Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/QKYY4pu514sUmDk5ewMC9BudeYM.roa
File:                     QKYY4pu514sUmDk5ewMC9BudeYM.roa (raw, json)
Hash identifier:          Xw/leKA1IBGEhTPQThy/3jPwmzjFadxqafY3h81jZnA=
Subject key identifier:   40:A6:18:E2:9B:B9:D7:8B:14:98:39:39:7B:03:02:F4:1B:9D:79:83
Certificate issuer:       /CN=095654498e1cc7bf8ce09eae17acdf7c883d5b49
Certificate serial:       0197AB36C401DED1F798F610D51B4BA09611
Authority key identifier: 09:56:54:49:8E:1C:C7:BF:8C:E0:9E:AE:17:AC:DF:7C:88:3D:5B:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CVZUSY4cx7-M4J6uF6zffIg9W0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/QKYY4pu514sUmDk5ewMC9BudeYM.roa
Signing time:             Thu 26 Jun 2025 07:49:42 +0000
ROA not before:           Thu 26 Jun 2025 07:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44936
IP address blocks:        195.135.200.0/22 maxlen: 22
                          195.135.200.0/24 maxlen: 24
                          195.135.201.0/24 maxlen: 24
                          195.135.202.0/24 maxlen: 24
                          195.135.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/CVZUSY4cx7-M4J6uF6zffIg9W0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/CVZUSY4cx7-M4J6uF6zffIg9W0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CVZUSY4cx7-M4J6uF6zffIg9W0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ab:36:c4:01:de:d1:f7:98:f6:10:d5:1b:4b:a0:96:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=095654498e1cc7bf8ce09eae17acdf7c883d5b49
        Validity
            Not Before: Jun 26 07:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40a618e29bb9d78b149839397b0302f41b9d7983
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:64:d8:5f:cf:51:64:5d:17:54:10:8f:58:31:
                    35:0b:16:c2:9e:c2:1c:8a:a0:8c:26:3f:2a:48:f5:
                    39:9c:36:7b:2e:02:ff:72:19:b7:1f:5f:f3:c2:a9:
                    cb:e0:e9:3f:ae:05:8c:5b:93:e7:6b:6c:72:ff:f7:
                    c5:40:d1:59:05:8a:27:6b:66:80:dc:b2:be:8f:2b:
                    85:9c:c1:0d:ea:02:e7:0d:df:28:3d:a0:64:04:5f:
                    e0:6b:9d:32:1f:d0:a8:13:65:7c:54:2e:88:3e:30:
                    d5:41:50:e1:59:57:28:74:1c:5f:0e:13:0c:f7:3b:
                    4e:5a:fd:5d:19:80:2c:31:da:98:bc:eb:81:6e:f8:
                    7c:e1:bd:5a:e7:c7:c5:29:3a:b3:5f:f2:a0:66:c7:
                    c6:d4:23:2c:21:f4:bb:04:e6:21:6a:15:69:57:16:
                    4e:86:42:20:d6:ab:62:8f:c2:91:58:cb:d3:3f:2f:
                    e4:73:45:50:db:76:09:6e:08:15:c6:3a:5d:25:ef:
                    0f:40:3b:8e:d0:ba:a2:03:3f:81:92:6b:28:75:70:
                    a7:04:f9:29:a8:80:53:33:00:93:72:0d:8c:98:3d:
                    be:3b:49:26:ae:82:1b:ab:52:97:5f:a7:bc:19:d6:
                    c9:e9:80:40:71:33:50:d8:52:5d:52:31:87:51:6a:
                    b3:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:A6:18:E2:9B:B9:D7:8B:14:98:39:39:7B:03:02:F4:1B:9D:79:83
            X509v3 Authority Key Identifier:
                keyid:09:56:54:49:8E:1C:C7:BF:8C:E0:9E:AE:17:AC:DF:7C:88:3D:5B:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CVZUSY4cx7-M4J6uF6zffIg9W0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/QKYY4pu514sUmDk5ewMC9BudeYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/CVZUSY4cx7-M4J6uF6zffIg9W0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.135.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:32:6b:9c:04:cd:b0:d7:44:80:aa:c4:29:ec:80:3b:7b:8f:
         49:e1:21:8a:29:02:97:cf:6d:b8:b2:ac:73:8e:5a:d9:2f:7d:
         54:3f:50:c0:a0:89:8c:cd:e1:89:d5:3a:87:d5:b3:34:c8:44:
         f9:fb:9f:eb:90:03:3f:d7:07:ed:c3:1e:06:5d:8d:60:f7:f7:
         8f:80:8d:66:0d:5e:1a:f4:43:f0:a2:21:1f:2b:ed:e5:6e:ea:
         6e:32:20:3c:b7:c2:da:01:dc:f5:f4:e6:db:74:84:f1:4b:38:
         36:7a:c4:31:42:64:e7:48:af:6c:9a:46:8e:3c:d3:be:33:92:
         55:d5:25:5f:1b:06:a6:6e:e6:ef:72:c5:c5:a1:ca:85:c8:7c:
         26:f7:c3:85:85:26:30:d2:7f:b7:b4:d1:a8:9a:80:0c:bc:e1:
         32:0e:3d:44:48:c7:c1:6c:82:92:f3:d5:45:11:9c:f1:4e:90:
         fb:f0:dd:95:28:3b:ce:70:11:0c:de:92:bd:01:64:4a:a8:3e:
         b7:2b:0f:2f:06:6d:44:3d:78:8a:76:b0:1f:b8:8f:18:7e:87:
         83:a2:ff:ea:81:98:30:78:b6:dc:7c:3e:8b:6d:93:e8:f6:01:
         cb:70:78:35:41:d5:be:0e:49:37:f4:78:f1:8b:68:2d:2d:25:
         a8:3e:bf:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZerNsQB3tH3mPYQ1RtLoJYRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NTY1NDQ5OGUxY2M3YmY4Y2UwOWVhZTE3YWNkZjdjODgz
ZDViNDkwHhcNMjUwNjI2MDc0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGE2MThlMjliYjlkNzhiMTQ5ODM5Mzk3YjAzMDJmNDFiOWQ3OTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2TYX89RZF0XVBCPWDE1CxbCnsIc
iqCMJj8qSPU5nDZ7LgL/chm3H1/zwqnL4Ok/rgWMW5Pna2xy//fFQNFZBYona2aA
3LK+jyuFnMEN6gLnDd8oPaBkBF/ga50yH9CoE2V8VC6IPjDVQVDhWVcodBxfDhMM
9ztOWv1dGYAsMdqYvOuBbvh84b1a58fFKTqzX/KgZsfG1CMsIfS7BOYhahVpVxZO
hkIg1qtij8KRWMvTPy/kc0VQ23YJbggVxjpdJe8PQDuO0LqiAz+BkmsodXCnBPkp
qIBTMwCTcg2MmD2+O0kmroIbq1KXX6e8GdbJ6YBAcTNQ2FJdUjGHUWqz3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECmGOKbudeLFJg5OXsDAvQbnXmDMB8GA1UdIwQY
MBaAFAlWVEmOHMe/jOCerhes33yIPVtJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ZaVVNZNGN4Ny1NNEo2dUY2emZmSWc5VzBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMmRhYTQtMDg3NC00ZjNkLWJmMjIt
ZDFhZDU0ZDBjMDUzLzEvUUtZWTRwdTUxNHNVbURrNWV3TUM5QnVkZVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMmRhYTQtMDg3NC00ZjNkLWJmMjItZDFhZDU0ZDBjMDUz
LzEvQ1ZaVVNZNGN4Ny1NNEo2dUY2emZmSWc5VzBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw4fIMA0G
CSqGSIb3DQEBCwUAA4IBAQAaMmucBM2w10SAqsQp7IA7e49J4SGKKQKXz224sqxz
jlrZL31UP1DAoImMzeGJ1TqH1bM0yET5+5/rkAM/1wftwx4GXY1g9/ePgI1mDV4a
9EPwoiEfK+3lbupuMiA8t8LaAdz19ObbdITxSzg2esQxQmTnSK9smkaOPNO+M5JV
1SVfGwambubvcsXFocqFyHwm98OFhSYw0n+3tNGomoAMvOEyDj1ESMfBbIKS89VF
EZzxTpD78N2VKDvOcBEM3pK9AWRKqD63Kw8vBm1EPXiKdrAfuI8YfoeDov/qgZgw
eLbcfD6LbZPo9gHLcHg1QdW+Dkk39Hjxi2gtLSWoPr8O
-----END CERTIFICATE-----