Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/6fa51b-812e-4284-9d17-ad51ba216531/1/qjdo-2hELWfZ5X3xR6fmxm2tvRM.roa
File:                     qjdo-2hELWfZ5X3xR6fmxm2tvRM.roa (raw, json)
Hash identifier:          KdwciiToM5teWCqBbT0OWprvk5ot6XdBmfBuE2JH8Q4=
Subject key identifier:   AA:37:68:FB:68:44:2D:67:D9:E5:7D:F1:47:A7:E6:C6:6D:AD:BD:13
Certificate issuer:       /CN=df4f720fbbce6b155d7357dbe7126ca56c1ebe75
Certificate serial:       019764C53EEA2D79C74760F99523CC88EBA1
Authority key identifier: DF:4F:72:0F:BB:CE:6B:15:5D:73:57:DB:E7:12:6C:A5:6C:1E:BE:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/309yD7vOaxVdc1fb5xJspWwevnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/6fa51b-812e-4284-9d17-ad51ba216531/1/qjdo-2hELWfZ5X3xR6fmxm2tvRM.roa
Signing time:             Thu 12 Jun 2025 15:32:17 +0000
ROA not before:           Thu 12 Jun 2025 15:32:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42109
IP address blocks:        91.208.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/6fa51b-812e-4284-9d17-ad51ba216531/1/309yD7vOaxVdc1fb5xJspWwevnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/6fa51b-812e-4284-9d17-ad51ba216531/1/309yD7vOaxVdc1fb5xJspWwevnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/309yD7vOaxVdc1fb5xJspWwevnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:64:c5:3e:ea:2d:79:c7:47:60:f9:95:23:cc:88:eb:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df4f720fbbce6b155d7357dbe7126ca56c1ebe75
        Validity
            Not Before: Jun 12 15:32:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa3768fb68442d67d9e57df147a7e6c66dadbd13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:a9:84:99:68:43:71:b5:4f:8c:32:c1:e1:45:
                    02:b2:d4:30:b3:10:68:2a:a5:96:88:c4:66:60:75:
                    89:0f:39:3f:bc:22:91:9c:73:07:65:09:8e:aa:6f:
                    87:27:1e:34:48:05:62:25:45:07:f5:e8:f4:a5:e8:
                    32:c7:65:d0:79:34:88:5d:80:c2:d6:32:47:47:c9:
                    5c:2e:44:e9:dd:32:fd:fb:ea:55:64:8c:eb:cf:2b:
                    92:ff:6f:1d:80:0d:97:1c:c0:c3:c7:9a:30:4c:a9:
                    42:b0:4f:dc:8a:8c:e9:3a:9a:eb:ef:ee:8e:f8:25:
                    5e:8d:01:b4:19:1c:4f:da:16:d5:93:bd:05:3a:67:
                    a8:45:e9:52:94:33:0c:f2:89:17:1a:12:02:d6:9f:
                    43:03:3f:ce:41:c3:a2:4d:cb:46:20:f6:b6:af:75:
                    46:c7:a5:38:3f:2a:b7:a6:3a:31:61:6b:b2:9e:eb:
                    50:6d:e3:3b:d1:83:58:ab:82:36:a9:6a:b5:52:dc:
                    5a:a1:53:41:21:bc:a1:35:13:de:02:cc:07:59:3b:
                    64:82:7e:dd:02:83:d9:24:cd:43:fe:ee:f2:e7:7c:
                    80:0f:46:56:1d:3d:1c:fe:92:f3:9b:23:7e:a7:47:
                    36:cc:85:a7:e4:38:bc:db:06:7c:5c:72:0a:79:4b:
                    9c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:37:68:FB:68:44:2D:67:D9:E5:7D:F1:47:A7:E6:C6:6D:AD:BD:13
            X509v3 Authority Key Identifier:
