Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/QTI2jWOE2hcS0P8FvwS3gPaVuSY.roa
File:                     QTI2jWOE2hcS0P8FvwS3gPaVuSY.roa (raw, json)
Hash identifier:          ym/RyiFastWTZGcEp8UN9E30CRk6eCzYsSVGPj7ydGQ=
Subject key identifier:   41:32:36:8D:63:84:DA:17:12:D0:FF:05:BF:04:B7:80:F6:95:B9:26
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       0199ECC6D9D3F576C57E84E0C222B40397C3
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/QTI2jWOE2hcS0P8FvwS3gPaVuSY.roa
Signing time:             Thu 16 Oct 2025 11:27:58 +0000
ROA not before:           Thu 16 Oct 2025 11:27:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209249
IP address blocks:        138.226.232.0/24 maxlen: 24
                          216.163.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ec:c6:d9:d3:f5:76:c5:7e:84:e0:c2:22:b4:03:97:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Oct 16 11:27:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4132368d6384da1712d0ff05bf04b780f695b926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:69:e3:d4:d6:e3:a5:44:cc:ab:a6:73:8e:37:
                    22:a5:86:95:b9:7b:08:7f:56:9a:9c:14:85:de:0b:
                    6d:c5:e5:bd:9a:9c:a3:50:4a:bc:69:c0:94:09:76:
                    df:b3:02:71:53:5c:d8:3f:16:63:c9:07:29:e1:d6:
                    fe:69:3f:4f:1f:b8:89:b6:7a:9e:2f:a4:c5:61:67:
                    5c:6f:27:ce:09:9d:ab:76:ac:30:8e:7e:fc:2f:3c:
                    34:02:36:13:f6:73:70:2f:5d:c1:d3:18:98:13:02:
                    81:0c:db:9c:5c:a3:11:77:5e:e0:9f:03:31:b4:9b:
                    03:b4:af:12:2f:00:1b:ef:07:ae:e5:0f:40:a3:2d:
                    4d:df:ed:b8:ce:12:f1:b5:3b:d1:d9:e4:d5:e1:ee:
                    df:77:45:cf:05:87:c1:23:b2:c3:69:46:1e:94:b6:
                    02:06:ee:24:cc:38:33:53:0e:76:6a:e8:4d:37:d8:
                    98:d4:72:01:9f:b0:7e:d7:b4:5d:4e:2c:93:ef:a3:
                    e9:01:89:cd:78:2d:0a:c9:f2:d9:ad:1b:a6:d5:8f:
                    6a:cf:99:5a:2e:c7:85:25:0c:73:48:f7:2b:de:d4:
                    ab:da:be:4c:98:ea:8c:24:24:1f:c8:1f:c2:c3:fa:
                    ef:22:ff:94:1b:44:53:44:2b:97:a3:af:2c:5b:b1:
                    14:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:32:36:8D:63:84:DA:17:12:D0:FF:05:BF:04:B7:80:F6:95:B9:26
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/QTI2jWOE2hcS0P8FvwS3gPaVuSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.226.232.0/24
                  216.163.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:2a:a5:08:00:47:de:52:b0:51:1b:24:34:64:83:ad:a6:6f:
         cb:50:7f:bc:c4:12:4a:6e:f8:ee:a7:13:15:68:7a:41:e3:a8:
         f0:e5:ff:85:66:24:7d:a6:2c:85:d5:ad:3c:4f:f7:eb:c8:31:
         5f:7d:a7:fe:be:9c:c9:05:bf:2c:73:26:6d:a2:7b:32:e4:76:
         ac:34:c9:92:7b:73:11:f9:58:3c:89:33:5e:b5:ff:bf:d6:6c:
         61:bb:75:97:22:9b:c6:8a:fe:e1:d7:11:06:4e:d5:78:21:da:
         8b:9e:88:af:65:18:d8:2a:d8:97:dc:a8:2d:6f:da:54:2c:be:
         f3:99:cc:32:74:01:21:c8:b7:d8:00:c5:cc:36:b0:00:2e:8d:
         61:59:6c:29:68:4b:fb:fd:5e:c1:51:a6:9a:97:59:53:5f:72:
         a8:da:5f:1e:ec:af:71:9b:1e:18:e5:7a:03:6b:96:95:2e:5c:
         fe:2e:95:9e:94:6d:f4:e7:97:b8:f8:b1:f2:35:0c:ed:2d:63:
         78:bf:c3:96:14:e9:39:7f:bd:81:da:c9:38:e5:67:87:55:9e:
         1b:e1:4b:c6:59:0b:34:13:f4:99:7e:60:98:fa:81:72:13:17:
         8b:36:29:a0:fa:49:8b:15:9b:03:bb:f1:bf:12:75:e8:90:aa:
         65:0e:91:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnsxtnT9XbFfoTgwiK0A5fDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjUxMDE2MTEyNzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTMyMzY4ZDYzODRkYTE3MTJkMGZmMDViZjA0Yjc4MGY2OTViOTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2nj1NbjpUTMq6ZzjjcipYaVuXsI
f1aanBSF3gttxeW9mpyjUEq8acCUCXbfswJxU1zYPxZjyQcp4db+aT9PH7iJtnqe
L6TFYWdcbyfOCZ2rdqwwjn78Lzw0AjYT9nNwL13B0xiYEwKBDNucXKMRd17gnwMx
tJsDtK8SLwAb7weu5Q9Aoy1N3+24zhLxtTvR2eTV4e7fd0XPBYfBI7LDaUYelLYC
Bu4kzDgzUw52auhNN9iY1HIBn7B+17RdTiyT76PpAYnNeC0KyfLZrRum1Y9qz5la
LseFJQxzSPcr3tSr2r5MmOqMJCQfyB/Cw/rvIv+UG0RTRCuXo68sW7EUFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEEyNo1jhNoXEtD/Bb8Et4D2lbkmMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvUVRJMmpXT0UyaGNTMFA4RnZ3UzNnUGFWdVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAiuLoAwQA
2KOyMA0GCSqGSIb3DQEBCwUAA4IBAQBKKqUIAEfeUrBRGyQ0ZIOtpm/LUH+8xBJK
bvjupxMVaHpB46jw5f+FZiR9piyF1a08T/fryDFffaf+vpzJBb8scyZtonsy5Has
NMmSe3MR+Vg8iTNetf+/1mxhu3WXIpvGiv7h1xEGTtV4IdqLnoivZRjYKtiX3Kgt
b9pULL7zmcwydAEhyLfYAMXMNrAALo1hWWwpaEv7/V7BUaaal1lTX3Ko2l8e7K9x
mx4Y5XoDa5aVLlz+LpWelG3055e4+LHyNQztLWN4v8OWFOk5f72B2sk45WeHVZ4b
4UvGWQs0E/SZfmCY+oFyExeLNimg+kmLFZsDu/G/EnXokKplDpEo
-----END CERTIFICATE-----