Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/qrRq8YUBkeDfEiWmVfrkBDx2VQw.roa
File:                     qrRq8YUBkeDfEiWmVfrkBDx2VQw.roa (raw, json)
Hash identifier:          4/rvoZWlT3NeY6ecFrIDijZ6eZVzB72aPf67njP+evU=
Subject key identifier:   AA:B4:6A:F1:85:01:91:E0:DF:12:25:A6:55:FA:E4:04:3C:76:55:0C
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       0197783C788C9D7AA2FDCAC98506C7EFC3E0
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/qrRq8YUBkeDfEiWmVfrkBDx2VQw.roa
Signing time:             Mon 16 Jun 2025 10:15:18 +0000
ROA not before:           Mon 16 Jun 2025 10:15:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214447
IP address blocks:        193.35.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:3c:78:8c:9d:7a:a2:fd:ca:c9:85:06:c7:ef:c3:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jun 16 10:15:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aab46af1850191e0df1225a655fae4043c76550c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:9c:02:d5:82:36:f1:58:d4:cd:1f:26:05:5a:
                    7b:55:82:cd:d1:49:7a:84:4a:15:50:2e:b5:93:18:
                    45:ae:47:f0:93:b7:00:74:f3:62:5f:66:e5:42:97:
                    f7:a5:b3:af:6f:08:0e:cb:d2:80:d6:90:db:76:e2:
                    d4:21:12:ea:cf:52:ea:c6:1a:7a:2b:ca:c4:ef:ef:
                    54:2c:1b:c8:95:5c:cf:0a:3a:4b:df:c3:5f:f2:2c:
                    be:39:43:4a:a8:dc:a7:b4:ed:20:c9:4b:b3:f8:10:
                    35:c4:19:ec:0e:44:94:dc:bd:ee:ff:65:9b:1d:59:
                    dc:63:ae:57:84:9a:38:ad:c8:c0:42:08:b6:d2:9a:
                    ad:26:d1:8d:4d:08:21:23:ec:2f:29:12:66:77:ad:
                    8d:a0:ef:b2:6a:58:20:f6:d3:1d:25:c7:3d:7c:ca:
                    a1:f8:bc:4d:eb:a9:7b:9d:00:52:64:f6:62:49:c9:
                    44:12:d2:45:c3:db:1c:40:fb:3b:58:9e:91:49:51:
                    41:46:ce:f2:49:5f:cb:cf:4a:90:09:20:76:51:01:
                    af:a7:cd:67:77:ed:ca:87:0b:48:43:6c:24:cc:20:
                    dd:13:53:cd:70:7d:64:ab:3e:41:a2:fc:0f:6f:8d:
                    24:c0:26:00:80:e9:c0:aa:3e:03:09:9f:66:a4:f8:
                    16:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:B4:6A:F1:85:01:91:E0:DF:12:25:A6:55:FA:E4:04:3C:76:55:0C
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/qrRq8YUBkeDfEiWmVfrkBDx2VQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:96:0d:2d:9f:89:99:fd:7d:6d:67:96:15:e8:0e:c4:1d:c3:
         39:28:99:91:c2:bf:11:31:bf:33:2e:e1:e3:1b:cd:11:be:5c:
         c0:f2:b4:74:de:20:70:8b:d7:d8:ac:07:7b:78:ca:25:99:a4:
         5a:8e:37:6d:94:26:38:53:7e:f7:fc:f7:45:cb:63:14:cd:95:
         07:8a:ae:dc:51:be:cf:36:9a:21:ee:dc:3f:a3:70:b6:f5:7f:
         8e:aa:71:49:04:86:95:0d:be:ba:e7:69:6f:e9:0a:ff:e5:cb:
         d0:14:76:01:4a:40:81:58:79:3f:43:a8:e2:ef:e5:04:3a:d2:
         3c:b3:b2:8e:d9:29:0e:3a:7b:4e:eb:cc:9e:6c:7d:db:44:dc:
         84:5b:78:77:d5:71:91:05:a2:47:85:4a:75:1e:93:29:67:9d:
         ad:48:ad:fb:1f:6e:eb:49:ab:3a:87:af:04:e1:7d:78:61:1b:
         b4:79:fc:b3:4e:f0:76:de:b6:0d:ad:03:06:e8:b4:be:8d:9d:
         d9:d9:fb:09:8a:db:5e:d6:48:e6:af:57:8c:51:52:93:e8:52:
         36:a4:2e:a9:72:1c:7b:10:b8:e5:90:2a:ef:18:3b:c5:d1:9c:
         cc:7f:79:2d:bf:a2:c7:2e:84:d6:81:b1:94:d7:9e:b4:7b:ba:
         27:16:f0:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd4PHiMnXqi/crJhQbH78PgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwNjE2MTAxNTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWI0NmFmMTg1MDE5MWUwZGYxMjI1YTY1NWZhZTQwNDNjNzY1NTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZwC1YI28VjUzR8mBVp7VYLN0Ul6
hEoVUC61kxhFrkfwk7cAdPNiX2blQpf3pbOvbwgOy9KA1pDbduLUIRLqz1Lqxhp6
K8rE7+9ULBvIlVzPCjpL38Nf8iy+OUNKqNyntO0gyUuz+BA1xBnsDkSU3L3u/2Wb
HVncY65XhJo4rcjAQgi20pqtJtGNTQghI+wvKRJmd62NoO+yalgg9tMdJcc9fMqh
+LxN66l7nQBSZPZiSclEEtJFw9scQPs7WJ6RSVFBRs7ySV/Lz0qQCSB2UQGvp81n
d+3KhwtIQ2wkzCDdE1PNcH1kqz5BovwPb40kwCYAgOnAqj4DCZ9mpPgWVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKq0avGFAZHg3xIlplX65AQ8dlUMMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvcXJScThZVUJrZURmRWlXbVZmcmtCRHgyVlF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSOZMA0G
CSqGSIb3DQEBCwUAA4IBAQB+lg0tn4mZ/X1tZ5YV6A7EHcM5KJmRwr8RMb8zLuHj
G80RvlzA8rR03iBwi9fYrAd7eMolmaRajjdtlCY4U373/PdFy2MUzZUHiq7cUb7P
Npoh7tw/o3C29X+OqnFJBIaVDb6652lv6Qr/5cvQFHYBSkCBWHk/Q6ji7+UEOtI8
s7KO2SkOOntO68yebH3bRNyEW3h31XGRBaJHhUp1HpMpZ52tSK37H27rSas6h68E
4X14YRu0efyzTvB23rYNrQMG6LS+jZ3Z2fsJitte1kjmr1eMUVKT6FI2pC6pchx7
ELjlkCrvGDvF0ZzMf3ktv6LHLoTWgbGU1560e7onFvBv
-----END CERTIFICATE-----
Generated at Tue Jul 1 16:45:46 2025 by rpki-client