Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/Qv4r9KoCM0llZGGIu0ESO7fsTrk.roa
File:                     Qv4r9KoCM0llZGGIu0ESO7fsTrk.roa (raw, json)
Hash identifier:          2dbd9G4ssUUV7QjZ8jn5D3p3tWBPiALD7SCeLQ3ju+s=
Subject key identifier:   42:FE:2B:F4:AA:02:33:49:65:64:61:88:BB:41:12:3B:B7:EC:4E:B9
Certificate issuer:       /CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
Certificate serial:       01980DA5393956940933F164EE8372299BE5
Authority key identifier: 36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/Qv4r9KoCM0llZGGIu0ESO7fsTrk.roa
Signing time:             Tue 15 Jul 2025 10:33:08 +0000
ROA not before:           Tue 15 Jul 2025 10:33:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6079
IP address blocks:        2a09:dc00::/29 maxlen: 29
                          2a0a:1f40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0d:a5:39:39:56:94:09:33:f1:64:ee:83:72:29:9b:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
        Validity
            Not Before: Jul 15 10:33:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42fe2bf4aa02334965646188bb41123bb7ec4eb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:42:31:83:c0:da:af:a5:a8:c6:29:c6:00:db:
                    b0:96:9a:6d:49:07:86:09:56:b6:09:aa:b8:f1:fb:
                    c5:17:5d:65:a5:d6:1e:76:da:e9:3b:88:bc:d5:88:
                    b0:43:9b:12:f5:11:46:9e:33:43:9d:11:e3:f5:61:
                    6e:46:f1:30:a2:c4:00:22:f6:54:89:c9:99:ac:45:
                    48:c2:78:d5:a6:89:6a:ed:31:28:ac:0f:a1:be:10:
                    a1:6f:83:3a:24:ac:66:7d:32:21:e2:18:c3:6d:93:
                    c0:b5:58:71:a3:4f:08:99:60:d7:6f:db:1d:c2:09:
                    16:4e:2d:06:b5:81:18:e2:8d:68:ab:e1:69:32:70:
                    ab:f7:c6:fb:a0:a3:08:85:d1:f6:51:05:52:28:e9:
                    31:6a:79:ff:31:6c:d0:66:41:af:53:63:9e:28:04:
                    a4:9e:e6:62:51:19:92:c0:79:33:57:e5:4a:ad:b9:
                    7d:22:39:d8:9c:a2:5f:eb:35:74:17:f1:90:7d:58:
                    b8:df:04:5c:d8:a9:09:ed:48:93:8c:e3:68:48:e8:
                    3a:82:44:95:03:af:4b:37:d1:a2:30:cc:da:50:bc:
                    4a:fe:27:7d:9c:67:8c:76:05:4d:0a:19:f5:d8:f5:
                    8b:a0:28:5a:48:0e:51:fb:1d:e6:0c:ba:f8:a3:b7:
                    1e:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:FE:2B:F4:AA:02:33:49:65:64:61:88:BB:41:12:3B:B7:EC:4E:B9
            X509v3 Authority Key Identifier:
                keyid:36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/Qv4r9KoCM0llZGGIu0ESO7fsTrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:dc00::/29
                  2a0a:1f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:0b:d4:3c:4c:09:97:f8:63:85:96:6e:fd:2b:8b:17:14:e1:
         e0:b1:52:84:80:3c:8f:68:d3:6d:f8:84:ac:d6:19:57:c8:fb:
         19:40:71:51:3a:64:95:98:5a:df:19:8d:ca:5f:5e:91:ee:83:
         d6:40:8e:b5:b7:54:43:fb:d3:24:b2:b7:9f:3e:d4:92:68:f2:
         f5:d0:e6:38:66:77:5c:c0:d3:d0:4a:a6:1c:6d:24:d1:d0:d6:
         5f:3b:b5:dc:ee:0b:a2:59:92:df:04:84:2e:ad:8f:8e:55:cf:
         9d:54:62:65:8c:94:f8:23:af:0b:20:1c:6c:0e:8e:c6:8f:b1:
         09:4a:09:9f:76:5a:26:41:5a:52:eb:f9:b4:49:33:05:b1:20:
         12:f3:8a:0f:6e:ab:6b:80:83:a7:82:a8:42:0a:4b:8e:68:19:
         d9:67:d7:a4:70:75:57:78:26:c9:d2:9f:71:3b:db:78:f5:f0:
         41:58:88:c3:32:15:9a:99:0a:11:7f:0d:fc:98:c4:cb:1c:6b:
         bd:89:07:f7:84:af:57:38:33:fb:56:97:3d:19:a9:1b:bc:51:
         4f:ca:ff:8f:3b:1f:85:ae:be:21:29:4b:4a:24:54:ff:93:84:
         78:8d:f6:c7:e7:c6:0a:2f:4b:bd:ac:12:ef:52:45:74:19:3f:
         db:1d:18:3b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZgNpTk5VpQJM/Fk7oNyKZvlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjJmYzJmOGFkOGIwMDgzNTdkYmU2ZjAxOTU5NjBjOWRl
NjFiZDUwHhcNMjUwNzE1MTAzMzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmZlMmJmNGFhMDIzMzQ5NjU2NDYxODhiYjQxMTIzYmI3ZWM0ZWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEIxg8Dar6WoxinGANuwlpptSQeG
CVa2Caq48fvFF11lpdYedtrpO4i81YiwQ5sS9RFGnjNDnRHj9WFuRvEwosQAIvZU
icmZrEVIwnjVpolq7TEorA+hvhChb4M6JKxmfTIh4hjDbZPAtVhxo08ImWDXb9sd
wgkWTi0GtYEY4o1oq+FpMnCr98b7oKMIhdH2UQVSKOkxann/MWzQZkGvU2OeKASk
nuZiURmSwHkzV+VKrbl9IjnYnKJf6zV0F/GQfVi43wRc2KkJ7UiTjONoSOg6gkSV
A69LN9GiMMzaULxK/id9nGeMdgVNChn12PWLoChaSA5R+x3mDLr4o7ceRwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEL+K/SqAjNJZWRhiLtBEju37E65MB8GA1UdIwQY
MBaAFDYi/C+K2LAINX2+bwGVlgyd5hvVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmIt
MDg4MzVkZmY2YzRmLzEvUXY0cjlLb0NNMGxsWkdHSXUwRVNPN2ZzVHJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmItMDg4MzVkZmY2YzRm
LzEvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgncAAMF
AyoKH0AwDQYJKoZIhvcNAQELBQADggEBAEML1DxMCZf4Y4WWbv0rixcU4eCxUoSA
PI9o0234hKzWGVfI+xlAcVE6ZJWYWt8ZjcpfXpHug9ZAjrW3VEP70ySyt58+1JJo
8vXQ5jhmd1zA09BKphxtJNHQ1l87tdzuC6JZkt8EhC6tj45Vz51UYmWMlPgjrwsg
HGwOjsaPsQlKCZ92WiZBWlLr+bRJMwWxIBLzig9uq2uAg6eCqEIKS45oGdln16Rw
dVd4JsnSn3E723j18EFYiMMyFZqZChF/DfyYxMsca72JB/eEr1c4M/tWlz0ZqRu8
UU/K/487H4WuviEpS0okVP+ThHiN9sfnxgovS72sEu9SRXQZP9sdGDs=
-----END CERTIFICATE-----