Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/da014a-4446-43a0-8bd6-24201c25298f/1/qXbxlLviK9DJSOPQYHU6ZWE-Sa4.roa
File:                     qXbxlLviK9DJSOPQYHU6ZWE-Sa4.roa (raw, json)
Hash identifier:          QbsyxqNuQBIITsu3wvPWziWsrz31D70A9kksDR3tVno=
Subject key identifier:   A9:76:F1:94:BB:E2:2B:D0:C9:48:E3:D0:60:75:3A:65:61:3E:49:AE
Certificate issuer:       /CN=b1768f0a8d1ed1173ecedc689c177b249ee3a68c
Certificate serial:       019976F8D7CDACB20F53892390E3BC4C4A32
Authority key identifier: B1:76:8F:0A:8D:1E:D1:17:3E:CE:DC:68:9C:17:7B:24:9E:E3:A6:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXaPCo0e0Rc-ztxonBd7JJ7jpow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/da014a-4446-43a0-8bd6-24201c25298f/1/qXbxlLviK9DJSOPQYHU6ZWE-Sa4.roa
Signing time:             Tue 23 Sep 2025 14:27:23 +0000
ROA not before:           Tue 23 Sep 2025 14:27:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198011
IP address blocks:        2a07:4600::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/da014a-4446-43a0-8bd6-24201c25298f/1/sXaPCo0e0Rc-ztxonBd7JJ7jpow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/da014a-4446-43a0-8bd6-24201c25298f/1/sXaPCo0e0Rc-ztxonBd7JJ7jpow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sXaPCo0e0Rc-ztxonBd7JJ7jpow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:76:f8:d7:cd:ac:b2:0f:53:89:23:90:e3:bc:4c:4a:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1768f0a8d1ed1173ecedc689c177b249ee3a68c
        Validity
            Not Before: Sep 23 14:27:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a976f194bbe22bd0c948e3d060753a65613e49ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c8:33:e5:61:f8:7d:81:02:7b:88:b9:f6:e3:
                    71:37:19:a4:85:eb:60:43:dd:67:b5:b8:d9:cf:d7:
                    bb:97:9c:9b:aa:07:22:6c:22:99:01:74:ba:ba:cd:
                    46:75:d1:d1:ff:f8:0b:d9:5a:55:ff:94:ce:b6:22:
                    ec:5e:8d:b7:6b:4c:26:e8:0a:ea:be:5b:70:6a:4e:
                    08:af:8c:08:2b:74:72:d8:e3:a4:ea:ab:46:04:1a:
                    a2:14:84:63:5d:88:0f:c8:e7:6a:dc:07:93:4e:17:
                    4d:ba:fa:4d:ce:ac:4c:b1:bf:50:07:d3:69:a4:ad:
                    db:de:69:18:1a:0d:f4:a4:f4:b3:40:c6:43:7c:59:
                    6b:fd:94:e9:10:c5:6b:c5:0e:57:13:6f:46:31:80:
                    7f:b3:9e:d0:e9:a3:cd:82:d4:9e:a6:fc:57:b7:f8:
                    5a:04:43:95:72:13:3a:05:1d:f6:4f:09:85:e0:31:
                    08:b7:c7:e7:68:59:0d:10:5f:7a:ba:1f:0f:e3:60:
                    11:b0:34:45:07:49:44:2b:0e:7f:b9:60:24:cc:b4:
                    94:d6:66:ad:19:21:f8:e0:91:d7:b9:1f:8a:c4:84:
                    0e:58:cc:59:1f:18:f8:8e:fb:93:30:b9:e5:f4:34:
                    e8:a3:32:ef:21:3f:43:6d:70:e5:d9:16:2a:06:d8:
                    35:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:76:F1:94:BB:E2:2B:D0:C9:48:E3:D0:60:75:3A:65:61:3E:49:AE
            X509v3 Authority Key Identifier:
