Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/91b31e-0711-43fa-bc29-932b4ac0aafd/1/QbjMGccKG5d5ZKbesdYHgP5_B94.roa
File:                     QbjMGccKG5d5ZKbesdYHgP5_B94.roa (raw, json)
Hash identifier:          4D93Q+Whu8oYfv+HOP7uP002kldwgOYc75DA0DhrTb4=
Subject key identifier:   41:B8:CC:19:C7:0A:1B:97:79:64:A6:DE:B1:D6:07:80:FE:7F:07:DE
Certificate issuer:       /CN=b5356b3a6778be8c6114ad87daafcd07ca55d800
Certificate serial:       0196D3F2DB68F86D86B88BC929998577392C
Authority key identifier: B5:35:6B:3A:67:78:BE:8C:61:14:AD:87:DA:AF:CD:07:CA:55:D8:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tTVrOmd4voxhFK2H2q_NB8pV2AA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/91b31e-0711-43fa-bc29-932b4ac0aafd/1/QbjMGccKG5d5ZKbesdYHgP5_B94.roa
Signing time:             Thu 15 May 2025 12:37:10 +0000
ROA not before:           Thu 15 May 2025 12:37:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42151
IP address blocks:        95.171.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/91b31e-0711-43fa-bc29-932b4ac0aafd/1/tTVrOmd4voxhFK2H2q_NB8pV2AA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/91b31e-0711-43fa-bc29-932b4ac0aafd/1/tTVrOmd4voxhFK2H2q_NB8pV2AA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tTVrOmd4voxhFK2H2q_NB8pV2AA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d3:f2:db:68:f8:6d:86:b8:8b:c9:29:99:85:77:39:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5356b3a6778be8c6114ad87daafcd07ca55d800
        Validity
            Not Before: May 15 12:37:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41b8cc19c70a1b977964a6deb1d60780fe7f07de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:79:bc:7c:b9:e0:15:3c:bc:17:7a:3d:5e:a3:
                    94:67:55:93:c0:e3:5e:7a:3d:76:0a:2c:65:4e:d2:
                    26:f2:75:02:81:d9:a0:7a:6a:5d:86:3f:aa:da:47:
                    8d:79:7b:97:6a:05:d2:9e:9b:d5:4e:db:e9:08:c7:
                    47:68:c5:df:d9:80:0f:9e:f1:b3:a0:d3:e3:4d:0c:
                    e9:ff:73:0a:d9:fb:7c:4e:ed:e3:1b:6c:19:34:a5:
                    bc:14:4f:98:3f:4e:e1:e6:06:cb:96:0a:81:65:29:
                    f9:e6:01:90:36:6d:73:92:c1:2c:ae:8e:a0:ca:d8:
                    12:c6:36:2b:c0:a4:1e:ba:cf:27:a6:ac:ab:f9:6c:
                    03:dd:7c:25:ba:a3:9a:b1:4a:61:f1:c6:9b:64:a1:
                    fc:8f:1e:7d:f5:a7:67:f3:c1:3b:c8:e2:29:79:f9:
                    1b:18:fb:57:1d:f5:ba:28:aa:58:f9:3c:32:37:30:
                    9f:b4:6e:fc:bf:f6:09:70:c7:ba:5b:50:68:2a:c5:
                    f1:51:38:14:e0:28:75:21:cb:d6:88:dc:47:ce:c5:
                    63:77:77:2b:da:1f:d6:19:e4:53:85:01:66:ba:1a:
                    3a:e8:5f:74:00:fd:e7:79:80:d0:eb:1e:0e:6c:cf:
                    bc:93:44:6a:c5:5f:48:9e:39:c4:61:89:06:a0:ca:
                    6c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:B8:CC:19:C7:0A:1B:97:79:64:A6:DE:B1:D6:07:80:FE:7F:07:DE
            X509v3 Authority Key Identifier:
