Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/WZqsy5cO7dJjloQ506LTQaOFLuQ.roa
File:                     WZqsy5cO7dJjloQ506LTQaOFLuQ.roa (raw, json)
Hash identifier:          OqNNG1pDb6+flgGL1XIE/Gqx77rECflsqDJ6jI41QRs=
Subject key identifier:   59:9A:AC:CB:97:0E:ED:D2:63:96:84:39:D3:A2:D3:41:A3:85:2E:E4
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       0197E40E28A81FC5E7A3BC7180DD4600EF83
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/WZqsy5cO7dJjloQ506LTQaOFLuQ.roa
Signing time:             Mon 07 Jul 2025 08:43:42 +0000
ROA not before:           Mon 07 Jul 2025 08:43:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208226
IP address blocks:        2a06:e881:7000::/44 maxlen: 44
                          2a0a:79c0:e00::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 05:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e4:0e:28:a8:1f:c5:e7:a3:bc:71:80:dd:46:00:ef:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jul  7 08:43:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=599aaccb970eedd263968439d3a2d341a3852ee4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b0:b2:2b:e0:9f:31:57:f8:bb:df:93:68:62:
                    48:c8:a0:04:5a:f4:08:de:0a:df:99:73:42:9c:4b:
                    12:7b:47:a8:31:3e:fd:41:66:8a:07:24:0d:41:a9:
                    5e:2e:26:2a:0e:a5:ba:f1:f2:c7:d3:a0:52:c3:75:
                    39:a7:54:62:d7:43:f1:97:b8:7f:79:2b:c5:82:06:
                    43:e7:05:4c:97:6e:27:71:27:12:12:88:eb:f6:74:
                    31:60:fa:64:aa:2c:a6:b4:1a:88:5d:6f:55:74:4c:
                    90:14:79:be:f3:6c:a9:19:87:86:d0:b2:a9:68:e1:
                    15:f5:21:af:f4:bc:0b:e9:41:ba:b9:ea:18:80:98:
                    46:5b:80:af:02:fa:d1:39:13:08:c5:69:77:b9:7c:
                    57:0a:f5:12:b3:11:a5:e5:11:84:93:2c:6e:2b:8f:
                    4d:42:3a:62:a1:10:d2:a5:84:15:0b:21:6f:e2:86:
                    17:fd:e0:71:96:72:e5:6f:47:a8:22:e5:c9:83:7a:
                    61:7c:cd:6d:1f:3a:41:9d:66:26:12:72:e3:2c:1f:
                    ff:2c:72:6c:68:0e:10:8b:6e:c1:78:b2:11:64:49:
                    18:07:4d:c6:c2:62:42:cf:84:01:7c:6a:1f:84:1b:
                    ea:10:0d:9c:d9:14:3d:f4:8d:b6:33:7e:58:36:92:
                    0a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:9A:AC:CB:97:0E:ED:D2:63:96:84:39:D3:A2:D3:41:A3:85:2E:E4
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/WZqsy5cO7dJjloQ506LTQaOFLuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:7000::/44
                  2a0a:79c0:e00::/44

    Signature Algorithm: sha256WithRSAEncryption
         86:b8:1d:ec:47:16:18:5f:3d:e8:a8:15:68:96:38:b5:9c:fc:
         42:86:53:bd:2d:4a:5c:63:db:d6:4b:7f:6e:b2:f2:3e:f0:23:
         06:a1:a2:75:de:ba:22:68:ef:af:ce:7d:20:23:e6:4d:75:45:
         15:cc:e1:f1:e6:d4:fc:50:c3:f2:05:68:ea:25:ba:3b:50:6e:
         0e:7e:63:8e:01:0c:7a:6d:ab:d6:ca:56:7d:ac:ea:a2:7b:87:
         a4:40:00:0d:85:eb:8c:44:1e:29:50:37:49:f4:88:3e:18:f4:
         05:0b:5d:37:8b:82:cc:65:40:be:bc:31:ac:2d:f8:86:2d:1b:
         c0:2f:7d:4f:06:88:4e:a1:13:fb:55:09:4c:ed:88:49:aa:24:
         9b:d1:54:83:6b:da:78:3e:fc:9f:ab:2b:cb:21:d1:50:d0:e2:
         f5:15:17:6c:5f:72:64:85:3f:cd:0d:7e:c1:4a:31:e4:14:1c:
         da:6d:43:ef:e7:5f:18:32:d6:23:d4:df:fa:91:8d:1a:fc:24:
         d0:d7:81:ba:81:b5:d6:69:24:d4:98:90:db:bf:45:e4:95:b7:
         6c:e8:83:e8:c6:c7:4c:44:57:e0:b7:2e:14:32:94:d4:26:db:
         87:fc:74:44:4a:45:d7:dc:bd:ac:16:50:30:a4:2b:59:da:2a:
         b9:db:e0:14
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfkDiioH8Xno7xxgN1GAO+DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjUwNzA3MDg0MzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTlhYWNjYjk3MGVlZGQyNjM5Njg0MzlkM2EyZDM0MWEzODUyZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbCyK+CfMVf4u9+TaGJIyKAEWvQI
3grfmXNCnEsSe0eoMT79QWaKByQNQaleLiYqDqW68fLH06BSw3U5p1Ri10Pxl7h/
eSvFggZD5wVMl24ncScSEojr9nQxYPpkqiymtBqIXW9VdEyQFHm+82ypGYeG0LKp
aOEV9SGv9LwL6UG6ueoYgJhGW4CvAvrRORMIxWl3uXxXCvUSsxGl5RGEkyxuK49N
QjpioRDSpYQVCyFv4oYX/eBxlnLlb0eoIuXJg3phfM1tHzpBnWYmEnLjLB//LHJs
aA4Qi27BeLIRZEkYB03GwmJCz4QBfGofhBvqEA2c2RQ99I22M35YNpIKqwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFmarMuXDu3SY5aEOdOi00GjhS7kMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvV1pxc3k1Y083ZEpqbG9RNTA2TFRRYU9GTHVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgbogXAA
AwcEKgp5wA4AMA0GCSqGSIb3DQEBCwUAA4IBAQCGuB3sRxYYXz3oqBVolji1nPxC
hlO9LUpcY9vWS39usvI+8CMGoaJ13roiaO+vzn0gI+ZNdUUVzOHx5tT8UMPyBWjq
Jbo7UG4OfmOOAQx6bavWylZ9rOqie4ekQAANheuMRB4pUDdJ9Ig+GPQFC103i4LM
ZUC+vDGsLfiGLRvAL31PBohOoRP7VQlM7YhJqiSb0VSDa9p4PvyfqyvLIdFQ0OL1
FRdsX3JkhT/NDX7BSjHkFBzabUPv518YMtYj1N/6kY0a/CTQ14G6gbXWaSTUmJDb
v0Xklbds6IPoxsdMRFfgty4UMpTUJtuH/HRESkXX3L2sFlAwpCtZ2iq52+AU
-----END CERTIFICATE-----