Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/QQZQEhkMHvtGoFP9esnG4RDEYyc.roa
File:                     QQZQEhkMHvtGoFP9esnG4RDEYyc.roa (raw, json)
Hash identifier:          6aK9VeBkgEwisIfFyiPwtyXK/Ce0FfALzOoFN64g2y0=
Subject key identifier:   41:06:50:12:19:0C:1E:FB:46:A0:53:FD:7A:C9:C6:E1:10:C4:63:27
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019A67D3FFADFBFB8A91B23E3EF318D1AD73
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/QQZQEhkMHvtGoFP9esnG4RDEYyc.roa
Signing time:             Sun 09 Nov 2025 08:55:37 +0000
ROA not before:           Sun 09 Nov 2025 08:55:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202736
IP address blocks:        185.225.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Nov 2025 15:37:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:67:d3:ff:ad:fb:fb:8a:91:b2:3e:3e:f3:18:d1:ad:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov  9 08:55:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41065012190c1efb46a053fd7ac9c6e110c46327
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:dc:f8:75:37:11:37:e4:cb:dc:36:2f:68:f9:
                    a5:43:cf:b1:c9:42:49:c2:01:4e:15:fa:0e:51:c9:
                    36:b0:b4:a6:4d:bd:9e:84:fd:53:1d:0b:f3:cd:d6:
                    4d:d9:0c:ea:14:c8:76:58:43:c2:f9:a2:43:73:25:
                    47:6d:eb:4d:35:57:74:6c:e2:d8:f0:b3:05:68:00:
                    8e:06:44:4c:f4:51:cc:38:36:f5:e0:db:79:c8:de:
                    33:d0:1c:33:d7:af:ec:1c:31:88:db:cc:6e:3d:2d:
                    2d:6a:d9:a8:c9:56:6f:3d:9b:ae:1d:41:05:8a:4b:
                    80:69:52:fc:52:46:29:ec:f6:2e:a7:ef:04:5d:1d:
                    40:33:41:f1:78:e7:de:16:0b:7c:d8:13:a1:20:12:
                    4b:ae:25:db:1f:0d:b8:f7:ce:57:d4:6b:d0:c4:95:
                    90:ad:4d:90:86:2c:65:34:d1:c3:21:28:ec:84:55:
                    fa:0d:25:8d:61:e3:61:7f:ab:a5:c2:85:3b:ca:c5:
                    cf:08:bb:09:8d:a0:f8:5b:72:f6:89:c6:fe:55:6d:
                    54:90:27:ff:b2:05:cc:f0:86:1f:50:39:f6:38:dc:
                    1a:6b:e9:ee:1f:21:e9:39:57:fb:b4:f6:e3:3a:75:
                    28:e0:e3:6a:2b:80:e4:ab:00:eb:a6:b7:8b:ef:1c:
                    36:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:06:50:12:19:0C:1E:FB:46:A0:53:FD:7A:C9:C6:E1:10:C4:63:27
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/QQZQEhkMHvtGoFP9esnG4RDEYyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:27:ae:e1:f1:c1:85:d1:a0:0b:f8:0f:0c:49:6c:57:6e:cb:
         9b:fd:f8:f1:e6:cd:17:e4:83:48:3b:9c:bb:fd:01:a7:ee:bf:
         05:0f:8e:27:6f:cd:98:b3:97:06:82:96:9d:7d:4c:e8:04:4d:
         a2:3e:35:4c:9d:1f:e1:e9:1a:25:f7:40:02:74:5d:b5:3d:22:
         13:e1:e3:c4:97:03:70:73:72:b0:e2:6d:e2:3a:34:3d:38:90:
         c7:2c:ea:18:51:79:8a:38:6b:0e:b2:98:d1:b4:ce:93:af:0e:
         78:cd:b3:17:77:37:e9:52:a4:c9:80:12:5f:7a:b5:d6:3c:0d:
         e1:7c:ae:66:86:7d:86:48:e4:fd:53:62:94:da:5b:eb:34:98:
         fb:6e:e2:e9:33:36:8d:65:5c:42:1b:9e:3d:05:75:db:ce:d6:
         69:ec:c9:49:26:9b:40:16:18:61:2d:c1:68:be:b0:af:08:43:
         84:49:ec:a1:5d:e7:67:9a:86:bf:6b:08:6f:00:7d:5f:cb:3a:
         2e:bf:59:29:a3:e5:75:76:52:56:02:36:78:c1:35:e9:c9:3c:
         35:e9:ef:59:26:e4:ba:d4:b0:7c:ff:48:45:ef:46:8f:85:1a:
         3c:64:17:01:15:53:39:89:ab:cd:0b:07:37:6d:ea:10:08:19:
         c3:84:df:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpn0/+t+/uKkbI+PvMY0a1zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUxMTA5MDg1NTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTA2NTAxMjE5MGMxZWZiNDZhMDUzZmQ3YWM5YzZlMTEwYzQ2MzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNz4dTcRN+TL3DYvaPmlQ8+xyUJJ
wgFOFfoOUck2sLSmTb2ehP1THQvzzdZN2QzqFMh2WEPC+aJDcyVHbetNNVd0bOLY
8LMFaACOBkRM9FHMODb14Nt5yN4z0Bwz16/sHDGI28xuPS0tatmoyVZvPZuuHUEF
ikuAaVL8UkYp7PYup+8EXR1AM0HxeOfeFgt82BOhIBJLriXbHw24985X1GvQxJWQ
rU2QhixlNNHDISjshFX6DSWNYeNhf6ulwoU7ysXPCLsJjaD4W3L2icb+VW1UkCf/
sgXM8IYfUDn2ONwaa+nuHyHpOVf7tPbjOnUo4ONqK4DkqwDrpreL7xw2qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEEGUBIZDB77RqBT/XrJxuEQxGMnMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUVFaUUVoa01IdnRHb0ZQOWVzbkc0UkRFWXljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueEBMA0G
CSqGSIb3DQEBCwUAA4IBAQB/J67h8cGF0aAL+A8MSWxXbsub/fjx5s0X5INIO5y7
/QGn7r8FD44nb82Ys5cGgpadfUzoBE2iPjVMnR/h6Rol90ACdF21PSIT4ePElwNw
c3Kw4m3iOjQ9OJDHLOoYUXmKOGsOspjRtM6Trw54zbMXdzfpUqTJgBJferXWPA3h
fK5mhn2GSOT9U2KU2lvrNJj7buLpMzaNZVxCG549BXXbztZp7MlJJptAFhhhLcFo
vrCvCEOESeyhXednmoa/awhvAH1fyzouv1kpo+V1dlJWAjZ4wTXpyTw16e9ZJuS6
1LB8/0hF70aPhRo8ZBcBFVM5iavNCwc3beoQCBnDhN+I
-----END CERTIFICATE-----