                keyid:DF:4F:72:0F:BB:CE:6B:15:5D:73:57:DB:E7:12:6C:A5:6C:1E:BE:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/309yD7vOaxVdc1fb5xJspWwevnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/6fa51b-812e-4284-9d17-ad51ba216531/1/qjdo-2hELWfZ5X3xR6fmxm2tvRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/6fa51b-812e-4284-9d17-ad51ba216531/1/309yD7vOaxVdc1fb5xJspWwevnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:49:5a:a6:52:2f:6c:4a:ab:ce:7a:90:28:27:1a:f4:82:5c:
         f3:74:b2:f2:42:9c:6e:02:a5:8e:94:b8:5a:48:04:cf:ee:c0:
         b1:ed:c4:bf:8a:9e:84:72:3d:b3:b1:3a:a4:d0:73:81:dd:37:
         c8:08:55:be:a8:17:57:e9:30:b5:76:5b:db:04:cb:74:4d:ca:
         d1:88:ea:d3:bc:79:be:91:7c:17:2e:98:a8:b4:29:68:24:55:
         41:41:90:8b:82:9c:be:8a:15:fd:05:bd:b4:53:a0:07:45:a8:
         a1:74:01:fd:ea:4c:06:9b:59:00:72:90:df:3c:33:53:ac:01:
         86:ea:37:1a:ea:ef:33:eb:e8:9f:78:a2:d7:7e:9a:89:c0:f7:
         6a:cd:47:22:0a:2b:2b:fa:2f:6c:03:e4:c1:8c:d7:5b:6d:4b:
         a3:fd:fc:1b:3d:cd:aa:80:a0:77:e8:bb:36:e7:fb:82:3b:93:
         8b:de:a8:e0:48:34:97:0f:1c:57:32:59:ba:1b:7a:b5:7d:d7:
         d5:de:b2:16:13:9d:9b:7a:08:37:2c:29:d9:58:b1:ad:0d:91:
         fe:fe:6d:10:f4:79:39:46:2c:eb:22:6a:8b:e9:a5:94:3f:91:
         8b:89:42:61:ff:11:19:c7:9f:34:0c:2d:59:2c:e5:24:48:c3:
         70:7f:c4:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdkxT7qLXnHR2D5lSPMiOuhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmNGY3MjBmYmJjZTZiMTU1ZDczNTdkYmU3MTI2Y2E1NmMx
ZWJlNzUwHhcNMjUwNjEyMTUzMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTM3NjhmYjY4NDQyZDY3ZDllNTdkZjE0N2E3ZTZjNjZkYWRiZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2KmEmWhDcbVPjDLB4UUCstQwsxBo
KqWWiMRmYHWJDzk/vCKRnHMHZQmOqm+HJx40SAViJUUH9ej0pegyx2XQeTSIXYDC
1jJHR8lcLkTp3TL9++pVZIzrzyuS/28dgA2XHMDDx5owTKlCsE/ciozpOprr7+6O
+CVejQG0GRxP2hbVk70FOmeoRelSlDMM8okXGhIC1p9DAz/OQcOiTctGIPa2r3VG
x6U4Pyq3pjoxYWuynutQbeM70YNYq4I2qWq1UtxaoVNBIbyhNRPeAswHWTtkgn7d
AoPZJM1D/u7y53yAD0ZWHT0c/pLzmyN+p0c2zIWn5Di82wZ8XHIKeUuctwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKo3aPtoRC1n2eV98Uen5sZtrb0TMB8GA1UdIwQY
MBaAFN9Pcg+7zmsVXXNX2+cSbKVsHr51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzA5eUQ3dk9heFZkYzFmYjV4SnNwV3dldm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS82ZmE1MWItODEyZS00Mjg0LTlkMTct
YWQ1MWJhMjE2NTMxLzEvcWpkby0yaEVMV2ZaNVgzeFI2Zm14bTJ0dlJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS82ZmE1MWItODEyZS00Mjg0LTlkMTctYWQ1MWJhMjE2NTMx
LzEvMzA5eUQ3dk9heFZkYzFmYjV4SnNwV3dldm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BMMA0G
CSqGSIb3DQEBCwUAA4IBAQAMSVqmUi9sSqvOepAoJxr0glzzdLLyQpxuAqWOlLha
SATP7sCx7cS/ip6Ecj2zsTqk0HOB3TfICFW+qBdX6TC1dlvbBMt0TcrRiOrTvHm+
kXwXLpiotCloJFVBQZCLgpy+ihX9Bb20U6AHRaihdAH96kwGm1kAcpDfPDNTrAGG
6jca6u8z6+ifeKLXfpqJwPdqzUciCisr+i9sA+TBjNdbbUuj/fwbPc2qgKB36Ls2
5/uCO5OL3qjgSDSXDxxXMlm6G3q1fdfV3rIWE52begg3LCnZWLGtDZH+/m0Q9Hk5
RizrImqL6aWUP5GLiUJh/xEZx580DC1ZLOUkSMNwf8So
-----END CERTIFICATE-----