Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/8d8d4b-163c-4bc6-aeca-7dcabc16ebae/1/qZWsXw0hoWQJjbaPgRbw4RgNUcs.roa
File:                     qZWsXw0hoWQJjbaPgRbw4RgNUcs.roa (raw, json)
Hash identifier:          ZO3W12AHJk04EL5GeY7ebFH6eGQvrnx8GB8nEx/wAoM=
Subject key identifier:   A9:95:AC:5F:0D:21:A1:64:09:8D:B6:8F:81:16:F0:E1:18:0D:51:CB
Certificate issuer:       /CN=48f495e2ec9d07fd595d22b628d3756e9d8fa763
Certificate serial:       01977C1DD0613D26FE2B8908DE5CDF6B134A
Authority key identifier: 48:F4:95:E2:EC:9D:07:FD:59:5D:22:B6:28:D3:75:6E:9D:8F:A7:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SPSV4uydB_1ZXSK2KNN1bp2Pp2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/8d8d4b-163c-4bc6-aeca-7dcabc16ebae/1/qZWsXw0hoWQJjbaPgRbw4RgNUcs.roa
Signing time:             Tue 17 Jun 2025 04:20:17 +0000
ROA not before:           Tue 17 Jun 2025 04:20:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207517
IP address blocks:        84.252.105.0/24 maxlen: 24
                          2a0c:4500:100::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/8d8d4b-163c-4bc6-aeca-7dcabc16ebae/1/SPSV4uydB_1ZXSK2KNN1bp2Pp2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/8d8d4b-163c-4bc6-aeca-7dcabc16ebae/1/SPSV4uydB_1ZXSK2KNN1bp2Pp2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SPSV4uydB_1ZXSK2KNN1bp2Pp2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7c:1d:d0:61:3d:26:fe:2b:89:08:de:5c:df:6b:13:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48f495e2ec9d07fd595d22b628d3756e9d8fa763
        Validity
            Not Before: Jun 17 04:20:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a995ac5f0d21a164098db68f8116f0e1180d51cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:46:a9:18:b0:07:94:7b:56:53:ab:09:8b:86:
                    8d:10:45:27:64:29:19:3b:31:12:b2:47:73:19:02:
                    3d:f5:e6:b7:b0:b8:23:d4:78:1f:62:e3:63:2c:db:
                    9e:a6:98:a4:16:dd:94:d0:85:cc:75:8e:05:4d:46:
                    46:58:84:5b:0d:a0:4c:65:a7:e9:30:7d:92:7f:3a:
                    b2:c6:9c:79:4d:12:7e:91:43:f1:bc:b4:ad:94:20:
                    bc:66:9d:3e:da:e5:96:68:b2:cc:1c:67:12:b7:be:
                    ca:cc:55:55:83:9d:74:a2:25:4e:09:3e:94:ff:4f:
                    25:c6:83:05:41:a1:f7:75:ea:ca:08:67:f8:3a:ab:
                    8d:2f:08:a2:2f:6d:7b:f0:e4:e3:24:fb:b2:f6:ad:
                    73:f2:bf:c6:48:17:38:ed:e1:cc:04:36:f9:50:31:
                    b1:e3:55:b8:42:70:d3:bf:68:ed:06:e9:d8:bc:3f:
                    f5:7e:01:66:6c:3c:21:ba:b0:48:e0:5c:bc:d6:d3:
                    20:2d:28:96:eb:5c:62:a9:37:68:6b:cd:38:38:64:
                    fa:d2:7f:28:d3:ca:fc:55:96:0a:2b:bf:b5:db:9f:
                    34:fb:14:5f:47:ea:2b:65:bf:b2:d5:0c:6a:e9:da:
                    e0:88:b3:e5:40:a9:4e:67:b6:04:47:d3:20:c8:c9:
                    f7:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:95:AC:5F:0D:21:A1:64:09:8D:B6:8F:81:16:F0:E1:18:0D:51:CB
            X509v3 Authority Key Identifier:
