Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/9173a0-2884-4a79-8b3e-69a245095ab4/1/RQGn1IVlE_4Qq709uXK_6OsLiXk.roa
File:                     RQGn1IVlE_4Qq709uXK_6OsLiXk.roa (raw, json)
Hash identifier:          P0lwWTGt3C2Kl+U7DDbrCt9t+ME/jcoeCzRbUtSo834=
Subject key identifier:   45:01:A7:D4:85:65:13:FE:10:AB:BD:3D:B9:72:BF:E8:EB:0B:89:79
Certificate issuer:       /CN=2183b256a215b4d6fe2617d1262b638bfa7d6d40
Certificate serial:       01987442C3809FB9C845783700A2BB0281A1
Authority key identifier: 21:83:B2:56:A2:15:B4:D6:FE:26:17:D1:26:2B:63:8B:FA:7D:6D:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYOyVqIVtNb-JhfRJitji_p9bUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/9173a0-2884-4a79-8b3e-69a245095ab4/1/RQGn1IVlE_4Qq709uXK_6OsLiXk.roa
Signing time:             Mon 04 Aug 2025 08:46:29 +0000
ROA not before:           Mon 04 Aug 2025 08:46:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210952
IP address blocks:        185.170.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/9173a0-2884-4a79-8b3e-69a245095ab4/1/IYOyVqIVtNb-JhfRJitji_p9bUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/9173a0-2884-4a79-8b3e-69a245095ab4/1/IYOyVqIVtNb-JhfRJitji_p9bUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYOyVqIVtNb-JhfRJitji_p9bUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:74:42:c3:80:9f:b9:c8:45:78:37:00:a2:bb:02:81:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2183b256a215b4d6fe2617d1262b638bfa7d6d40
        Validity
            Not Before: Aug  4 08:46:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4501a7d4856513fe10abbd3db972bfe8eb0b8979
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c6:bc:22:6b:c7:0f:b4:04:f0:a4:b8:66:10:
                    75:d7:02:5b:8f:da:2d:47:b9:28:46:0e:93:a5:07:
                    fe:f0:7c:48:83:af:fb:09:e1:84:e6:b5:8a:e1:d6:
                    c6:73:b9:c1:4e:59:21:f9:83:7a:65:7f:0f:d2:01:
                    ee:3d:9d:b4:49:b4:ed:00:e2:7d:9d:74:18:dd:e4:
                    01:58:f7:19:e9:36:09:6d:36:0c:04:c0:b2:26:2e:
                    7a:9b:23:c9:b5:7e:0b:13:43:59:d0:ed:30:89:8d:
                    c7:d6:92:af:71:2b:7b:74:5f:67:d0:0f:5f:fb:95:
                    47:48:20:da:99:6f:8e:65:cf:de:dc:b5:46:c6:2a:
                    dc:b2:6a:dd:49:b7:c7:99:be:e5:5f:4a:58:9a:1a:
                    53:75:86:8b:52:98:af:4f:85:ca:21:5f:7d:95:f1:
                    4f:da:1b:6b:bd:52:cb:34:45:e2:b7:2c:a1:bc:be:
                    2b:6e:94:d0:17:01:2c:62:3f:2d:04:11:a4:d4:25:
                    b9:37:b8:fe:ed:de:14:8e:26:84:62:86:c0:3a:d4:
                    75:cf:d2:55:09:b5:d1:c9:6a:f7:0a:64:64:4f:17:
                    eb:2f:25:de:d3:68:99:09:c9:55:47:b0:c7:ca:61:
                    72:e3:bd:9a:f2:8f:a8:25:ae:2a:c3:55:ce:c2:27:
                    7d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:01:A7:D4:85:65:13:FE:10:AB:BD:3D:B9:72:BF:E8:EB:0B:89:79
            X509v3 Authority Key Identifier:
