Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1fcadf-8060-4395-926d-dee9ce394991/1/zqH_FbH4S-II4YZQGavH-bMUrEo.roa
File:                     zqH_FbH4S-II4YZQGavH-bMUrEo.roa (raw, json)
Hash identifier:          ePnRXaJa+GcJLcsGzH8p1H1utEMwoKTcU9HMLbPMGJA=
Subject key identifier:   CE:A1:FF:15:B1:F8:4B:E2:08:E1:86:50:19:AB:C7:F9:B3:14:AC:4A
Certificate issuer:       /CN=ebcb0e7b99415f986f4d08177f88b5b8f7eba7f9
Certificate serial:       01995CD0AD281DA94AF18326E5EFFED3CD6F
Authority key identifier: EB:CB:0E:7B:99:41:5F:98:6F:4D:08:17:7F:88:B5:B8:F7:EB:A7:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/68sOe5lBX5hvTQgXf4i1uPfrp_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1fcadf-8060-4395-926d-dee9ce394991/1/zqH_FbH4S-II4YZQGavH-bMUrEo.roa
Signing time:             Thu 18 Sep 2025 12:33:23 +0000
ROA not before:           Thu 18 Sep 2025 12:33:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197544
IP address blocks:        91.193.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1fcadf-8060-4395-926d-dee9ce394991/1/68sOe5lBX5hvTQgXf4i1uPfrp_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1fcadf-8060-4395-926d-dee9ce394991/1/68sOe5lBX5hvTQgXf4i1uPfrp_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/68sOe5lBX5hvTQgXf4i1uPfrp_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:d0:ad:28:1d:a9:4a:f1:83:26:e5:ef:fe:d3:cd:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebcb0e7b99415f986f4d08177f88b5b8f7eba7f9
        Validity
            Not Before: Sep 18 12:33:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cea1ff15b1f84be208e1865019abc7f9b314ac4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1b:f8:fe:47:ec:53:a6:b3:6e:6a:cd:f3:76:
                    b3:50:5f:db:f1:17:d1:b4:78:c3:9e:b0:f7:22:61:
                    56:44:46:8f:35:1f:ef:07:88:ac:c6:75:c6:f8:7b:
                    91:90:d2:41:a5:cc:8f:f9:71:49:0c:6b:db:09:3a:
                    03:94:71:43:8f:e2:95:18:95:04:7e:6b:57:44:75:
                    9c:e3:52:a8:0c:34:87:6b:d1:62:96:28:57:5b:be:
                    3f:03:89:7a:e1:92:44:ce:bb:96:64:90:ff:e4:eb:
                    f6:af:aa:0e:6f:4b:54:32:fc:b5:d1:89:d6:74:02:
                    85:41:54:d0:2f:d7:f4:d1:0f:7e:cb:5f:3c:d0:06:
                    b3:56:f3:a2:e5:9c:97:04:93:b5:10:ec:e2:34:c3:
                    3d:a1:22:84:60:49:1d:30:e8:94:0f:cb:ce:57:8e:
                    a1:80:61:a4:b3:94:9c:c4:07:d3:35:83:0e:64:03:
                    17:86:31:10:71:6f:cf:74:72:ec:92:5b:a8:78:23:
                    87:e8:a3:bc:be:cb:08:d7:96:c4:fa:64:d7:f7:fa:
                    70:39:30:97:96:e7:52:b3:74:6c:08:0b:21:f9:1a:
                    87:aa:cd:a2:4b:b7:12:d7:62:81:53:72:3e:dc:83:
                    60:3e:a3:d9:0f:56:87:79:b4:e9:e5:e1:f3:8c:56:
                    ad:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:A1:FF:15:B1:F8:4B:E2:08:E1:86:50:19:AB:C7:F9:B3:14:AC:4A
            X509v3 Authority Key Identifier:
