Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/QR2YqgWO3HgryB-jCKLQlEjjTqE.roa
File:                     QR2YqgWO3HgryB-jCKLQlEjjTqE.roa (raw, json)
Hash identifier:          HEp/u92BN+OXq/U3xuaiaHmavKdXD4q9na0CF8S1PUg=
Subject key identifier:   41:1D:98:AA:05:8E:DC:78:2B:C8:1F:A3:08:A2:D0:94:48:E3:4E:A1
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       0199FB5A8BCA367DAB40EE744295FA207322
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/QR2YqgWO3HgryB-jCKLQlEjjTqE.roa
Signing time:             Sun 19 Oct 2025 07:23:59 +0000
ROA not before:           Sun 19 Oct 2025 07:23:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        103.102.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fb:5a:8b:ca:36:7d:ab:40:ee:74:42:95:fa:20:73:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Oct 19 07:23:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=411d98aa058edc782bc81fa308a2d09448e34ea1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a7:57:7f:1b:7c:51:7b:7c:86:87:0d:1d:f9:
                    38:f6:b3:5f:aa:c1:64:0c:bd:48:84:13:59:81:a5:
                    bb:11:d4:9f:ce:f4:91:d4:c1:34:11:04:c7:99:b9:
                    34:b2:1f:44:94:5a:25:df:1b:6d:44:6d:1f:83:df:
                    db:13:7b:2d:15:b8:ec:81:67:c1:43:91:1f:b7:0d:
                    55:f6:dc:03:f3:47:a0:61:1e:55:e8:7f:6e:fe:7d:
                    a4:16:4e:0f:1e:7e:7f:89:ba:6f:48:b9:58:99:ce:
                    45:80:1d:bf:81:87:e2:ee:a6:e3:af:a3:2e:32:81:
                    bc:89:90:18:c0:4e:61:f7:ae:3e:5d:bc:07:bc:40:
                    e8:95:09:ed:9d:14:d9:37:60:4e:27:81:36:ed:01:
                    d4:62:31:a2:16:db:2f:39:02:3f:f5:ee:89:7e:d2:
                    81:d2:ed:07:2c:dc:23:4d:d5:08:d7:d7:50:a1:0a:
                    26:dd:29:c9:71:cb:e9:0a:46:5a:e9:a3:98:fc:36:
                    3a:28:38:34:3c:3d:37:5f:a2:3f:97:1e:c7:3c:5b:
                    fb:87:e1:63:89:56:d0:aa:02:57:dc:27:18:a7:0b:
                    16:80:f6:98:2e:33:88:78:7a:44:89:86:6b:e8:e5:
                    15:ae:1e:24:f0:dd:e1:a6:01:44:d3:ae:cc:ab:fb:
                    82:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:1D:98:AA:05:8E:DC:78:2B:C8:1F:A3:08:A2:D0:94:48:E3:4E:A1
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/QR2YqgWO3HgryB-jCKLQlEjjTqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.102.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:fc:33:bb:0a:05:d5:37:da:ac:de:77:bf:25:cf:bf:ca:86:
         46:ab:89:08:f4:19:c8:aa:88:23:4a:d5:f5:7d:35:6a:6f:1a:
         19:b7:27:f8:37:f1:8a:79:40:ea:1c:44:e1:d0:f4:4f:a9:aa:
         6c:16:80:38:5d:40:27:b2:64:f7:fd:9d:9c:bd:57:4c:54:bb:
         3e:60:73:a9:df:d8:37:3c:67:89:75:b6:41:95:36:f7:1e:b5:
         7d:76:14:a9:dc:7c:6b:50:f1:29:8b:2a:52:e7:a6:09:78:48:
         f0:ab:92:bc:b6:63:c3:87:58:99:20:98:0e:7d:ab:82:f1:db:
         2f:2a:22:16:b3:a9:ca:d8:60:2e:13:d3:81:2c:52:a0:65:32:
         9c:7c:63:f5:45:19:2b:b3:89:de:07:ef:0d:d5:58:6e:90:ce:
         3d:68:f9:1d:32:01:0a:1c:f5:3b:91:02:33:b3:98:c9:db:82:
         55:cd:c2:1d:6f:58:22:df:ad:de:0b:df:cc:4f:08:a3:fc:57:
         ab:3e:50:0a:f8:d2:78:8e:f0:d0:d1:9c:28:e8:6b:d1:fe:89:
         73:dc:df:2e:57:7c:16:6d:ec:93:18:37:69:bd:b6:92:a0:4f:
         38:be:80:36:e8:ba:3d:39:6a:d9:d1:17:77:a1:9f:08:7c:35:
         69:08:0b:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZn7WovKNn2rQO50QpX6IHMiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjUxMDE5MDcyMzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTFkOThhYTA1OGVkYzc4MmJjODFmYTMwOGEyZDA5NDQ4ZTM0ZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKdXfxt8UXt8hocNHfk49rNfqsFk
DL1IhBNZgaW7EdSfzvSR1ME0EQTHmbk0sh9ElFol3xttRG0fg9/bE3stFbjsgWfB
Q5Eftw1V9twD80egYR5V6H9u/n2kFk4PHn5/ibpvSLlYmc5FgB2/gYfi7qbjr6Mu
MoG8iZAYwE5h964+XbwHvEDolQntnRTZN2BOJ4E27QHUYjGiFtsvOQI/9e6JftKB
0u0HLNwjTdUI19dQoQom3SnJccvpCkZa6aOY/DY6KDg0PD03X6I/lx7HPFv7h+Fj
iVbQqgJX3CcYpwsWgPaYLjOIeHpEiYZr6OUVrh4k8N3hpgFE067Mq/uC4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEEdmKoFjtx4K8gfowii0JRI406hMB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvUVIyWXFnV08zSGdyeUItakNLTFFsRWpqVHFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2bnMA0G
CSqGSIb3DQEBCwUAA4IBAQBg/DO7CgXVN9qs3ne/Jc+/yoZGq4kI9BnIqogjStX1
fTVqbxoZtyf4N/GKeUDqHETh0PRPqapsFoA4XUAnsmT3/Z2cvVdMVLs+YHOp39g3
PGeJdbZBlTb3HrV9dhSp3HxrUPEpiypS56YJeEjwq5K8tmPDh1iZIJgOfauC8dsv
KiIWs6nK2GAuE9OBLFKgZTKcfGP1RRkrs4neB+8N1VhukM49aPkdMgEKHPU7kQIz
s5jJ24JVzcIdb1gi363eC9/MTwij/FerPlAK+NJ4jvDQ0Zwo6GvR/olz3N8uV3wW
beyTGDdpvbaSoE84voA26Lo9OWrZ0Rd3oZ8IfDVpCAvY
-----END CERTIFICATE-----