Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/Q-5d7aoYXXlkpCFbtDiM3q9oCzc.roa
File:                     Q-5d7aoYXXlkpCFbtDiM3q9oCzc.roa (raw, json)
Hash identifier:          F1M+lKPpBJlvEl2w62XI+/N5oXb1zCShMJ40ZdPDO1Q=
Subject key identifier:   43:EE:5D:ED:AA:18:5D:79:64:A4:21:5B:B4:38:8C:DE:AF:68:0B:37
Certificate issuer:       /CN=827603a93bca31b018f511f6d4b0b7546e963362
Certificate serial:       019A109099825DF64A30D2F0C0D705DB6E97
Authority key identifier: 82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/Q-5d7aoYXXlkpCFbtDiM3q9oCzc.roa
Signing time:             Thu 23 Oct 2025 10:15:03 +0000
ROA not before:           Thu 23 Oct 2025 10:15:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212669
IP address blocks:        45.130.76.0/24 maxlen: 24
                          91.132.15.0/24 maxlen: 24
                          194.31.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:10:90:99:82:5d:f6:4a:30:d2:f0:c0:d7:05:db:6e:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=827603a93bca31b018f511f6d4b0b7546e963362
        Validity
            Not Before: Oct 23 10:15:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43ee5dedaa185d7964a4215bb4388cdeaf680b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b7:1a:7a:e4:29:e3:6d:6b:6d:1b:30:03:4d:
                    49:5f:62:19:c7:71:36:73:8d:e5:85:30:11:5d:3b:
                    64:6a:66:ca:d2:83:8d:ba:65:42:a3:31:ab:94:31:
                    cf:89:a7:86:03:20:5e:c1:93:ec:c1:d2:28:44:6a:
                    ac:bd:4c:d3:15:99:04:a6:07:3d:62:36:0c:33:df:
                    46:66:ac:7f:c5:c1:84:58:fa:29:3b:92:74:38:e1:
                    8f:b7:bc:da:4f:1f:6b:71:36:91:3f:e9:42:f8:b3:
                    4f:76:52:67:02:8a:e5:4e:d9:b8:ed:fc:6f:94:77:
                    2a:b2:82:a8:e7:08:0e:b9:59:5c:e1:6e:b7:3a:18:
                    95:9e:3b:cc:09:56:a1:f2:ad:43:74:82:a5:05:86:
                    9a:a2:c5:f2:c7:04:63:40:2d:a3:1a:84:5a:6a:b7:
                    7f:59:dd:a4:9c:e4:92:9e:d4:70:c8:bf:d6:cb:e9:
                    81:a4:6d:6f:5f:c6:5b:85:42:97:66:6d:22:ba:b2:
                    a2:e6:b8:4d:e9:ae:f7:ae:5d:15:18:c7:0c:32:ed:
                    8a:85:9d:0f:4b:18:12:52:5e:95:fc:e4:ef:ac:c5:
                    41:b9:b9:89:45:b1:02:58:44:a9:15:d8:e4:eb:9b:
                    de:fd:9d:48:c8:ee:a1:0d:71:3d:3e:74:2f:42:3a:
                    ae:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:EE:5D:ED:AA:18:5D:79:64:A4:21:5B:B4:38:8C:DE:AF:68:0B:37
            X509v3 Authority Key Identifier:
