Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/1-qxQnifpZ2BQG9E1ggTAnXdpfsY.roa
File:                     1-qxQnifpZ2BQG9E1ggTAnXdpfsY.roa (raw, json)
Hash identifier:          JDbeH00nz1nO40aM8BsSQlmDqUifmFz9Ks0DcZEayBo=
Subject key identifier:   FA:AC:50:9E:27:E9:67:60:50:1B:D1:35:82:04:C0:9D:77:69:7E:C6
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       0198B93B3E500D0CA205AF445AD46F271912
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/1-qxQnifpZ2BQG9E1ggTAnXdpfsY.roa
Signing time:             Sun 17 Aug 2025 18:12:04 +0000
ROA not before:           Sun 17 Aug 2025 18:12:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        95.173.48.0/24 maxlen: 24
                          95.173.50.0/24 maxlen: 24
                          95.173.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b9:3b:3e:50:0d:0c:a2:05:af:44:5a:d4:6f:27:19:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Aug 17 18:12:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=faac509e27e96760501bd1358204c09d77697ec6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:7d:27:4a:d1:9a:87:e2:51:a4:4d:e0:e4:da:
                    ec:60:6a:09:c8:ce:51:73:13:bc:b9:b1:29:e6:08:
                    14:ca:26:3d:e4:4d:82:8d:a3:39:0b:f3:7d:2e:92:
                    67:f2:01:3c:de:85:e5:34:f6:86:b0:1d:d7:c7:cf:
                    c1:b8:34:ec:9c:06:2c:8b:83:42:4c:35:39:da:52:
                    6e:ba:3d:27:20:64:1a:a2:d1:31:53:76:fd:f4:d0:
                    40:62:c2:10:39:85:e6:a3:a6:e4:d2:db:77:c4:db:
                    34:50:24:c5:d2:47:20:9f:99:d4:59:70:82:49:56:
                    51:61:e6:e9:c1:1a:71:6d:8f:9d:83:93:e4:da:cc:
                    c7:81:b5:bb:c2:ff:a4:90:51:b4:64:90:71:fa:ff:
                    3e:cd:42:a4:d6:25:10:d5:d1:e5:a3:6e:54:ba:05:
                    69:7a:7b:17:bd:54:fb:64:06:82:39:21:9a:62:fc:
                    59:ee:51:91:64:b5:aa:70:65:78:9d:f6:94:f3:5a:
                    6c:43:cd:03:88:35:80:5d:34:81:c8:19:7b:ce:ee:
                    2f:cd:93:64:54:f5:0a:93:d1:35:1f:ca:ee:05:bc:
                    d4:57:8d:af:db:8e:a7:38:18:5a:08:37:74:51:56:
                    59:36:31:3b:88:e5:5c:28:e2:46:d3:77:43:4d:a8:
                    15:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:AC:50:9E:27:E9:67:60:50:1B:D1:35:82:04:C0:9D:77:69:7E:C6
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/1-qxQnifpZ2BQG9E1ggTAnXdpfsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.48.0/24
                  95.173.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:1f:4c:95:76:00:e4:88:e3:7a:42:06:c8:f8:03:3a:57:ff:
         37:f1:2f:7e:2f:32:f4:f9:74:f4:cb:58:e2:5b:9e:94:de:34:
         70:44:cc:20:4c:47:62:3a:4b:44:a1:fe:f0:46:9b:15:ef:b9:
         de:5e:56:d4:12:d0:0d:44:94:88:08:3a:63:d5:fc:f3:cc:24:
         bb:61:d8:6e:5d:bf:35:bc:98:13:9b:24:de:26:86:b3:bd:cc:
         fb:1b:b0:9a:71:57:05:ac:49:da:20:75:e0:82:e8:f6:b3:e9:
         7c:6c:5b:e9:77:a5:b1:dd:fe:52:54:39:f5:b3:df:00:87:42:
         ab:20:72:a8:f3:dd:66:fc:3e:0e:98:6e:c4:3b:2f:0d:98:b4:
         f0:b2:41:20:c0:ba:e2:98:60:59:5c:6e:ec:00:ce:05:d9:a0:
         72:f4:98:22:c9:6a:f1:a0:eb:3a:7a:af:8a:8b:e2:7d:6f:1f:
         e4:32:21:1e:d6:ae:1e:80:eb:3c:c3:70:63:51:51:99:dd:57:
         eb:93:89:f4:25:8b:4d:25:1b:4f:3f:dd:47:42:98:c7:e0:5c:
         46:6f:3d:33:1e:83:5f:ac:b6:19:8f:a8:82:40:6b:2a:ac:aa:
         6f:b3:91:04:ed:1f:2f:67:4d:ef:76:71:ad:06:dc:15:b4:18:
         2e:1f:7e:c6
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZi5Oz5QDQyiBa9EWtRvJxkSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjUwODE3MTgxMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWFjNTA5ZTI3ZTk2NzYwNTAxYmQxMzU4MjA0YzA5ZDc3Njk3ZWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3X0nStGah+JRpE3g5NrsYGoJyM5R
cxO8ubEp5ggUyiY95E2CjaM5C/N9LpJn8gE83oXlNPaGsB3Xx8/BuDTsnAYsi4NC
TDU52lJuuj0nIGQaotExU3b99NBAYsIQOYXmo6bk0tt3xNs0UCTF0kcgn5nUWXCC
SVZRYebpwRpxbY+dg5Pk2szHgbW7wv+kkFG0ZJBx+v8+zUKk1iUQ1dHlo25UugVp
ensXvVT7ZAaCOSGaYvxZ7lGRZLWqcGV4nfaU81psQ80DiDWAXTSByBl7zu4vzZNk
VPUKk9E1H8ruBbzUV42v246nOBhaCDd0UVZZNjE7iOVcKOJG03dDTagVoQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPqsUJ4n6WdgUBvRNYIEwJ13aX7GMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvMS1xeFFuaWZwWjJCUUc5RTFnZ1RBblhkcGZzWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZGIvZWRkMTI4LTZkNmUtNDllMy1iNzdlLTFmODc0Njk0NTQ4
My8xL1lHWVhXTTR6QmlKSENqbXVqVzcwb2dSUGc4US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAF+tMAME
AV+tMjANBgkqhkiG9w0BAQsFAAOCAQEAIB9MlXYA5IjjekIGyPgDOlf/N/Evfi8y
9Pl09MtY4luelN40cETMIExHYjpLRKH+8EabFe+53l5W1BLQDUSUiAg6Y9X888wk
u2HYbl2/NbyYE5sk3iaGs73M+xuwmnFXBaxJ2iB14ILo9rPpfGxb6Xelsd3+UlQ5
9bPfAIdCqyByqPPdZvw+DphuxDsvDZi08LJBIMC64phgWVxu7ADOBdmgcvSYIslq
8aDrOnqviovifW8f5DIhHtauHoDrPMNwY1FRmd1X65OJ9CWLTSUbTz/dR0KYx+Bc
Rm89Mx6DX6y2GY+ogkBrKqyqb7ORBO0fL2dN73ZxrQbcFbQYLh9+xg==
-----END CERTIFICATE-----