                keyid:21:83:B2:56:A2:15:B4:D6:FE:26:17:D1:26:2B:63:8B:FA:7D:6D:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYOyVqIVtNb-JhfRJitji_p9bUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/9173a0-2884-4a79-8b3e-69a245095ab4/1/RQGn1IVlE_4Qq709uXK_6OsLiXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/9173a0-2884-4a79-8b3e-69a245095ab4/1/IYOyVqIVtNb-JhfRJitji_p9bUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:87:96:1f:b4:32:ff:4c:6c:8b:7b:40:d8:a3:58:98:fe:06:
         6a:7a:e3:be:2f:5a:da:68:4a:75:6b:a4:d5:3f:a5:69:83:c4:
         d9:21:ad:e5:11:b4:b5:e5:1c:22:a0:28:70:d8:53:9d:34:ed:
         4b:03:05:f4:c4:6f:f1:b5:c4:3a:9a:46:99:91:9e:46:9a:fa:
         f8:50:49:ed:c4:5c:81:22:44:e1:a7:07:2b:12:25:54:e2:96:
         83:0b:99:30:9e:e2:d0:49:16:64:15:8a:2f:a9:ef:2e:82:ff:
         50:bf:24:60:ca:b4:e4:0d:ef:0b:20:64:c1:b8:e8:dc:86:bc:
         19:9f:72:cb:12:b6:dc:48:85:eb:3f:e8:77:65:7e:92:15:17:
         f9:b2:20:f6:00:65:53:63:2d:aa:66:bb:5d:2a:b0:5f:36:7a:
         e9:fb:10:cf:0b:ac:0a:e8:01:13:61:0c:b2:26:81:02:80:22:
         1a:fe:cb:f9:79:f6:76:81:03:7b:a9:a6:83:36:d7:0d:85:6e:
         6c:4d:ee:0b:d9:40:dc:bc:ba:af:8d:c1:09:f1:57:f8:a1:eb:
         62:1d:e0:42:38:9b:07:1b:0a:9e:21:fa:d3:2b:35:1a:48:b7:
         0c:6e:0f:dd:a1:9f:f8:d0:da:ec:22:64:96:87:b6:23:98:8b:
         0e:f1:3b:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh0QsOAn7nIRXg3AKK7AoGhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxODNiMjU2YTIxNWI0ZDZmZTI2MTdkMTI2MmI2MzhiZmE3
ZDZkNDAwHhcNMjUwODA0MDg0NjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTAxYTdkNDg1NjUxM2ZlMTBhYmJkM2RiOTcyYmZlOGViMGI4OTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8a8ImvHD7QE8KS4ZhB11wJbj9ot
R7koRg6TpQf+8HxIg6/7CeGE5rWK4dbGc7nBTlkh+YN6ZX8P0gHuPZ20SbTtAOJ9
nXQY3eQBWPcZ6TYJbTYMBMCyJi56myPJtX4LE0NZ0O0wiY3H1pKvcSt7dF9n0A9f
+5VHSCDamW+OZc/e3LVGxircsmrdSbfHmb7lX0pYmhpTdYaLUpivT4XKIV99lfFP
2htrvVLLNEXityyhvL4rbpTQFwEsYj8tBBGk1CW5N7j+7d4UjiaEYobAOtR1z9JV
CbXRyWr3CmRkTxfrLyXe02iZCclVR7DHymFy472a8o+oJa4qw1XOwid93wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEUBp9SFZRP+EKu9Pblyv+jrC4l5MB8GA1UdIwQY
MBaAFCGDslaiFbTW/iYX0SYrY4v6fW1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVlPeVZxSVZ0TmItSmhmUkppdGppX3A5YlVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy85MTczYTAtMjg4NC00YTc5LThiM2Ut
NjlhMjQ1MDk1YWI0LzEvUlFHbjFJVmxFXzRRcTcwOXVYS182T3NMaVhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy85MTczYTAtMjg4NC00YTc5LThiM2UtNjlhMjQ1MDk1YWI0
LzEvSVlPeVZxSVZ0TmItSmhmUkppdGppX3A5YlVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuap+MA0G
CSqGSIb3DQEBCwUAA4IBAQAHh5YftDL/TGyLe0DYo1iY/gZqeuO+L1raaEp1a6TV
P6Vpg8TZIa3lEbS15RwioChw2FOdNO1LAwX0xG/xtcQ6mkaZkZ5Gmvr4UEntxFyB
IkThpwcrEiVU4paDC5kwnuLQSRZkFYovqe8ugv9QvyRgyrTkDe8LIGTBuOjchrwZ
n3LLErbcSIXrP+h3ZX6SFRf5siD2AGVTYy2qZrtdKrBfNnrp+xDPC6wK6AETYQyy
JoECgCIa/sv5efZ2gQN7qaaDNtcNhW5sTe4L2UDcvLqvjcEJ8Vf4oetiHeBCOJsH
GwqeIfrTKzUaSLcMbg/doZ/40NrsImSWh7YjmIsO8Tus
-----END CERTIFICATE-----