                keyid:48:F4:95:E2:EC:9D:07:FD:59:5D:22:B6:28:D3:75:6E:9D:8F:A7:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SPSV4uydB_1ZXSK2KNN1bp2Pp2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/8d8d4b-163c-4bc6-aeca-7dcabc16ebae/1/qZWsXw0hoWQJjbaPgRbw4RgNUcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/8d8d4b-163c-4bc6-aeca-7dcabc16ebae/1/SPSV4uydB_1ZXSK2KNN1bp2Pp2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.105.0/24
                IPv6:
                  2a0c:4500:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         70:94:6a:97:d2:9b:21:51:03:0d:b9:d3:8c:ff:af:81:53:0a:
         13:08:42:22:16:77:c0:2c:47:eb:62:16:46:66:e7:12:de:a6:
         6e:3f:e2:fb:23:c4:fe:6d:e4:1d:24:70:5d:75:09:17:cf:27:
         4a:ab:39:9f:26:d4:3a:1b:03:b8:75:ba:54:c6:9f:2f:62:e9:
         7e:c1:f4:0b:d6:ad:06:4a:c5:54:f5:b8:c5:6a:8d:6d:7b:f8:
         59:3f:8b:03:88:f2:9c:81:cb:41:02:f3:0b:3f:72:58:05:4d:
         5a:a5:ab:8b:1e:79:b8:92:07:6c:6e:f7:e7:53:e9:4a:bb:8e:
         16:62:ae:a7:f7:94:ad:db:56:a8:d3:ea:b3:80:7b:64:4a:29:
         fe:56:4c:ac:32:45:69:81:36:4c:b2:2b:ec:fa:e8:c9:46:b1:
         67:57:b9:75:b1:82:46:6e:87:1f:60:0f:e5:c1:f8:34:e4:91:
         55:9a:cf:f0:35:28:05:e1:00:0e:23:77:a3:09:0c:c2:a9:40:
         57:8c:3a:8f:48:c6:50:83:d2:c4:83:e6:7c:a7:5b:54:42:0d:
         dd:ba:8c:01:c0:dd:dc:45:64:30:96:a6:6b:3e:e0:64:88:a8:
         6b:68:d7:a8:a7:70:64:33:4a:16:24:95:82:c0:95:9a:c8:d8:
         77:6c:bf:ea
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZd8HdBhPSb+K4kI3lzfaxNKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4ZjQ5NWUyZWM5ZDA3ZmQ1OTVkMjJiNjI4ZDM3NTZlOWQ4
ZmE3NjMwHhcNMjUwNjE3MDQyMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTk1YWM1ZjBkMjFhMTY0MDk4ZGI2OGY4MTE2ZjBlMTE4MGQ1MWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEapGLAHlHtWU6sJi4aNEEUnZCkZ
OzESskdzGQI99ea3sLgj1HgfYuNjLNueppikFt2U0IXMdY4FTUZGWIRbDaBMZafp
MH2Sfzqyxpx5TRJ+kUPxvLStlCC8Zp0+2uWWaLLMHGcSt77KzFVVg510oiVOCT6U
/08lxoMFQaH3derKCGf4OquNLwiiL2178OTjJPuy9q1z8r/GSBc47eHMBDb5UDGx
41W4QnDTv2jtBunYvD/1fgFmbDwhurBI4Fy81tMgLSiW61xiqTdoa804OGT60n8o
08r8VZYKK7+12580+xRfR+orZb+y1Qxq6drgiLPlQKlOZ7YER9MgyMn39QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFKmVrF8NIaFkCY22j4EW8OEYDVHLMB8GA1UdIwQY
MBaAFEj0leLsnQf9WV0itijTdW6dj6djMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1BTVjR1eWRCXzFaWFNLMktOTjFicDJQcDJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi84ZDhkNGItMTYzYy00YmM2LWFlY2Et
N2RjYWJjMTZlYmFlLzEvcVpXc1h3MGhvV1FKamJhUGdSYnc0UmdOVWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi84ZDhkNGItMTYzYy00YmM2LWFlY2EtN2RjYWJjMTZlYmFl
LzEvU1BTVjR1eWRCXzFaWFNLMktOTjFicDJQcDJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAVPxpMA4E
AgACMAgDBgAqDEUAATANBgkqhkiG9w0BAQsFAAOCAQEAcJRql9KbIVEDDbnTjP+v
gVMKEwhCIhZ3wCxH62IWRmbnEt6mbj/i+yPE/m3kHSRwXXUJF88nSqs5nybUOhsD
uHW6VMafL2LpfsH0C9atBkrFVPW4xWqNbXv4WT+LA4jynIHLQQLzCz9yWAVNWqWr
ix55uJIHbG7351PpSruOFmKup/eUrdtWqNPqs4B7ZEop/lZMrDJFaYE2TLIr7Pro
yUaxZ1e5dbGCRm6HH2AP5cH4NOSRVZrP8DUoBeEADiN3owkMwqlAV4w6j0jGUIPS
xIPmfKdbVEIN3bqMAcDd3EVkMJamaz7gZIioa2jXqKdwZDNKFiSVgsCVmsjYd2y/
6g==
-----END CERTIFICATE-----