Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/qjbyWde1XhC4sj33T6GPhZzzpyc.roa
File:                     qjbyWde1XhC4sj33T6GPhZzzpyc.roa (raw, json)
Hash identifier:          6PIovSMQ1HWFIw9iaFJCX/B7m4VDyHUXqOi1ioHrJZE=
Subject key identifier:   AA:36:F2:59:D7:B5:5E:10:B8:B2:3D:F7:4F:A1:8F:85:9C:F3:A7:27
Certificate issuer:       /CN=bd032228aa6ca051e73fb908c6dc7f7d19cd17a7
Certificate serial:       01995D09704246EC338A1E50C4E8AB916CFB
Authority key identifier: BD:03:22:28:AA:6C:A0:51:E7:3F:B9:08:C6:DC:7F:7D:19:CD:17:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vQMiKKpsoFHnP7kIxtx_fRnNF6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/qjbyWde1XhC4sj33T6GPhZzzpyc.roa
Signing time:             Thu 18 Sep 2025 13:35:23 +0000
ROA not before:           Thu 18 Sep 2025 13:35:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8434
IP address blocks:        195.62.76.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/vQMiKKpsoFHnP7kIxtx_fRnNF6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/vQMiKKpsoFHnP7kIxtx_fRnNF6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vQMiKKpsoFHnP7kIxtx_fRnNF6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5d:09:70:42:46:ec:33:8a:1e:50:c4:e8:ab:91:6c:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd032228aa6ca051e73fb908c6dc7f7d19cd17a7
        Validity
            Not Before: Sep 18 13:35:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa36f259d7b55e10b8b23df74fa18f859cf3a727
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:2c:fc:3b:15:bc:86:d3:3d:06:0d:b0:57:ba:
                    7d:94:31:0e:87:24:f5:4b:5b:af:29:13:8f:59:bd:
                    43:3d:73:03:be:75:b6:3d:df:14:43:12:1f:c7:fa:
                    2c:db:9b:34:83:17:97:e4:d2:ce:5d:43:3b:2a:b7:
                    20:d9:f3:9d:2b:65:8a:01:a3:ed:7e:f8:e5:85:3a:
                    6c:2a:35:4b:dc:5f:33:63:87:86:d9:cb:86:c0:40:
                    89:70:d6:13:10:60:d4:35:9d:41:25:bd:3b:dd:6d:
                    79:fe:b6:c5:b5:42:47:54:85:a3:ea:d8:e7:47:d0:
                    98:aa:63:03:cd:0e:9e:a8:0c:b0:c9:81:dd:5a:60:
                    c5:e4:2c:fe:6b:9c:74:3a:a6:28:a0:c3:4f:22:1d:
                    b9:4d:22:4a:4c:62:21:c1:73:c1:32:96:71:12:ce:
                    f6:e5:f7:5f:84:ce:ef:05:5b:89:9a:e6:58:dd:5e:
                    22:30:a2:8a:05:6d:59:44:77:b8:a4:de:cd:65:ce:
                    d7:0a:f3:7e:86:95:07:a6:a9:69:64:9f:f1:65:62:
                    86:b9:ab:d1:8b:be:2e:97:21:cf:1f:ef:93:12:d2:
                    5f:79:6b:16:77:ea:71:ec:89:2a:cc:92:eb:94:e7:
                    cb:fe:5e:39:67:c6:f8:5d:24:6d:45:db:65:8e:a1:
                    2c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:36:F2:59:D7:B5:5E:10:B8:B2:3D:F7:4F:A1:8F:85:9C:F3:A7:27
            X509v3 Authority Key Identifier:
