Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/ba3b2f-a289-404e-aef8-4e737e06d290/1/Q8xFmFvAPSn77NIvkdeBwz67ukY.roa
File:                     Q8xFmFvAPSn77NIvkdeBwz67ukY.roa (raw, json)
Hash identifier:          6n/TW9WGi0M+VK+cZnP9o3jAKXvSHj5b/AFgad9Qy1Y=
Subject key identifier:   43:CC:45:98:5B:C0:3D:29:FB:EC:D2:2F:91:D7:81:C3:3E:BB:BA:46
Certificate issuer:       /CN=a9a073b31d888e4439e272e007c9532fc305c80d
Certificate serial:       01997A7BEBB506ED1FA89F003474EF41141A
Authority key identifier: A9:A0:73:B3:1D:88:8E:44:39:E2:72:E0:07:C9:53:2F:C3:05:C8:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qaBzsx2IjkQ54nLgB8lTL8MFyA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/ba3b2f-a289-404e-aef8-4e737e06d290/1/Q8xFmFvAPSn77NIvkdeBwz67ukY.roa
Signing time:             Wed 24 Sep 2025 06:49:25 +0000
ROA not before:           Wed 24 Sep 2025 06:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40975
IP address blocks:        195.138.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/ba3b2f-a289-404e-aef8-4e737e06d290/1/qaBzsx2IjkQ54nLgB8lTL8MFyA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/ba3b2f-a289-404e-aef8-4e737e06d290/1/qaBzsx2IjkQ54nLgB8lTL8MFyA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qaBzsx2IjkQ54nLgB8lTL8MFyA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7a:7b:eb:b5:06:ed:1f:a8:9f:00:34:74:ef:41:14:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9a073b31d888e4439e272e007c9532fc305c80d
        Validity
            Not Before: Sep 24 06:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43cc45985bc03d29fbecd22f91d781c33ebbba46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a2:b6:fe:50:43:74:3e:b3:0a:73:c1:a6:16:
                    c6:98:99:73:3d:21:a2:3b:d9:91:fe:dc:01:4f:30:
                    98:7e:b4:e1:74:9d:04:a2:c8:e8:d0:6d:81:bc:6e:
                    00:c9:38:4c:a0:e2:2e:d6:88:0e:97:64:d8:ae:80:
                    cc:ff:8e:a9:42:1c:87:62:33:87:ef:6a:56:55:ce:
                    23:e8:1b:34:1e:51:72:42:8f:78:93:d8:ec:cd:b5:
                    e1:36:c3:0c:24:87:c3:54:73:b5:0d:05:8d:9f:a4:
                    db:93:99:a9:ac:d0:47:5c:8f:44:db:4d:53:e0:c1:
                    d1:f0:16:60:5a:53:8e:8a:74:b2:2a:a3:c9:e5:0c:
                    44:46:29:71:ef:43:08:10:f5:83:9d:b4:42:d2:b9:
                    da:c4:63:41:c1:5a:1b:dc:50:fb:08:03:6b:c3:74:
                    2d:89:58:5e:49:13:13:f0:7c:03:51:5d:76:76:7e:
                    94:e3:7f:cf:a7:e2:37:b8:75:50:87:13:e0:90:32:
                    26:2a:b3:e6:c0:ed:a1:ff:78:90:bd:2e:88:15:6d:
                    b8:39:4f:b0:55:ec:d7:a1:3c:c5:9d:2c:42:b4:d8:
                    b6:ef:56:82:de:84:68:9b:64:06:7f:25:56:a0:24:
                    62:af:4d:0a:c3:89:7d:c0:82:17:c5:d9:0f:07:ee:
                    08:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:CC:45:98:5B:C0:3D:29:FB:EC:D2:2F:91:D7:81:C3:3E:BB:BA:46
            X509v3 Authority Key Identifier:
                keyid:A9:A0:73:B3:1D:88:8E:44:39:E2:72:E0:07:C9:53:2F:C3:05:C8:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qaBzsx2IjkQ54nLgB8lTL8MFyA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ba3b2f-a289-404e-aef8-4e737e06d290/1/Q8xFmFvAPSn77NIvkdeBwz67ukY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ba3b2f-a289-404e-aef8-4e737e06d290/1/qaBzsx2IjkQ54nLgB8lTL8MFyA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.138.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e3:46:41:01:91:2d:1a:72:e6:63:b2:2d:a3:38:cb:0d:2e:fd:
         f6:70:6e:dc:4c:8a:82:b6:70:ee:28:e3:e5:ee:0b:77:e9:89:
         d5:b4:0f:1c:49:4d:bf:29:ed:66:ca:6e:82:4c:a8:56:56:c3:
         77:a0:ed:b1:6e:49:e4:89:15:4d:36:12:49:99:4c:5c:5d:00:
         b7:16:20:d1:44:b9:98:d5:72:5f:c3:16:8d:b8:c1:7d:c9:7a:
         b3:3f:4c:26:85:ab:ca:a3:33:b1:59:da:82:dc:95:38:d1:56:
         5c:12:59:a1:4e:7d:fd:65:d1:08:0c:ab:12:41:d5:5f:7f:c6:
         39:0c:e5:49:ea:a0:4f:15:4f:81:e4:87:da:05:45:93:bd:84:
         66:7c:2b:c2:4f:55:05:45:55:fe:86:e8:b3:39:44:5d:cc:9d:
         18:3e:8b:a5:88:a7:54:65:6d:ab:cc:4a:50:a7:c4:a2:5a:19:
         63:d3:4b:0e:5a:59:c8:0d:4b:d3:94:d3:5d:b6:9d:70:10:5e:
         66:33:3d:58:88:f3:b6:fd:d6:c7:1d:a9:a2:c1:d5:72:85:a8:
         50:3b:58:6a:a3:d1:7d:90:ca:c9:f6:f0:e5:dc:52:f1:9f:90:
         88:7a:0e:9f:e3:24:20:71:36:ab:a2:8b:8e:89:c4:a3:e6:57:
         28:07:66:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl6e+u1Bu0fqJ8ANHTvQRQaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YTA3M2IzMWQ4ODhlNDQzOWUyNzJlMDA3Yzk1MzJmYzMw
NWM4MGQwHhcNMjUwOTI0MDY0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2NjNDU5ODViYzAzZDI5ZmJlY2QyMmY5MWQ3ODFjMzNlYmJiYTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraK2/lBDdD6zCnPBphbGmJlzPSGi
O9mR/twBTzCYfrThdJ0Eosjo0G2BvG4AyThMoOIu1ogOl2TYroDM/46pQhyHYjOH
72pWVc4j6Bs0HlFyQo94k9jszbXhNsMMJIfDVHO1DQWNn6Tbk5mprNBHXI9E201T
4MHR8BZgWlOOinSyKqPJ5QxERilx70MIEPWDnbRC0rnaxGNBwVob3FD7CANrw3Qt
iVheSRMT8HwDUV12dn6U43/Pp+I3uHVQhxPgkDImKrPmwO2h/3iQvS6IFW24OU+w
VezXoTzFnSxCtNi271aC3oRom2QGfyVWoCRir00Kw4l9wIIXxdkPB+4IpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPMRZhbwD0p++zSL5HXgcM+u7pGMB8GA1UdIwQY
MBaAFKmgc7MdiI5EOeJy4AfJUy/DBcgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWFCenN4Mklqa1E1NG5MZ0I4bFRMOE1GeUEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iYTNiMmYtYTI4OS00MDRlLWFlZjgt
NGU3MzdlMDZkMjkwLzEvUTh4Rm1GdkFQU243N05JdmtkZUJ3ejY3dWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iYTNiMmYtYTI4OS00MDRlLWFlZjgtNGU3MzdlMDZkMjkw
LzEvcWFCenN4Mklqa1E1NG5MZ0I4bFRMOE1GeUEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4rWMA0G
CSqGSIb3DQEBCwUAA4IBAQDjRkEBkS0acuZjsi2jOMsNLv32cG7cTIqCtnDuKOPl
7gt36YnVtA8cSU2/Ke1mym6CTKhWVsN3oO2xbknkiRVNNhJJmUxcXQC3FiDRRLmY
1XJfwxaNuMF9yXqzP0wmhavKozOxWdqC3JU40VZcElmhTn39ZdEIDKsSQdVff8Y5
DOVJ6qBPFU+B5IfaBUWTvYRmfCvCT1UFRVX+huizOURdzJ0YPouliKdUZW2rzEpQ
p8SiWhlj00sOWlnIDUvTlNNdtp1wEF5mMz1YiPO2/dbHHamiwdVyhahQO1hqo9F9
kMrJ9vDl3FLxn5CIeg6f4yQgcTaroouOicSj5lcoB2YT
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:29:24 2025 by rpki-client