Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/sqExp3bLbEaF_353Y8KaU_CHDaI.roa
File:                     sqExp3bLbEaF_353Y8KaU_CHDaI.roa (raw, json)
Hash identifier:          O5BoSyzsa2fu0HO2sPp/Rp4LLwQ+GTDHarF8NxmMgZQ=
Subject key identifier:   B2:A1:31:A7:76:CB:6C:46:85:FF:7E:77:63:C2:9A:53:F0:87:0D:A2
Certificate issuer:       /CN=bd032228aa6ca051e73fb908c6dc7f7d19cd17a7
Certificate serial:       01995D0A5C05B6FCC5306C682667E1BAF9B7
Authority key identifier: BD:03:22:28:AA:6C:A0:51:E7:3F:B9:08:C6:DC:7F:7D:19:CD:17:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vQMiKKpsoFHnP7kIxtx_fRnNF6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/sqExp3bLbEaF_353Y8KaU_CHDaI.roa
Signing time:             Thu 18 Sep 2025 13:36:23 +0000
ROA not before:           Thu 18 Sep 2025 13:36:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2119
IP address blocks:        195.62.76.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/vQMiKKpsoFHnP7kIxtx_fRnNF6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/vQMiKKpsoFHnP7kIxtx_fRnNF6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vQMiKKpsoFHnP7kIxtx_fRnNF6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5d:0a:5c:05:b6:fc:c5:30:6c:68:26:67:e1:ba:f9:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd032228aa6ca051e73fb908c6dc7f7d19cd17a7
        Validity
            Not Before: Sep 18 13:36:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2a131a776cb6c4685ff7e7763c29a53f0870da2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:32:58:02:35:87:72:e9:11:b2:0b:ad:49:07:
                    f6:dc:48:86:dc:ac:f0:4c:b8:3c:5b:12:38:cd:d8:
                    9b:14:e9:36:95:d7:78:d0:77:f4:f7:7e:71:91:a6:
                    6d:ce:7d:74:3b:1f:72:07:77:7f:71:c2:58:b1:45:
                    02:28:e5:16:e7:8e:1d:c2:7e:a8:57:f9:c9:11:c9:
                    e7:c9:1a:f9:9b:3d:7a:3d:26:d9:6d:c9:8f:ab:6e:
                    01:86:b3:09:91:25:ec:25:37:6d:d3:75:30:e3:d5:
                    ea:3f:bb:e0:c2:19:f9:16:61:d2:eb:19:5e:34:71:
                    e6:b9:53:24:9f:d9:71:5a:40:eb:49:0d:7f:61:d2:
                    c0:41:a7:e4:09:75:cb:49:48:df:95:1b:c8:ee:a7:
                    75:67:45:2b:02:30:82:cd:1a:81:5e:8f:41:c6:b5:
                    e4:75:ef:13:56:fd:f3:c3:53:c6:93:a2:c8:50:17:
                    ce:02:0f:d0:86:a9:9a:69:91:d1:dd:69:f2:77:f8:
                    08:ef:00:ba:7c:93:36:42:dd:24:e8:61:f5:0a:95:
                    aa:92:78:fa:9e:b8:be:1e:df:80:32:bf:64:8a:76:
                    00:2f:13:8e:0c:9a:d0:a3:61:bb:70:57:61:04:3f:
                    e1:f3:9a:e2:8b:d5:02:2d:79:c9:29:24:9f:ec:04:
                    83:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:A1:31:A7:76:CB:6C:46:85:FF:7E:77:63:C2:9A:53:F0:87:0D:A2
            X509v3 Authority Key Identifier:
