Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/QXO1SODXTyNfczFDeNtxemqwSb8.roa
File:                     QXO1SODXTyNfczFDeNtxemqwSb8.roa (raw, json)
Hash identifier:          pqYWBH1paMSraM6KsXgtTsiB9ryYEgxoDXay3zBP6A0=
Subject key identifier:   41:73:B5:48:E0:D7:4F:23:5F:73:31:43:78:DB:71:7A:6A:B0:49:BF
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019A0BC4E0EAF78112DB481483C6F49C2074
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/QXO1SODXTyNfczFDeNtxemqwSb8.roa
Signing time:             Wed 22 Oct 2025 11:54:03 +0000
ROA not before:           Wed 22 Oct 2025 11:54:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        167.17.56.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0b:c4:e0:ea:f7:81:12:db:48:14:83:c6:f4:9c:20:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Oct 22 11:54:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4173b548e0d74f235f73314378db717a6ab049bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:30:7b:48:8b:4b:07:70:9b:6f:ed:df:48:a7:
                    f7:1f:04:51:c2:e8:a1:7f:71:57:54:35:c1:27:4f:
                    ea:5a:94:a1:26:ef:6d:27:b8:f5:fb:da:b1:3b:f1:
                    37:7c:3e:4b:6f:9c:71:2f:7b:13:4e:61:db:4f:82:
                    54:07:46:7f:62:0d:ca:29:c0:09:6c:1b:37:ee:76:
                    fe:f4:ff:a7:aa:54:d8:e3:83:45:b1:13:c4:9f:69:
                    f0:9c:94:87:b2:c8:25:e8:d2:2b:a9:3c:1e:f9:12:
                    a9:81:0f:b0:bf:e8:e3:3c:5f:85:3d:d8:e7:b1:f7:
                    61:65:b7:1e:2f:e3:4b:23:10:a0:0e:43:7e:2d:b0:
                    6e:d5:ac:9b:4a:44:26:f0:ae:dd:bc:99:e7:9a:a1:
                    1b:63:66:7e:1d:78:26:0f:b8:a0:b1:a8:8c:ca:e0:
                    e7:26:e3:e9:34:76:46:14:81:31:cb:f2:45:a2:36:
                    d6:b3:5a:b1:a8:7e:f5:49:12:ab:df:32:9b:f7:48:
                    b9:b5:91:ed:26:24:13:9e:b3:a3:08:cd:af:f4:1c:
                    e0:e7:e4:dd:e7:f8:b7:bf:85:04:9b:a5:f1:c6:9d:
                    1c:e2:b6:88:63:02:bd:9a:4e:ce:ec:13:fe:cf:14:
                    59:a3:f2:cb:22:31:02:12:46:4f:c0:4e:15:85:35:
                    47:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:73:B5:48:E0:D7:4F:23:5F:73:31:43:78:DB:71:7A:6A:B0:49:BF
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/QXO1SODXTyNfczFDeNtxemqwSb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.17.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2a:28:1a:4b:ae:99:3e:fa:d8:03:7e:03:4f:3d:1d:80:39:8c:
         b0:39:e2:03:35:94:7b:21:d4:52:1d:88:b6:99:15:73:22:70:
         af:d2:c9:1c:00:65:e2:09:d1:4f:64:c3:3b:2b:8e:42:24:97:
         5d:ca:99:ab:55:6c:9f:88:9a:dc:80:e9:c6:9b:85:1e:17:da:
         61:ca:cb:43:7a:60:c5:70:a5:39:65:a3:64:88:39:ba:57:5e:
         8a:9d:b4:7d:71:88:32:6c:29:39:20:f7:c2:c8:c3:43:a9:fd:
         27:82:89:64:a4:16:7c:d8:6f:d1:4d:d3:e9:78:ce:36:11:2f:
         20:ab:73:41:1f:bc:cf:05:cb:94:0f:b7:67:21:dc:1b:39:2c:
         5b:c7:76:34:e9:b1:9e:9e:c4:77:4b:a0:82:b3:45:df:31:b3:
         b5:07:07:ff:84:b1:b4:07:69:af:88:57:f6:6f:40:7c:06:49:
         60:74:f2:b3:fd:f1:9e:8f:3a:2b:59:34:38:d4:ae:66:da:3a:
         20:d4:37:b3:71:19:5e:60:af:b7:97:ef:82:fe:30:5d:02:2a:
         ab:e1:c2:e2:8b:4b:6c:21:ca:67:d5:f8:37:02:cd:6a:1c:f4:
         2d:99:ed:a6:77:76:20:9e:64:48:ef:02:9b:6a:69:cf:e9:9d:
         54:4a:58:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoLxODq94ES20gUg8b0nCB0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUxMDIyMTE1NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTczYjU0OGUwZDc0ZjIzNWY3MzMxNDM3OGRiNzE3YTZhYjA0OWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzB7SItLB3Cbb+3fSKf3HwRRwuih
f3FXVDXBJ0/qWpShJu9tJ7j1+9qxO/E3fD5Lb5xxL3sTTmHbT4JUB0Z/Yg3KKcAJ
bBs37nb+9P+nqlTY44NFsRPEn2nwnJSHssgl6NIrqTwe+RKpgQ+wv+jjPF+FPdjn
sfdhZbceL+NLIxCgDkN+LbBu1aybSkQm8K7dvJnnmqEbY2Z+HXgmD7igsaiMyuDn
JuPpNHZGFIExy/JFojbWs1qxqH71SRKr3zKb90i5tZHtJiQTnrOjCM2v9Bzg5+Td
5/i3v4UEm6Xxxp0c4raIYwK9mk7O7BP+zxRZo/LLIjECEkZPwE4VhTVHOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFztUjg108jX3MxQ3jbcXpqsEm/MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvUVhPMVNPRFhUeU5mY3pGRGVOdHhlbXF3U2I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDpxE4MA0G
CSqGSIb3DQEBCwUAA4IBAQAqKBpLrpk++tgDfgNPPR2AOYywOeIDNZR7IdRSHYi2
mRVzInCv0skcAGXiCdFPZMM7K45CJJddypmrVWyfiJrcgOnGm4UeF9phystDemDF
cKU5ZaNkiDm6V16KnbR9cYgybCk5IPfCyMNDqf0ngolkpBZ82G/RTdPpeM42ES8g
q3NBH7zPBcuUD7dnIdwbOSxbx3Y06bGensR3S6CCs0XfMbO1Bwf/hLG0B2mviFf2
b0B8BklgdPKz/fGejzorWTQ41K5m2jog1DezcRleYK+3l++C/jBdAiqr4cLii0ts
Icpn1fg3As1qHPQtme2md3YgnmRI7wKbamnP6Z1USlgS
-----END CERTIFICATE-----