                keyid:EB:CB:0E:7B:99:41:5F:98:6F:4D:08:17:7F:88:B5:B8:F7:EB:A7:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/68sOe5lBX5hvTQgXf4i1uPfrp_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1fcadf-8060-4395-926d-dee9ce394991/1/zqH_FbH4S-II4YZQGavH-bMUrEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1fcadf-8060-4395-926d-dee9ce394991/1/68sOe5lBX5hvTQgXf4i1uPfrp_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:d8:51:75:da:d8:6b:8b:7e:f5:da:84:d1:3a:ab:dc:8e:ec:
         44:05:9f:6d:73:7b:2c:fa:fc:4c:b9:7a:41:10:11:86:76:3e:
         91:cd:a3:a3:01:37:90:5b:90:c2:15:52:47:f7:56:9f:93:4f:
         7d:61:52:e1:00:f0:cd:bd:89:ff:81:06:33:2f:fc:f1:ec:14:
         c9:c7:ba:e6:26:12:df:79:f5:f8:13:04:51:36:de:1f:a1:71:
         b8:55:e5:1d:4f:f1:c1:10:1e:3f:16:74:ee:10:ce:74:80:38:
         27:13:31:77:48:af:0d:b5:95:59:0c:b8:d1:5e:a7:51:17:d1:
         dc:43:56:14:15:7c:bf:8f:31:d9:59:0f:c9:16:eb:44:59:f3:
         a0:37:64:3a:67:cd:7f:0f:34:84:39:fe:05:b4:cf:ea:65:1d:
         64:e4:96:c5:b7:20:80:d4:22:3e:d5:a0:a9:f6:c0:c0:3e:9a:
         c5:72:0f:2f:4b:01:e5:32:5d:7d:db:79:29:90:a8:15:b4:26:
         80:d0:13:5d:53:2b:63:47:67:a3:1c:e1:50:bc:a5:82:f9:9f:
         61:fe:fe:ca:af:cf:61:8c:43:e0:a9:4b:50:86:59:e3:d8:aa:
         0b:ce:c6:e6:2b:a7:56:4c:2a:42:b0:5d:27:b6:a4:24:96:e6:
         41:82:f7:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlc0K0oHalK8YMm5e/+081vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViY2IwZTdiOTk0MTVmOTg2ZjRkMDgxNzdmODhiNWI4Zjdl
YmE3ZjkwHhcNMjUwOTE4MTIzMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWExZmYxNWIxZjg0YmUyMDhlMTg2NTAxOWFiYzdmOWIzMTRhYzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRv4/kfsU6azbmrN83azUF/b8RfR
tHjDnrD3ImFWREaPNR/vB4isxnXG+HuRkNJBpcyP+XFJDGvbCToDlHFDj+KVGJUE
fmtXRHWc41KoDDSHa9FilihXW74/A4l64ZJEzruWZJD/5Ov2r6oOb0tUMvy10YnW
dAKFQVTQL9f00Q9+y1880AazVvOi5ZyXBJO1EOziNMM9oSKEYEkdMOiUD8vOV46h
gGGks5ScxAfTNYMOZAMXhjEQcW/PdHLskluoeCOH6KO8vssI15bE+mTX9/pwOTCX
ludSs3RsCAsh+RqHqs2iS7cS12KBU3I+3INgPqPZD1aHebTp5eHzjFatqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6h/xWx+EviCOGGUBmrx/mzFKxKMB8GA1UdIwQY
MBaAFOvLDnuZQV+Yb00IF3+Itbj366f5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjhzT2U1bEJYNWh2VFFnWGY0aTF1UGZycF9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZmNhZGYtODA2MC00Mzk1LTkyNmQt
ZGVlOWNlMzk0OTkxLzEvenFIX0ZiSDRTLUlJNFlaUUdhdkgtYk1VckVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZmNhZGYtODA2MC00Mzk1LTkyNmQtZGVlOWNlMzk0OTkx
LzEvNjhzT2U1bEJYNWh2VFFnWGY0aTF1UGZycF9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8GQMA0G
CSqGSIb3DQEBCwUAA4IBAQAx2FF12thri3712oTROqvcjuxEBZ9tc3ss+vxMuXpB
EBGGdj6RzaOjATeQW5DCFVJH91afk099YVLhAPDNvYn/gQYzL/zx7BTJx7rmJhLf
efX4EwRRNt4foXG4VeUdT/HBEB4/FnTuEM50gDgnEzF3SK8NtZVZDLjRXqdRF9Hc
Q1YUFXy/jzHZWQ/JFutEWfOgN2Q6Z81/DzSEOf4FtM/qZR1k5JbFtyCA1CI+1aCp
9sDAPprFcg8vSwHlMl1923kpkKgVtCaA0BNdUytjR2ejHOFQvKWC+Z9h/v7Kr89h
jEPgqUtQhlnj2KoLzsbmK6dWTCpCsF0ntqQkluZBgveD
-----END CERTIFICATE-----