt0tyVgq
8GMZ4P6/msi9jRAO5/Ce9it3oNYBdz7bJsI6BCabfVmVnVShJFcxFSsHbXraxhaV
tLXmHuX9wqO2aSO11dnZaGXyxvtq/rEobvG6LtojKDzp
-----END CERTIFICATE-----