Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/hq906rq-ZUJ1rsRNyLa6JRxlY-c.roa
File:                     hq906rq-ZUJ1rsRNyLa6JRxlY-c.roa (raw, json)
Hash identifier:          W24B5y3blRSexP4/ZgUhUaITtqn0pVBgRqtpx/ttccY=
Subject key identifier:   86:AF:74:EA:BA:BE:65:42:75:AE:C4:4D:C8:B6:BA:25:1C:65:63:E7
Certificate issuer:       /CN=ef54d9e41ea5e2d161b7c4cdb2e4702c4f248e14
Certificate serial:       019971265CEA5EEB200A9CE6882DA56DE86D
Authority key identifier: EF:54:D9:E4:1E:A5:E2:D1:61:B7:C4:CD:B2:E4:70:2C:4F:24:8E:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71TZ5B6l4tFht8TNsuRwLE8kjhQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/hq906rq-ZUJ1rsRNyLa6JRxlY-c.roa
Signing time:             Mon 22 Sep 2025 11:19:23 +0000
ROA not before:           Mon 22 Sep 2025 11:19:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54994
IP address blocks:        2a0b:1880:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/71TZ5B6l4tFht8TNsuRwLE8kjhQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/71TZ5B6l4tFht8TNsuRwLE8kjhQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71TZ5B6l4tFht8TNsuRwLE8kjhQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:71:26:5c:ea:5e:eb:20:0a:9c:e6:88:2d:a5:6d:e8:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef54d9e41ea5e2d161b7c4cdb2e4702c4f248e14
        Validity
            Not Before: Sep 22 11:19:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86af74eababe654275aec44dc8b6ba251c6563e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ee:18:be:92:c2:bd:d2:62:35:b0:88:0c:f9:
                    20:bc:1d:e2:51:63:24:ca:b3:50:d6:ae:e2:eb:51:
                    f9:91:a9:09:64:ae:ab:aa:52:1e:bb:dd:17:3b:9c:
                    43:f3:fe:39:87:06:cf:f0:5d:57:b0:40:b5:2d:f2:
                    8c:26:d4:11:c1:00:25:56:0f:4e:c2:e9:b3:cc:e8:
                    49:00:c4:19:53:4c:cc:36:d1:40:85:66:19:e9:a3:
                    0c:c9:9f:68:37:92:4b:ba:3c:e7:48:0a:0d:20:df:
                    1d:9f:39:3c:e7:b7:6e:e1:73:68:3a:a5:d0:4a:72:
                    f1:28:13:c0:61:3b:12:19:85:76:95:bc:da:e6:44:
                    39:12:91:ea:9e:57:c3:13:2c:bb:cb:87:6c:18:ef:
                    b5:22:a7:34:7f:e7:89:e7:8a:40:02:61:c4:d6:9b:
                    bb:55:8c:d3:9d:58:bc:ca:81:af:86:44:e6:08:83:
                    fd:eb:fb:52:f9:17:f2:f1:81:e0:56:48:08:e7:a6:
                    21:77:f0:fd:ee:92:58:97:2c:e7:e5:46:2c:63:7e:
                    ef:34:4f:0b:32:df:53:15:0b:46:85:ad:8c:67:5e:
                    29:56:cc:33:7f:4a:93:0c:89:38:a9:23:13:d6:6a:
                    8b:cd:23:1f:a7:34:5c:a9:57:dd:d7:e1:99:3e:12:
                    14:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:AF:74:EA:BA:BE:65:42:75:AE:C4:4D:C8:B6:BA:25:1C:65:63:E7
            X509v3 Authority Key Identifier:
                keyid:EF:54:D9:E4:1E:A5:E2:D1:61:B7:C4:CD:B2:E4:70:2C:4F:24:8E:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71TZ5B6l4tFht8TNsuRwLE8kjhQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/hq906rq-ZUJ1rsRNyLa6JRxlY-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/71TZ5B6l4tFht8TNsuRwLE8kjhQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:1880:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:7b:54:25:4b:d4:bd:d2:3b:6d:2c:b7:40:a8:59:35:4d:c5:
         fe:65:98:16:25:5e:ee:e2:d3:40:ac:70:cc:ae:59:7d:bb:ea:
         fb:94:69:77:77:05:9b:45:9c:cf:38:11:bd:81:a5:08:58:d7:
         2b:29:9a:58:39:71:b9:c3:0a:a3:71:a5:84:3e:0f:d9:a3:09:
         72:16:d1:ef:e9:45:fb:66:b7:c4:4d:2f:b4:e3:20:b1:a9:4c:
         72:71:95:d7:12:38:f7:56:4f:c7:f7:6c:39:f7:09:c7:03:9e:
         8b:35:f4:14:a0:14:c0:c1:01:3a:a6:d9:6d:f2:3f:86:1d:27:
         6a:3b:8f:16:9a:a6:4f:80:08:cc:de:48:42:14:bf:92:04:cd:
         ed:13:14:76:b0:5f:49:bc:9f:56:5b:c9:88:93:bd:0c:8b:44:
         c9:88:18:b1:dd:16:74:c5:92:31:a6:13:f2:7a:13:c9:2f:6c:
         5f:f6:78:0e:4d:73:34:a4:c9:bc:a7:2d:6e:2b:34:f3:9e:2b:
         d1:68:e6:cc:c0:8b:67:89:ab:4a:af:a6:76:85:6a:2e:88:3b:
         75:c0:9c:29:b2:1a:7b:e2:ac:5b:4c:a6:bc:a2:50:47:1f:b8:
         22:6d:a0:49:54:fd:5b:8a:75:b4:31:41:bc:75:d7:8c:4c:26:
         8b:ae:6f:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZlxJlzqXusgCpzmiC2lbehtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTRkOWU0MWVhNWUyZDE2MWI3YzRjZGIyZTQ3MDJjNGYy
NDhlMTQwHhcNMjUwOTIyMTExOTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmFmNzRlYWJhYmU2NTQyNzVhZWM0NGRjOGI2YmEyNTFjNjU2M2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2O4YvpLCvdJiNbCIDPkgvB3iUWMk
yrNQ1q7i61H5kakJZK6rqlIeu90XO5xD8/45hwbP8F1XsEC1LfKMJtQRwQAlVg9O
wumzzOhJAMQZU0zMNtFAhWYZ6aMMyZ9oN5JLujznSAoNIN8dnzk857du4XNoOqXQ
SnLxKBPAYTsSGYV2lbza5kQ5EpHqnlfDEyy7y4dsGO+1Iqc0f+eJ54pAAmHE1pu7
VYzTnVi8yoGvhkTmCIP96/tS+Rfy8YHgVkgI56Yhd/D97pJYlyzn5UYsY37vNE8L
Mt9TFQtGha2MZ14pVswzf0qTDIk4qSMT1mqLzSMfpzRcqVfd1+GZPhIUJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIavdOq6vmVCda7ETci2uiUcZWPnMB8GA1UdIwQY
MBaAFO9U2eQepeLRYbfEzbLkcCxPJI4UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFUWjVCNmw0dEZodDhUTnN1UndMRThramhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9lYzAwZTItY2JkYS00YjMyLThjMzIt
ZmJjNmZjYjVlN2E2LzEvaHE5MDZycS1aVUoxcnNSTnlMYTZKUnhsWS1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9lYzAwZTItY2JkYS00YjMyLThjMzItZmJjNmZjYjVlN2E2
LzEvNzFUWjVCNmw0dEZodDhUTnN1UndMRThramhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsYgAAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQAEe1QlS9S90jttLLdAqFk1TcX+ZZgWJV7u4tNA
rHDMrll9u+r7lGl3dwWbRZzPOBG9gaUIWNcrKZpYOXG5wwqjcaWEPg/ZowlyFtHv
6UX7ZrfETS+04yCxqUxycZXXEjj3Vk/H92w59wnHA56LNfQUoBTAwQE6ptlt8j+G
HSdqO48WmqZPgAjM3khCFL+SBM3tExR2sF9JvJ9WW8mIk70Mi0TJiBix3RZ0xZIx
phPyehPJL2xf9ngOTXM0pMm8py1uKzTznivRaObMwItniatKr6Z2hWouiDt1wJwp
shp74qxbTKa8olBHH7gibaBJVP1binW0MUG8ddeMTCaLrm+U
-----END CERTIFICATE-----