Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/QxCHdL_DO5UkqQDm4B0DxWPXNic.roa
File:                     QxCHdL_DO5UkqQDm4B0DxWPXNic.roa (raw, json)
Hash identifier:          jXTnakGaPMOncSQ2f0DTPKgHoa8Usd/9PNuE9fdJytw=
Subject key identifier:   43:10:87:74:BF:C3:3B:95:24:A9:00:E6:E0:1D:03:C5:63:D7:36:27
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0198C169F86F461F334A415D31A1B9F9FE72
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/QxCHdL_DO5UkqQDm4B0DxWPXNic.roa
Signing time:             Tue 19 Aug 2025 08:20:04 +0000
ROA not before:           Tue 19 Aug 2025 08:20:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        147.185.196.0/24 maxlen: 24
                          147.185.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c1:69:f8:6f:46:1f:33:4a:41:5d:31:a1:b9:f9:fe:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Aug 19 08:20:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43108774bfc33b9524a900e6e01d03c563d73627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:a3:fc:9a:af:11:9c:a2:b1:34:ec:f0:a8:c5:
                    ec:ad:95:fd:ac:fb:e0:1c:c7:82:d6:fc:cf:74:60:
                    bc:7c:82:47:53:d9:5e:2c:7b:30:9c:26:8d:17:45:
                    a5:9d:c4:56:cc:4f:28:67:e6:82:a4:42:13:be:7e:
                    5c:ea:58:df:e7:be:27:7e:f8:f7:57:ec:89:48:0d:
                    7e:08:8f:72:6d:33:2c:d6:80:1d:d5:cf:16:46:98:
                    82:69:2d:a2:e7:6b:2a:3e:cc:18:bf:13:21:fe:5d:
                    52:4b:b9:60:b4:91:36:c4:e1:86:a2:a5:bc:50:d3:
                    13:e9:30:a5:d7:d3:8b:1a:10:e8:23:cf:b1:2c:e8:
                    ca:28:79:cc:33:9d:d3:7c:3c:e4:af:b3:56:77:80:
                    bc:3a:c3:ac:27:99:f6:f5:f9:17:ab:a4:c6:f4:0f:
                    ac:09:ef:ad:27:bb:1a:f7:f3:8b:10:eb:dd:08:48:
                    55:cf:64:9c:1e:35:e6:33:51:51:df:65:fc:e0:bd:
                    4b:e5:32:5e:7d:c0:16:5f:aa:e2:d6:b0:7e:d4:20:
                    35:f9:02:19:3e:fd:30:88:93:09:1d:11:ff:02:76:
                    dc:d4:9a:1f:5c:f7:c4:40:69:d5:ba:2f:ef:7e:af:
                    42:52:ef:f5:9f:8e:12:ba:15:eb:fd:3a:30:32:b9:
                    31:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:10:87:74:BF:C3:3B:95:24:A9:00:E6:E0:1D:03:C5:63:D7:36:27
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/QxCHdL_DO5UkqQDm4B0DxWPXNic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.185.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:a7:3b:dd:da:cd:20:d5:22:08:73:50:55:4a:d6:b6:83:40:
         8a:45:95:a4:60:8b:22:37:6c:06:03:6b:ad:ce:44:5f:da:6b:
         7f:85:db:4e:fb:58:2a:ce:00:25:50:54:6f:7f:be:ec:fb:21:
         56:fe:2c:81:60:84:34:5d:91:f9:ae:4d:21:d5:5a:b0:8d:f6:
         31:1a:eb:fc:b8:d2:ff:05:8f:33:21:5f:24:aa:e7:4a:09:e0:
         b4:49:bc:1e:9b:84:2e:00:19:80:41:b7:7f:bf:de:ad:bd:b9:
         07:32:9b:83:81:f0:bf:5c:9d:1c:c5:ed:dc:d9:6c:d8:aa:f2:
         d0:cf:78:ad:df:bc:34:b8:62:c1:cc:df:86:a5:92:57:4f:d4:
         89:2e:dc:77:17:88:31:84:0c:e1:4f:f0:36:e1:ec:59:6d:b5:
         71:5a:3c:92:c9:b4:06:e8:94:6b:eb:c7:f9:5a:60:7a:1a:11:
         df:b5:73:56:e0:cc:97:25:d2:95:27:ca:8d:c5:f4:dd:40:7d:
         d3:9c:d4:4a:c9:43:16:dd:16:04:52:f1:3e:f8:6d:22:26:93:
         99:4c:47:a1:67:4f:0e:ec:66:55:1c:9d:b0:e1:44:a3:70:81:
         5b:05:75:f5:b9:e7:4f:c7:58:2e:1e:9a:55:1a:08:0b:36:f4:
         ef:f4:41:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjBafhvRh8zSkFdMaG5+f5yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwODE5MDgyMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzEwODc3NGJmYzMzYjk1MjRhOTAwZTZlMDFkMDNjNTYzZDczNjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6aP8mq8RnKKxNOzwqMXsrZX9rPvg
HMeC1vzPdGC8fIJHU9leLHswnCaNF0WlncRWzE8oZ+aCpEITvn5c6ljf574nfvj3
V+yJSA1+CI9ybTMs1oAd1c8WRpiCaS2i52sqPswYvxMh/l1SS7lgtJE2xOGGoqW8
UNMT6TCl19OLGhDoI8+xLOjKKHnMM53TfDzkr7NWd4C8OsOsJ5n29fkXq6TG9A+s
Ce+tJ7sa9/OLEOvdCEhVz2ScHjXmM1FR32X84L1L5TJefcAWX6ri1rB+1CA1+QIZ
Pv0wiJMJHRH/Anbc1JofXPfEQGnVui/vfq9CUu/1n44SuhXr/TowMrkx1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMQh3S/wzuVJKkA5uAdA8Vj1zYnMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvUXhDSGRMX0RPNVVrcVFEbTRCMER4V1BYTmljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk7nEMA0G
CSqGSIb3DQEBCwUAA4IBAQA8pzvd2s0g1SIIc1BVSta2g0CKRZWkYIsiN2wGA2ut
zkRf2mt/hdtO+1gqzgAlUFRvf77s+yFW/iyBYIQ0XZH5rk0h1VqwjfYxGuv8uNL/
BY8zIV8kqudKCeC0Sbwem4QuABmAQbd/v96tvbkHMpuDgfC/XJ0cxe3c2WzYqvLQ
z3it37w0uGLBzN+GpZJXT9SJLtx3F4gxhAzhT/A24exZbbVxWjySybQG6JRr68f5
WmB6GhHftXNW4MyXJdKVJ8qNxfTdQH3TnNRKyUMW3RYEUvE++G0iJpOZTEehZ08O
7GZVHJ2w4USjcIFbBXX1uedPx1guHppVGggLNvTv9EHQ
-----END CERTIFICATE-----