Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8fa854-0597-4c0d-b0b5-3f77fd42799a/1/QXgU6iZ9eTA61-_lrp-WFw2wrio.roa
File:                     QXgU6iZ9eTA61-_lrp-WFw2wrio.roa (raw, json)
Hash identifier:          pI7i4CdNQU0hsPQOTDHwQvTJeIPilN2xVeBBH/PkqDI=
Subject key identifier:   41:78:14:EA:26:7D:79:30:3A:D7:EF:E5:AE:9F:96:17:0D:B0:AE:2A
Certificate issuer:       /CN=ee23428373dce8a5f97f45efc6c28b9fbe7cd54d
Certificate serial:       019971EC1F070CD78FE8C1A71B827829C0F3
Authority key identifier: EE:23:42:83:73:DC:E8:A5:F9:7F:45:EF:C6:C2:8B:9F:BE:7C:D5:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7iNCg3Pc6KX5f0XvxsKLn7581U0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8fa854-0597-4c0d-b0b5-3f77fd42799a/1/QXgU6iZ9eTA61-_lrp-WFw2wrio.roa
Signing time:             Mon 22 Sep 2025 14:55:23 +0000
ROA not before:           Mon 22 Sep 2025 14:55:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35625
IP address blocks:        193.35.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8fa854-0597-4c0d-b0b5-3f77fd42799a/1/7iNCg3Pc6KX5f0XvxsKLn7581U0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8fa854-0597-4c0d-b0b5-3f77fd42799a/1/7iNCg3Pc6KX5f0XvxsKLn7581U0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7iNCg3Pc6KX5f0XvxsKLn7581U0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:71:ec:1f:07:0c:d7:8f:e8:c1:a7:1b:82:78:29:c0:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee23428373dce8a5f97f45efc6c28b9fbe7cd54d
        Validity
            Not Before: Sep 22 14:55:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=417814ea267d79303ad7efe5ae9f96170db0ae2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e1:f2:11:11:f8:f1:ac:3f:66:a9:89:82:f4:
                    81:fb:76:c7:db:7b:6d:5e:98:fe:10:4a:4b:ee:a4:
                    eb:d3:75:73:87:20:cf:ab:10:14:b9:53:e3:ae:b6:
                    8f:51:59:19:dd:67:27:ae:3b:62:50:c9:e2:0c:bf:
                    52:85:66:81:b3:98:d9:c5:e3:65:c2:47:db:79:67:
                    aa:0d:c4:98:d1:0d:90:c2:9d:89:29:b1:33:d9:7f:
                    c2:03:ae:8f:e9:00:94:51:d3:a4:9e:0b:60:66:49:
                    f2:e9:2e:23:1c:9d:3d:91:62:7f:e0:c1:1d:01:5e:
                    46:67:fa:a5:29:50:65:26:cc:58:1f:a2:9b:a7:3b:
                    0a:8e:43:65:99:db:9c:0c:8f:cc:38:bc:ea:4b:1b:
                    20:a2:4f:58:73:e7:be:2c:3b:c2:d8:14:79:fa:d9:
                    82:63:00:7e:71:62:f3:7a:a2:80:9d:71:36:a4:92:
                    3e:01:c3:79:51:68:b2:88:9c:31:aa:73:97:38:79:
                    55:47:60:2b:8e:69:ad:1b:14:3e:95:54:db:e5:00:
                    0b:7b:b2:3c:01:21:4a:23:3c:2e:fc:45:e7:ef:50:
                    f5:c2:ce:23:24:01:0e:11:f2:e2:6a:84:8d:97:ab:
                    fa:da:ca:f5:2e:02:aa:76:41:4c:3f:68:6a:59:d9:
                    d8:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:78:14:EA:26:7D:79:30:3A:D7:EF:E5:AE:9F:96:17:0D:B0:AE:2A
            X509v3 Authority Key Identifier:
                keyid:EE:23:42:83:73:DC:E8:A5:F9:7F:45:EF:C6:C2:8B:9F:BE:7C:D5:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7iNCg3Pc6KX5f0XvxsKLn7581U0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8fa854-0597-4c0d-b0b5-3f77fd42799a/1/QXgU6iZ9eTA61-_lrp-WFw2wrio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8fa854-0597-4c0d-b0b5-3f77fd42799a/1/7iNCg3Pc6KX5f0XvxsKLn7581U0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:96:aa:ca:db:be:2c:d1:72:78:47:7e:c3:70:61:5f:74:a9:
         41:4d:65:6f:bd:16:1d:8a:ed:d6:63:93:54:3b:b4:2e:19:c5:
         7c:75:fa:d1:be:7a:e9:98:b8:ef:ab:7b:57:cb:b5:8e:40:15:
         91:df:1e:6d:ec:ec:32:6d:da:51:ea:bd:7f:fd:2e:c0:0c:c6:
         d0:72:6d:41:90:f5:35:85:5a:1e:c0:7c:a6:a4:c3:98:93:b1:
         09:c8:b6:4b:32:1e:b8:1f:cf:bc:fa:0b:87:01:20:51:62:6a:
         6d:ce:7d:c1:b8:fa:0d:2d:a7:6a:91:ce:65:e2:68:a5:4a:b6:
         3c:63:ae:a0:6c:cf:9f:79:93:21:9a:16:f5:11:61:23:45:42:
         ab:df:42:0e:80:c3:c1:50:5e:b8:39:05:da:30:c9:7a:a5:d7:
         9b:be:c0:68:18:80:12:35:64:56:81:2f:89:2a:13:e9:b0:c6:
         80:88:6f:c0:e6:8c:0f:c6:e6:f8:f1:0e:ea:d9:75:e4:d2:a0:
         eb:a9:4d:45:da:fd:4a:03:94:5c:75:5a:a2:e8:f2:d0:11:fa:
         73:cf:8b:64:c1:fc:3f:02:87:21:7b:f6:78:b7:e1:87:fa:f7:
         a7:2c:c8:8a:6b:e7:a1:82:21:4d:c8:de:9c:b8:b2:93:06:72:
         1c:d7:86:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlx7B8HDNeP6MGnG4J4KcDzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMjM0MjgzNzNkY2U4YTVmOTdmNDVlZmM2YzI4YjlmYmU3
Y2Q1NGQwHhcNMjUwOTIyMTQ1NTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTc4MTRlYTI2N2Q3OTMwM2FkN2VmZTVhZTlmOTYxNzBkYjBhZTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOHyERH48aw/ZqmJgvSB+3bH23tt
Xpj+EEpL7qTr03VzhyDPqxAUuVPjrraPUVkZ3WcnrjtiUMniDL9ShWaBs5jZxeNl
wkfbeWeqDcSY0Q2Qwp2JKbEz2X/CA66P6QCUUdOkngtgZkny6S4jHJ09kWJ/4MEd
AV5GZ/qlKVBlJsxYH6KbpzsKjkNlmducDI/MOLzqSxsgok9Yc+e+LDvC2BR5+tmC
YwB+cWLzeqKAnXE2pJI+AcN5UWiyiJwxqnOXOHlVR2ArjmmtGxQ+lVTb5QALe7I8
ASFKIzwu/EXn71D1ws4jJAEOEfLiaoSNl6v62sr1LgKqdkFMP2hqWdnYOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEF4FOomfXkwOtfv5a6flhcNsK4qMB8GA1UdIwQY
MBaAFO4jQoNz3Oil+X9F78bCi5++fNVNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2lOQ2czUGM2S1g1ZjBYdnhzS0xuNzU4MVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZmE4NTQtMDU5Ny00YzBkLWIwYjUt
M2Y3N2ZkNDI3OTlhLzEvUVhnVTZpWjllVEE2MS1fbHJwLVdGdzJ3cmlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZmE4NTQtMDU5Ny00YzBkLWIwYjUtM2Y3N2ZkNDI3OTlh
LzEvN2lOQ2czUGM2S1g1ZjBYdnhzS0xuNzU4MVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSPQMA0G
CSqGSIb3DQEBCwUAA4IBAQATlqrK274s0XJ4R37DcGFfdKlBTWVvvRYdiu3WY5NU
O7QuGcV8dfrRvnrpmLjvq3tXy7WOQBWR3x5t7OwybdpR6r1//S7ADMbQcm1BkPU1
hVoewHympMOYk7EJyLZLMh64H8+8+guHASBRYmptzn3BuPoNLadqkc5l4milSrY8
Y66gbM+feZMhmhb1EWEjRUKr30IOgMPBUF64OQXaMMl6pdebvsBoGIASNWRWgS+J
KhPpsMaAiG/A5owPxub48Q7q2XXk0qDrqU1F2v1KA5RcdVqi6PLQEfpzz4tkwfw/
Aoche/Z4t+GH+venLMiKa+ehgiFNyN6cuLKTBnIc14YO
-----END CERTIFICATE-----