                keyid:BD:03:22:28:AA:6C:A0:51:E7:3F:B9:08:C6:DC:7F:7D:19:CD:17:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vQMiKKpsoFHnP7kIxtx_fRnNF6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/qjbyWde1XhC4sj33T6GPhZzzpyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/vQMiKKpsoFHnP7kIxtx_fRnNF6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:67:11:59:68:05:b2:5c:17:13:0c:9f:96:30:a7:58:c8:d2:
         f5:88:a0:26:4d:0c:4b:14:9a:cb:46:0d:12:98:6f:22:a8:41:
         b8:35:0a:8b:2b:9f:f1:87:fc:74:2b:54:67:38:7b:d8:4f:6a:
         0a:1a:9c:16:18:d5:60:0b:33:ae:43:69:06:59:37:8f:2a:44:
         50:ae:5e:03:02:d2:96:40:c3:3e:dc:ee:3d:6b:80:c2:87:ce:
         c2:5f:7f:ff:ab:66:f8:97:e1:97:9e:f0:7d:be:34:1e:57:5c:
         bc:47:39:c4:18:93:08:fb:81:9b:09:88:1f:55:62:5c:bb:25:
         c4:4a:c1:1d:6b:8a:53:6d:73:2a:52:a8:93:42:0c:1d:91:d2:
         2e:11:1c:de:bf:9d:55:23:78:f9:53:0d:2f:7e:9e:cd:7b:92:
         69:e4:a4:c3:fc:1a:d5:74:d1:58:3d:8c:ce:e1:88:c0:99:e4:
         76:c4:99:66:b7:4f:31:86:88:fd:68:ad:d3:fa:45:66:3c:a1:
         ca:08:70:f0:76:49:71:d0:7a:60:ac:ed:03:1f:74:8b:2e:7e:
         64:94:4a:7d:7a:8f:22:cf:b1:3f:71:d6:04:60:b3:fa:23:25:
         93:2a:a1:5b:38:9a:ec:bc:2a:8c:4f:be:c7:49:a1:e7:15:91:
         45:14:36:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZldCXBCRuwzih5QxOirkWz7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMDMyMjI4YWE2Y2EwNTFlNzNmYjkwOGM2ZGM3ZjdkMTlj
ZDE3YTcwHhcNMjUwOTE4MTMzNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTM2ZjI1OWQ3YjU1ZTEwYjhiMjNkZjc0ZmExOGY4NTljZjNhNzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yz8OxW8htM9Bg2wV7p9lDEOhyT1
S1uvKROPWb1DPXMDvnW2Pd8UQxIfx/os25s0gxeX5NLOXUM7Krcg2fOdK2WKAaPt
fvjlhTpsKjVL3F8zY4eG2cuGwECJcNYTEGDUNZ1BJb073W15/rbFtUJHVIWj6tjn
R9CYqmMDzQ6eqAywyYHdWmDF5Cz+a5x0OqYooMNPIh25TSJKTGIhwXPBMpZxEs72
5fdfhM7vBVuJmuZY3V4iMKKKBW1ZRHe4pN7NZc7XCvN+hpUHpqlpZJ/xZWKGuavR
i74ulyHPH++TEtJfeWsWd+px7IkqzJLrlOfL/l45Z8b4XSRtRdtljqEslQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKo28lnXtV4QuLI990+hj4Wc86cnMB8GA1UdIwQY
MBaAFL0DIiiqbKBR5z+5CMbcf30ZzRenMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlFNaUtLcHNvRkhuUDdrSXh0eF9mUm5ORjZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8wNTY5MGItNzFkNy00NzBhLWIzMGIt
YjM4ZGZhODc0NDY0LzEvcWpieVdkZTFYaEM0c2ozM1Q2R1BoWnp6cHljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8wNTY5MGItNzFkNy00NzBhLWIzMGItYjM4ZGZhODc0NDY0
LzEvdlFNaUtLcHNvRkhuUDdrSXh0eF9mUm5ORjZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwz5MMA0G
CSqGSIb3DQEBCwUAA4IBAQAcZxFZaAWyXBcTDJ+WMKdYyNL1iKAmTQxLFJrLRg0S
mG8iqEG4NQqLK5/xh/x0K1RnOHvYT2oKGpwWGNVgCzOuQ2kGWTePKkRQrl4DAtKW
QMM+3O49a4DCh87CX3//q2b4l+GXnvB9vjQeV1y8RznEGJMI+4GbCYgfVWJcuyXE
SsEda4pTbXMqUqiTQgwdkdIuERzev51VI3j5Uw0vfp7Ne5Jp5KTD/BrVdNFYPYzO
4YjAmeR2xJlmt08xhoj9aK3T+kVmPKHKCHDwdklx0HpgrO0DH3SLLn5klEp9eo8i
z7E/cdYEYLP6IyWTKqFbOJrsvCqMT77HSaHnFZFFFDbH
-----END CERTIFICATE-----