Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/QRJe2bGhDZl-uF_MksH_-yAAdPM.roa
File:                     QRJe2bGhDZl-uF_MksH_-yAAdPM.roa (raw, json)
Hash identifier:          sJzer8Dgec7IoDEanf1HmkhPf2w8HE2htP6s/ryl3CE=
Subject key identifier:   41:12:5E:D9:B1:A1:0D:99:7E:B8:5F:CC:92:C1:FF:FB:20:00:74:F3
Certificate issuer:       /CN=10721ead6a4575643cb703062c0968755e8281eb
Certificate serial:       0197CC25DC6B3784819463C34D96999EEBE5
Authority key identifier: 10:72:1E:AD:6A:45:75:64:3C:B7:03:06:2C:09:68:75:5E:82:81:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/QRJe2bGhDZl-uF_MksH_-yAAdPM.roa
Signing time:             Wed 02 Jul 2025 17:18:42 +0000
ROA not before:           Wed 02 Jul 2025 17:18:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47967
IP address blocks:        91.236.216.0/22 maxlen: 22
                          103.52.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cc:25:dc:6b:37:84:81:94:63:c3:4d:96:99:9e:eb:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10721ead6a4575643cb703062c0968755e8281eb
        Validity
            Not Before: Jul  2 17:18:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41125ed9b1a10d997eb85fcc92c1fffb200074f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:94:9a:d0:12:23:f1:7f:09:eb:f3:70:c3:27:
                    96:53:6d:d1:3b:e3:5b:92:77:f1:30:ba:a8:6c:74:
                    d3:d5:eb:e2:e7:91:13:a8:51:97:ca:d0:a9:02:5a:
                    5b:d2:c7:06:d9:00:d8:08:83:5e:db:a4:1c:6c:ce:
                    c9:00:45:65:6a:8a:e8:82:83:6e:0c:08:ee:bd:5b:
                    38:0e:e9:d7:28:76:31:d9:39:83:55:60:72:af:30:
                    8e:15:fc:2f:15:e9:c2:66:c1:b4:aa:7b:71:49:38:
                    69:63:8f:91:ee:e6:a2:33:34:5c:c0:3c:85:bd:1b:
                    dc:7d:08:cb:20:90:78:ba:30:24:a7:be:a4:b5:a8:
                    bc:a5:46:86:f6:0d:1f:25:ce:ff:ce:c7:48:5a:e1:
                    06:bd:80:4e:c1:5e:1f:76:8d:91:8d:df:02:7c:4c:
                    15:5f:7f:30:46:58:08:f2:3e:e7:3e:88:e6:5e:5a:
                    94:88:14:1d:e7:6d:7f:ca:72:f4:17:fc:17:8a:7b:
                    f9:17:bf:c4:7a:e5:23:fa:59:64:cd:6a:64:d3:ac:
                    4e:61:1b:8e:da:cc:11:2e:1e:7f:6d:6b:69:a2:85:
                    d2:a9:88:c2:6c:d8:5d:9d:88:46:de:e7:6d:d1:f1:
                    24:9c:2f:28:08:52:09:bc:68:b3:09:54:4b:4f:42:
                    d9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:12:5E:D9:B1:A1:0D:99:7E:B8:5F:CC:92:C1:FF:FB:20:00:74:F3
            X509v3 Authority Key Identifier:
                keyid:10:72:1E:AD:6A:45:75:64:3C:B7:03:06:2C:09:68:75:5E:82:81:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/QRJe2bGhDZl-uF_MksH_-yAAdPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.216.0/22