                keyid:B5:35:6B:3A:67:78:BE:8C:61:14:AD:87:DA:AF:CD:07:CA:55:D8:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tTVrOmd4voxhFK2H2q_NB8pV2AA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/91b31e-0711-43fa-bc29-932b4ac0aafd/1/QbjMGccKG5d5ZKbesdYHgP5_B94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/91b31e-0711-43fa-bc29-932b4ac0aafd/1/tTVrOmd4voxhFK2H2q_NB8pV2AA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.171.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:25:c5:ef:f2:7c:35:9e:70:e7:93:48:4f:2f:55:22:2d:5f:
         6a:b3:e8:48:1e:20:27:9d:4e:3f:ca:e2:bd:eb:c8:17:8d:7e:
         94:76:01:72:35:13:be:e5:69:90:30:0f:d0:0b:4b:78:ed:0c:
         b6:4d:3f:c0:ba:d8:28:ca:7c:ed:4d:d7:81:1d:59:d0:c7:3f:
         3f:e2:e9:df:8e:5e:c7:bb:25:d2:a3:97:9c:22:47:2b:2e:d5:
         35:9e:36:83:ec:50:a2:76:fa:c2:0f:88:5f:71:16:0c:4f:1b:
         64:3f:a9:c6:e5:9d:4f:3b:5f:60:05:99:cd:86:6c:e8:6e:ef:
         61:45:37:b2:f2:ff:b2:fc:5a:3f:6b:79:84:52:9e:11:12:91:
         fd:c0:e9:b7:1d:f8:3a:ae:9e:39:a4:ab:76:a8:74:0b:66:40:
         cf:9f:d2:2e:7b:fc:b0:e1:a7:b0:81:3f:b8:99:f7:6e:df:04:
         6c:78:84:b6:b6:c8:7b:9a:33:37:63:b0:d9:d6:7e:c2:60:42:
         2f:96:5d:ca:3f:d9:4e:38:ee:32:5d:f3:7c:39:6d:60:16:ab:
         cb:41:28:97:79:39:0b:d8:54:53:35:7b:35:47:45:1f:ee:6b:
         a5:57:66:5f:c6:fc:f8:63:5e:fb:fe:9a:f4:98:19:3f:ac:a9:
         36:4f:7d:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbT8tto+G2GuIvJKZmFdzksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MzU2YjNhNjc3OGJlOGM2MTE0YWQ4N2RhYWZjZDA3Y2E1
NWQ4MDAwHhcNMjUwNTE1MTIzNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWI4Y2MxOWM3MGExYjk3Nzk2NGE2ZGViMWQ2MDc4MGZlN2YwN2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3m8fLngFTy8F3o9XqOUZ1WTwONe
ej12CixlTtIm8nUCgdmgempdhj+q2keNeXuXagXSnpvVTtvpCMdHaMXf2YAPnvGz
oNPjTQzp/3MK2ft8Tu3jG2wZNKW8FE+YP07h5gbLlgqBZSn55gGQNm1zksEsro6g
ytgSxjYrwKQeus8npqyr+WwD3XwluqOasUph8cabZKH8jx599adn88E7yOIpefkb
GPtXHfW6KKpY+TwyNzCftG78v/YJcMe6W1BoKsXxUTgU4Ch1IcvWiNxHzsVjd3cr
2h/WGeRThQFmuho66F90AP3neYDQ6x4ObM+8k0RqxV9InjnEYYkGoMpsmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEG4zBnHChuXeWSm3rHWB4D+fwfeMB8GA1UdIwQY
MBaAFLU1azpneL6MYRSth9qvzQfKVdgAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFRWck9tZDR2b3hoRksySDJxX05COHBWMkFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS85MWIzMWUtMDcxMS00M2ZhLWJjMjkt
OTMyYjRhYzBhYWZkLzEvUWJqTUdjY0tHNWQ1WktiZXNkWUhnUDVfQjk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS85MWIzMWUtMDcxMS00M2ZhLWJjMjktOTMyYjRhYzBhYWZk
LzEvdFRWck9tZDR2b3hoRksySDJxX05COHBWMkFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6sTMA0G
CSqGSIb3DQEBCwUAA4IBAQBwJcXv8nw1nnDnk0hPL1UiLV9qs+hIHiAnnU4/yuK9
68gXjX6UdgFyNRO+5WmQMA/QC0t47Qy2TT/AutgoynztTdeBHVnQxz8/4unfjl7H
uyXSo5ecIkcrLtU1njaD7FCidvrCD4hfcRYMTxtkP6nG5Z1PO19gBZnNhmzobu9h
RTey8v+y/Fo/a3mEUp4REpH9wOm3Hfg6rp45pKt2qHQLZkDPn9Iue/yw4aewgT+4
mfdu3wRseIS2tsh7mjM3Y7DZ1n7CYEIvll3KP9lOOO4yXfN8OW1gFqvLQSiXeTkL
2FRTNXs1R0Uf7mulV2Zfxvz4Y177/pr0mBk/rKk2T33M
-----END CERTIFICATE-----