Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/07d0c7-dc1e-4089-bd48-7ee0e60bb053/1/QOeRuiRAx6f12JzbMTw8bg77wX0.roa
File:                     QOeRuiRAx6f12JzbMTw8bg77wX0.roa (raw, json)
Hash identifier:          L8eA6191FsW9Vnzupg2J6urhYsN5bGDp5k/dBDH9G8c=
Subject key identifier:   40:E7:91:BA:24:40:C7:A7:F5:D8:9C:DB:31:3C:3C:6E:0E:FB:C1:7D
Certificate issuer:       /CN=a1e5fc635a1a775574b779aea9ccd6524cc4d0f9
Certificate serial:       01995C91827F2E7BC91C9B3A37725DA42860
Authority key identifier: A1:E5:FC:63:5A:1A:77:55:74:B7:79:AE:A9:CC:D6:52:4C:C4:D0:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oeX8Y1oad1V0t3muqczWUkzE0Pk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/07d0c7-dc1e-4089-bd48-7ee0e60bb053/1/QOeRuiRAx6f12JzbMTw8bg77wX0.roa
Signing time:             Thu 18 Sep 2025 11:24:23 +0000
ROA not before:           Thu 18 Sep 2025 11:24:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197265
IP address blocks:        91.217.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/07d0c7-dc1e-4089-bd48-7ee0e60bb053/1/oeX8Y1oad1V0t3muqczWUkzE0Pk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/07d0c7-dc1e-4089-bd48-7ee0e60bb053/1/oeX8Y1oad1V0t3muqczWUkzE0Pk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oeX8Y1oad1V0t3muqczWUkzE0Pk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:91:82:7f:2e:7b:c9:1c:9b:3a:37:72:5d:a4:28:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1e5fc635a1a775574b779aea9ccd6524cc4d0f9
        Validity
            Not Before: Sep 18 11:24:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40e791ba2440c7a7f5d89cdb313c3c6e0efbc17d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ec:96:0b:7a:71:ee:e7:ba:ed:45:4b:ea:2f:
                    0b:21:5c:09:c4:80:5c:eb:5b:a0:e1:9e:87:12:15:
                    0c:2b:c6:91:b3:c1:44:34:5c:97:ee:71:90:3f:05:
                    97:4a:41:9a:d3:9a:ca:40:31:69:1f:e8:99:dc:2d:
                    97:7b:97:0c:5e:c6:d7:e2:e0:52:49:92:2f:6d:47:
                    8a:f2:46:8d:a0:a6:d1:40:ee:58:f4:06:b2:14:33:
                    9e:be:13:56:b2:fd:c9:50:61:e1:63:5f:b2:a3:df:
                    66:72:6c:24:3a:fe:6d:7e:ec:55:91:e0:b0:06:10:
                    4a:f1:5a:5e:63:e4:21:93:f3:5a:68:88:7f:0f:4c:
                    79:9d:79:e5:58:a5:94:cd:d1:bb:f8:90:c3:d8:03:
                    59:66:cd:e0:e1:2d:2b:2f:82:bf:a9:3c:9a:71:02:
                    76:4d:3c:b2:a0:f0:c6:16:d5:7a:3a:8b:21:94:b8:
                    c9:f4:ee:b0:b0:83:83:b7:2e:86:6f:fb:38:5c:5a:
                    0b:b8:dc:67:e6:eb:0e:08:d2:bc:f9:5d:0d:85:2e:
                    59:99:1d:ca:89:4a:80:b3:a4:94:23:22:bb:e8:a7:
                    18:43:e7:33:03:57:2a:9b:f1:48:c3:5e:42:07:11:
                    be:2a:d7:d9:b1:c9:d4:83:25:db:13:48:62:d3:5e:
                    b8:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:E7:91:BA:24:40:C7:A7:F5:D8:9C:DB:31:3C:3C:6E:0E:FB:C1:7D
            X509v3 Authority Key Identifier:
                keyid:A1:E5:FC:63:5A:1A:77:55:74:B7:79:AE:A9:CC:D6:52:4C:C4:D0:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oeX8Y1oad1V0t3muqczWUkzE0Pk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/07d0c7-dc1e-4089-bd48-7ee0e60bb053/1/QOeRuiRAx6f12JzbMTw8bg77wX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/07d0c7-dc1e-4089-bd48-7ee0e60bb053/1/oeX8Y1oad1V0t3muqczWUkzE0Pk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:ff:97:f4:9f:27:a6:20:c7:b4:cd:c2:ba:f4:47:5d:81:2a:
         f6:2a:b9:b1:3d:45:33:95:6b:af:cc:14:62:4e:71:72:dc:ae:
         45:70:12:f6:32:ce:02:b8:30:fd:b7:03:b3:e0:a9:3a:19:f2:
         be:a4:52:75:c1:5e:b5:f8:b8:47:2e:bd:43:a8:9c:66:2b:a8:
         d2:02:f6:e8:d3:d6:6f:8b:45:f1:f6:b5:a2:0d:8a:d9:dc:3a:
         63:f1:5a:61:75:82:70:65:b1:b6:15:52:43:ba:5f:2e:4b:4c:
         3f:f4:70:df:c7:7b:b1:c2:57:26:a5:69:c9:c5:91:c1:d8:2e:
         dd:e6:cb:ce:87:68:8a:11:27:21:05:b4:4a:cc:a9:61:22:26:
         13:d8:9c:e2:65:e9:17:cb:0f:3d:05:34:5f:4d:10:a8:70:87:
         83:49:2c:12:3f:c9:a6:cc:1e:1f:b8:b6:54:17:56:c0:8c:9b:
         31:af:07:9e:62:d1:69:8c:70:8d:94:88:e4:9f:8e:c5:47:d0:
         46:a8:56:c3:ab:26:03:f7:c7:8b:d1:0f:5a:4f:62:2e:e7:a0:
         38:03:d4:66:b7:ea:a4:49:4f:5c:6c:61:af:df:7d:2b:80:22:
         2d:8b:8d:e4:0f:5e:26:40:fe:66:de:52:86:71:36:7e:cc:22:
         72:dd:30:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlckYJ/LnvJHJs6N3JdpChgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZTVmYzYzNWExYTc3NTU3NGI3NzlhZWE5Y2NkNjUyNGNj
NGQwZjkwHhcNMjUwOTE4MTEyNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGU3OTFiYTI0NDBjN2E3ZjVkODljZGIzMTNjM2M2ZTBlZmJjMTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAneyWC3px7ue67UVL6i8LIVwJxIBc
61ug4Z6HEhUMK8aRs8FENFyX7nGQPwWXSkGa05rKQDFpH+iZ3C2Xe5cMXsbX4uBS
SZIvbUeK8kaNoKbRQO5Y9AayFDOevhNWsv3JUGHhY1+yo99mcmwkOv5tfuxVkeCw
BhBK8VpeY+Qhk/NaaIh/D0x5nXnlWKWUzdG7+JDD2ANZZs3g4S0rL4K/qTyacQJ2
TTyyoPDGFtV6OoshlLjJ9O6wsIODty6Gb/s4XFoLuNxn5usOCNK8+V0NhS5ZmR3K
iUqAs6SUIyK76KcYQ+czA1cqm/FIw15CBxG+KtfZscnUgyXbE0hi0164wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDnkbokQMen9dic2zE8PG4O+8F9MB8GA1UdIwQY
MBaAFKHl/GNaGndVdLd5rqnM1lJMxND5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2VYOFkxb2FkMVYwdDNtdXFjeldVa3pFMFBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8wN2QwYzctZGMxZS00MDg5LWJkNDgt
N2VlMGU2MGJiMDUzLzEvUU9lUnVpUkF4NmYxMkp6Yk1UdzhiZzc3d1gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8wN2QwYzctZGMxZS00MDg5LWJkNDgtN2VlMGU2MGJiMDUz
LzEvb2VYOFkxb2FkMVYwdDNtdXFjeldVa3pFMFBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9nMMA0G
CSqGSIb3DQEBCwUAA4IBAQCS/5f0nyemIMe0zcK69EddgSr2KrmxPUUzlWuvzBRi
TnFy3K5FcBL2Ms4CuDD9twOz4Kk6GfK+pFJ1wV61+LhHLr1DqJxmK6jSAvbo09Zv
i0Xx9rWiDYrZ3Dpj8VphdYJwZbG2FVJDul8uS0w/9HDfx3uxwlcmpWnJxZHB2C7d
5svOh2iKESchBbRKzKlhIiYT2JziZekXyw89BTRfTRCocIeDSSwSP8mmzB4fuLZU
F1bAjJsxrweeYtFpjHCNlIjkn47FR9BGqFbDqyYD98eL0Q9aT2Iu56A4A9Rmt+qk
SU9cbGGv330rgCIti43kD14mQP5m3lKGcTZ+zCJy3TAb
-----END CERTIFICATE-----