Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/qfkl4ugDwVER8WWCfmspxbN_99Q.roa
File:                     qfkl4ugDwVER8WWCfmspxbN_99Q.roa (raw, json)
Hash identifier:          Hk6Dp+LsA1AjgFfnUQPOphNg3N7O/mK1D22CLXcTXWU=
Subject key identifier:   A9:F9:25:E2:E8:03:C1:51:11:F1:65:82:7E:6B:29:C5:B3:7F:F7:D4
Certificate issuer:       /CN=c65613d5999f3632985ed89a02efaabd1890ba09
Certificate serial:       0198A34F5EDB4AB2BC444E9E20CA3E9FDFA0
Authority key identifier: C6:56:13:D5:99:9F:36:32:98:5E:D8:9A:02:EF:AA:BD:18:90:BA:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xlYT1ZmfNjKYXtiaAu-qvRiQugk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/qfkl4ugDwVER8WWCfmspxbN_99Q.roa
Signing time:             Wed 13 Aug 2025 12:02:24 +0000
ROA not before:           Wed 13 Aug 2025 12:02:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215980
IP address blocks:        2a14:8100:f300::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/xlYT1ZmfNjKYXtiaAu-qvRiQugk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/xlYT1ZmfNjKYXtiaAu-qvRiQugk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xlYT1ZmfNjKYXtiaAu-qvRiQugk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 08:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a3:4f:5e:db:4a:b2:bc:44:4e:9e:20:ca:3e:9f:df:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c65613d5999f3632985ed89a02efaabd1890ba09
        Validity
            Not Before: Aug 13 12:02:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9f925e2e803c15111f165827e6b29c5b37ff7d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c9:0a:e6:98:e8:4d:5d:07:3b:93:02:bc:02:
                    be:db:4e:4b:7a:51:f3:bb:b0:14:f9:8a:d2:1d:c2:
                    71:27:de:5a:4a:47:4b:21:08:cb:12:50:18:e4:2a:
                    c4:0c:b8:ba:5e:4c:bd:97:1f:62:04:e1:f6:5c:71:
                    e9:9d:01:a8:ab:c0:ca:e1:3b:dc:3d:6f:30:66:e7:
                    d3:c3:82:af:81:52:a2:ee:a6:5b:14:64:cd:ec:1a:
                    c4:c5:99:81:83:bc:71:a8:07:54:26:fc:5b:dc:97:
                    35:8f:61:d8:ee:5f:e8:77:09:70:39:97:43:fb:d6:
                    41:d2:e5:6a:23:3a:8d:46:67:6c:e4:5d:db:7c:28:
                    48:af:9d:0d:88:27:fc:7e:9a:e5:9b:10:0a:45:3e:
                    41:19:65:3a:5c:d5:24:97:2f:a6:21:7c:60:63:a0:
                    9a:a9:bb:b1:ea:e5:9e:c8:08:49:b4:7d:79:20:ee:
                    10:78:df:32:04:a8:a0:d7:00:fc:8e:49:e5:26:50:
                    34:89:ff:bc:5b:ea:94:e0:2f:6d:ef:3d:ab:92:a2:
                    a5:d7:b9:c2:37:94:17:61:03:69:90:99:c0:af:6b:
                    73:35:b9:03:fe:a2:84:13:a3:7f:52:5d:7a:d4:bd:
                    af:4b:27:73:c6:89:32:d5:a8:17:85:19:0a:ad:40:
                    48:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:F9:25:E2:E8:03:C1:51:11:F1:65:82:7E:6B:29:C5:B3:7F:F7:D4
            X509v3 Authority Key Identifier:
                keyid:C6:56:13:D5:99:9F:36:32:98:5E:D8:9A:02:EF:AA:BD:18:90:BA:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xlYT1ZmfNjKYXtiaAu-qvRiQugk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/qfkl4ugDwVER8WWCfmspxbN_99Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/3d8aac-d398-43ab-9c3e-650992f2a174/1/xlYT1ZmfNjKYXtiaAu-qvRiQugk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:8100:f300::/44

    Signature Algorithm: sha256WithRSAEncryption
         3d:61:55:20:11:12:c5:33:9d:be:ef:35:2e:d9:85:6a:7a:13:
         1b:62:47:1b:4d:4a:b1:42:2c:87:77:d9:1e:8d:45:76:7f:51:
         c8:c1:4c:6e:3f:d4:51:d9:22:53:42:0a:fd:87:12:22:0d:ba:
         76:23:f3:6f:ba:fd:b9:95:b8:65:de:b8:be:fa:20:3c:c1:a7:
         fb:d0:43:5c:b2:e6:e1:6a:e1:a7:89:a1:df:13:95:40:d9:ea:
         90:17:ff:63:89:eb:a1:44:5a:ae:3f:28:59:39:23:b0:8c:ee:
         7c:a4:7b:92:7a:82:5a:78:cc:d9:23:48:f2:af:b0:9c:d3:11:
         5a:af:7f:ba:b8:b6:47:ab:b4:13:d4:7f:1f:5d:75:26:df:b3:
         c4:f0:ba:ba:88:d0:0f:0a:f8:c9:cf:8e:4c:5b:0b:50:84:88:
         01:b5:5e:d9:3e:4c:7f:50:74:52:d6:e8:6e:7c:ca:d9:ff:dd:
         fd:23:24:94:ec:b8:b8:9f:61:32:13:c3:dd:c8:f5:e0:1f:8b:
         5e:63:d6:4e:4a:e8:92:78:2b:31:b7:ad:d1:ad:a3:eb:31:dc:
         19:c1:5e:2c:c2:92:f0:d9:12:dc:70:37:85:57:25:5a:ad:85:
         16:ee:4a:bb:16:68:c3:b8:e2:d8:24:4f:76:75:3e:87:50:bd:
         aa:7c:55:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZijT17bSrK8RE6eIMo+n9+gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NTYxM2Q1OTk5ZjM2MzI5ODVlZDg5YTAyZWZhYWJkMTg5
MGJhMDkwHhcNMjUwODEzMTIwMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWY5MjVlMmU4MDNjMTUxMTFmMTY1ODI3ZTZiMjljNWIzN2ZmN2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsckK5pjoTV0HO5MCvAK+205LelHz
u7AU+YrSHcJxJ95aSkdLIQjLElAY5CrEDLi6Xky9lx9iBOH2XHHpnQGoq8DK4Tvc
PW8wZufTw4KvgVKi7qZbFGTN7BrExZmBg7xxqAdUJvxb3Jc1j2HY7l/odwlwOZdD
+9ZB0uVqIzqNRmds5F3bfChIr50NiCf8fprlmxAKRT5BGWU6XNUkly+mIXxgY6Ca
qbux6uWeyAhJtH15IO4QeN8yBKig1wD8jknlJlA0if+8W+qU4C9t7z2rkqKl17nC
N5QXYQNpkJnAr2tzNbkD/qKEE6N/Ul161L2vSydzxoky1agXhRkKrUBIoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKn5JeLoA8FREfFlgn5rKcWzf/fUMB8GA1UdIwQY
MBaAFMZWE9WZnzYymF7YmgLvqr0YkLoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGxZVDFabWZOaktZWHRpYUF1LXF2UmlRdWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8zZDhhYWMtZDM5OC00M2FiLTljM2Ut
NjUwOTkyZjJhMTc0LzEvcWZrbDR1Z0R3VkVSOFdXQ2Ztc3B4Yk5fOTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8zZDhhYWMtZDM5OC00M2FiLTljM2UtNjUwOTkyZjJhMTc0
LzEveGxZVDFabWZOaktZWHRpYUF1LXF2UmlRdWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhSBAPMA
MA0GCSqGSIb3DQEBCwUAA4IBAQA9YVUgERLFM52+7zUu2YVqehMbYkcbTUqxQiyH
d9kejUV2f1HIwUxuP9RR2SJTQgr9hxIiDbp2I/Nvuv25lbhl3ri++iA8waf70ENc
subhauGniaHfE5VA2eqQF/9jieuhRFquPyhZOSOwjO58pHuSeoJaeMzZI0jyr7Cc
0xFar3+6uLZHq7QT1H8fXXUm37PE8Lq6iNAPCvjJz45MWwtQhIgBtV7ZPkx/UHRS
1uhufMrZ/939IySU7Li4n2EyE8PdyPXgH4teY9ZOSuiSeCsxt63RraPrMdwZwV4s
wpLw2RLccDeFVyVarYUW7kq7FmjDuOLYJE92dT6HUL2qfFVa
-----END CERTIFICATE-----