Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qVFqV1BREXhljuSLd4jjXb9LgDc.roa
File:                     qVFqV1BREXhljuSLd4jjXb9LgDc.roa (raw, json)
Hash identifier:          KtjJw0Zv7eZds9iTbR7UwscqRgml3SReWL9pS+o/kpA=
Subject key identifier:   A9:51:6A:57:50:51:11:78:65:8E:E4:8B:77:88:E3:5D:BF:4B:80:37
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       0198502AE5086061FBA3E37A2B30C5EB5D0D
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qVFqV1BREXhljuSLd4jjXb9LgDc.roa
Signing time:             Mon 28 Jul 2025 08:34:05 +0000
ROA not before:           Mon 28 Jul 2025 08:34:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213220
IP address blocks:        185.244.175.0/24 maxlen: 24
                          213.108.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:50:2a:e5:08:60:61:fb:a3:e3:7a:2b:30:c5:eb:5d:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 28 08:34:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9516a5750511178658ee48b7788e35dbf4b8037
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:90:15:fd:9c:a2:77:81:78:52:b3:a3:b8:c2:
                    5b:8e:79:4d:86:6c:14:7c:0b:de:57:ce:55:1c:68:
                    aa:61:56:eb:74:de:fa:89:32:88:f5:14:17:f1:53:
                    f9:4c:4c:19:17:c3:a6:fa:7f:d4:b2:3a:8a:21:c7:
                    27:ac:4b:ec:91:50:35:28:66:4b:87:ad:f3:fc:87:
                    9b:3b:55:44:e5:9f:4b:d8:9b:81:6e:86:52:27:92:
                    f2:91:bb:92:99:46:09:ef:d9:bd:66:48:43:f5:b8:
                    17:83:91:6c:7b:c5:d3:df:27:fc:37:28:14:87:08:
                    17:34:f9:ae:fb:e0:22:ac:a2:63:e0:39:80:6f:c9:
                    8c:02:72:9d:66:3b:51:1f:cf:0e:90:52:ab:89:d1:
                    61:5b:fc:fe:f4:f1:f1:5a:57:54:e6:98:61:c7:0a:
                    7b:f7:ba:02:e9:8c:ab:88:91:84:d3:74:e0:fc:be:
                    0d:c9:6c:dc:3c:2b:53:8d:cb:0e:82:80:ea:00:0d:
                    73:be:f4:db:bb:11:c4:08:0a:c9:f1:98:3e:56:ba:
                    81:98:1a:79:ef:a2:f9:99:20:a1:db:21:6b:e6:46:
                    83:b6:dc:44:10:2a:7a:b3:d1:6c:03:bd:82:30:1e:
                    ca:79:d5:95:c6:29:6f:55:0e:55:62:fb:7d:9f:4e:
                    46:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:51:6A:57:50:51:11:78:65:8E:E4:8B:77:88:E3:5D:BF:4B:80:37
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qVFqV1BREXhljuSLd4jjXb9LgDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.175.0/24
                  213.108.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:52:7e:69:9c:45:6c:08:a6:fa:99:ba:f9:6e:92:29:c0:34:
         9c:f8:ba:84:10:54:c8:b2:dc:bd:ca:2d:86:4e:b2:27:28:4d:
         b0:9a:24:b3:11:43:5b:92:8c:d5:57:63:4a:10:11:97:6d:64:
         2f:8b:10:6c:cc:1e:09:dc:93:69:6b:f4:24:17:8a:55:db:4d:
         1d:d5:16:f7:b3:0f:c3:4a:66:31:53:4a:3d:44:e1:8c:77:01:
         08:7c:e3:e3:33:65:71:42:d3:a2:e7:63:e5:1d:eb:aa:25:fc:
         18:15:b0:9f:7d:ce:3e:06:8a:2b:f0:51:58:ba:9c:6a:47:bf:
         0a:67:0f:a0:ce:57:59:b1:26:a7:a4:b7:20:ac:a2:f2:76:e2:
         08:6e:3c:64:19:19:fa:5c:47:39:23:d0:2e:6b:e9:f8:32:9b:
         10:89:bf:86:ab:0e:7c:29:4e:eb:10:b1:38:81:d9:42:5c:c2:
         e1:b6:80:90:bf:42:02:2a:18:7f:43:be:2d:62:e0:25:c2:da:
         0a:42:a6:f6:0d:9d:fd:55:11:fb:2a:0e:00:1e:13:ca:aa:34:
         86:84:c5:60:9d:5d:a8:56:b6:52:cf:5e:c9:2d:07:fc:9f:6d:
         16:40:3b:4e:5f:0e:fe:56:03:aa:15:33:2b:fa:f4:e1:22:1f:
         7d:12:18:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhQKuUIYGH7o+N6KzDF610NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzI4MDgzNDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTUxNmE1NzUwNTExMTc4NjU4ZWU0OGI3Nzg4ZTM1ZGJmNGI4MDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA75AV/Zyid4F4UrOjuMJbjnlNhmwU
fAveV85VHGiqYVbrdN76iTKI9RQX8VP5TEwZF8Om+n/UsjqKIccnrEvskVA1KGZL
h63z/IebO1VE5Z9L2JuBboZSJ5LykbuSmUYJ79m9ZkhD9bgXg5Fse8XT3yf8NygU
hwgXNPmu++AirKJj4DmAb8mMAnKdZjtRH88OkFKridFhW/z+9PHxWldU5phhxwp7
97oC6YyriJGE03Tg/L4NyWzcPCtTjcsOgoDqAA1zvvTbuxHECArJ8Zg+VrqBmBp5
76L5mSCh2yFr5kaDttxEECp6s9FsA72CMB7KedWVxilvVQ5VYvt9n05GIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKlRaldQURF4ZY7ki3eI412/S4A3MB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvcVZGcVYxQlJFWGhsanVTTGQ0ampYYjlMZ0RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAufSvAwQA
1WzEMA0GCSqGSIb3DQEBCwUAA4IBAQBDUn5pnEVsCKb6mbr5bpIpwDSc+LqEEFTI
sty9yi2GTrInKE2wmiSzEUNbkozVV2NKEBGXbWQvixBszB4J3JNpa/QkF4pV200d
1Rb3sw/DSmYxU0o9ROGMdwEIfOPjM2VxQtOi52PlHeuqJfwYFbCffc4+Boor8FFY
upxqR78KZw+gzldZsSanpLcgrKLyduIIbjxkGRn6XEc5I9Aua+n4MpsQib+Gqw58
KU7rELE4gdlCXMLhtoCQv0ICKhh/Q74tYuAlwtoKQqb2DZ39VRH7Kg4AHhPKqjSG
hMVgnV2oVrZSz17JLQf8n20WQDtOXw7+VgOqFTMr+vThIh99Ehg4
-----END CERTIFICATE-----