Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/qGk1e2SSj7a867DIFcXEQy9VRwk.roa
File:                     qGk1e2SSj7a867DIFcXEQy9VRwk.roa (raw, json)
Hash identifier:          FczogQCjHMZiK1Ux2uZ685nsTVBLAXheYXkPGrZoEcc=
Subject key identifier:   A8:69:35:7B:64:92:8F:B6:BC:EB:B0:C8:15:C5:C4:43:2F:55:47:09
Certificate issuer:       /CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
Certificate serial:       019832CDCFD5F0A93113B2771DA0653540AD
Authority key identifier: 4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/qGk1e2SSj7a867DIFcXEQy9VRwk.roa
Signing time:             Tue 22 Jul 2025 15:43:25 +0000
ROA not before:           Tue 22 Jul 2025 15:43:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7015
IP address blocks:        185.22.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:32:cd:cf:d5:f0:a9:31:13:b2:77:1d:a0:65:35:40:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
        Validity
            Not Before: Jul 22 15:43:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a869357b64928fb6bcebb0c815c5c4432f554709
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:65:fb:7d:5b:6b:50:3c:b4:0b:c5:22:c7:e9:
                    77:2a:8c:33:6b:0f:ad:14:54:e8:2f:30:a4:28:ec:
                    a7:10:52:d7:b8:08:e0:fd:92:fb:df:28:51:9c:d0:
                    c2:70:fb:76:ca:f7:8d:d5:12:d7:bc:9b:ee:6e:d0:
                    e7:4a:21:b1:61:dc:c1:34:50:56:56:80:25:01:ee:
                    35:c7:05:97:8c:16:f5:71:75:3f:b8:f0:f2:13:9b:
                    5e:19:9d:d8:e1:d8:b9:5a:5e:6f:3d:57:b5:08:7c:
                    f4:b0:56:ef:39:b4:82:4b:35:df:96:a4:80:8c:5b:
                    e7:98:bc:4e:32:13:23:0d:75:51:0c:c7:44:42:bf:
                    8f:54:39:2c:78:ff:d9:0e:f2:23:d0:c7:9b:27:0f:
                    58:9d:3f:fa:1f:29:de:49:21:76:0b:80:2c:49:a2:
                    a0:53:54:1b:93:e6:0c:4c:92:31:15:9c:26:cb:97:
                    41:c0:d4:f6:ea:a4:cc:67:e2:e7:be:e6:88:94:c6:
                    98:2c:f7:87:ec:4e:e0:fb:08:98:5f:37:e8:e9:8f:
                    78:92:fa:e6:8b:e4:86:51:a3:09:ff:35:41:cb:b4:
                    7e:5b:72:af:a8:3a:99:31:b0:b2:c5:d0:5e:9a:36:
                    f3:be:69:ae:8b:bd:b0:eb:ff:c5:d0:bb:f5:ea:2b:
                    f7:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:69:35:7B:64:92:8F:B6:BC:EB:B0:C8:15:C5:C4:43:2F:55:47:09
            X509v3 Authority Key Identifier:
                keyid:4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/qGk1e2SSj7a867DIFcXEQy9VRwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:71:62:21:72:a2:18:0f:75:12:96:0d:b4:56:23:6c:31:91:
         5b:f6:2d:1f:35:e6:43:15:93:fe:37:96:d7:44:92:a0:83:e1:
         c2:04:ba:10:01:c6:7e:8d:1d:d3:69:68:4f:c1:fa:f0:10:51:
         f5:5c:fb:77:d6:ef:a5:94:83:8c:11:0c:98:4b:5e:18:02:ea:
         90:76:56:69:90:9c:24:04:50:49:84:4c:c1:6f:61:88:50:46:
         5f:99:8e:d7:2a:1c:2d:dd:bd:cc:cb:65:0c:74:ec:34:36:06:
         45:57:d5:e9:76:15:b6:62:95:34:28:27:86:59:e5:a7:f3:29:
         54:f6:5a:09:a3:83:92:a4:0e:4e:c3:87:68:02:ff:2d:9f:69:
         1c:59:42:31:b9:86:fe:ee:f9:c1:77:64:c7:0f:9a:bc:4b:57:
         1f:7a:75:79:00:34:bc:33:88:44:98:81:33:f8:62:16:55:46:
         c6:ed:af:ca:ca:58:13:f1:32:bc:fa:da:2f:31:99:4f:63:24:
         a4:0f:ab:34:a9:6e:f3:e2:a2:de:ef:e4:3b:3f:77:bd:e3:91:
         ae:a9:b7:45:c7:96:b4:6b:ab:db:c9:60:ad:8c:6b:3b:77:34:
         02:af:fd:d9:ef:f0:44:d1:b2:05:99:0b:c6:91:80:1e:68:71:
         86:cf:8c:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgyzc/V8KkxE7J3HaBlNUCtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYjJiYjdiYWQ1MGYxOTIxODEwYTAyOGU3OGVkZDY1Zjgx
ZjZhN2QwHhcNMjUwNzIyMTU0MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODY5MzU3YjY0OTI4ZmI2YmNlYmIwYzgxNWM1YzQ0MzJmNTU0NzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGX7fVtrUDy0C8Uix+l3Kowzaw+t
FFToLzCkKOynEFLXuAjg/ZL73yhRnNDCcPt2yveN1RLXvJvubtDnSiGxYdzBNFBW
VoAlAe41xwWXjBb1cXU/uPDyE5teGZ3Y4di5Wl5vPVe1CHz0sFbvObSCSzXflqSA
jFvnmLxOMhMjDXVRDMdEQr+PVDkseP/ZDvIj0MebJw9YnT/6HyneSSF2C4AsSaKg
U1Qbk+YMTJIxFZwmy5dBwNT26qTMZ+LnvuaIlMaYLPeH7E7g+wiYXzfo6Y94kvrm
i+SGUaMJ/zVBy7R+W3KvqDqZMbCyxdBemjbzvmmui72w6//F0Lv16iv3UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhpNXtkko+2vOuwyBXFxEMvVUcJMB8GA1UdIwQY
MBaAFE+yu3utUPGSGBCgKOeO3WX4H2p9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYt
MjdmYmM5OWVhM2M2LzEvcUdrMWUyU1NqN2E4NjdESUZjWEVReTlWUndrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYtMjdmYmM5OWVhM2M2
LzEvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRYoMA0G
CSqGSIb3DQEBCwUAA4IBAQAUcWIhcqIYD3USlg20ViNsMZFb9i0fNeZDFZP+N5bX
RJKgg+HCBLoQAcZ+jR3TaWhPwfrwEFH1XPt31u+llIOMEQyYS14YAuqQdlZpkJwk
BFBJhEzBb2GIUEZfmY7XKhwt3b3My2UMdOw0NgZFV9XpdhW2YpU0KCeGWeWn8ylU
9loJo4OSpA5Ow4doAv8tn2kcWUIxuYb+7vnBd2THD5q8S1cfenV5ADS8M4hEmIEz
+GIWVUbG7a/KylgT8TK8+tovMZlPYySkD6s0qW7z4qLe7+Q7P3e945GuqbdFx5a0
a6vbyWCtjGs7dzQCr/3Z7/BE0bIFmQvGkYAeaHGGz4yU
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:45:10 2025 by rpki-client