Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/qWZ64G_gV6r1a1VTWhYwuR9ilIk.roa
File:                     qWZ64G_gV6r1a1VTWhYwuR9ilIk.roa (raw, json)
Hash identifier:          SNBGanOggO8FdGYV/GuiVAQ6b34zKk2VTZJhKLFl+04=
Subject key identifier:   A9:66:7A:E0:6F:E0:57:AA:F5:6B:55:53:5A:16:30:B9:1F:62:94:89
Certificate issuer:       /CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Certificate serial:       01987E463CD2849CA1082A7EE694BAD0F9AA
Authority key identifier: 81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/qWZ64G_gV6r1a1VTWhYwuR9ilIk.roa
Signing time:             Wed 06 Aug 2025 07:26:28 +0000
ROA not before:           Wed 06 Aug 2025 07:26:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12871
IP address blocks:        37.188.64.0/20 maxlen: 24
                          94.229.48.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:02:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7e:46:3c:d2:84:9c:a1:08:2a:7e:e6:94:ba:d0:f9:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
        Validity
            Not Before: Aug  6 07:26:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9667ae06fe057aaf56b55535a1630b91f629489
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:83:48:21:a1:b3:21:8a:a3:cf:3e:4d:1a:22:
                    5e:25:1c:bb:9f:45:dc:d2:34:47:99:f1:7d:01:aa:
                    7b:df:a3:72:a7:3f:bd:a8:9f:e8:91:59:ae:17:aa:
                    c6:df:c6:06:a3:3d:e6:35:36:27:b3:b8:40:f1:32:
                    19:a8:db:65:0b:34:bd:39:cb:77:52:e6:e1:12:9b:
                    59:d2:62:4b:80:5c:2a:76:4f:02:4b:98:47:92:b0:
                    13:a5:d1:33:66:00:88:5c:95:29:cc:9b:41:b0:68:
                    e2:3f:29:38:32:c7:ec:f3:2d:c5:70:f7:2d:e3:b8:
                    f9:42:1f:f7:a8:5d:66:98:0e:44:ff:ba:d1:91:43:
                    e7:45:6e:a1:c7:20:9b:c6:66:e9:17:8f:73:ad:66:
                    04:47:be:63:b4:a3:44:b3:66:3f:09:fd:e4:a9:cd:
                    c3:23:53:76:44:c0:31:5a:b7:72:08:e1:df:40:49:
                    b0:77:6c:79:27:90:53:df:60:db:23:59:f6:d6:b3:
                    0f:90:25:4e:e5:d6:55:6b:ea:4b:df:18:60:2e:ec:
                    b9:1c:87:d3:9f:03:63:6a:70:96:b3:a8:c3:8e:62:
                    2c:f5:3e:a4:e1:b1:65:dd:3b:ee:50:42:ee:dc:4b:
                    99:33:61:46:f2:30:f2:cb:a6:d3:ad:7d:4c:9a:9b:
                    05:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:66:7A:E0:6F:E0:57:AA:F5:6B:55:53:5A:16:30:B9:1F:62:94:89
            X509v3 Authority Key Identifier:
                keyid:81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/qWZ64G_gV6r1a1VTWhYwuR9ilIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.188.64.0/20
                  94.229.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5d:a8:bd:79:ff:6b:e8:62:a7:68:d0:18:1c:17:3e:26:c6:01:
         fe:ed:a8:a0:65:72:c2:ff:99:f0:b2:1e:98:02:b7:3f:8d:d5:
         9b:02:a3:6e:b2:8e:15:78:f7:4c:9e:ce:c0:95:17:fd:7c:ad:
         b8:bd:c3:42:ae:5a:0c:d2:fb:cf:c0:10:8e:d0:fc:02:73:d3:
         ba:b3:f9:b3:89:89:86:96:f8:39:b4:56:a7:0b:51:49:8d:0a:
         8b:84:8f:25:20:fc:9c:24:3a:f4:07:5f:6b:22:c2:13:c9:6c:
         29:4f:99:c6:35:62:79:dc:ae:84:35:3c:29:4b:f3:b5:e6:7e:
         87:a0:d8:30:35:92:8f:13:c8:3d:25:d7:4f:57:1c:64:a1:e3:
         f4:de:92:00:41:f4:03:93:7b:fc:5e:bb:87:fb:94:34:37:c5:
         05:f4:22:28:72:7f:08:34:9a:bb:24:2a:98:90:5b:bd:b1:cd:
         a5:ac:b1:74:7e:c6:f0:8f:2e:64:43:4a:8f:e8:b6:5c:ac:bf:
         fb:34:33:a5:a1:1e:5b:c6:13:bd:d4:24:75:2d:a4:6c:e0:ad:
         53:3b:2d:89:82:fe:24:f4:79:6d:6d:14:00:12:b4:27:56:3a:
         07:c8:15:7d:97:a0:e0:04:e7:df:c3:a6:e9:0b:74:f8:74:75:
         c8:86:96:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZh+RjzShJyhCCp+5pS60PmqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZWVkNDA5MTM4M2Q5ZWQ0MDU2ZDlmNGVmZjdkMjYyMmRk
Y2UyMDUwHhcNMjUwODA2MDcyNjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTY2N2FlMDZmZTA1N2FhZjU2YjU1NTM1YTE2MzBiOTFmNjI5NDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqINIIaGzIYqjzz5NGiJeJRy7n0Xc
0jRHmfF9Aap736Nypz+9qJ/okVmuF6rG38YGoz3mNTYns7hA8TIZqNtlCzS9Oct3
UubhEptZ0mJLgFwqdk8CS5hHkrATpdEzZgCIXJUpzJtBsGjiPyk4Msfs8y3FcPct
47j5Qh/3qF1mmA5E/7rRkUPnRW6hxyCbxmbpF49zrWYER75jtKNEs2Y/Cf3kqc3D
I1N2RMAxWrdyCOHfQEmwd2x5J5BT32DbI1n21rMPkCVO5dZVa+pL3xhgLuy5HIfT
nwNjanCWs6jDjmIs9T6k4bFl3TvuUELu3EuZM2FG8jDyy6bTrX1MmpsF0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKlmeuBv4Feq9WtVU1oWMLkfYpSJMB8GA1UdIwQY
MBaAFIHu1AkTg9ntQFbZ9O/30mIt3OIFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2Et
ODcyYjM3MTBjMmExLzEvcVdaNjRHX2dWNnIxYTFWVFdoWXd1UjlpbElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2EtODcyYjM3MTBjMmEx
LzEvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEJbxAAwQE
XuUwMA0GCSqGSIb3DQEBCwUAA4IBAQBdqL15/2voYqdo0BgcFz4mxgH+7aigZXLC
/5nwsh6YArc/jdWbAqNuso4VePdMns7AlRf9fK24vcNCrloM0vvPwBCO0PwCc9O6
s/mziYmGlvg5tFanC1FJjQqLhI8lIPycJDr0B19rIsITyWwpT5nGNWJ53K6ENTwp
S/O15n6HoNgwNZKPE8g9JddPVxxkoeP03pIAQfQDk3v8XruH+5Q0N8UF9CIocn8I
NJq7JCqYkFu9sc2lrLF0fsbwjy5kQ0qP6LZcrL/7NDOloR5bxhO91CR1LaRs4K1T
Oy2Jgv4k9HltbRQAErQnVjoHyBV9l6DgBOffw6bpC3T4dHXIhpZC
-----END CERTIFICATE-----