                keyid:82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/Q-5d7aoYXXlkpCFbtDiM3q9oCzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.76.0/24
                  91.132.15.0/24
                  194.31.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:3f:8d:f9:2a:17:67:c0:22:94:8e:d5:3d:c0:24:f8:93:eb:
         fb:23:ed:82:25:a7:e9:5d:5f:22:31:38:55:d5:31:98:f2:2e:
         5d:b3:5b:20:51:b2:20:c8:79:f9:75:c0:3b:c7:52:0b:db:34:
         91:f4:25:65:4a:53:9e:49:97:d3:99:2a:0f:ab:69:9a:34:66:
         b0:00:19:cd:50:ad:d8:c7:86:29:11:64:82:f6:ba:d1:bc:2b:
         23:80:68:52:aa:56:97:dc:64:27:8b:c1:1d:31:bd:c9:0b:a4:
         86:d9:90:1d:f5:73:e6:7e:9c:c9:c9:80:0b:e0:ff:53:9f:f0:
         cc:a1:3a:d9:0b:52:9e:40:a2:4f:ef:7e:e6:2b:ce:de:be:2a:
         13:e1:63:78:12:97:67:3d:16:e2:e1:61:9c:1c:07:c5:26:cf:
         ef:c5:7e:da:4e:74:ec:d5:b6:88:1d:e5:af:ec:81:77:27:62:
         b0:bd:92:2a:94:13:db:91:4a:a7:4d:e5:4f:5f:9d:09:54:98:
         b5:53:a0:f7:1c:e4:e4:0b:60:b7:e7:cc:7d:c9:02:c2:0c:c7:
         dd:bf:50:4c:88:2a:8f:be:88:22:dc:ee:ce:0d:f7:ae:99:47:
         a5:3a:f8:0b:8e:c4:9a:5b:d2:1f:71:32:c9:57:b2:b9:46:39:
         35:56:29:ca
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoQkJmCXfZKMNLwwNcF226XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzYwM2E5M2JjYTMxYjAxOGY1MTFmNmQ0YjBiNzU0NmU5
NjMzNjIwHhcNMjUxMDIzMTAxNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2VlNWRlZGFhMTg1ZDc5NjRhNDIxNWJiNDM4OGNkZWFmNjgwYjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7caeuQp421rbRswA01JX2IZx3E2
c43lhTARXTtkambK0oONumVCozGrlDHPiaeGAyBewZPswdIoRGqsvUzTFZkEpgc9
YjYMM99GZqx/xcGEWPopO5J0OOGPt7zaTx9rcTaRP+lC+LNPdlJnAorlTtm47fxv
lHcqsoKo5wgOuVlc4W63OhiVnjvMCVah8q1DdIKlBYaaosXyxwRjQC2jGoRaard/
Wd2knOSSntRwyL/Wy+mBpG1vX8ZbhUKXZm0iurKi5rhN6a73rl0VGMcMMu2KhZ0P
SxgSUl6V/OTvrMVBubmJRbECWESpFdjk65ve/Z1IyO6hDXE9PnQvQjqu4wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEPuXe2qGF15ZKQhW7Q4jN6vaAs3MB8GA1UdIwQY
MBaAFIJ2A6k7yjGwGPUR9tSwt1RuljNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYt
YjE2Y2I0ZGZhZGQzLzEvUS01ZDdhb1lYWGxrcENGYnREaU0zcTlvQ3pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYtYjE2Y2I0ZGZhZGQz
LzEvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYJMAwQA
W4QPAwQAwh+3MA0GCSqGSIb3DQEBCwUAA4IBAQAgP435KhdnwCKUjtU9wCT4k+v7
I+2CJafpXV8iMThV1TGY8i5ds1sgUbIgyHn5dcA7x1IL2zSR9CVlSlOeSZfTmSoP
q2maNGawABnNUK3Yx4YpEWSC9rrRvCsjgGhSqlaX3GQni8EdMb3JC6SG2ZAd9XPm
fpzJyYAL4P9Tn/DMoTrZC1KeQKJP737mK87evioT4WN4EpdnPRbi4WGcHAfFJs/v
xX7aTnTs1baIHeWv7IF3J2KwvZIqlBPbkUqnTeVPX50JVJi1U6D3HOTkC2C358x9
yQLCDMfdv1BMiCqPvogi3O7ODfeumUelOvgLjsSaW9IfcTLJV7K5Rjk1VinK
-----END CERTIFICATE-----