                keyid:BD:03:22:28:AA:6C:A0:51:E7:3F:B9:08:C6:DC:7F:7D:19:CD:17:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vQMiKKpsoFHnP7kIxtx_fRnNF6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/sqExp3bLbEaF_353Y8KaU_CHDaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/05690b-71d7-470a-b30b-b38dfa874464/1/vQMiKKpsoFHnP7kIxtx_fRnNF6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b5:d7:92:8a:ca:0a:e1:b3:f5:98:ee:04:8b:6d:88:54:27:06:
         11:df:fa:0f:89:45:d7:2f:b0:0e:09:81:2e:2b:2d:01:bd:20:
         15:ef:15:25:a5:08:76:77:5f:1c:58:5c:78:fc:0e:2a:d0:00:
         6d:58:e6:a2:ac:fb:bc:b2:c1:ca:fd:c4:bd:46:75:30:b3:dd:
         e0:03:00:c9:a2:3b:21:79:da:ec:76:28:89:2e:83:91:4c:25:
         8c:97:26:ff:63:0c:d6:65:fa:32:13:3c:9f:09:b9:2c:33:a8:
         37:db:c8:2a:39:e5:2c:3f:81:4d:cd:0f:60:fa:67:5b:bc:f5:
         83:66:a9:62:9a:27:46:d6:4b:c4:0e:78:5b:c3:64:d5:53:50:
         35:4d:65:9a:70:07:25:73:56:06:80:05:16:a0:20:f7:64:72:
         e7:d9:a8:06:c4:9e:57:8f:c8:41:3a:a6:ed:e1:2d:9a:9c:d1:
         4f:6c:00:37:95:39:c6:b2:db:29:ca:4d:fc:28:db:6c:08:10:
         be:86:25:4c:90:7d:a0:f7:32:0a:bb:97:8c:90:0b:80:f8:f3:
         fa:f8:ab:80:dd:11:e7:f8:5e:46:7f:86:e5:2a:32:d9:3b:04:
         eb:54:d2:56:0e:27:13:5d:38:73:e0:91:47:73:4c:b2:08:44:
         cb:3e:ce:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZldClwFtvzFMGxoJmfhuvm3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMDMyMjI4YWE2Y2EwNTFlNzNmYjkwOGM2ZGM3ZjdkMTlj
ZDE3YTcwHhcNMjUwOTE4MTMzNjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmExMzFhNzc2Y2I2YzQ2ODVmZjdlNzc2M2MyOWE1M2YwODcwZGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDJYAjWHcukRsgutSQf23EiG3Kzw
TLg8WxI4zdibFOk2ldd40Hf0935xkaZtzn10Ox9yB3d/ccJYsUUCKOUW544dwn6o
V/nJEcnnyRr5mz16PSbZbcmPq24BhrMJkSXsJTdt03Uw49XqP7vgwhn5FmHS6xle
NHHmuVMkn9lxWkDrSQ1/YdLAQafkCXXLSUjflRvI7qd1Z0UrAjCCzRqBXo9BxrXk
de8TVv3zw1PGk6LIUBfOAg/QhqmaaZHR3Wnyd/gI7wC6fJM2Qt0k6GH1CpWqknj6
nri+Ht+AMr9kinYALxOODJrQo2G7cFdhBD/h85rii9UCLXnJKSSf7ASDUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKhMad2y2xGhf9+d2PCmlPwhw2iMB8GA1UdIwQY
MBaAFL0DIiiqbKBR5z+5CMbcf30ZzRenMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlFNaUtLcHNvRkhuUDdrSXh0eF9mUm5ORjZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8wNTY5MGItNzFkNy00NzBhLWIzMGIt
YjM4ZGZhODc0NDY0LzEvc3FFeHAzYkxiRWFGXzM1M1k4S2FVX0NIRGFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8wNTY5MGItNzFkNy00NzBhLWIzMGItYjM4ZGZhODc0NDY0
LzEvdlFNaUtLcHNvRkhuUDdrSXh0eF9mUm5ORjZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwz5MMA0G
CSqGSIb3DQEBCwUAA4IBAQC115KKygrhs/WY7gSLbYhUJwYR3/oPiUXXL7AOCYEu
Ky0BvSAV7xUlpQh2d18cWFx4/A4q0ABtWOairPu8ssHK/cS9RnUws93gAwDJojsh
edrsdiiJLoORTCWMlyb/YwzWZfoyEzyfCbksM6g328gqOeUsP4FNzQ9g+mdbvPWD
ZqlimidG1kvEDnhbw2TVU1A1TWWacAclc1YGgAUWoCD3ZHLn2agGxJ5Xj8hBOqbt
4S2anNFPbAA3lTnGstspyk38KNtsCBC+hiVMkH2g9zIKu5eMkAuA+PP6+KuA3RHn
+F5Gf4blKjLZOwTrVNJWDicTXThz4JFHc0yyCETLPs6Y
-----END CERTIFICATE-----