Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/QsNjg1EOUiqNwGOApN3Uri-Jkq8.roa
File:                     QsNjg1EOUiqNwGOApN3Uri-Jkq8.roa (raw, json)
Hash identifier:          NG53lHMrCmXGwHOMZXgt/u0ViH21itUm7JQq6H+Sszo=
Subject key identifier:   42:C3:63:83:51:0E:52:2A:8D:C0:63:80:A4:DD:D4:AE:2F:89:92:AF
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0199BB85570D42FCF8D6D5224845DC3E0803
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/QsNjg1EOUiqNwGOApN3Uri-Jkq8.roa
Signing time:             Mon 06 Oct 2025 21:55:02 +0000
ROA not before:           Mon 06 Oct 2025 21:55:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205126
IP address blocks:        2a12:bec4:1cf0::/48 maxlen: 48
                          2a12:bec4:1cf1::/48 maxlen: 48
                          2a12:bec4:1cf2::/47 maxlen: 47
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bb:85:57:0d:42:fc:f8:d6:d5:22:48:45:dc:3e:08:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Oct  6 21:55:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42c36383510e522a8dc06380a4ddd4ae2f8992af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e4:0b:69:d2:a2:37:af:38:04:35:f9:79:1f:
                    21:2f:11:4a:f2:fc:4b:1f:79:e5:18:21:0f:f5:f1:
                    98:d0:6e:c9:43:8d:ed:36:cf:a6:69:1e:ab:ce:32:
                    3a:f9:d9:5f:6d:ef:87:d9:ff:67:ad:1a:89:90:28:
                    c8:75:91:38:c9:9d:5e:fc:eb:79:f5:89:6f:81:6c:
                    0b:41:32:d3:15:e4:6c:2f:45:4f:91:e0:15:34:ab:
                    6f:fe:6d:07:50:7b:7d:4e:7e:93:27:6b:a8:1d:b4:
                    39:9b:f4:c6:f6:f6:f1:90:da:9a:05:30:71:1c:bc:
                    17:6b:a5:a7:e4:88:d5:2a:83:30:1c:02:27:c6:94:
                    a1:be:1c:c1:11:a1:c8:67:17:b9:9c:e6:d7:70:b1:
                    b3:d5:ec:d5:63:a5:3c:4c:a7:88:35:07:80:3c:bd:
                    96:0d:63:1f:22:ac:5d:46:75:49:0d:7c:af:5a:af:
                    d3:a1:d3:48:ad:2f:36:54:d2:70:2c:d2:e4:03:d5:
                    9f:ac:24:07:ea:6a:fc:01:4a:53:7c:80:1d:26:3f:
                    e6:9a:ce:6c:82:9c:e5:81:ca:f4:67:2e:e0:16:ec:
                    4a:76:ae:13:4c:66:d8:0c:e2:a7:29:fe:50:e1:9d:
                    3c:e6:32:2e:ac:14:e1:38:37:73:1d:14:2d:7f:c2:
                    09:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:C3:63:83:51:0E:52:2A:8D:C0:63:80:A4:DD:D4:AE:2F:89:92:AF
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/QsNjg1EOUiqNwGOApN3Uri-Jkq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1cf0::/46

    Signature Algorithm: sha256WithRSAEncryption
         24:7b:ca:d4:e8:5c:8b:bb:44:fd:0b:6e:fe:3b:88:13:08:e2:
         6d:f5:04:b6:71:0b:7a:8e:90:a5:8a:6f:5a:26:9b:8d:87:36:
         23:69:c5:b0:8d:8a:0f:cf:5f:6c:3b:76:d8:34:91:aa:f2:e4:
         52:f7:71:cd:0f:70:06:fe:14:d5:83:32:63:27:19:ba:62:eb:
         dd:fb:9b:7a:1c:59:c1:56:7c:29:15:24:46:85:22:7a:26:51:
         d8:52:77:1a:62:eb:83:fe:c5:74:d7:05:88:2f:28:d0:2a:40:
         01:02:71:85:3e:d6:df:b6:e1:d6:5b:e2:63:bf:7b:48:15:e6:
         5d:16:ab:6c:58:3f:a6:84:46:20:82:68:9b:e7:07:68:d9:f3:
         03:3a:21:ea:3d:70:a6:a7:bc:12:c7:45:0b:05:42:41:98:64:
         c3:7a:c1:a6:e4:cd:69:c1:b5:08:f6:0f:0d:9d:1e:65:0c:2b:
         1e:4c:31:41:d0:bc:bd:24:8a:c9:7d:12:36:45:23:7f:e5:13:
         94:73:0f:c1:b5:e1:69:ef:71:99:27:3b:2b:1e:2b:9f:a6:02:
         20:27:81:e2:ee:24:bd:f6:cb:10:1d:6d:90:9a:63:b0:e1:0d:
         8a:00:fd:90:ab:5b:14:52:9b:56:63:b3:11:f8:5c:29:b5:32:
         eb:69:79:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZm7hVcNQvz41tUiSEXcPggDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUxMDA2MjE1NTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmMzNjM4MzUxMGU1MjJhOGRjMDYzODBhNGRkZDRhZTJmODk5MmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuQLadKiN684BDX5eR8hLxFK8vxL
H3nlGCEP9fGY0G7JQ43tNs+maR6rzjI6+dlfbe+H2f9nrRqJkCjIdZE4yZ1e/Ot5
9YlvgWwLQTLTFeRsL0VPkeAVNKtv/m0HUHt9Tn6TJ2uoHbQ5m/TG9vbxkNqaBTBx
HLwXa6Wn5IjVKoMwHAInxpShvhzBEaHIZxe5nObXcLGz1ezVY6U8TKeINQeAPL2W
DWMfIqxdRnVJDXyvWq/TodNIrS82VNJwLNLkA9WfrCQH6mr8AUpTfIAdJj/mms5s
gpzlgcr0Zy7gFuxKdq4TTGbYDOKnKf5Q4Z085jIurBThODdzHRQtf8IJVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFELDY4NRDlIqjcBjgKTd1K4viZKvMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvUXNOamcxRU9VaXFOd0dPQXBOM1VyaS1Ka3E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhK+xBzw
MA0GCSqGSIb3DQEBCwUAA4IBAQAke8rU6FyLu0T9C27+O4gTCOJt9QS2cQt6jpCl
im9aJpuNhzYjacWwjYoPz19sO3bYNJGq8uRS93HND3AG/hTVgzJjJxm6Yuvd+5t6
HFnBVnwpFSRGhSJ6JlHYUncaYuuD/sV01wWILyjQKkABAnGFPtbftuHWW+Jjv3tI
FeZdFqtsWD+mhEYggmib5wdo2fMDOiHqPXCmp7wSx0ULBUJBmGTDesGm5M1pwbUI
9g8NnR5lDCseTDFB0Ly9JIrJfRI2RSN/5ROUcw/BteFp73GZJzsrHiufpgIgJ4Hi
7iS99ssQHW2QmmOw4Q2KAP2Qq1sUUptWY7MR+FwptTLraXm6
-----END CERTIFICATE-----