Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/QXAo5dbrwEYB59Rv-4UZOXemfno.roa
File:                     QXAo5dbrwEYB59Rv-4UZOXemfno.roa (raw, json)
Hash identifier:          3/KkYVVtRuIc1ZcqNz9QXCBXcpK8XV7gmNRNATblrzI=
Subject key identifier:   41:70:28:E5:D6:EB:C0:46:01:E7:D4:6F:FB:85:19:39:77:A6:7E:7A
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019865790F9AA77A7784DBE51598302F30C8
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/QXAo5dbrwEYB59Rv-4UZOXemfno.roa
Signing time:             Fri 01 Aug 2025 11:51:29 +0000
ROA not before:           Fri 01 Aug 2025 11:51:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213861
IP address blocks:        45.14.222.0/24 maxlen: 24
                          193.3.19.0/24 maxlen: 24
                          2a14:7b83::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 05:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:65:79:0f:9a:a7:7a:77:84:db:e5:15:98:30:2f:30:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Aug  1 11:51:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=417028e5d6ebc04601e7d46ffb85193977a67e7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:28:6b:02:f3:fe:5a:d8:25:57:45:e4:5e:a0:
                    78:9a:10:ab:6b:6d:86:77:01:29:32:74:ea:55:b5:
                    92:83:ed:74:97:d7:2e:c1:4f:17:69:38:62:93:ae:
                    cb:24:a0:95:89:cf:d5:e7:5b:51:b6:3b:13:f3:65:
                    36:f8:90:3e:6d:12:32:35:35:54:23:b0:0d:34:23:
                    87:68:e2:fe:93:68:03:7a:d6:3a:71:60:26:fa:00:
                    46:3d:1b:6a:18:ed:0e:ab:99:ac:4d:92:cf:f0:b7:
                    1a:94:8a:59:9b:6f:98:48:73:f1:b3:01:86:84:cc:
                    29:0c:a9:1d:dc:24:4e:7c:92:a1:a5:67:20:4d:ac:
                    dd:24:31:cc:4d:b8:94:ea:e6:88:0c:3a:67:ba:63:
                    f9:c5:b9:f0:2a:0e:31:68:f7:6d:6d:75:74:dd:4c:
                    31:68:1a:c5:9b:72:e4:8e:09:bf:d9:e6:8d:9e:1c:
                    ab:91:45:fc:f7:1d:77:63:e9:f3:db:e3:2e:67:5f:
                    b6:bb:c0:ea:6d:a2:2c:b8:23:15:62:8a:5a:1c:92:
                    77:cb:c2:c6:63:d9:01:c2:70:53:b1:79:f2:51:6a:
                    82:b5:54:27:a0:e8:fe:15:2c:7c:f8:40:a3:80:f0:
                    df:a5:f1:cd:d5:f2:c0:91:68:59:9f:67:ee:f6:57:
                    8f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:70:28:E5:D6:EB:C0:46:01:E7:D4:6F:FB:85:19:39:77:A6:7E:7A
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/QXAo5dbrwEYB59Rv-4UZOXemfno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.222.0/24
                  193.3.19.0/24
                IPv6:
                  2a14:7b83::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:d2:67:5e:26:75:2b:c2:18:2d:d0:2d:29:4c:cc:d5:b3:b5:
         21:dc:f2:70:c9:4c:04:7e:cf:cf:99:2f:1f:a5:fd:41:2a:85:
         d5:30:43:e1:3e:64:24:58:33:62:05:35:66:12:cb:7a:43:35:
         cd:a1:72:3f:f9:42:70:3f:05:f6:72:94:c9:3c:ce:00:ad:0b:
         0f:fe:39:5d:1d:e6:09:55:49:ff:a4:b9:48:c6:2b:2c:1e:04:
         95:13:b1:87:20:44:31:6b:69:aa:ba:32:a8:f8:1b:71:21:83:
         4e:0d:3f:cf:8b:8f:78:5d:1d:97:74:6d:66:6f:d7:09:2b:1f:
         ec:62:17:4c:e8:88:46:9f:87:42:80:6f:9c:c3:de:c5:cc:21:
         ad:4e:a4:0a:4b:03:cc:78:5f:2a:c4:19:86:48:01:57:33:a3:
         52:7f:ca:f3:11:f7:41:96:b9:6c:c7:80:f6:77:a5:d4:b4:b3:
         41:31:b6:78:ef:8e:f0:74:a3:da:48:77:0b:61:5e:f4:b4:28:
         e4:4b:49:6f:97:35:39:a3:fc:d1:48:b1:a0:80:32:f0:de:2c:
         2c:72:35:41:e7:a2:7d:15:3c:85:75:9c:35:a4:5b:b6:ea:18:
         60:f9:69:c3:d9:ce:94:71:ee:23:d3:75:ef:24:bd:3f:10:c4:
         a8:62:80:a7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZhleQ+ap3p3hNvlFZgwLzDIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwODAxMTE1MTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTcwMjhlNWQ2ZWJjMDQ2MDFlN2Q0NmZmYjg1MTkzOTc3YTY3ZTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ihrAvP+WtglV0XkXqB4mhCra22G
dwEpMnTqVbWSg+10l9cuwU8XaThik67LJKCVic/V51tRtjsT82U2+JA+bRIyNTVU
I7ANNCOHaOL+k2gDetY6cWAm+gBGPRtqGO0Oq5msTZLP8LcalIpZm2+YSHPxswGG
hMwpDKkd3CROfJKhpWcgTazdJDHMTbiU6uaIDDpnumP5xbnwKg4xaPdtbXV03Uwx
aBrFm3Lkjgm/2eaNnhyrkUX89x13Y+nz2+MuZ1+2u8DqbaIsuCMVYopaHJJ3y8LG
Y9kBwnBTsXnyUWqCtVQnoOj+FSx8+ECjgPDfpfHN1fLAkWhZn2fu9lePMwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEFwKOXW68BGAefUb/uFGTl3pn56MB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvUVhBbzVkYnJ3RVlCNTlSdi00VVpPWGVtZm5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALQ7eAwQA
wQMTMA0EAgACMAcDBQAqFHuDMA0GCSqGSIb3DQEBCwUAA4IBAQBA0mdeJnUrwhgt
0C0pTMzVs7Uh3PJwyUwEfs/PmS8fpf1BKoXVMEPhPmQkWDNiBTVmEst6QzXNoXI/
+UJwPwX2cpTJPM4ArQsP/jldHeYJVUn/pLlIxissHgSVE7GHIEQxa2mqujKo+Btx
IYNODT/Pi494XR2XdG1mb9cJKx/sYhdM6IhGn4dCgG+cw97FzCGtTqQKSwPMeF8q
xBmGSAFXM6NSf8rzEfdBlrlsx4D2d6XUtLNBMbZ4747wdKPaSHcLYV70tCjkS0lv
lzU5o/zRSLGggDLw3iwscjVB56J9FTyFdZw1pFu26hhg+WnD2c6Uce4j03XvJL0/
EMSoYoCn
-----END CERTIFICATE-----