Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/qSF6nwyAcZBKbsVy6zwrTyHF9ws.roa
File:                     qSF6nwyAcZBKbsVy6zwrTyHF9ws.roa (raw, json)
Hash identifier:          FzvxNu1aICu/wHepWcUI8Z/WUlyAt8TsVejD9JLPlv8=
Subject key identifier:   A9:21:7A:9F:0C:80:71:90:4A:6E:C5:72:EB:3C:2B:4F:21:C5:F7:0B
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       0197EB0C6AE1A5B68E8CD64A6FAE561B95A3
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/qSF6nwyAcZBKbsVy6zwrTyHF9ws.roa
Signing time:             Tue 08 Jul 2025 17:19:08 +0000
ROA not before:           Tue 08 Jul 2025 17:19:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        2a09:e1c1:f000::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:eb:0c:6a:e1:a5:b6:8e:8c:d6:4a:6f:ae:56:1b:95:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jul  8 17:19:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9217a9f0c8071904a6ec572eb3c2b4f21c5f70b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:46:5e:ff:ca:7c:d3:fd:9e:16:a2:cc:87:b8:
                    f2:30:f2:0e:41:70:56:42:96:17:38:a0:fd:4b:f6:
                    6f:0b:fb:e9:5e:be:ca:8f:8d:a6:b3:8a:f2:b3:9c:
                    07:d7:a1:94:07:8a:09:27:fe:54:24:82:9e:19:72:
                    fa:f4:79:0b:1e:8f:ac:50:33:3c:0b:c1:d7:b6:6b:
                    ed:dc:30:58:52:02:69:f2:08:2f:4d:e3:9c:d5:c0:
                    6e:2c:ac:ab:81:3c:22:55:b8:7c:16:f9:b8:bb:6c:
                    f6:7c:b6:b3:be:b3:15:0f:37:42:c5:16:92:79:0f:
                    c1:eb:78:52:bf:84:76:cb:46:1f:b5:90:40:a9:34:
                    56:0b:ee:3d:a5:b7:26:be:46:c7:1e:68:45:95:d0:
                    43:c1:8b:9e:9b:9c:3d:50:72:45:cb:7e:d5:a1:22:
                    96:1f:14:ae:64:09:29:59:6c:db:93:38:29:c4:a5:
                    71:a1:1d:49:dc:cd:02:98:1e:94:9b:1d:71:bd:5a:
                    ea:6d:4a:4d:15:45:59:46:8b:28:fb:04:0a:42:d4:
                    3e:db:02:4d:e2:a1:02:b2:39:90:db:88:8e:62:01:
                    17:fe:92:46:6d:23:4b:c4:a4:d2:4d:ae:16:0a:e6:
                    fd:cc:4a:7b:3d:f5:0b:c2:b0:da:36:cb:ce:3c:86:
                    a5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:21:7A:9F:0C:80:71:90:4A:6E:C5:72:EB:3C:2B:4F:21:C5:F7:0B
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/qSF6nwyAcZBKbsVy6zwrTyHF9ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e1c1:f000::/44

    Signature Algorithm: sha256WithRSAEncryption
         1e:79:d0:ab:40:57:07:77:94:f8:bd:57:e1:dd:64:e9:3f:7f:
         87:32:db:69:69:d5:1c:01:07:19:0d:96:96:15:91:f3:86:6b:
         7d:03:09:b6:5e:eb:b5:a8:de:71:1f:60:90:3e:10:8e:19:4b:
         3b:a9:6c:c9:75:b4:25:ae:0d:38:bb:7a:37:f6:24:e0:92:fa:
         d4:08:56:2a:ab:e7:b9:2f:fd:eb:49:d6:d3:49:02:86:b5:60:
         da:9d:a9:5d:af:ef:0f:2b:c8:ab:9e:51:0d:ed:f2:1b:3d:26:
         59:14:d9:b6:a4:5a:63:ef:3a:e2:8c:d5:8a:b8:9d:a3:b4:1a:
         1e:ab:17:11:15:8b:1b:f3:3f:cb:f2:e3:c1:29:87:ee:e0:95:
         91:8d:6d:34:7d:c5:83:51:cf:0f:05:40:03:c6:88:65:df:ab:
         46:57:cb:8e:19:48:9d:be:60:80:c6:19:06:c9:ec:b1:cb:2a:
         72:33:b5:73:07:53:51:bf:b9:cf:e6:46:de:7a:20:f3:1b:7a:
         1c:cc:83:43:f8:64:28:b4:fd:0c:ae:ff:5e:09:f5:f5:68:93:
         6f:31:fa:62:e8:5e:47:e0:51:b6:bc:31:46:d8:25:35:df:6f:
         8d:df:a1:93:c8:3c:62:de:36:c3:54:63:04:48:cf:22:49:9d:
         5c:0b:73:6c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZfrDGrhpbaOjNZKb65WG5WjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwNzA4MTcxOTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTIxN2E5ZjBjODA3MTkwNGE2ZWM1NzJlYjNjMmI0ZjIxYzVmNzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Ze/8p80/2eFqLMh7jyMPIOQXBW
QpYXOKD9S/ZvC/vpXr7Kj42ms4rys5wH16GUB4oJJ/5UJIKeGXL69HkLHo+sUDM8
C8HXtmvt3DBYUgJp8ggvTeOc1cBuLKyrgTwiVbh8Fvm4u2z2fLazvrMVDzdCxRaS
eQ/B63hSv4R2y0YftZBAqTRWC+49pbcmvkbHHmhFldBDwYuem5w9UHJFy37VoSKW
HxSuZAkpWWzbkzgpxKVxoR1J3M0CmB6Umx1xvVrqbUpNFUVZRoso+wQKQtQ+2wJN
4qECsjmQ24iOYgEX/pJGbSNLxKTSTa4WCub9zEp7PfULwrDaNsvOPIalxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKkhep8MgHGQSm7Fcus8K08hxfcLMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvcVNGNm53eUFjWkJLYnNWeTZ6d3JUeUhGOXdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgnhwfAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAeedCrQFcHd5T4vVfh3WTpP3+HMttpadUcAQcZ
DZaWFZHzhmt9Awm2Xuu1qN5xH2CQPhCOGUs7qWzJdbQlrg04u3o39iTgkvrUCFYq
q+e5L/3rSdbTSQKGtWDanaldr+8PK8irnlEN7fIbPSZZFNm2pFpj7zrijNWKuJ2j
tBoeqxcRFYsb8z/L8uPBKYfu4JWRjW00fcWDUc8PBUADxohl36tGV8uOGUidvmCA
xhkGyeyxyypyM7VzB1NRv7nP5kbeeiDzG3oczIND+GQotP0Mrv9eCfX1aJNvMfpi
6F5H4FG2vDFG2CU132+N36GTyDxi3jbDVGMESM8iSZ1cC3Ns
-----END CERTIFICATE-----