                keyid:B1:76:8F:0A:8D:1E:D1:17:3E:CE:DC:68:9C:17:7B:24:9E:E3:A6:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXaPCo0e0Rc-ztxonBd7JJ7jpow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/da014a-4446-43a0-8bd6-24201c25298f/1/qXbxlLviK9DJSOPQYHU6ZWE-Sa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/da014a-4446-43a0-8bd6-24201c25298f/1/sXaPCo0e0Rc-ztxonBd7JJ7jpow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:4600::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:52:e4:c1:63:91:0b:b7:88:a2:e4:7c:ad:fb:80:d3:7d:41:
         e9:41:49:cf:6a:19:af:3a:71:f0:0b:6a:62:53:48:98:89:0b:
         82:b3:a5:f2:0d:7f:23:01:49:3c:e4:5b:a1:e8:b1:6a:17:48:
         51:37:b7:21:09:16:39:98:c2:60:f8:44:c2:06:eb:72:22:c6:
         b2:05:8d:b4:01:83:1a:9b:d4:48:56:a1:7c:b3:26:a9:10:bb:
         d7:3c:cc:b7:96:f1:df:e2:0c:0d:94:41:c3:18:7c:05:22:db:
         a1:d4:9c:5b:c2:46:3e:d9:fa:f6:81:06:05:67:04:3b:fb:7d:
         d8:73:d8:aa:f1:e0:c0:55:bf:be:8a:f5:b8:a7:e1:cb:e7:85:
         f4:66:5b:2d:3d:d0:80:c3:eb:a6:72:ff:b6:7e:41:85:67:2f:
         97:47:78:8b:7b:37:e6:80:be:7a:d9:68:c5:01:64:3f:eb:46:
         20:94:0f:df:e0:b2:70:22:19:b5:78:cd:73:23:4a:98:8a:59:
         fe:93:6b:7f:0d:36:93:d7:ff:96:ad:e3:3a:69:94:a4:bc:42:
         d8:f6:3d:bb:02:ac:a9:db:75:58:59:c4:5c:7e:b0:5b:44:64:
         9f:40:48:5b:a8:9a:54:15:93:fa:38:00:69:e2:a8:0a:e2:a7:
         d0:9d:e3:d8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZl2+NfNrLIPU4kjkOO8TEoyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNzY4ZjBhOGQxZWQxMTczZWNlZGM2ODljMTc3YjI0OWVl
M2E2OGMwHhcNMjUwOTIzMTQyNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTc2ZjE5NGJiZTIyYmQwYzk0OGUzZDA2MDc1M2E2NTYxM2U0OWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMgz5WH4fYECe4i59uNxNxmkhetg
Q91ntbjZz9e7l5ybqgcibCKZAXS6us1GddHR//gL2VpV/5TOtiLsXo23a0wm6Arq
vltwak4Ir4wIK3Ry2OOk6qtGBBqiFIRjXYgPyOdq3AeTThdNuvpNzqxMsb9QB9Np
pK3b3mkYGg30pPSzQMZDfFlr/ZTpEMVrxQ5XE29GMYB/s57Q6aPNgtSepvxXt/ha
BEOVchM6BR32TwmF4DEIt8fnaFkNEF96uh8P42ARsDRFB0lEKw5/uWAkzLSU1mat
GSH44JHXuR+KxIQOWMxZHxj4jvuTMLnl9DToozLvIT9DbXDl2RYqBtg1VwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKl28ZS74ivQyUjj0GB1OmVhPkmuMB8GA1UdIwQY
MBaAFLF2jwqNHtEXPs7caJwXeySe46aMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1hhUENvMGUwUmMtenR4b25CZDdKSjdqcG93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9kYTAxNGEtNDQ0Ni00M2EwLThiZDYt
MjQyMDFjMjUyOThmLzEvcVhieGxMdmlLOURKU09QUVlIVTZaV0UtU2E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9kYTAxNGEtNDQ0Ni00M2EwLThiZDYtMjQyMDFjMjUyOThm
LzEvc1hhUENvMGUwUmMtenR4b25CZDdKSjdqcG93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgdGADAN
BgkqhkiG9w0BAQsFAAOCAQEABlLkwWORC7eIouR8rfuA031B6UFJz2oZrzpx8Atq
YlNImIkLgrOl8g1/IwFJPORboeixahdIUTe3IQkWOZjCYPhEwgbrciLGsgWNtAGD
GpvUSFahfLMmqRC71zzMt5bx3+IMDZRBwxh8BSLbodScW8JGPtn69oEGBWcEO/t9
2HPYqvHgwFW/vor1uKfhy+eF9GZbLT3QgMPrpnL/tn5BhWcvl0d4i3s35oC+etlo
xQFkP+tGIJQP3+CycCIZtXjNcyNKmIpZ/pNrfw02k9f/lq3jOmmUpLxC2PY9uwKs
qdt1WFnEXH6wW0Rkn0BIW6iaVBWT+jgAaeKoCuKn0J3j2A==
-----END CERTIFICATE-----