Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/e20aa0-338e-4f33-86ea-6f622fd18d30/1/QBmdu5DezxoxKGOkAZGRTHz_Ovo.roa
File:                     QBmdu5DezxoxKGOkAZGRTHz_Ovo.roa (raw, json)
Hash identifier:          FxhiZR0M8vGdibBrIWA/GLd0J4VZN3IOW0ocA5RR3YQ=
Subject key identifier:   40:19:9D:BB:90:DE:CF:1A:31:28:63:A4:01:91:91:4C:7C:FF:3A:FA
Certificate issuer:       /CN=a4ea660ddb6100e7d32e5d36689a777ca9cafa19
Certificate serial:       019956E46FC2D8CAEDDC39DB95331642032D
Authority key identifier: A4:EA:66:0D:DB:61:00:E7:D3:2E:5D:36:68:9A:77:7C:A9:CA:FA:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pOpmDdthAOfTLl02aJp3fKnK-hk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/e20aa0-338e-4f33-86ea-6f622fd18d30/1/QBmdu5DezxoxKGOkAZGRTHz_Ovo.roa
Signing time:             Wed 17 Sep 2025 08:57:15 +0000
ROA not before:           Wed 17 Sep 2025 08:57:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9123
IP address blocks:        5.42.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/e20aa0-338e-4f33-86ea-6f622fd18d30/1/pOpmDdthAOfTLl02aJp3fKnK-hk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/e20aa0-338e-4f33-86ea-6f622fd18d30/1/pOpmDdthAOfTLl02aJp3fKnK-hk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pOpmDdthAOfTLl02aJp3fKnK-hk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:56:e4:6f:c2:d8:ca:ed:dc:39:db:95:33:16:42:03:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4ea660ddb6100e7d32e5d36689a777ca9cafa19
        Validity
            Not Before: Sep 17 08:57:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40199dbb90decf1a312863a40191914c7cff3afa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f5:f9:f5:19:7a:a2:63:ee:29:91:a5:a8:0e:
                    35:25:c8:fe:ea:b9:13:88:02:76:5a:45:e1:cb:c5:
                    c2:44:f7:8d:ee:c0:10:11:8b:bc:64:da:fc:7a:60:
                    0a:dc:9a:00:6f:63:72:b3:ca:16:57:19:84:1f:ec:
                    52:be:c2:05:56:be:76:ed:48:b3:c7:2a:00:83:25:
                    68:ee:7e:26:2e:8c:e7:c9:1c:8a:ae:69:cd:ba:e4:
                    29:92:13:08:3f:25:a7:21:78:0e:68:b2:f4:11:6f:
                    ee:cc:d3:8c:02:c0:16:57:05:4e:05:2e:67:89:fa:
                    7e:51:c5:c2:0e:d4:09:b7:6e:0d:37:cf:5f:b3:7e:
                    87:e0:64:62:76:09:f1:b1:6d:20:af:d2:c7:56:ac:
                    7a:a3:b2:9b:9d:bd:f8:58:ec:c4:78:cd:3e:18:13:
                    b6:18:98:16:b1:fd:13:64:74:5d:d8:60:96:a0:1b:
                    d5:99:7f:70:a2:bd:0d:47:b2:34:03:7b:0b:af:6b:
                    92:6d:d6:2f:6e:49:e5:80:8d:f1:ef:8f:5b:7e:e0:
                    79:a3:e5:81:aa:c3:7e:30:d9:28:6f:ce:fc:3b:ac:
                    79:61:e7:4c:d3:2e:77:5d:b5:b4:51:64:d5:49:22:
                    0c:fb:a1:b0:d7:e6:48:cd:c8:53:0e:da:90:60:65:
                    e3:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:19:9D:BB:90:DE:CF:1A:31:28:63:A4:01:91:91:4C:7C:FF:3A:FA
            X509v3 Authority Key Identifier:
                keyid:A4:EA:66:0D:DB:61:00:E7:D3:2E:5D:36:68:9A:77:7C:A9:CA:FA:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pOpmDdthAOfTLl02aJp3fKnK-hk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e20aa0-338e-4f33-86ea-6f622fd18d30/1/QBmdu5DezxoxKGOkAZGRTHz_Ovo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e20aa0-338e-4f33-86ea-6f622fd18d30/1/pOpmDdthAOfTLl02aJp3fKnK-hk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         81:46:1a:7f:56:51:7d:9e:95:23:2d:90:54:53:16:10:c3:d9:
         36:1a:79:9f:35:79:13:c8:4c:b3:76:ae:d4:4d:65:0e:26:1f:
         3a:94:63:21:3e:e3:90:c4:74:46:44:3e:d9:e9:08:19:9c:cf:
         89:d8:aa:37:9c:ca:b4:9f:31:14:db:60:95:63:18:de:c2:1b:
         2d:1c:2b:9e:5f:f7:c0:16:b1:31:28:af:95:27:c4:59:93:fb:
         19:6e:45:5c:19:ec:6a:d6:8d:a7:1a:af:a3:e3:a7:23:97:06:
         ff:b0:6e:52:a8:da:f2:08:ff:c6:0b:11:af:4d:b8:51:a7:fc:
         2b:00:9d:2b:89:d8:e3:e7:32:28:1f:4f:7d:cb:80:22:dc:61:
         58:6f:b3:10:ff:85:6c:f1:81:5e:06:81:f3:60:1a:f7:94:22:
         73:4c:cb:fd:68:e8:47:f3:82:35:0f:9b:77:43:3e:56:48:0f:
         f2:b2:ac:6b:6e:0d:f7:9b:06:1f:da:c9:40:df:1f:77:d7:a1:
         0d:e2:48:9d:a7:2a:3e:30:a4:7a:ca:3b:9e:84:f6:cc:6a:5c:
         55:49:f1:73:b2:44:a2:70:67:90:fa:bb:52:67:67:d2:dc:59:
         3e:3d:a8:b0:e2:53:cd:9b:d4:11:c9:85:86:4e:40:99:72:89:
         fc:ec:aa:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlW5G/C2Mrt3DnblTMWQgMtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZWE2NjBkZGI2MTAwZTdkMzJlNWQzNjY4OWE3NzdjYTlj
YWZhMTkwHhcNMjUwOTE3MDg1NzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDE5OWRiYjkwZGVjZjFhMzEyODYzYTQwMTkxOTE0YzdjZmYzYWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvX59Rl6omPuKZGlqA41Jcj+6rkT
iAJ2WkXhy8XCRPeN7sAQEYu8ZNr8emAK3JoAb2Nys8oWVxmEH+xSvsIFVr527Uiz
xyoAgyVo7n4mLoznyRyKrmnNuuQpkhMIPyWnIXgOaLL0EW/uzNOMAsAWVwVOBS5n
ifp+UcXCDtQJt24NN89fs36H4GRidgnxsW0gr9LHVqx6o7Kbnb34WOzEeM0+GBO2
GJgWsf0TZHRd2GCWoBvVmX9wor0NR7I0A3sLr2uSbdYvbknlgI3x749bfuB5o+WB
qsN+MNkob878O6x5YedM0y53XbW0UWTVSSIM+6Gw1+ZIzchTDtqQYGXjTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAZnbuQ3s8aMShjpAGRkUx8/zr6MB8GA1UdIwQY
MBaAFKTqZg3bYQDn0y5dNmiad3ypyvoZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE9wbURkdGhBT2ZUTGwwMmFKcDNmS25LLWhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9lMjBhYTAtMzM4ZS00ZjMzLTg2ZWEt
NmY2MjJmZDE4ZDMwLzEvUUJtZHU1RGV6eG94S0dPa0FaR1JUSHpfT3ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9lMjBhYTAtMzM4ZS00ZjMzLTg2ZWEtNmY2MjJmZDE4ZDMw
LzEvcE9wbURkdGhBT2ZUTGwwMmFKcDNmS25LLWhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFBSpgMA0G
CSqGSIb3DQEBCwUAA4IBAQCBRhp/VlF9npUjLZBUUxYQw9k2GnmfNXkTyEyzdq7U
TWUOJh86lGMhPuOQxHRGRD7Z6QgZnM+J2Ko3nMq0nzEU22CVYxjewhstHCueX/fA
FrExKK+VJ8RZk/sZbkVcGexq1o2nGq+j46cjlwb/sG5SqNryCP/GCxGvTbhRp/wr
AJ0ridjj5zIoH099y4Ai3GFYb7MQ/4Vs8YFeBoHzYBr3lCJzTMv9aOhH84I1D5t3
Qz5WSA/ysqxrbg33mwYf2slA3x9316EN4kidpyo+MKR6yjuehPbMalxVSfFzskSi
cGeQ+rtSZ2fS3Fk+Paiw4lPNm9QRyYWGTkCZcon87KoF
-----END CERTIFICATE-----