Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/QPW6iA9FJOgzaLE48bOh_0GVsTw.roa
File:                     QPW6iA9FJOgzaLE48bOh_0GVsTw.roa (raw, json)
Hash identifier:          z4wyylTLX8zY2v0eX1XbK+ruego1UaaBEsWnBWgnpiE=
Subject key identifier:   40:F5:BA:88:0F:45:24:E8:33:68:B1:38:F1:B3:A1:FF:41:95:B1:3C
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       0199A0FDF82B9D209C099136DA58AF211138
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/QPW6iA9FJOgzaLE48bOh_0GVsTw.roa
Signing time:             Wed 01 Oct 2025 18:17:02 +0000
ROA not before:           Wed 01 Oct 2025 18:17:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        5.56.31.0/24 maxlen: 24
                          109.122.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a0:fd:f8:2b:9d:20:9c:09:91:36:da:58:af:21:11:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Oct  1 18:17:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40f5ba880f4524e83368b138f1b3a1ff4195b13c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d5:74:af:a9:32:68:fa:50:2b:ea:07:3e:90:
                    4d:48:9f:06:ba:7f:42:b9:a2:67:69:e1:e3:19:7f:
                    8d:c9:3d:3c:fc:b2:7b:6f:5a:34:1a:80:d5:d3:0d:
                    9f:4c:54:bd:d3:8f:09:fa:c9:6c:47:f4:e2:de:f3:
                    f2:0e:bf:14:a9:31:d3:f4:93:68:2d:8e:6e:f4:bc:
                    9d:78:36:42:01:16:17:35:68:bd:b0:19:9d:7c:44:
                    7a:f5:e6:25:4d:cf:65:45:1c:95:d5:17:c9:be:4c:
                    ab:12:e7:1f:e7:13:a1:80:93:63:d3:9f:5d:99:61:
                    16:f7:d6:41:1e:76:26:01:56:2b:93:58:35:51:0d:
                    97:f2:af:9f:ac:c0:86:02:c3:7d:0a:a5:ab:71:b9:
                    19:d0:d4:4b:56:af:74:2d:74:5b:da:9a:05:8c:9a:
                    8f:91:70:6b:81:40:f8:30:c1:ab:70:54:26:4e:3c:
                    86:ff:95:f5:ac:22:c0:c5:d4:de:f5:3c:fd:28:c6:
                    c5:a3:c5:2c:81:97:f1:8f:f9:12:ba:97:aa:3b:19:
                    c6:5a:d1:9b:fb:8f:ce:6e:eb:13:46:40:57:65:78:
                    ec:27:2a:09:26:f1:b8:c1:b2:1b:4a:9f:53:07:e0:
                    1e:e7:ea:f8:8c:43:c9:3c:82:29:ac:d1:cd:94:3f:
                    f2:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:F5:BA:88:0F:45:24:E8:33:68:B1:38:F1:B3:A1:FF:41:95:B1:3C
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/QPW6iA9FJOgzaLE48bOh_0GVsTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.31.0/24
                  109.122.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:95:7b:90:be:30:e6:6d:44:dc:5e:66:12:e6:21:80:3c:c4:
         83:9d:e6:42:40:89:48:82:30:79:15:12:a2:f7:33:36:15:40:
         89:df:61:0b:57:75:d1:b2:76:aa:89:a3:ba:70:8d:ff:c3:3b:
         fa:ef:4e:7e:eb:95:c4:ee:cc:23:ac:21:54:a0:b2:8a:bd:56:
         3a:d2:19:32:69:2e:7e:99:01:fb:f9:f4:cc:3c:47:46:39:35:
         bc:e5:e3:7e:90:43:20:d4:fc:2f:30:c0:4d:df:83:86:6f:3e:
         e8:b5:3a:b9:58:74:2e:f4:77:ed:78:c0:b0:b7:3c:98:46:66:
         e5:68:01:7a:49:14:a8:27:5a:9f:df:5c:b7:95:7a:11:53:a1:
         e8:13:7f:5b:ec:48:1d:67:7d:82:c2:ff:26:f6:03:bc:d4:f6:
         7b:e7:23:92:aa:b8:82:4c:0b:2c:13:7d:24:20:48:21:8a:25:
         af:20:b8:61:13:f2:60:4f:60:61:04:f6:3a:e5:d6:24:af:8f:
         bb:bf:15:0e:11:4b:5c:8d:ee:26:72:b8:ba:68:78:e4:3e:f3:
         28:ab:bd:6e:fd:3b:f2:88:a8:47:83:bc:17:82:18:ac:d1:93:
         95:a2:a3:05:00:19:61:b8:4a:de:ef:dc:c0:b5:86:a8:c1:55:
         0c:72:77:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmg/fgrnSCcCZE22livIRE4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUxMDAxMTgxNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGY1YmE4ODBmNDUyNGU4MzM2OGIxMzhmMWIzYTFmZjQxOTViMTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdV0r6kyaPpQK+oHPpBNSJ8Gun9C
uaJnaeHjGX+NyT08/LJ7b1o0GoDV0w2fTFS9048J+slsR/Ti3vPyDr8UqTHT9JNo
LY5u9LydeDZCARYXNWi9sBmdfER69eYlTc9lRRyV1RfJvkyrEucf5xOhgJNj059d
mWEW99ZBHnYmAVYrk1g1UQ2X8q+frMCGAsN9CqWrcbkZ0NRLVq90LXRb2poFjJqP
kXBrgUD4MMGrcFQmTjyG/5X1rCLAxdTe9Tz9KMbFo8UsgZfxj/kSupeqOxnGWtGb
+4/ObusTRkBXZXjsJyoJJvG4wbIbSp9TB+Ae5+r4jEPJPIIprNHNlD/yMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFED1uogPRSToM2ixOPGzof9BlbE8MB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvUVBXNmlBOUZKT2d6YUxFNDhiT2hfMEdWc1R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABTgfAwQA
bXo6MA0GCSqGSIb3DQEBCwUAA4IBAQCalXuQvjDmbUTcXmYS5iGAPMSDneZCQIlI
gjB5FRKi9zM2FUCJ32ELV3XRsnaqiaO6cI3/wzv6705+65XE7swjrCFUoLKKvVY6
0hkyaS5+mQH7+fTMPEdGOTW85eN+kEMg1PwvMMBN34OGbz7otTq5WHQu9HfteMCw
tzyYRmblaAF6SRSoJ1qf31y3lXoRU6HoE39b7EgdZ32Cwv8m9gO81PZ75yOSqriC
TAssE30kIEghiiWvILhhE/JgT2BhBPY65dYkr4+7vxUOEUtcje4mcri6aHjkPvMo
q71u/TvyiKhHg7wXghis0ZOVoqMFABlhuEre79zAtYaowVUMcnf0
-----END CERTIFICATE-----