Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/PRQLZdsK1DQs1qv6M77wqTY-8gE.roa
File:                     PRQLZdsK1DQs1qv6M77wqTY-8gE.roa (raw, json)
Hash identifier:          kluODCNS9Ohs7cHGK+NxzDBwM4XzNPkjizB01UMfLag=
Subject key identifier:   3D:14:0B:65:DB:0A:D4:34:2C:D6:AB:FA:33:BE:F0:A9:36:3E:F2:01
Certificate issuer:       /CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
Certificate serial:       019807F3B45439DA449A4484DD3E2E84F1EF
Authority key identifier: EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/PRQLZdsK1DQs1qv6M77wqTY-8gE.roa
Signing time:             Mon 14 Jul 2025 08:01:08 +0000
ROA not before:           Mon 14 Jul 2025 08:01:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204093
IP address blocks:        2a0a:db80::/29 maxlen: 40
                          2a0a:db80::/48 maxlen: 48
                          2a0a:db80:f00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:07:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:07:f3:b4:54:39:da:44:9a:44:84:dd:3e:2e:84:f1:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
        Validity
            Not Before: Jul 14 08:01:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d140b65db0ad4342cd6abfa33bef0a9363ef201
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:bf:f9:3a:fb:ca:68:92:48:29:a1:57:e6:d3:
                    35:52:a1:46:06:52:a2:6a:14:9c:2b:6b:80:09:89:
                    13:dd:12:7f:3d:21:c9:f0:75:77:67:ed:5b:6b:84:
                    17:10:1e:d2:a3:0e:03:c0:f3:d0:e7:0a:fb:4d:7a:
                    d6:c6:da:9f:44:a9:ea:67:17:d5:55:b6:7d:3d:a2:
                    bb:f5:b5:41:5c:c9:aa:4d:3a:9c:11:f8:6c:02:75:
                    5c:b4:d0:4e:b4:c7:55:84:8d:52:1e:8f:c1:37:6a:
                    f9:7e:d8:40:97:d7:3b:cf:c6:78:68:80:59:ad:ea:
                    51:c6:a7:d0:8f:c0:c4:c4:21:81:01:7c:51:42:c1:
                    00:bc:2a:04:a3:2c:ac:aa:40:d6:b8:ec:f2:d2:b7:
                    21:d4:9a:ec:d8:67:71:be:55:ca:04:09:28:53:45:
                    05:1b:94:59:45:17:5b:7a:24:dc:2e:20:58:57:22:
                    b8:6f:59:a9:e0:27:72:c0:ec:91:84:68:e8:7c:7c:
                    5b:41:84:b1:2f:b5:17:1b:75:9e:09:ed:f1:c4:9b:
                    17:19:d8:0e:d5:d2:6a:ca:00:f6:c9:13:e0:f4:41:
                    e9:25:9a:d5:c5:9a:04:2c:c8:10:52:1c:e5:e1:ff:
                    39:3f:e3:84:94:4d:1f:30:9d:33:df:13:34:7b:c9:
                    f4:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:14:0B:65:DB:0A:D4:34:2C:D6:AB:FA:33:BE:F0:A9:36:3E:F2:01
            X509v3 Authority Key Identifier:
                keyid:EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/PRQLZdsK1DQs1qv6M77wqTY-8gE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:db80::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:a6:3c:f6:3c:87:e5:86:b1:52:da:13:01:f6:80:58:97:51:
         c1:a4:bc:c0:88:10:38:6a:e3:a7:0a:67:c1:e5:55:ec:63:f1:
         b8:3a:50:30:20:4c:b0:3e:c7:e0:0d:86:8d:3e:83:57:cb:33:
         b8:0d:32:a7:d5:6c:cf:0f:2c:3e:43:f7:66:1d:23:0a:94:d1:
         da:e7:81:43:14:da:44:0a:c3:6c:54:45:42:c4:26:53:93:58:
         3e:26:7a:55:9d:04:77:d2:85:55:96:6e:de:29:46:e9:a3:44:
         47:57:e2:15:23:e7:92:bc:ba:bb:1a:7b:c7:c4:6b:f8:e5:e5:
         9e:5f:be:1e:cc:f2:e7:43:79:59:9c:26:f6:9f:04:e1:f6:58:
         66:1c:f4:04:ce:59:5f:0f:7b:81:b8:4c:f6:d9:c7:cb:33:5a:
         70:17:62:33:bd:73:11:6a:1b:d1:a9:82:02:13:c4:cb:67:b0:
         2e:6c:a8:65:fb:68:70:37:14:6e:f3:4b:d3:9d:df:cb:0f:4e:
         34:ef:9f:dc:b4:68:d0:79:24:64:d9:b8:24:49:b2:01:d3:a3:
         9e:07:81:a6:e9:c0:3f:85:8a:72:a4:72:08:a7:25:c9:14:51:
         05:5c:25:c6:35:57:1a:55:ab:95:f6:02:97:75:10:82:12:f2:
         2d:cf:56:2e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZgH87RUOdpEmkSE3T4uhPHvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNmI0MjAyMTg4NmQ4ZWVkYmFlOTBkOWU2YWIxZGU1MzNj
NTBkMjAwHhcNMjUwNzE0MDgwMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDE0MGI2NWRiMGFkNDM0MmNkNmFiZmEzM2JlZjBhOTM2M2VmMjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqr/5OvvKaJJIKaFX5tM1UqFGBlKi
ahScK2uACYkT3RJ/PSHJ8HV3Z+1ba4QXEB7Sow4DwPPQ5wr7TXrWxtqfRKnqZxfV
VbZ9PaK79bVBXMmqTTqcEfhsAnVctNBOtMdVhI1SHo/BN2r5fthAl9c7z8Z4aIBZ
repRxqfQj8DExCGBAXxRQsEAvCoEoyysqkDWuOzy0rch1Jrs2GdxvlXKBAkoU0UF
G5RZRRdbeiTcLiBYVyK4b1mp4CdywOyRhGjofHxbQYSxL7UXG3WeCe3xxJsXGdgO
1dJqygD2yRPg9EHpJZrVxZoELMgQUhzl4f85P+OElE0fMJ0z3xM0e8n0uQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD0UC2XbCtQ0LNar+jO+8Kk2PvIBMB8GA1UdIwQY
MBaAFOxrQgIYhtju266Q2earHeUzxQ0gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQt
YTY4NzNiMzc0ZTI2LzEvUFJRTFpkc0sxRFFzMXF2Nk03N3dxVFktOGdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQtYTY4NzNiMzc0ZTI2
LzEvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgrbgDAN
BgkqhkiG9w0BAQsFAAOCAQEAQaY89jyH5YaxUtoTAfaAWJdRwaS8wIgQOGrjpwpn
weVV7GPxuDpQMCBMsD7H4A2GjT6DV8szuA0yp9Vszw8sPkP3Zh0jCpTR2ueBQxTa
RArDbFRFQsQmU5NYPiZ6VZ0Ed9KFVZZu3ilG6aNER1fiFSPnkry6uxp7x8Rr+OXl
nl++Hszy50N5WZwm9p8E4fZYZhz0BM5ZXw97gbhM9tnHyzNacBdiM71zEWob0amC
AhPEy2ewLmyoZftocDcUbvNL053fyw9ONO+f3LRo0HkkZNm4JEmyAdOjngeBpunA
P4WKcqRyCKclyRRRBVwlxjVXGlWrlfYCl3UQghLyLc9WLg==
-----END CERTIFICATE-----