Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Qm4Bo_A4ZS_nWlrmrC7GP9fP0mc.roa
File:                     Qm4Bo_A4ZS_nWlrmrC7GP9fP0mc.roa (raw, json)
Hash identifier:          NI/ncotSS+rtORl56RkQz4rvTnGy7TXbbVsA+NQhWYs=
Subject key identifier:   42:6E:01:A3:F0:38:65:2F:E7:5A:5A:E6:AC:2E:C6:3F:D7:CF:D2:67
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       0199D21C5D43ED254C9BFEF0815219AD7049
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Qm4Bo_A4ZS_nWlrmrC7GP9fP0mc.roa
Signing time:             Sat 11 Oct 2025 07:11:38 +0000
ROA not before:           Sat 11 Oct 2025 07:11:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6939
IP address blocks:        194.102.216.0/24 maxlen: 24
                          217.156.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d2:1c:5d:43:ed:25:4c:9b:fe:f0:81:52:19:ad:70:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Oct 11 07:11:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=426e01a3f038652fe75a5ae6ac2ec63fd7cfd267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9a:36:2f:d0:49:31:f0:02:7a:64:2b:c2:0d:
                    e7:cf:ca:eb:87:17:44:48:42:b7:23:7c:46:71:4d:
                    0a:8f:ca:5f:03:93:2f:8c:18:7b:c2:44:14:ca:3b:
                    26:cc:7c:9d:0e:f7:c3:44:8a:48:61:53:29:3c:1f:
                    fb:2f:30:00:68:c1:b0:db:3a:ab:1f:53:82:4b:3f:
                    d5:da:a6:1a:d4:47:d6:60:fb:30:89:66:51:9a:29:
                    d1:f5:ce:6b:1c:75:a8:6f:50:59:f4:60:56:5c:8e:
                    fd:92:9b:c6:ee:d9:74:b3:4f:8a:3a:a1:ce:92:5f:
                    e8:2a:f4:78:4a:3b:52:6c:c0:22:16:9b:c2:29:cb:
                    2d:69:d3:38:98:50:ab:7c:8b:42:a1:5c:a5:76:f1:
                    4d:08:04:06:91:0c:ba:64:13:31:a2:50:77:e0:de:
                    9c:43:b1:58:a2:de:42:60:5b:a0:35:b3:bf:ca:bc:
                    fc:fa:bf:e1:a2:9e:dd:85:40:6e:7c:d9:e9:c9:0d:
                    c4:7a:35:d4:86:db:2a:fe:3c:f4:86:e1:b3:18:22:
                    b9:2a:38:d1:39:b7:e8:37:32:f2:fb:5a:a3:16:b5:
                    26:e3:b7:30:37:4e:4e:3d:d7:25:15:73:67:0d:e0:
                    3f:ef:8c:2b:ee:73:32:70:36:77:83:46:88:fc:7c:
                    b6:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:6E:01:A3:F0:38:65:2F:E7:5A:5A:E6:AC:2E:C6:3F:D7:CF:D2:67
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Qm4Bo_A4ZS_nWlrmrC7GP9fP0mc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.216.0/24
                  217.156.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:5f:29:f3:ec:f3:d0:24:47:34:3a:74:db:54:31:45:f6:ca:
         bb:88:38:51:86:d5:ee:9f:20:67:bd:68:2a:d9:42:eb:b6:67:
         7e:2e:d0:2d:07:c7:44:27:28:2d:70:44:2b:10:55:57:7d:07:
         c8:c3:65:73:19:cf:b9:ad:02:38:eb:a5:f8:b5:29:dc:6a:56:
         e5:b1:ad:f9:2b:62:6d:15:67:7c:67:4a:a4:4d:84:4e:e2:cb:
         d2:f0:00:da:e8:23:43:15:bc:ee:cf:77:2c:04:3a:7d:a1:4f:
         df:b3:b9:15:da:ea:8e:40:98:a8:08:bb:7c:b7:5b:a2:a1:82:
         b3:df:cd:dd:56:e0:da:96:75:03:2a:92:87:ca:31:93:4e:50:
         34:49:ba:ec:13:4c:4d:8a:13:47:95:02:55:dc:a6:36:66:45:
         20:db:38:83:8d:c6:3b:0e:7d:77:d7:37:75:ef:12:51:70:4d:
         ce:9c:e2:e0:57:3c:97:50:ca:b8:e2:1a:62:4a:7b:8f:d1:86:
         49:b2:7c:41:78:fc:19:90:d0:bc:84:a0:cc:15:42:8b:ae:d7:
         fa:f6:88:7e:62:dc:2a:27:5b:7a:34:28:e9:12:38:5c:0b:6c:
         4e:4b:c5:e9:15:65:bd:74:d2:8f:53:0b:53:6d:21:45:71:22:
         c6:02:5a:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnSHF1D7SVMm/7wgVIZrXBJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUxMDExMDcxMTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjZlMDFhM2YwMzg2NTJmZTc1YTVhZTZhYzJlYzYzZmQ3Y2ZkMjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopo2L9BJMfACemQrwg3nz8rrhxdE
SEK3I3xGcU0Kj8pfA5MvjBh7wkQUyjsmzHydDvfDRIpIYVMpPB/7LzAAaMGw2zqr
H1OCSz/V2qYa1EfWYPswiWZRminR9c5rHHWob1BZ9GBWXI79kpvG7tl0s0+KOqHO
kl/oKvR4SjtSbMAiFpvCKcstadM4mFCrfItCoVyldvFNCAQGkQy6ZBMxolB34N6c
Q7FYot5CYFugNbO/yrz8+r/hop7dhUBufNnpyQ3EejXUhtsq/jz0huGzGCK5KjjR
ObfoNzLy+1qjFrUm47cwN05OPdclFXNnDeA/74wr7nMycDZ3g0aI/Hy22wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEJuAaPwOGUv51pa5qwuxj/Xz9JnMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvUW00Qm9fQTRaU19uV2xybXJDN0dQOWZQMG1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwmbYAwQA
2ZxbMA0GCSqGSIb3DQEBCwUAA4IBAQBWXynz7PPQJEc0OnTbVDFF9sq7iDhRhtXu
nyBnvWgq2ULrtmd+LtAtB8dEJygtcEQrEFVXfQfIw2VzGc+5rQI466X4tSncalbl
sa35K2JtFWd8Z0qkTYRO4svS8ADa6CNDFbzuz3csBDp9oU/fs7kV2uqOQJioCLt8
t1uioYKz383dVuDalnUDKpKHyjGTTlA0SbrsE0xNihNHlQJV3KY2ZkUg2ziDjcY7
Dn131zd17xJRcE3OnOLgVzyXUMq44hpiSnuP0YZJsnxBePwZkNC8hKDMFUKLrtf6
9oh+YtwqJ1t6NCjpEjhcC2xOS8XpFWW9dNKPUwtTbSFFcSLGAloo
-----END CERTIFICATE-----