Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/mqFZ_6poK042LnYArfefb64YNZQ.roa
File:                     mqFZ_6poK042LnYArfefb64YNZQ.roa (raw, json)
Hash identifier:          z+bsA4ZcDvX2JPMlTZwVkKpOQPowKJ3wnhxnQ/pVUXU=
Subject key identifier:   9A:A1:59:FF:AA:68:2B:4E:36:2E:76:00:AD:F7:9F:6F:AE:18:35:94
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       0197F4258492C1DAA5743AD88466CA647A2A
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/mqFZ_6poK042LnYArfefb64YNZQ.roa
Signing time:             Thu 10 Jul 2025 11:43:08 +0000
ROA not before:           Thu 10 Jul 2025 11:43:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35583
IP address blocks:        95.164.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:25:84:92:c1:da:a5:74:3a:d8:84:66:ca:64:7a:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Jul 10 11:43:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9aa159ffaa682b4e362e7600adf79f6fae183594
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:64:df:34:b3:66:06:6d:d3:11:4c:3e:9a:d8:
                    7c:0a:11:de:2f:33:d6:5a:1c:52:5d:79:de:2e:06:
                    1f:c7:57:ab:04:7f:22:74:1f:f0:2b:f1:6f:9f:bc:
                    cf:c4:ab:cb:1d:38:4b:3e:1b:78:51:e0:f6:00:6e:
                    6e:6a:53:ec:04:ef:6c:9d:59:d8:b4:64:a5:55:c8:
                    32:ac:b8:e9:9b:60:5c:b2:ee:8d:41:f0:a8:ab:ee:
                    99:9c:4e:e9:8b:f5:8a:a2:d1:17:85:2b:73:39:8a:
                    e0:74:3d:94:49:b2:e1:29:04:db:ca:b5:51:24:c9:
                    f0:31:ee:80:f8:7e:0b:1f:53:39:17:ae:af:70:10:
                    bd:d7:b4:43:3e:ad:2c:f8:82:8b:92:a2:7a:8b:a7:
                    1a:a6:a8:c5:73:ab:e0:c7:bb:4f:91:87:bf:f9:d7:
                    c9:52:d9:e1:e1:cd:5e:be:3f:54:7c:96:57:83:75:
                    01:1b:dc:cd:a6:05:2f:75:8c:19:5f:17:1e:8a:12:
                    f5:c5:d7:c1:e1:0a:f9:56:cc:16:4a:54:0b:2a:fe:
                    cb:0e:c7:de:7f:1f:40:aa:01:57:db:19:fe:12:18:
                    51:20:ad:13:10:a4:1c:6b:f0:74:22:c6:f2:65:43:
                    35:53:86:67:0f:ca:63:86:f3:17:69:c1:a6:95:89:
                    ed:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:A1:59:FF:AA:68:2B:4E:36:2E:76:00:AD:F7:9F:6F:AE:18:35:94
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/mqFZ_6poK042LnYArfefb64YNZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:6a:ee:4b:7e:4a:9a:6c:08:1f:33:39:43:4b:6c:48:e2:8b:
         1e:18:1d:cf:d0:dd:94:06:c9:d1:f4:71:68:46:94:93:7c:63:
         60:9a:77:03:43:68:3a:20:ee:c4:75:49:77:5d:c0:2c:10:13:
         5c:f1:96:d3:b0:c5:65:e8:51:5e:f3:04:49:9d:09:16:20:cf:
         86:40:93:62:ee:b9:00:37:63:d1:3b:64:4e:80:6b:8c:e0:d3:
         3e:90:fd:5b:b3:73:c8:0c:1a:8b:07:57:aa:52:93:85:e8:f8:
         33:f5:63:cf:6c:36:f1:38:6c:d3:49:c4:5f:a5:e2:43:ef:a7:
         1d:ee:75:2d:80:e0:ef:56:ec:f7:24:cd:f1:1d:32:f2:55:41:
         77:5b:79:a7:78:eb:42:d9:ff:53:c6:e6:47:f1:11:09:38:dc:
         90:fb:17:a2:40:f3:f6:05:4f:88:e5:8c:2f:2a:ad:f1:cd:24:
         10:52:04:d9:1c:46:80:14:1b:be:12:ed:d7:ce:7a:4b:1e:12:
         9e:5a:09:d9:aa:5b:96:f2:13:de:f7:bd:a8:47:10:71:b3:b4:
         39:03:5e:03:8f:7f:8d:3a:7f:2a:76:48:7f:e5:5c:ca:e1:fb:
         f0:23:2a:6e:6a:26:c1:65:e8:78:53:7f:f2:e2:ed:d3:0d:61:
         15:27:76:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf0JYSSwdqldDrYhGbKZHoqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjUwNzEwMTE0MzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWExNTlmZmFhNjgyYjRlMzYyZTc2MDBhZGY3OWY2ZmFlMTgzNTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2TfNLNmBm3TEUw+mth8ChHeLzPW
WhxSXXneLgYfx1erBH8idB/wK/Fvn7zPxKvLHThLPht4UeD2AG5ualPsBO9snVnY
tGSlVcgyrLjpm2Bcsu6NQfCoq+6ZnE7pi/WKotEXhStzOYrgdD2USbLhKQTbyrVR
JMnwMe6A+H4LH1M5F66vcBC917RDPq0s+IKLkqJ6i6capqjFc6vgx7tPkYe/+dfJ
Utnh4c1evj9UfJZXg3UBG9zNpgUvdYwZXxceihL1xdfB4Qr5VswWSlQLKv7LDsfe
fx9AqgFX2xn+EhhRIK0TEKQca/B0IsbyZUM1U4ZnD8pjhvMXacGmlYnt6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJqhWf+qaCtONi52AK33n2+uGDWUMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvbXFGWl82cG9LMDQyTG5ZQXJmZWZiNjRZTlpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6QwMA0G
CSqGSIb3DQEBCwUAA4IBAQA2au5LfkqabAgfMzlDS2xI4oseGB3P0N2UBsnR9HFo
RpSTfGNgmncDQ2g6IO7EdUl3XcAsEBNc8ZbTsMVl6FFe8wRJnQkWIM+GQJNi7rkA
N2PRO2ROgGuM4NM+kP1bs3PIDBqLB1eqUpOF6Pgz9WPPbDbxOGzTScRfpeJD76cd
7nUtgODvVuz3JM3xHTLyVUF3W3mneOtC2f9TxuZH8REJONyQ+xeiQPP2BU+I5Ywv
Kq3xzSQQUgTZHEaAFBu+Eu3XznpLHhKeWgnZqluW8hPe972oRxBxs7Q5A14Dj3+N
On8qdkh/5VzK4fvwIypuaibBZeh4U3/y4u3TDWEVJ3bV
-----END CERTIFICATE-----