Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/7b2fcc-ebc9-4b02-b716-f80d5f31664e/1/qdMXO5dxGNkyeRydnMIi_ZzZAVs.roa
File:                     qdMXO5dxGNkyeRydnMIi_ZzZAVs.roa (raw, json)
Hash identifier:          emXh4czyfau1VXJaPAfpRR7uc8vhZu0P1DoeRXNpxPQ=
Subject key identifier:   A9:D3:17:3B:97:71:18:D9:32:79:1C:9D:9C:C2:22:FD:9C:D9:01:5B
Certificate issuer:       /CN=635e170d9b07c50d1b29ae8696206cb145a4f1f7
Certificate serial:       01999560568905B557C6DF99876A3421582B
Authority key identifier: 63:5E:17:0D:9B:07:C5:0D:1B:29:AE:86:96:20:6C:B1:45:A4:F1:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y14XDZsHxQ0bKa6GliBssUWk8fc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/7b2fcc-ebc9-4b02-b716-f80d5f31664e/1/qdMXO5dxGNkyeRydnMIi_ZzZAVs.roa
Signing time:             Mon 29 Sep 2025 12:09:02 +0000
ROA not before:           Mon 29 Sep 2025 12:09:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21013
IP address blocks:        195.248.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/7b2fcc-ebc9-4b02-b716-f80d5f31664e/1/Y14XDZsHxQ0bKa6GliBssUWk8fc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/7b2fcc-ebc9-4b02-b716-f80d5f31664e/1/Y14XDZsHxQ0bKa6GliBssUWk8fc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y14XDZsHxQ0bKa6GliBssUWk8fc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:95:60:56:89:05:b5:57:c6:df:99:87:6a:34:21:58:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=635e170d9b07c50d1b29ae8696206cb145a4f1f7
        Validity
            Not Before: Sep 29 12:09:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9d3173b977118d932791c9d9cc222fd9cd9015b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:be:79:59:c7:18:5f:4b:ac:23:e9:85:90:2a:
                    04:57:da:2e:98:f1:7f:c3:ad:5e:3a:d7:e9:e6:71:
                    be:f7:1b:6e:70:47:a9:b9:fd:9a:c4:9b:24:0a:de:
                    5a:83:cc:f9:17:7b:06:c4:b0:73:ec:38:d2:b0:14:
                    53:89:7e:1d:0c:66:d2:ed:9a:6a:49:e7:df:83:38:
                    ca:66:2d:5a:9e:a9:34:c5:f2:55:d0:ec:71:a2:18:
                    c0:2a:66:a9:c2:07:ca:8d:9d:dc:1f:c5:58:d9:5b:
                    a6:15:c4:1d:7b:eb:a9:b6:1a:6f:63:91:49:ba:14:
                    c1:6f:0d:f7:7e:dc:eb:bf:5a:16:f1:87:9a:e7:e8:
                    05:4e:30:1b:5e:24:66:41:2b:ad:48:94:ae:68:fd:
                    11:f5:7d:79:58:2a:2c:c4:e0:9d:ad:ec:ee:16:0d:
                    e8:f1:00:1c:13:8f:91:4b:40:f2:b9:7b:be:72:50:
                    33:2a:40:1d:5f:c0:23:9c:c9:a4:ab:d4:23:7f:6f:
                    99:f9:4d:f9:3d:e4:7f:bd:ef:3f:e9:7c:69:8e:d6:
                    66:4b:bb:5f:84:73:a0:fd:bc:38:6d:17:8a:05:b9:
                    1b:cc:76:8b:21:06:88:31:10:aa:95:65:57:e1:04:
                    f0:97:6d:aa:41:d6:7d:ea:27:18:06:bd:1a:a7:1e:
                    ef:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:D3:17:3B:97:71:18:D9:32:79:1C:9D:9C:C2:22:FD:9C:D9:01:5B
            X509v3 Authority Key Identifier:
                keyid:63:5E:17:0D:9B:07:C5:0D:1B:29:AE:86:96:20:6C:B1:45:A4:F1:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y14XDZsHxQ0bKa6GliBssUWk8fc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/7b2fcc-ebc9-4b02-b716-f80d5f31664e/1/qdMXO5dxGNkyeRydnMIi_ZzZAVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/7b2fcc-ebc9-4b02-b716-f80d5f31664e/1/Y14XDZsHxQ0bKa6GliBssUWk8fc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:a6:73:e3:ed:ba:85:d0:20:68:b7:ac:c8:6f:57:ee:d6:06:
         dd:8a:53:cd:b6:43:31:38:80:59:26:e4:f1:58:16:fa:44:57:
         61:69:6c:46:d0:ba:65:82:0c:5f:bd:77:14:e1:fa:77:11:4a:
         f1:ac:14:85:1e:54:7e:61:68:c6:af:c1:99:ac:35:80:ad:f9:
         f2:90:e0:87:aa:6b:3d:0d:ed:24:b7:b3:94:f9:4f:60:fa:83:
         db:b3:75:4e:2d:12:6e:a1:71:63:97:dd:41:38:17:64:ae:24:
         9b:40:98:66:69:48:b8:36:e2:fb:26:21:38:4e:8c:6d:35:fe:
         d1:23:31:77:9e:8f:8f:a3:d3:3e:d7:da:5c:d5:36:6b:04:ec:
         01:93:57:4d:df:30:b2:ec:95:2c:8d:3b:2e:11:2d:fd:35:95:
         df:5c:3d:39:af:d8:15:25:4d:cb:f4:b4:db:12:6c:00:0b:81:
         01:8f:d5:c2:ea:a0:05:35:10:3a:14:ed:e3:b4:1b:44:3f:89:
         cb:c9:27:e6:f9:c9:94:a5:62:f0:4d:ce:38:aa:a3:ea:cb:94:
         e7:89:72:6a:d6:f9:ca:64:0a:40:07:51:8f:c6:84:1c:61:0b:
         51:11:c6:f2:51:ab:a1:bd:ea:30:1d:25:25:78:8c:3a:18:57:
         1c:ee:e6:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmVYFaJBbVXxt+Zh2o0IVgrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNWUxNzBkOWIwN2M1MGQxYjI5YWU4Njk2MjA2Y2IxNDVh
NGYxZjcwHhcNMjUwOTI5MTIwOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWQzMTczYjk3NzExOGQ5MzI3OTFjOWQ5Y2MyMjJmZDljZDkwMTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr755WccYX0usI+mFkCoEV9oumPF/
w61eOtfp5nG+9xtucEepuf2axJskCt5ag8z5F3sGxLBz7DjSsBRTiX4dDGbS7Zpq
SeffgzjKZi1anqk0xfJV0OxxohjAKmapwgfKjZ3cH8VY2VumFcQde+upthpvY5FJ
uhTBbw33ftzrv1oW8Yea5+gFTjAbXiRmQSutSJSuaP0R9X15WCosxOCdrezuFg3o
8QAcE4+RS0DyuXu+clAzKkAdX8AjnMmkq9Qjf2+Z+U35PeR/ve8/6XxpjtZmS7tf
hHOg/bw4bReKBbkbzHaLIQaIMRCqlWVX4QTwl22qQdZ96icYBr0apx7veQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKnTFzuXcRjZMnkcnZzCIv2c2QFbMB8GA1UdIwQY
MBaAFGNeFw2bB8UNGymuhpYgbLFFpPH3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTE0WERac0h4UTBiS2E2R2xpQnNzVVdrOGZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS83YjJmY2MtZWJjOS00YjAyLWI3MTYt
ZjgwZDVmMzE2NjRlLzEvcWRNWE81ZHhHTmt5ZVJ5ZG5NSWlfWnpaQVZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS83YjJmY2MtZWJjOS00YjAyLWI3MTYtZjgwZDVmMzE2NjRl
LzEvWTE0WERac0h4UTBiS2E2R2xpQnNzVVdrOGZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/hVMA0G
CSqGSIb3DQEBCwUAA4IBAQC/pnPj7bqF0CBot6zIb1fu1gbdilPNtkMxOIBZJuTx
WBb6RFdhaWxG0LplggxfvXcU4fp3EUrxrBSFHlR+YWjGr8GZrDWArfnykOCHqms9
De0kt7OU+U9g+oPbs3VOLRJuoXFjl91BOBdkriSbQJhmaUi4NuL7JiE4ToxtNf7R
IzF3no+Po9M+19pc1TZrBOwBk1dN3zCy7JUsjTsuES39NZXfXD05r9gVJU3L9LTb
EmwAC4EBj9XC6qAFNRA6FO3jtBtEP4nLySfm+cmUpWLwTc44qqPqy5TniXJq1vnK
ZApAB1GPxoQcYQtREcbyUauhveowHSUleIw6GFcc7ubD
-----END CERTIFICATE-----