Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/5229b3-b873-4808-b9d2-ad094b314e0f/1/Q22mPslur8WPngA2rLljsndPcGU.roa
File:                     Q22mPslur8WPngA2rLljsndPcGU.roa (raw, json)
Hash identifier:          o/1rl6NTC00BQMt8kFlnIsok6oHP3+Vsj+2hKoZrxAA=
Subject key identifier:   43:6D:A6:3E:C9:6E:AF:C5:8F:9E:00:36:AC:B9:63:B2:77:4F:70:65
Certificate issuer:       /CN=f7c2562038f081d18d85269407131c984003e575
Certificate serial:       0198C625362FEA9229F4742D8B3187B95953
Authority key identifier: F7:C2:56:20:38:F0:81:D1:8D:85:26:94:07:13:1C:98:40:03:E5:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/98JWIDjwgdGNhSaUBxMcmEAD5XU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/5229b3-b873-4808-b9d2-ad094b314e0f/1/Q22mPslur8WPngA2rLljsndPcGU.roa
Signing time:             Wed 20 Aug 2025 06:23:04 +0000
ROA not before:           Wed 20 Aug 2025 06:23:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21086
IP address blocks:        193.109.40.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/5229b3-b873-4808-b9d2-ad094b314e0f/1/98JWIDjwgdGNhSaUBxMcmEAD5XU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/5229b3-b873-4808-b9d2-ad094b314e0f/1/98JWIDjwgdGNhSaUBxMcmEAD5XU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/98JWIDjwgdGNhSaUBxMcmEAD5XU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c6:25:36:2f:ea:92:29:f4:74:2d:8b:31:87:b9:59:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7c2562038f081d18d85269407131c984003e575
        Validity
            Not Before: Aug 20 06:23:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=436da63ec96eafc58f9e0036acb963b2774f7065
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:12:92:35:6f:68:c1:a5:e3:66:af:c2:d6:eb:
                    bd:b8:04:7c:ca:33:83:2a:f1:42:a6:5d:46:09:9b:
                    d3:fc:13:da:d2:75:c1:98:f1:66:1b:29:f5:8c:e7:
                    5e:44:5c:46:b5:cd:8a:c9:3b:30:77:f2:0a:00:47:
                    10:98:53:87:a9:e2:f2:00:5b:78:4f:80:9a:38:f5:
                    b8:6b:6f:1e:32:a5:de:dd:d6:29:7c:84:f0:10:df:
                    ed:b2:09:65:fc:b5:c4:26:a7:10:a6:fc:88:43:56:
                    4f:c7:ee:27:3a:6d:bd:09:b6:ff:28:c7:7f:5d:43:
                    1b:21:c1:df:bf:58:7b:18:22:7b:72:cb:2c:91:bd:
                    20:70:15:4c:02:7f:93:4c:74:dc:41:9a:f9:1b:b5:
                    ca:1e:e1:d5:2f:21:42:9e:21:47:2a:6c:7b:38:71:
                    e1:1c:04:8c:fb:78:11:83:a2:b3:3f:5b:3f:0d:a5:
                    9f:df:1d:b9:be:37:4a:de:00:0e:f2:1f:44:10:6a:
                    a4:6f:a4:a7:de:38:be:e5:30:c4:19:a2:0b:77:9c:
                    b5:ff:c0:c5:f4:f7:27:c0:a2:bb:3c:3a:8b:91:db:
                    10:75:40:b7:2d:35:2f:c5:12:38:82:0a:cc:f8:54:
                    e3:02:75:dc:dc:a5:b7:12:90:0c:93:59:b0:ed:6f:
                    1d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:6D:A6:3E:C9:6E:AF:C5:8F:9E:00:36:AC:B9:63:B2:77:4F:70:65
            X509v3 Authority Key Identifier:
                keyid:F7:C2:56:20:38:F0:81:D1:8D:85:26:94:07:13:1C:98:40:03:E5:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/98JWIDjwgdGNhSaUBxMcmEAD5XU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/5229b3-b873-4808-b9d2-ad094b314e0f/1/Q22mPslur8WPngA2rLljsndPcGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/5229b3-b873-4808-b9d2-ad094b314e0f/1/98JWIDjwgdGNhSaUBxMcmEAD5XU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         56:05:fc:3f:48:8a:83:2d:5b:9f:a2:9b:86:59:be:3d:24:91:
         91:f9:0e:4c:a4:c6:6f:35:ab:5a:77:80:42:47:a6:0c:9e:b8:
         a6:91:71:e0:ac:f4:11:a6:29:3d:13:0e:e9:12:3b:3f:a4:e3:
         41:7a:d5:ba:7e:47:85:d5:a4:36:16:a4:b4:19:c9:98:25:16:
         3c:03:aa:e4:10:6f:6d:ed:40:bb:e6:0b:01:38:65:21:9b:48:
         07:79:15:0a:78:65:b8:c2:ff:64:d7:be:61:c8:03:68:ea:18:
         42:33:26:c2:c1:c4:a3:02:89:a7:e2:e6:5a:96:cb:d3:25:ce:
         f9:dc:43:27:eb:97:7b:bb:8b:2f:c9:11:93:80:e3:65:7a:5f:
         b8:ad:11:de:c2:77:05:c9:fd:58:29:79:ea:b8:c9:4c:fc:61:
         4a:12:a3:5b:d3:42:c0:20:e3:46:ad:ec:82:48:9e:8b:76:55:
         56:22:a5:2f:1b:3a:f4:b7:ab:c3:39:83:e9:75:1c:49:98:dc:
         6a:1f:e1:cf:4d:8e:34:c3:f4:20:41:3a:a5:d6:ee:61:99:20:
         00:e2:f9:68:d9:49:7c:ec:dc:88:b6:56:de:cb:03:4b:22:36:
         3b:d2:72:c4:f8:e9:8d:73:69:62:d4:f5:2f:9d:9d:53:69:bc:
         e5:7a:8b:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjGJTYv6pIp9HQtizGHuVlTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YzI1NjIwMzhmMDgxZDE4ZDg1MjY5NDA3MTMxYzk4NDAw
M2U1NzUwHhcNMjUwODIwMDYyMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzZkYTYzZWM5NmVhZmM1OGY5ZTAwMzZhY2I5NjNiMjc3NGY3MDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRKSNW9owaXjZq/C1uu9uAR8yjOD
KvFCpl1GCZvT/BPa0nXBmPFmGyn1jOdeRFxGtc2KyTswd/IKAEcQmFOHqeLyAFt4
T4CaOPW4a28eMqXe3dYpfITwEN/tsgll/LXEJqcQpvyIQ1ZPx+4nOm29Cbb/KMd/
XUMbIcHfv1h7GCJ7cssskb0gcBVMAn+TTHTcQZr5G7XKHuHVLyFCniFHKmx7OHHh
HASM+3gRg6KzP1s/DaWf3x25vjdK3gAO8h9EEGqkb6Sn3ji+5TDEGaILd5y1/8DF
9PcnwKK7PDqLkdsQdUC3LTUvxRI4ggrM+FTjAnXc3KW3EpAMk1mw7W8dTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENtpj7Jbq/Fj54ANqy5Y7J3T3BlMB8GA1UdIwQY
MBaAFPfCViA48IHRjYUmlAcTHJhAA+V1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOThKV0lEandnZEdOaFNhVUJ4TWNtRUFENVhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi81MjI5YjMtYjg3My00ODA4LWI5ZDIt
YWQwOTRiMzE0ZTBmLzEvUTIybVBzbHVyOFdQbmdBMnJMbGpzbmRQY0dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi81MjI5YjMtYjg3My00ODA4LWI5ZDItYWQwOTRiMzE0ZTBm
LzEvOThKV0lEandnZEdOaFNhVUJ4TWNtRUFENVhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwW0oMA0G
CSqGSIb3DQEBCwUAA4IBAQBWBfw/SIqDLVufopuGWb49JJGR+Q5MpMZvNatad4BC
R6YMnrimkXHgrPQRpik9Ew7pEjs/pONBetW6fkeF1aQ2FqS0GcmYJRY8A6rkEG9t
7UC75gsBOGUhm0gHeRUKeGW4wv9k175hyANo6hhCMybCwcSjAomn4uZalsvTJc75
3EMn65d7u4svyRGTgONlel+4rRHewncFyf1YKXnquMlM/GFKEqNb00LAIONGreyC
SJ6LdlVWIqUvGzr0t6vDOYPpdRxJmNxqH+HPTY40w/QgQTql1u5hmSAA4vlo2Ul8
7NyItlbeywNLIjY70nLE+OmNc2li1PUvnZ1TabzleotO
-----END CERTIFICATE-----