Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qFvZPZzmjF27_bfet2V5Bu6L62M.roa
File:                     qFvZPZzmjF27_bfet2V5Bu6L62M.roa (raw, json)
Hash identifier:          veeiwcIDMt1AYOKA/qKzR1rzGRQ6ZN4JhD3OkDrhagM=
Subject key identifier:   A8:5B:D9:3D:9C:E6:8C:5D:BB:FD:B7:DE:B7:65:79:06:EE:8B:EB:63
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019A302C0890000C66318B52EA0D3A539A35
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qFvZPZzmjF27_bfet2V5Bu6L62M.roa
Signing time:             Wed 29 Oct 2025 13:33:03 +0000
ROA not before:           Wed 29 Oct 2025 13:33:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206766
IP address blocks:        37.202.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:30:2c:08:90:00:0c:66:31:8b:52:ea:0d:3a:53:9a:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Oct 29 13:33:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a85bd93d9ce68c5dbbfdb7deb7657906ee8beb63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:41:dd:3f:f4:d0:4a:e0:b7:0b:71:01:48:6f:
                    73:4e:6d:0f:f1:dc:20:2f:8b:ff:08:f4:0d:db:28:
                    1a:7f:47:85:02:13:b9:10:ae:c2:ba:b3:77:ba:06:
                    c4:cd:23:93:2a:fb:5e:ee:e2:ab:aa:45:b2:15:71:
                    2d:9d:b5:4d:b1:03:43:44:84:16:4d:0e:0a:d2:e1:
                    be:7b:5a:bb:cd:75:4c:89:d5:29:03:06:e1:0b:fb:
                    b9:62:cf:e3:22:be:8f:ba:33:18:c3:32:f6:3f:0e:
                    ed:8f:5a:e6:ce:27:88:7b:ad:12:f6:fe:9b:0a:56:
                    9e:09:83:1d:a7:5d:e8:c3:5c:91:5f:cc:06:71:2a:
                    0e:38:94:29:db:90:37:57:4c:18:9f:91:a7:a7:d6:
                    db:42:0d:ba:4f:dd:56:17:c8:77:70:9c:78:7b:68:
                    e2:93:d8:3f:cb:44:2f:ac:36:f7:be:13:84:4f:ca:
                    5d:84:25:e0:f3:cb:9d:5c:51:0b:0e:34:09:75:d8:
                    df:7e:81:1f:d4:8c:96:f9:35:00:02:79:2f:6f:8f:
                    0d:41:18:8d:2e:e1:8c:36:66:03:7b:bf:9c:ba:e8:
                    02:67:86:ab:75:51:ce:5f:6e:e3:ec:1c:c6:e1:19:
                    8b:b7:07:89:c0:7d:cd:ae:2f:65:4e:a2:f0:32:58:
                    9d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:5B:D9:3D:9C:E6:8C:5D:BB:FD:B7:DE:B7:65:79:06:EE:8B:EB:63
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qFvZPZzmjF27_bfet2V5Bu6L62M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:49:cc:eb:95:b1:96:8a:6b:24:a2:16:2c:8d:c2:33:01:2c:
         45:c3:bf:4b:65:95:32:b6:ce:bd:36:a6:a1:9f:2c:35:b1:5e:
         74:45:36:7d:63:ff:48:10:31:db:77:31:87:06:78:10:d7:58:
         6e:a8:f6:d0:ef:75:85:8e:44:b2:6d:a6:af:fa:a3:2e:29:9a:
         ee:b1:73:aa:00:4c:50:55:7e:c6:e0:09:08:b5:c4:39:15:77:
         b2:a1:ea:cb:4f:38:46:4a:da:65:8e:ea:11:1d:fd:98:52:71:
         5b:d4:98:5f:37:e8:02:6b:84:f6:a1:f3:98:84:e6:76:ce:1e:
         75:31:c2:4a:21:d9:e9:f7:c6:29:0c:2d:db:b3:d4:e3:de:05:
         98:e3:ab:53:ac:de:33:7b:37:c6:dc:96:b4:3f:e3:ff:6d:1a:
         03:2b:6b:3d:c1:9a:6b:19:c3:a2:eb:63:5c:f6:1b:55:7f:08:
         05:2b:21:cf:55:53:b1:b8:90:78:75:58:94:b1:6c:65:9a:18:
         e5:53:e2:af:98:75:0e:75:97:3e:e9:1c:eb:98:d8:b7:26:c1:
         94:eb:58:46:26:cf:8b:d5:1e:e1:ef:b5:54:13:6b:91:40:30:
         de:a9:33:95:69:78:c9:73:08:0a:0d:9a:bf:b0:7e:e6:8f:19:
         48:93:c4:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZowLAiQAAxmMYtS6g06U5o1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDI5MTMzMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODViZDkzZDljZTY4YzVkYmJmZGI3ZGViNzY1NzkwNmVlOGJlYjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0HdP/TQSuC3C3EBSG9zTm0P8dwg
L4v/CPQN2ygaf0eFAhO5EK7CurN3ugbEzSOTKvte7uKrqkWyFXEtnbVNsQNDRIQW
TQ4K0uG+e1q7zXVMidUpAwbhC/u5Ys/jIr6PujMYwzL2Pw7tj1rmzieIe60S9v6b
ClaeCYMdp13ow1yRX8wGcSoOOJQp25A3V0wYn5Gnp9bbQg26T91WF8h3cJx4e2ji
k9g/y0QvrDb3vhOET8pdhCXg88udXFELDjQJddjffoEf1IyW+TUAAnkvb48NQRiN
LuGMNmYDe7+cuugCZ4ardVHOX27j7BzG4RmLtweJwH3Nri9lTqLwMlidxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhb2T2c5oxdu/233rdleQbui+tjMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcUZ2WlBaem1qRjI3X2JmZXQyVjVCdTZMNjJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJcrAMA0G
CSqGSIb3DQEBCwUAA4IBAQBGSczrlbGWimskohYsjcIzASxFw79LZZUyts69Nqah
nyw1sV50RTZ9Y/9IEDHbdzGHBngQ11huqPbQ73WFjkSybaav+qMuKZrusXOqAExQ
VX7G4AkItcQ5FXeyoerLTzhGStpljuoRHf2YUnFb1JhfN+gCa4T2ofOYhOZ2zh51
McJKIdnp98YpDC3bs9Tj3gWY46tTrN4zezfG3Ja0P+P/bRoDK2s9wZprGcOi62Nc
9htVfwgFKyHPVVOxuJB4dViUsWxlmhjlU+KvmHUOdZc+6RzrmNi3JsGU61hGJs+L
1R7h77VUE2uRQDDeqTOVaXjJcwgKDZq/sH7mjxlIk8TV
-----END CERTIFICATE-----