Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/qa2CW4uODzDkm2CmPACzVMfywlo.roa
File:                     qa2CW4uODzDkm2CmPACzVMfywlo.roa (raw, json)
Hash identifier:          hm7X8GWW08mhXHAmgZF26ZoPtjwf8VScQbQBIGqBTN0=
Subject key identifier:   A9:AD:82:5B:8B:8E:0F:30:E4:9B:60:A6:3C:00:B3:54:C7:F2:C2:5A
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       0198277798B4D755EDD8186ECCC4825035EC
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/qa2CW4uODzDkm2CmPACzVMfywlo.roa
Signing time:             Sun 20 Jul 2025 10:53:25 +0000
ROA not before:           Sun 20 Jul 2025 10:53:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206604
IP address blocks:        2a0d:d940:70::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:27:77:98:b4:d7:55:ed:d8:18:6e:cc:c4:82:50:35:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Jul 20 10:53:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9ad825b8b8e0f30e49b60a63c00b354c7f2c25a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ea:52:96:40:1f:3f:a8:f3:22:79:6e:ac:fd:
                    0d:b7:56:59:16:86:3d:e5:4b:9a:d3:14:40:ef:c1:
                    52:e1:df:94:27:84:88:29:77:21:96:a5:60:0b:24:
                    38:7a:cd:25:8e:f0:c7:09:ab:49:f9:81:dc:96:f8:
                    64:89:56:fe:e6:6b:fb:3d:97:77:92:bf:b5:83:1b:
                    c9:8d:f9:91:48:b9:19:0e:98:00:78:ab:66:51:66:
                    4c:b0:fd:e8:17:de:5f:c3:20:4f:d4:a3:b4:32:10:
                    c8:84:59:66:98:35:c3:36:3a:c2:77:5d:6f:21:4e:
                    58:08:e3:99:d9:66:5c:fc:f8:0c:b2:ff:c3:3a:f8:
                    ed:8a:81:28:87:67:fa:2c:0a:d2:67:a3:98:f7:82:
                    52:6b:d2:af:bd:73:70:d4:f7:e1:7e:d7:46:41:19:
                    84:18:03:8b:83:0c:80:38:26:cf:54:39:4e:ae:df:
                    f6:04:b2:6f:f4:51:7e:3b:dd:3e:3b:68:db:79:13:
                    19:88:2e:dd:16:a9:ea:6f:d0:02:4a:7e:4b:a0:8e:
                    41:a8:21:a5:d5:e2:bd:8d:2b:3b:eb:c8:71:f5:56:
                    3e:6f:96:14:a3:bb:65:6f:15:e1:21:60:81:fe:5d:
                    a5:53:ff:93:26:ea:1a:a2:0e:59:ff:cc:eb:01:b3:
                    57:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:AD:82:5B:8B:8E:0F:30:E4:9B:60:A6:3C:00:B3:54:C7:F2:C2:5A
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/qa2CW4uODzDkm2CmPACzVMfywlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:70::/44

    Signature Algorithm: sha256WithRSAEncryption
         87:24:87:2b:c2:e3:53:07:7a:74:02:fb:72:f8:e8:0f:dc:cf:
         6d:67:8c:15:35:12:7c:b2:74:25:04:98:0e:dc:b5:82:94:70:
         cd:ff:5f:69:11:09:36:e8:b5:13:e5:ff:34:24:c8:7e:9a:b3:
         40:48:e8:71:a7:7e:ef:90:bb:4e:26:0f:ac:dd:98:7d:01:cb:
         60:56:79:49:10:59:5e:09:43:ec:2d:52:fc:e3:c4:bb:6b:7d:
         e7:b6:8c:4f:70:70:54:a0:e0:7b:5b:1a:79:86:f4:b3:9d:86:
         35:09:3a:c8:dc:c5:17:09:25:b9:5a:8b:d1:d3:79:64:c9:7d:
         2d:ca:a6:a7:ec:96:47:32:41:3e:b6:aa:60:b4:a2:be:dd:5f:
         b2:f3:ef:e4:4f:18:e0:b5:2e:19:ba:56:76:22:26:df:14:31:
         41:43:c2:7f:f3:2c:31:23:d2:ae:1d:35:8f:fc:ba:b7:ee:46:
         35:14:d6:ba:64:60:8e:bc:7f:04:3d:68:0d:57:a2:98:65:42:
         8c:42:97:43:c7:bd:8d:37:b6:1d:6d:c4:8a:b1:9d:b4:45:cd:
         34:00:0a:b1:4b:e0:f3:ef:78:6f:a0:97:db:fe:8e:97:45:8a:
         25:21:61:8a:14:ce:b8:c9:1f:40:bd:1b:d1:3b:88:db:49:64:
         39:8d:ae:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgnd5i011Xt2BhuzMSCUDXsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwNzIwMTA1MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWFkODI1YjhiOGUwZjMwZTQ5YjYwYTYzYzAwYjM1NGM3ZjJjMjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuepSlkAfP6jzInlurP0Nt1ZZFoY9
5Uua0xRA78FS4d+UJ4SIKXchlqVgCyQ4es0ljvDHCatJ+YHclvhkiVb+5mv7PZd3
kr+1gxvJjfmRSLkZDpgAeKtmUWZMsP3oF95fwyBP1KO0MhDIhFlmmDXDNjrCd11v
IU5YCOOZ2WZc/PgMsv/DOvjtioEoh2f6LArSZ6OY94JSa9KvvXNw1PfhftdGQRmE
GAOLgwyAOCbPVDlOrt/2BLJv9FF+O90+O2jbeRMZiC7dFqnqb9ACSn5LoI5BqCGl
1eK9jSs768hx9VY+b5YUo7tlbxXhIWCB/l2lU/+TJuoaog5Z/8zrAbNXvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKmtgluLjg8w5JtgpjwAs1TH8sJaMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvcWEyQ1c0dU9EekRrbTJDbVBBQ3pWTWZ5d2xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg3ZQABw
MA0GCSqGSIb3DQEBCwUAA4IBAQCHJIcrwuNTB3p0Avty+OgP3M9tZ4wVNRJ8snQl
BJgO3LWClHDN/19pEQk26LUT5f80JMh+mrNASOhxp37vkLtOJg+s3Zh9ActgVnlJ
EFleCUPsLVL848S7a33ntoxPcHBUoOB7Wxp5hvSznYY1CTrI3MUXCSW5WovR03lk
yX0tyqan7JZHMkE+tqpgtKK+3V+y8+/kTxjgtS4ZulZ2IibfFDFBQ8J/8ywxI9Ku
HTWP/Lq37kY1FNa6ZGCOvH8EPWgNV6KYZUKMQpdDx72NN7YdbcSKsZ20Rc00AAqx
S+Dz73hvoJfb/o6XRYolIWGKFM64yR9AvRvRO4jbSWQ5ja7T
-----END CERTIFICATE-----