                  103.52.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:fa:6d:25:bc:49:45:74:f3:1c:55:02:08:af:f7:2c:0f:5b:
         e2:ea:3d:57:03:d0:69:0e:76:1f:3b:8e:fd:76:fe:e6:3c:08:
         3a:9f:13:77:d1:5c:4f:82:8d:08:09:7d:ca:cf:ad:b1:8d:db:
         8f:bb:3f:9a:c0:47:b5:72:8c:94:e0:15:6c:14:a5:ec:1d:4f:
         de:45:13:44:c5:f1:86:91:2b:5d:28:9d:85:7a:ed:29:78:f7:
         c6:ac:23:3d:19:2e:27:e5:69:a7:9b:3e:34:3c:95:46:cd:0b:
         ca:01:8c:a6:05:5e:2c:c8:4c:8c:c5:9a:82:6f:d7:bf:92:8a:
         53:36:dd:dc:7a:bf:96:c6:c9:34:29:3a:02:fb:bb:22:e1:fa:
         6e:74:2b:c7:bb:53:d5:69:df:2e:0a:28:72:87:e0:b1:04:e3:
         89:56:a0:7f:63:a7:38:19:a2:32:ca:de:4a:a2:ee:77:3d:1f:
         b3:a1:b6:ba:85:52:52:30:07:5f:76:2f:06:e5:66:36:1d:41:
         d5:49:c7:12:41:82:da:46:af:04:90:d7:8d:63:49:63:b5:6b:
         cf:69:60:bf:9e:38:af:88:80:36:cc:9b:8c:5f:aa:75:a9:39:
         34:2b:68:70:73:3c:d4:aa:bc:99:e8:8d:ca:82:a5:04:10:96:
         31:a4:63:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfMJdxrN4SBlGPDTZaZnuvlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzIxZWFkNmE0NTc1NjQzY2I3MDMwNjJjMDk2ODc1NWU4
MjgxZWIwHhcNMjUwNzAyMTcxODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTEyNWVkOWIxYTEwZDk5N2ViODVmY2M5MmMxZmZmYjIwMDA3NGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZSa0BIj8X8J6/NwwyeWU23RO+Nb
knfxMLqobHTT1evi55ETqFGXytCpAlpb0scG2QDYCINe26QcbM7JAEVlaorogoNu
DAjuvVs4DunXKHYx2TmDVWByrzCOFfwvFenCZsG0qntxSThpY4+R7uaiMzRcwDyF
vRvcfQjLIJB4ujAkp76ktai8pUaG9g0fJc7/zsdIWuEGvYBOwV4fdo2Rjd8CfEwV
X38wRlgI8j7nPojmXlqUiBQd521/ynL0F/wXinv5F7/EeuUj+llkzWpk06xOYRuO
2swRLh5/bWtpooXSqYjCbNhdnYhG3udt0fEknC8oCFIJvGizCVRLT0LZCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEESXtmxoQ2ZfrhfzJLB//sgAHTzMB8GA1UdIwQY
MBaAFBByHq1qRXVkPLcDBiwJaHVegoHrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhJZXJXcEZkV1E4dHdNR0xBbG9kVjZDZ2VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9jYTkzNWItMjQ4NC00MDIwLWI4MTQt
M2Q0YWU4MGZjNDVkLzEvUVJKZTJiR2hEWmwtdUZfTWtzSF8teUFBZFBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9jYTkzNWItMjQ4NC00MDIwLWI4MTQtM2Q0YWU4MGZjNDVk
LzEvRUhJZXJXcEZkV1E4dHdNR0xBbG9kVjZDZ2VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW+zYAwQA
ZzQIMA0GCSqGSIb3DQEBCwUAA4IBAQBG+m0lvElFdPMcVQIIr/csD1vi6j1XA9Bp
DnYfO479dv7mPAg6nxN30VxPgo0ICX3Kz62xjduPuz+awEe1coyU4BVsFKXsHU/e
RRNExfGGkStdKJ2Feu0pePfGrCM9GS4n5Wmnmz40PJVGzQvKAYymBV4syEyMxZqC
b9e/kopTNt3cer+Wxsk0KToC+7si4fpudCvHu1PVad8uCihyh+CxBOOJVqB/Y6c4
GaIyyt5Kou53PR+zoba6hVJSMAdfdi8G5WY2HUHVSccSQYLaRq8EkNeNY0ljtWvP
aWC/njiviIA2zJuMX6p1qTk0K2hwczzUqryZ6I3KgqUEEJYxpGOM
-----END CERTIFICATE-----