Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1Qlk_JpeeCo2M4E-5FutMyUP8vU.roa
File:                     1Qlk_JpeeCo2M4E-5FutMyUP8vU.roa (raw, json)
Hash identifier:          T+Afz/qB+3L5Lnbbu4TRZ+IzmIQs/O6LYr1v61fRyqU=
Subject key identifier:   D5:09:64:FC:9A:5E:78:2A:36:33:81:3E:E4:5B:AD:33:25:0F:F2:F5
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01981E069D19201FE07CA42F2ADBEAD98739
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1Qlk_JpeeCo2M4E-5FutMyUP8vU.roa
Signing time:             Fri 18 Jul 2025 14:53:26 +0000
ROA not before:           Fri 18 Jul 2025 14:53:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199834
IP address blocks:        193.37.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1e:06:9d:19:20:1f:e0:7c:a4:2f:2a:db:ea:d9:87:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 18 14:53:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d50964fc9a5e782a3633813ee45bad33250ff2f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3d:ae:6c:43:99:a8:d8:d9:50:23:fd:a0:c3:
                    42:76:48:c3:72:6b:60:96:b7:5b:e0:a3:98:8a:bb:
                    76:bf:17:77:42:4d:d7:21:d3:32:73:b8:54:b0:e2:
                    f5:7f:f7:3b:43:3c:0b:35:cd:41:bf:2e:32:f7:bd:
                    36:f9:57:c1:7b:54:12:dc:07:61:a6:e6:1d:44:43:
                    72:3f:65:19:e5:d7:18:38:25:e2:4c:93:75:af:b1:
                    43:a2:12:6f:23:1a:38:53:d9:3a:4d:df:4b:17:28:
                    21:96:6e:da:e8:0b:b1:99:68:a4:db:fb:53:c7:05:
                    f3:ca:7b:80:d8:6e:3f:2b:ce:9e:6b:41:ee:6d:2e:
                    be:d1:bb:79:4c:8e:38:fb:b8:15:48:a3:1c:ed:d1:
                    b4:f8:98:b7:46:ae:ff:1c:54:2c:f5:db:da:cb:3e:
                    ba:2b:7d:27:2b:a7:2a:62:1a:cc:3c:49:e4:ba:c1:
                    81:36:4a:66:e9:75:13:ce:25:0f:21:b2:f9:b8:f7:
                    9f:51:26:62:ad:73:8a:30:0f:2f:91:55:c1:ee:5a:
                    7b:a6:82:96:5f:55:67:8d:16:ef:cf:57:35:d7:9f:
                    dd:7e:da:14:af:e6:f8:4c:6f:07:38:36:27:99:49:
                    49:31:de:19:e0:f1:45:1b:68:87:54:ec:34:70:6f:
                    ef:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:09:64:FC:9A:5E:78:2A:36:33:81:3E:E4:5B:AD:33:25:0F:F2:F5
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1Qlk_JpeeCo2M4E-5FutMyUP8vU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:4d:6d:43:aa:64:92:96:1f:cd:79:e7:03:e1:77:4e:e1:fc:
         ba:67:2f:a7:7c:18:4f:e9:9f:2e:9b:19:bf:58:36:40:92:19:
         25:d6:2a:a2:e5:c0:a6:35:a2:65:1d:03:fd:bf:b9:98:a9:38:
         72:88:f8:92:06:95:5e:f1:b5:1a:92:3e:fd:94:a8:21:e9:e9:
         66:9e:b9:b8:b5:5f:df:7e:06:9a:81:41:68:38:90:0e:31:de:
         d4:d1:f4:6b:6d:a9:77:1f:77:85:8e:0a:36:6a:60:64:76:95:
         a8:9d:4b:62:d0:2c:15:85:81:09:89:b5:b6:f7:84:7a:06:82:
         f2:e9:37:2b:ee:cd:6d:c7:d3:02:be:3c:32:5c:af:92:9e:ca:
         2e:d3:d1:3e:ea:5f:6e:21:64:dd:14:bf:4a:4e:7c:24:81:ad:
         47:a3:af:9b:20:d7:80:ab:80:d4:10:4d:83:32:43:ea:a7:e2:
         eb:70:da:6c:d0:3e:e7:99:51:56:c3:a5:73:4e:42:92:fe:ec:
         f7:31:c9:36:a0:5f:73:95:c3:2d:8e:67:b1:9b:fc:90:63:46:
         ae:20:82:01:b6:0b:a0:d5:c0:6a:6f:06:13:90:aa:43:47:ac:
         e3:a1:c5:b4:72:77:d8:7b:dd:26:72:0b:8d:ce:b2:c2:ce:08:
         82:af:1b:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgeBp0ZIB/gfKQvKtvq2Yc5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNzE4MTQ1MzI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTA5NjRmYzlhNWU3ODJhMzYzMzgxM2VlNDViYWQzMzI1MGZmMmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApT2ubEOZqNjZUCP9oMNCdkjDcmtg
lrdb4KOYirt2vxd3Qk3XIdMyc7hUsOL1f/c7QzwLNc1Bvy4y9702+VfBe1QS3Adh
puYdRENyP2UZ5dcYOCXiTJN1r7FDohJvIxo4U9k6Td9LFyghlm7a6AuxmWik2/tT
xwXzynuA2G4/K86ea0HubS6+0bt5TI44+7gVSKMc7dG0+Ji3Rq7/HFQs9dvayz66
K30nK6cqYhrMPEnkusGBNkpm6XUTziUPIbL5uPefUSZirXOKMA8vkVXB7lp7poKW
X1VnjRbvz1c115/dftoUr+b4TG8HODYnmUlJMd4Z4PFFG2iHVOw0cG/vdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUJZPyaXngqNjOBPuRbrTMlD/L1MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMVFsa19KcGVlQ28yTTRFLTVGdXRNeVVQOHZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSUqMA0G
CSqGSIb3DQEBCwUAA4IBAQCvTW1DqmSSlh/NeecD4XdO4fy6Zy+nfBhP6Z8umxm/
WDZAkhkl1iqi5cCmNaJlHQP9v7mYqThyiPiSBpVe8bUakj79lKgh6elmnrm4tV/f
fgaagUFoOJAOMd7U0fRrbal3H3eFjgo2amBkdpWonUti0CwVhYEJibW294R6BoLy
6Tcr7s1tx9MCvjwyXK+Snsou09E+6l9uIWTdFL9KTnwkga1Ho6+bINeAq4DUEE2D
MkPqp+LrcNps0D7nmVFWw6VzTkKS/uz3Mck2oF9zlcMtjmexm/yQY0auIIIBtgug
1cBqbwYTkKpDR6zjocW0cnfYe90mcguNzrLCzgiCrxvp
-----END CERTIFICATE-----