Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/QX-JX3Qu6B9dGH2bgHRHXCFQSGM.roa
File:                     QX-JX3Qu6B9dGH2bgHRHXCFQSGM.roa (raw, json)
Hash identifier:          Libk/j+UTy/9cJUk+hwXMnFM9cOquglWjTlufdsoMkE=
Subject key identifier:   41:7F:89:5F:74:2E:E8:1F:5D:18:7D:9B:80:74:47:5C:21:50:48:63
Certificate issuer:       /CN=a7d78de0234e6f99701592f536e45f5f5594eec3
Certificate serial:       01976BEF0C0EBB75D38C3B9FAD6B25905E55
Authority key identifier: A7:D7:8D:E0:23:4E:6F:99:70:15:92:F5:36:E4:5F:5F:55:94:EE:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p9eN4CNOb5lwFZL1NuRfX1WU7sM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/QX-JX3Qu6B9dGH2bgHRHXCFQSGM.roa
Signing time:             Sat 14 Jun 2025 00:55:17 +0000
ROA not before:           Sat 14 Jun 2025 00:55:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213405
IP address blocks:        85.222.160.0/23 maxlen: 24
                          85.222.160.0/24 maxlen: 24
                          85.222.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/p9eN4CNOb5lwFZL1NuRfX1WU7sM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/p9eN4CNOb5lwFZL1NuRfX1WU7sM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p9eN4CNOb5lwFZL1NuRfX1WU7sM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 14:25:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:6b:ef:0c:0e:bb:75:d3:8c:3b:9f:ad:6b:25:90:5e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7d78de0234e6f99701592f536e45f5f5594eec3
        Validity
            Not Before: Jun 14 00:55:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=417f895f742ee81f5d187d9b8074475c21504863
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:13:81:8f:86:6c:8d:7f:bb:89:ef:d3:da:be:
                    e7:46:7e:28:87:ed:de:c1:2c:6c:56:76:29:99:75:
                    a9:f3:f5:e9:4e:d8:2e:8f:9c:3c:07:ec:36:34:ef:
                    1a:a2:88:92:2e:75:5b:f7:14:65:4d:51:e0:29:a3:
                    8e:7b:c0:8d:01:4f:ef:69:49:d7:d3:65:83:8b:ce:
                    f0:7c:fa:51:ba:48:11:2c:dc:53:ae:64:65:b4:cd:
                    cc:ec:fd:35:e6:4b:80:0f:02:73:82:72:1e:39:8b:
                    ca:42:5e:1a:9a:98:cf:c8:06:ff:ee:91:93:7d:70:
                    c0:d5:56:4c:e0:6d:12:77:a9:5a:75:14:b8:47:51:
                    4e:1d:bb:b2:aa:c1:cd:33:c0:38:0f:f0:aa:e6:0b:
                    92:5a:14:eb:b4:9d:13:72:41:be:3a:19:e3:de:9c:
                    4c:87:65:7e:cc:a2:67:03:80:54:ce:72:ea:6d:8a:
                    ee:32:f9:a9:bd:dd:34:5b:6a:c5:6c:db:5f:f1:c5:
                    c7:3e:5b:23:e6:08:21:24:40:57:9d:dc:f1:36:7a:
                    ed:97:e2:b9:9b:12:0b:5b:53:d1:48:94:d4:5b:75:
                    ae:78:46:76:aa:cb:f1:5e:9f:21:4e:c8:d2:8a:ab:
                    c6:1c:50:bf:81:7c:0e:15:1c:83:b2:9a:16:ff:57:
                    68:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:7F:89:5F:74:2E:E8:1F:5D:18:7D:9B:80:74:47:5C:21:50:48:63
            X509v3 Authority Key Identifier:
                keyid:A7:D7:8D:E0:23:4E:6F:99:70:15:92:F5:36:E4:5F:5F:55:94:EE:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p9eN4CNOb5lwFZL1NuRfX1WU7sM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/QX-JX3Qu6B9dGH2bgHRHXCFQSGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/p9eN4CNOb5lwFZL1NuRfX1WU7sM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.222.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:e6:07:64:98:3d:96:e9:31:1f:c5:c7:09:66:36:a5:0e:76:
         40:5e:24:37:1c:90:89:8b:47:67:25:ef:bb:ca:b4:30:dc:1d:
         0b:3c:1d:d6:61:2d:94:7d:1a:ad:ed:1d:ec:21:8c:6e:8b:0b:
         89:62:ea:ff:b1:28:82:10:3f:57:9b:98:fe:0e:a0:dd:ae:5d:
         0b:6b:88:02:f1:11:d2:19:30:16:57:8e:a3:bf:3d:66:3c:d9:
         b4:f6:60:f2:4c:33:bd:e9:3d:2d:e7:bb:9e:ba:79:ef:15:6b:
         3f:6e:6b:3b:de:34:9b:8f:fd:ea:52:3c:79:17:ae:3d:b2:25:
         08:b8:2c:18:09:8f:1f:fd:30:64:d5:ec:c7:98:34:e7:67:60:
         31:a2:4d:fc:62:db:5a:35:86:3c:b1:f2:3a:2b:4f:be:7c:76:
         8f:d1:01:3d:0b:51:28:a2:c4:7e:bd:6f:fc:75:30:c4:eb:e2:
         b5:2a:b8:ab:27:fe:dd:ee:9d:78:fb:34:1c:cd:25:39:fe:86:
         89:1f:61:fc:06:e3:eb:d0:5e:e8:bf:8f:9a:51:fe:f4:20:ad:
         67:df:11:0d:fa:7b:62:4d:39:06:d3:2c:9f:18:c2:92:4e:99:
         ba:3f:01:5c:8b:21:0e:21:ef:df:c4:45:b4:88:96:fb:bc:72:
         fe:91:e4:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdr7wwOu3XTjDufrWslkF5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZDc4ZGUwMjM0ZTZmOTk3MDE1OTJmNTM2ZTQ1ZjVmNTU5
NGVlYzMwHhcNMjUwNjE0MDA1NTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTdmODk1Zjc0MmVlODFmNWQxODdkOWI4MDc0NDc1YzIxNTA0ODYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArROBj4ZsjX+7ie/T2r7nRn4oh+3e
wSxsVnYpmXWp8/XpTtguj5w8B+w2NO8aooiSLnVb9xRlTVHgKaOOe8CNAU/vaUnX
02WDi87wfPpRukgRLNxTrmRltM3M7P015kuADwJzgnIeOYvKQl4ampjPyAb/7pGT
fXDA1VZM4G0Sd6ladRS4R1FOHbuyqsHNM8A4D/Cq5guSWhTrtJ0TckG+Ohnj3pxM
h2V+zKJnA4BUznLqbYruMvmpvd00W2rFbNtf8cXHPlsj5gghJEBXndzxNnrtl+K5
mxILW1PRSJTUW3WueEZ2qsvxXp8hTsjSiqvGHFC/gXwOFRyDspoW/1dodwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEF/iV90LugfXRh9m4B0R1whUEhjMB8GA1UdIwQY
MBaAFKfXjeAjTm+ZcBWS9TbkX19VlO7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDllTjRDTk9iNWx3RlpMMU51UmZYMVdVN3NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8zMWFhYmEtYWM3ZS00ODlmLTg3N2Mt
MjhkNWI2MDdhNDdmLzEvUVgtSlgzUXU2QjlkR0gyYmdIUkhYQ0ZRU0dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8zMWFhYmEtYWM3ZS00ODlmLTg3N2MtMjhkNWI2MDdhNDdm
LzEvcDllTjRDTk9iNWx3RlpMMU51UmZYMVdVN3NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVd6gMA0G
CSqGSIb3DQEBCwUAA4IBAQAb5gdkmD2W6TEfxccJZjalDnZAXiQ3HJCJi0dnJe+7
yrQw3B0LPB3WYS2UfRqt7R3sIYxuiwuJYur/sSiCED9Xm5j+DqDdrl0La4gC8RHS
GTAWV46jvz1mPNm09mDyTDO96T0t57ueunnvFWs/bms73jSbj/3qUjx5F649siUI
uCwYCY8f/TBk1ezHmDTnZ2Axok38YttaNYY8sfI6K0++fHaP0QE9C1EoosR+vW/8
dTDE6+K1KrirJ/7d7p14+zQczSU5/oaJH2H8BuPr0F7ov4+aUf70IK1n3xEN+nti
TTkG0yyfGMKSTpm6PwFciyEOIe/fxEW0iJb7vHL+keTG
-----END CERTIFICATE-----