Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/MQ0BhLhDY16aSFu-krId8FWSPd0.roa
File:                     MQ0BhLhDY16aSFu-krId8FWSPd0.roa (raw, json)
Hash identifier:          OVGXr0uOsmMmql+TGRFCUGdA5aFUyZs6gW7v3hLNnQM=
Subject key identifier:   31:0D:01:84:B8:43:63:5E:9A:48:5B:BE:92:B2:1D:F0:55:92:3D:DD
Certificate issuer:       /CN=bd032228aa6ca051e73fb908c6dc7f7d19cd17a7
Certificate serial:       01995CFE73BE6889624A7ECEF89AA216FF4D
Authority key identifier: BD:03:22:28:AA:6C:A0:51:E7:3F:B9:08:C6:DC:7F:7D:19:CD:17:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vQMiKKpsoFHnP7kIxtx_fRnNF6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/MQ0BhLhDY16aSFu-krId8FWSPd0.roa
Signing time:             Thu 18 Sep 2025 13:23:23 +0000
ROA not before:           Thu 18 Sep 2025 13:23:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47953
IP address blocks:        195.62.76.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/vQMiKKpsoFHnP7kIxtx_fRnNF6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/vQMiKKpsoFHnP7kIxtx_fRnNF6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vQMiKKpsoFHnP7kIxtx_fRnNF6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:fe:73:be:68:89:62:4a:7e:ce:f8:9a:a2:16:ff:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd032228aa6ca051e73fb908c6dc7f7d19cd17a7
        Validity
            Not Before: Sep 18 13:23:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=310d0184b843635e9a485bbe92b21df055923ddd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:97:5e:e6:c7:78:f6:d1:0b:df:c5:fe:3a:a5:
                    2c:fe:3a:44:65:38:4f:67:e9:e9:93:0d:1a:ed:fe:
                    57:84:7e:6a:e4:c6:5e:51:0b:4b:46:92:5e:c5:0b:
                    27:0b:e4:e3:5a:08:b6:4b:d2:91:b7:20:ce:7b:73:
                    18:86:08:87:a0:f4:78:ef:77:6f:10:5b:3f:f9:8e:
                    b8:c9:e5:24:45:69:28:07:75:60:54:72:93:45:73:
                    f0:86:48:f2:52:de:ac:16:99:cf:fe:76:a3:2c:db:
                    b5:81:db:54:0e:f7:b0:0d:d0:e9:28:a1:2b:01:bd:
                    ee:d7:e6:13:5d:58:f3:44:f0:aa:b5:d5:b5:0f:41:
                    4e:f4:1c:c9:75:70:4b:93:88:ef:45:73:f6:64:74:
                    83:61:0e:e0:35:5b:25:55:cf:1f:e9:83:50:49:d9:
                    c8:40:91:61:7c:6f:b4:02:a2:48:bd:d8:e5:d0:5b:
                    7e:1a:a4:28:7e:0e:5f:71:82:82:ab:f4:ed:46:6e:
                    91:10:d3:db:bc:40:1c:29:26:12:3e:d9:67:1e:3c:
                    6a:49:ff:70:2f:1c:6d:47:59:19:59:2e:03:54:86:
                    b9:83:a2:fe:91:a2:9b:33:ce:13:01:86:31:fe:22:
                    1e:7a:2d:e2:2a:27:1b:17:ff:69:ac:28:08:85:07:
                    9a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:0D:01:84:B8:43:63:5E:9A:48:5B:BE:92:B2:1D:F0:55:92:3D:DD
            X509v3 Authority Key Identifier:
                keyid:BD:03:22:28:AA:6C:A0:51:E7:3F:B9:08:C6:DC:7F:7D:19:CD:17:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vQMiKKpsoFHnP7kIxtx_fRnNF6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/MQ0BhLhDY16aSFu-krId8FWSPd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/vQMiKKpsoFHnP7kIxtx_fRnNF6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:37:b6:e7:ca:37:67:1f:4b:72:bb:fe:4b:15:4e:81:f0:b5:
         8a:26:48:eb:c0:4c:9a:05:09:7d:b6:cb:c2:cc:da:f1:ac:c9:
         91:86:59:42:b7:65:fd:7e:aa:14:45:55:18:5c:5e:dd:04:7b:
         ee:4d:f2:37:8e:d5:17:91:f4:35:66:fb:67:cb:aa:69:d9:dc:
         7f:78:05:dd:17:f6:f7:2c:2d:ee:77:2f:19:4f:f6:30:b8:77:
         b1:40:67:12:8b:3e:38:30:78:44:7a:4f:c4:22:d9:e5:0e:84:
         30:e4:a4:11:5c:0a:49:3d:67:44:bb:d8:c2:54:21:35:3d:a7:
         c0:1e:82:2f:ee:c4:1c:f8:ae:e1:70:04:c1:ab:13:73:00:3e:
         2d:e9:3a:ef:48:bb:99:ac:84:29:a9:44:51:a7:2a:45:e7:6f:
         3c:27:c1:d2:f1:55:78:09:6e:bd:3f:f8:2b:2c:2e:fd:5b:b7:
         eb:0a:ac:42:16:53:a0:c4:28:bd:1a:af:93:3f:44:39:53:8b:
         18:b3:5e:1e:4b:5e:0d:0d:0a:bc:e8:71:fa:aa:2b:f1:cb:c7:
         c2:96:d4:13:83:c2:5b:94:46:93:a7:68:c5:02:54:67:b4:f3:
         c0:d6:11:cf:6b:85:dc:f1:63:55:22:d3:f7:ef:a1:ea:b2:17:
         92:61:d3:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlc/nO+aIliSn7O+JqiFv9NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMDMyMjI4YWE2Y2EwNTFlNzNmYjkwOGM2ZGM3ZjdkMTlj
ZDE3YTcwHhcNMjUwOTE4MTMyMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTBkMDE4NGI4NDM2MzVlOWE0ODViYmU5MmIyMWRmMDU1OTIzZGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJde5sd49tEL38X+OqUs/jpEZThP
Z+npkw0a7f5XhH5q5MZeUQtLRpJexQsnC+TjWgi2S9KRtyDOe3MYhgiHoPR473dv
EFs/+Y64yeUkRWkoB3VgVHKTRXPwhkjyUt6sFpnP/najLNu1gdtUDvewDdDpKKEr
Ab3u1+YTXVjzRPCqtdW1D0FO9BzJdXBLk4jvRXP2ZHSDYQ7gNVslVc8f6YNQSdnI
QJFhfG+0AqJIvdjl0Ft+GqQofg5fcYKCq/TtRm6RENPbvEAcKSYSPtlnHjxqSf9w
LxxtR1kZWS4DVIa5g6L+kaKbM84TAYYx/iIeei3iKicbF/9prCgIhQea7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDENAYS4Q2NemkhbvpKyHfBVkj3dMB8GA1UdIwQY
MBaAFL0DIiiqbKBR5z+5CMbcf30ZzRenMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlFNaUtLcHNvRkhuUDdrSXh0eF9mUm5ORjZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8wNTY5MGItNzFkNy00NzBhLWIzMGIt
YjM4ZGZhODc0NDY0LzEvTVEwQmhMaERZMTZhU0Z1LWtySWQ4RldTUGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8wNTY5MGItNzFkNy00NzBhLWIzMGItYjM4ZGZhODc0NDY0
LzEvdlFNaUtLcHNvRkhuUDdrSXh0eF9mUm5ORjZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwz5MMA0G
CSqGSIb3DQEBCwUAA4IBAQCLN7bnyjdnH0tyu/5LFU6B8LWKJkjrwEyaBQl9tsvC
zNrxrMmRhllCt2X9fqoURVUYXF7dBHvuTfI3jtUXkfQ1Zvtny6pp2dx/eAXdF/b3
LC3udy8ZT/YwuHexQGcSiz44MHhEek/EItnlDoQw5KQRXApJPWdEu9jCVCE1PafA
HoIv7sQc+K7hcATBqxNzAD4t6TrvSLuZrIQpqURRpypF5288J8HS8VV4CW69P/gr
LC79W7frCqxCFlOgxCi9Gq+TP0Q5U4sYs14eS14NDQq86HH6qivxy8fCltQTg8Jb
lEaTp2jFAlRntPPA1hHPa4Xc8WNVItP376HqsheSYdMW
-----END CERTIFICATE-----