Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/qxk1xepxwGG51OB8xsnLC_37Uaw.roa
File:                     qxk1xepxwGG51OB8xsnLC_37Uaw.roa (raw, json)
Hash identifier:          ypZE1fVxTf8ts+4DLxa1x+J1+KV7fqtGzn+ax6Dq94A=
Subject key identifier:   AB:19:35:C5:EA:71:C0:61:B9:D4:E0:7C:C6:C9:CB:0B:FD:FB:51:AC
Certificate issuer:       /CN=9681fc8c7337c6a1d20b84800df862a27e5fdbd7
Certificate serial:       019715EA6ED702351131C16656D4F2BF9963
Authority key identifier: 96:81:FC:8C:73:37:C6:A1:D2:0B:84:80:0D:F8:62:A2:7E:5F:DB:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/loH8jHM3xqHSC4SADfhion5f29c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/qxk1xepxwGG51OB8xsnLC_37Uaw.roa
Signing time:             Wed 28 May 2025 08:02:54 +0000
ROA not before:           Wed 28 May 2025 08:02:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213701
IP address blocks:        195.8.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/loH8jHM3xqHSC4SADfhion5f29c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/loH8jHM3xqHSC4SADfhion5f29c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/loH8jHM3xqHSC4SADfhion5f29c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 13:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:15:ea:6e:d7:02:35:11:31:c1:66:56:d4:f2:bf:99:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9681fc8c7337c6a1d20b84800df862a27e5fdbd7
        Validity
            Not Before: May 28 08:02:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab1935c5ea71c061b9d4e07cc6c9cb0bfdfb51ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e5:3a:9e:8a:61:5c:52:38:26:4b:53:63:39:
                    79:00:97:90:48:7f:ea:ed:e0:9b:fa:29:54:ad:16:
                    b7:ed:a3:32:5d:26:f7:31:bc:79:90:63:cf:80:35:
                    f9:58:d0:3f:26:43:23:fa:e4:c4:8c:3e:1b:e7:84:
                    5b:62:d5:79:77:75:29:43:a0:1d:89:91:73:01:d1:
                    51:c7:40:5e:9b:91:8d:e2:5d:41:a7:e8:2a:32:20:
                    0e:de:36:db:28:7f:ce:42:30:70:28:d1:9a:15:dc:
                    c9:54:74:79:d7:d4:84:c9:17:b7:e4:34:37:83:9b:
                    ad:bb:ef:d1:fd:6f:9a:d2:0c:6d:32:b5:7c:6f:48:
                    31:c5:34:c7:d2:d5:c0:66:85:4d:de:b8:95:f0:2d:
                    5f:bd:70:4b:c9:f4:36:d9:bf:6e:62:21:de:30:91:
                    a2:33:e8:bf:21:8f:8e:27:95:f6:1e:17:cd:12:32:
                    eb:46:ab:8b:ef:61:b3:25:bc:0f:d2:96:1c:59:37:
                    97:cd:79:f9:46:96:e4:05:48:c4:10:c5:92:c6:49:
                    93:f8:5a:ff:ac:f4:32:ba:0e:33:29:40:6e:88:85:
                    c6:8d:b7:f5:18:d7:65:42:5d:74:a7:22:c4:a4:51:
                    f6:03:2c:4e:77:3b:62:fd:12:05:70:e7:20:0f:f7:
                    db:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:19:35:C5:EA:71:C0:61:B9:D4:E0:7C:C6:C9:CB:0B:FD:FB:51:AC
            X509v3 Authority Key Identifier:
                keyid:96:81:FC:8C:73:37:C6:A1:D2:0B:84:80:0D:F8:62:A2:7E:5F:DB:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/loH8jHM3xqHSC4SADfhion5f29c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/qxk1xepxwGG51OB8xsnLC_37Uaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/loH8jHM3xqHSC4SADfhion5f29c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:b8:86:ff:6c:62:c9:de:a2:af:4b:d3:3b:ca:1b:3e:d8:56:
         fb:42:2c:42:22:b7:f2:1d:7f:52:46:7b:cd:ab:fd:64:c2:ff:
         7f:62:42:67:8d:cc:5f:af:77:af:9a:7e:e0:03:98:30:38:9e:
         f1:f6:a3:cc:85:90:7a:d4:87:66:63:09:e7:f9:1a:5f:43:41:
         37:0e:50:43:a6:d4:e8:29:44:10:46:64:ff:79:56:2b:92:78:
         19:c9:bf:c1:35:54:1b:60:9b:01:97:33:27:6c:89:5c:08:b5:
         13:48:c8:a7:37:70:f0:44:c5:12:e4:1f:2c:3b:99:c2:db:8d:
         29:5e:5c:27:7c:6e:71:01:63:7c:12:7c:4b:eb:3a:6d:1b:06:
         ad:52:95:95:ae:08:70:7c:49:54:24:92:68:50:73:83:c7:cc:
         12:48:f2:c8:01:48:a4:48:61:a5:19:8c:c8:40:9c:1f:63:71:
         03:df:5b:4c:af:90:9d:78:f3:df:5a:a5:a3:20:06:a8:f1:58:
         e8:55:23:d3:98:12:d6:84:c8:cf:48:33:1d:83:25:1a:99:6a:
         8f:dc:58:8f:37:18:bd:65:c0:21:e6:3e:b1:c0:87:91:b3:8f:
         41:f2:cd:60:c8:81:25:1d:8d:ea:7e:4c:af:74:df:8a:0f:ed:
         a2:ef:27:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcV6m7XAjURMcFmVtTyv5ljMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ODFmYzhjNzMzN2M2YTFkMjBiODQ4MDBkZjg2MmEyN2U1
ZmRiZDcwHhcNMjUwNTI4MDgwMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjE5MzVjNWVhNzFjMDYxYjlkNGUwN2NjNmM5Y2IwYmZkZmI1MWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquU6nophXFI4JktTYzl5AJeQSH/q
7eCb+ilUrRa37aMyXSb3Mbx5kGPPgDX5WNA/JkMj+uTEjD4b54RbYtV5d3UpQ6Ad
iZFzAdFRx0Bem5GN4l1Bp+gqMiAO3jbbKH/OQjBwKNGaFdzJVHR519SEyRe35DQ3
g5utu+/R/W+a0gxtMrV8b0gxxTTH0tXAZoVN3riV8C1fvXBLyfQ22b9uYiHeMJGi
M+i/IY+OJ5X2HhfNEjLrRquL72GzJbwP0pYcWTeXzXn5RpbkBUjEEMWSxkmT+Fr/
rPQyug4zKUBuiIXGjbf1GNdlQl10pyLEpFH2AyxOdzti/RIFcOcgD/fbRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsZNcXqccBhudTgfMbJywv9+1GsMB8GA1UdIwQY
MBaAFJaB/IxzN8ah0guEgA34YqJ+X9vXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbG9IOGpITTN4cUhTQzRTQURmaGlvbjVmMjljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny80MGU1ZDUtZWQ0MS00ZGQzLTkzMzIt
NTNkOTYwOTlkN2IxLzEvcXhrMXhlcHh3R0c1MU9COHhzbkxDXzM3VWF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny80MGU1ZDUtZWQ0MS00ZGQzLTkzMzItNTNkOTYwOTlkN2Ix
LzEvbG9IOGpITTN4cUhTQzRTQURmaGlvbjVmMjljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwhiMA0G
CSqGSIb3DQEBCwUAA4IBAQAiuIb/bGLJ3qKvS9M7yhs+2Fb7QixCIrfyHX9SRnvN
q/1kwv9/YkJnjcxfr3evmn7gA5gwOJ7x9qPMhZB61IdmYwnn+RpfQ0E3DlBDptTo
KUQQRmT/eVYrkngZyb/BNVQbYJsBlzMnbIlcCLUTSMinN3DwRMUS5B8sO5nC240p
XlwnfG5xAWN8EnxL6zptGwatUpWVrghwfElUJJJoUHODx8wSSPLIAUikSGGlGYzI
QJwfY3ED31tMr5CdePPfWqWjIAao8VjoVSPTmBLWhMjPSDMdgyUamWqP3FiPNxi9
ZcAh5j6xwIeRs49B8s1gyIElHY3qfkyvdN+KD+2i7yeO
-----END CERTIFICATE-----