Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/QqF2lqLR7D8TsNfh1RyOA-5bORk.roa
File:                     QqF2lqLR7D8TsNfh1RyOA-5bORk.roa (raw, json)
Hash identifier:          Lh5bjioKLyM0jWmHvl9Y8AOKZqdjFE+ta7cHeHDoVJE=
Subject key identifier:   42:A1:76:96:A2:D1:EC:3F:13:B0:D7:E1:D5:1C:8E:03:EE:5B:39:19
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       0199063CDE947A9254F04C58393ED1AF9A86
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/QqF2lqLR7D8TsNfh1RyOA-5bORk.roa
Signing time:             Mon 01 Sep 2025 17:04:36 +0000
ROA not before:           Mon 01 Sep 2025 17:04:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0e:6746::/32 maxlen: 32
                          2a0e:c440::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 06:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:06:3c:de:94:7a:92:54:f0:4c:58:39:3e:d1:af:9a:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Sep  1 17:04:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42a17696a2d1ec3f13b0d7e1d51c8e03ee5b3919
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:61:a1:36:78:5e:4c:31:90:41:90:8e:b6:55:
                    b8:b3:b6:7a:dd:02:fe:72:6a:64:39:77:bf:b5:db:
                    0a:fc:64:e5:9b:29:23:b5:7d:3d:51:df:29:9a:1a:
                    8a:f2:cd:9c:c5:c5:dc:43:a5:83:eb:5a:3e:e1:04:
                    3c:17:ca:6a:72:a3:fb:5e:71:7a:70:bd:0c:24:fc:
                    de:b0:8f:b8:2e:a7:b4:a5:45:65:73:ab:62:0d:85:
                    9d:91:dc:25:84:a3:0c:d7:e9:2d:25:74:7b:f9:4f:
                    85:69:e9:b8:92:b9:88:65:ee:4a:a6:22:78:b6:bb:
                    6a:63:a4:2d:a2:50:a5:08:75:55:5f:d8:2d:05:2c:
                    dd:aa:c8:1a:58:89:76:5f:57:2d:05:2c:dd:f9:a7:
                    8d:18:1a:6e:83:5c:af:6f:ea:4d:5d:f0:9a:0a:54:
                    df:7f:24:69:81:5e:a7:50:64:6c:5f:e1:e2:a2:2c:
                    93:c6:0c:73:37:21:cc:d5:0c:d8:68:f2:7c:df:73:
                    e5:84:9b:da:74:5b:90:34:81:6d:42:b3:77:ed:39:
                    ab:37:f1:cb:72:df:e4:f1:34:d8:dc:84:6c:f5:67:
                    94:16:cc:18:15:e3:7a:52:fc:1a:90:9b:f1:26:1f:
                    06:d3:d3:6a:a4:c1:80:36:c2:57:46:bb:28:e6:26:
                    0c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:A1:76:96:A2:D1:EC:3F:13:B0:D7:E1:D5:1C:8E:03:EE:5B:39:19
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/QqF2lqLR7D8TsNfh1RyOA-5bORk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:6746::/32
                  2a0e:c440::/32

    Signature Algorithm: sha256WithRSAEncryption
         cd:3c:c4:98:da:93:09:1e:35:89:31:00:59:d7:48:36:30:65:
         1b:c0:58:02:b1:f7:d5:05:13:4f:98:ce:bf:7a:3d:d1:c2:1b:
         13:7c:d8:fb:48:9c:59:1d:e4:35:8c:78:08:04:c6:8e:9d:7e:
         ae:3d:da:13:76:00:43:a2:48:9f:de:d6:57:41:b1:c2:ee:b2:
         20:02:ec:02:55:3e:02:1f:25:6e:96:30:f0:36:f0:72:7c:72:
         06:85:b1:3a:44:4b:17:13:fa:81:5c:10:d0:7f:80:f8:b9:83:
         d7:39:76:74:63:b0:57:e8:6b:4e:fd:2c:8a:0b:9a:88:7f:e7:
         40:87:8b:57:4c:96:18:53:8e:ca:3b:9c:12:70:00:80:0f:d0:
         6f:be:91:92:d9:cb:a3:d9:e8:2b:a0:ee:a1:2d:68:a0:84:04:
         f5:7e:42:10:7e:ea:02:e6:ca:9f:28:4d:e4:59:7e:e3:95:f4:
         83:4e:4d:32:6b:9e:c5:d6:36:b9:4a:19:8f:62:97:7d:f8:04:
         e8:04:f3:81:44:88:d3:e0:02:4e:31:07:d5:09:80:d5:05:db:
         74:8d:36:f0:af:de:6f:db:8e:eb:ed:1b:d9:5c:20:b3:8b:a8:
         30:73:f1:78:44:a1:fc:55:4c:9c:e2:df:48:46:9d:f4:8c:07:
         9c:1a:fc:46
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZkGPN6UepJU8ExYOT7Rr5qGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwOTAxMTcwNDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmExNzY5NmEyZDFlYzNmMTNiMGQ3ZTFkNTFjOGUwM2VlNWIzOTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWGhNnheTDGQQZCOtlW4s7Z63QL+
cmpkOXe/tdsK/GTlmykjtX09Ud8pmhqK8s2cxcXcQ6WD61o+4QQ8F8pqcqP7XnF6
cL0MJPzesI+4Lqe0pUVlc6tiDYWdkdwlhKMM1+ktJXR7+U+Faem4krmIZe5KpiJ4
trtqY6QtolClCHVVX9gtBSzdqsgaWIl2X1ctBSzd+aeNGBpug1yvb+pNXfCaClTf
fyRpgV6nUGRsX+HioiyTxgxzNyHM1QzYaPJ833PlhJvadFuQNIFtQrN37TmrN/HL
ct/k8TTY3IRs9WeUFswYFeN6UvwakJvxJh8G09NqpMGANsJXRrso5iYMywIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEKhdpai0ew/E7DX4dUcjgPuWzkZMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvUXFGMmxxTFI3RDhUc05maDFSeU9BLTViT1JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg5nRgMF
ACoOxEAwDQYJKoZIhvcNAQELBQADggEBAM08xJjakwkeNYkxAFnXSDYwZRvAWAKx
99UFE0+Yzr96PdHCGxN82PtInFkd5DWMeAgExo6dfq492hN2AEOiSJ/e1ldBscLu
siAC7AJVPgIfJW6WMPA28HJ8cgaFsTpESxcT+oFcENB/gPi5g9c5dnRjsFfoa079
LIoLmoh/50CHi1dMlhhTjso7nBJwAIAP0G++kZLZy6PZ6Cug7qEtaKCEBPV+QhB+
6gLmyp8oTeRZfuOV9INOTTJrnsXWNrlKGY9il334BOgE84FEiNPgAk4xB9UJgNUF
23SNNvCv3m/bjuvtG9lcILOLqDBz8XhEofxVTJzi30hGnfSMB5wa/EY=
-----END CERTIFICATE-----