Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/69327a-68de-4585-acfb-501257590de7/1/PQhxpowWbirpi73sooxP6-CQe0w.roa
File:                     PQhxpowWbirpi73sooxP6-CQe0w.roa (raw, json)
Hash identifier:          I/+Rv+eczGu/4NSVaZNewfe6Bd3n9RCdyw3Ufabk0jk=
Subject key identifier:   3D:08:71:A6:8C:16:6E:2A:E9:8B:BD:EC:A2:8C:4F:EB:E0:90:7B:4C
Certificate issuer:       /CN=058737ac1bca8c1428b3969546f1974f0694e400
Certificate serial:       0199CD56223AF427B554544CCD9E7FAF58B9
Authority key identifier: 05:87:37:AC:1B:CA:8C:14:28:B3:96:95:46:F1:97:4F:06:94:E4:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BYc3rBvKjBQos5aVRvGXTwaU5AA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/69327a-68de-4585-acfb-501257590de7/1/PQhxpowWbirpi73sooxP6-CQe0w.roa
Signing time:             Fri 10 Oct 2025 08:56:38 +0000
ROA not before:           Fri 10 Oct 2025 08:56:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5524
IP address blocks:        2a10:b940::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/69327a-68de-4585-acfb-501257590de7/1/BYc3rBvKjBQos5aVRvGXTwaU5AA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/69327a-68de-4585-acfb-501257590de7/1/BYc3rBvKjBQos5aVRvGXTwaU5AA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BYc3rBvKjBQos5aVRvGXTwaU5AA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 17:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cd:56:22:3a:f4:27:b5:54:54:4c:cd:9e:7f:af:58:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=058737ac1bca8c1428b3969546f1974f0694e400
        Validity
            Not Before: Oct 10 08:56:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d0871a68c166e2ae98bbdeca28c4febe0907b4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d6:c6:0c:38:aa:88:f1:fc:eb:b3:84:4f:c6:
                    45:3e:6a:5a:98:05:7d:d6:e8:7e:3c:03:51:76:ef:
                    84:6d:1f:6f:28:0a:f3:fa:c3:0d:75:b5:8b:f4:8c:
                    79:34:bb:05:2c:78:86:fe:f4:3d:84:64:d9:c3:9d:
                    76:e0:51:91:68:e9:27:6a:8d:db:bd:bd:b0:56:fd:
                    cc:25:ba:cf:6a:26:fd:a2:4e:f1:87:96:c3:4b:68:
                    41:17:11:fd:be:53:95:49:b0:e5:94:3c:b7:f0:bc:
                    c0:a6:9a:c9:9e:57:73:ea:51:bc:df:71:f3:18:1c:
                    78:d6:98:ae:ec:fd:7a:ed:2e:a1:aa:81:ed:09:11:
                    63:0a:5c:6c:f9:de:00:f0:05:6e:0c:ca:73:ff:ac:
                    47:91:9b:29:a5:22:fe:01:75:64:bd:56:2a:eb:7f:
                    e8:9f:bc:81:ce:67:3b:1a:ea:93:94:2a:4f:36:78:
                    f2:8b:06:c5:53:d9:6a:50:d4:2b:34:d6:ae:9c:3b:
                    dd:5a:7f:2e:9c:aa:8d:62:59:41:0b:63:08:f1:25:
                    44:44:d0:e3:8b:e8:63:ef:8d:b5:db:20:6e:5d:d5:
                    d9:fc:5f:99:57:57:1f:ba:12:d8:a2:89:ea:68:76:
                    13:97:0b:53:4d:55:be:d3:25:54:0e:06:3f:84:ed:
                    60:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:08:71:A6:8C:16:6E:2A:E9:8B:BD:EC:A2:8C:4F:EB:E0:90:7B:4C
            X509v3 Authority Key Identifier:
                keyid:05:87:37:AC:1B:CA:8C:14:28:B3:96:95:46:F1:97:4F:06:94:E4:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BYc3rBvKjBQos5aVRvGXTwaU5AA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/69327a-68de-4585-acfb-501257590de7/1/PQhxpowWbirpi73sooxP6-CQe0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/69327a-68de-4585-acfb-501257590de7/1/BYc3rBvKjBQos5aVRvGXTwaU5AA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:b940::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:3c:24:0c:cc:48:c2:25:eb:32:15:77:fb:46:b7:c5:b7:1d:
         a8:51:9b:04:f8:fd:52:b2:ba:7c:23:77:ff:6b:2f:e5:a0:e6:
         a5:b1:e7:10:36:00:6f:9c:88:47:59:aa:50:1d:14:f5:ed:fe:
         db:a2:af:51:62:42:b4:ca:23:cd:0b:76:29:02:e6:3a:76:7b:
         59:59:e8:56:be:e4:1c:1a:c5:5c:5a:09:54:71:10:62:69:c2:
         7f:36:93:49:df:6b:f4:47:e1:41:7c:74:03:f2:6d:90:31:e4:
         14:d6:a3:85:df:1e:de:f8:7c:f7:6f:ad:23:53:40:27:16:46:
         f9:53:9d:b5:e3:47:49:b0:8b:67:97:b2:8f:73:cf:c9:9a:34:
         02:5f:55:78:02:93:fa:f9:c5:71:92:43:39:b1:85:90:5d:5f:
         89:cb:e7:f0:3b:c2:a9:75:fa:f2:e1:9f:ed:a5:54:ce:40:e6:
         54:6f:cc:ba:50:a1:be:b0:af:12:93:5d:00:7b:f8:c4:09:c3:
         9a:4c:09:c6:25:ce:c0:24:ff:2b:e1:1e:7d:82:30:97:1f:74:
         0e:38:47:04:00:ee:61:09:18:9b:f3:a2:50:82:01:23:25:6a:
         f9:3b:81:b5:74:a5:d8:e2:73:4d:7e:53:f7:5f:9e:1a:d2:09:
         82:6c:31:4a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZnNViI69Ce1VFRMzZ5/r1i5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ODczN2FjMWJjYThjMTQyOGIzOTY5NTQ2ZjE5NzRmMDY5
NGU0MDAwHhcNMjUxMDEwMDg1NjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDA4NzFhNjhjMTY2ZTJhZTk4YmJkZWNhMjhjNGZlYmUwOTA3YjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19bGDDiqiPH867OET8ZFPmpamAV9
1uh+PANRdu+EbR9vKArz+sMNdbWL9Ix5NLsFLHiG/vQ9hGTZw5124FGRaOknao3b
vb2wVv3MJbrPaib9ok7xh5bDS2hBFxH9vlOVSbDllDy38LzApprJnldz6lG833Hz
GBx41piu7P167S6hqoHtCRFjClxs+d4A8AVuDMpz/6xHkZsppSL+AXVkvVYq63/o
n7yBzmc7GuqTlCpPNnjyiwbFU9lqUNQrNNaunDvdWn8unKqNYllBC2MI8SVERNDj
i+hj74212yBuXdXZ/F+ZV1cfuhLYoonqaHYTlwtTTVW+0yVUDgY/hO1gpwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD0IcaaMFm4q6Yu97KKMT+vgkHtMMB8GA1UdIwQY
MBaAFAWHN6wbyowUKLOWlUbxl08GlOQAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlljM3JCdktqQlFvczVhVlJ2R1hUd2FVNUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS82OTMyN2EtNjhkZS00NTg1LWFjZmIt
NTAxMjU3NTkwZGU3LzEvUFFoeHBvd1diaXJwaTczc29veFA2LUNRZTB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS82OTMyN2EtNjhkZS00NTg1LWFjZmItNTAxMjU3NTkwZGU3
LzEvQlljM3JCdktqQlFvczVhVlJ2R1hUd2FVNUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhC5QDAN
BgkqhkiG9w0BAQsFAAOCAQEAHTwkDMxIwiXrMhV3+0a3xbcdqFGbBPj9UrK6fCN3
/2sv5aDmpbHnEDYAb5yIR1mqUB0U9e3+26KvUWJCtMojzQt2KQLmOnZ7WVnoVr7k
HBrFXFoJVHEQYmnCfzaTSd9r9EfhQXx0A/JtkDHkFNajhd8e3vh892+tI1NAJxZG
+VOdteNHSbCLZ5eyj3PPyZo0Al9VeAKT+vnFcZJDObGFkF1ficvn8DvCqXX68uGf
7aVUzkDmVG/MulChvrCvEpNdAHv4xAnDmkwJxiXOwCT/K+EefYIwlx90DjhHBADu
YQkYm/OiUIIBIyVq+TuBtXSl2OJzTX5T91+eGtIJgmwxSg==
-----END CERTIFICATE-----