Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/_QlwePF5KSD64MN37dzbnwJZX0o.roa
File:                     _QlwePF5KSD64MN37dzbnwJZX0o.roa (raw, json)
Hash identifier:          yQzkXp66l3AI/3AeWTVHitzx2cjJY16vfj7/ymQ7U4I=
Subject key identifier:   FD:09:70:78:F1:79:29:20:FA:E0:C3:77:ED:DC:DB:9F:02:59:5F:4A
Certificate issuer:       /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial:       0198D723CC6E6A929FCAD4AFA23F5C61575D
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/_QlwePF5KSD64MN37dzbnwJZX0o.roa
Signing time:             Sat 23 Aug 2025 13:35:04 +0000
ROA not before:           Sat 23 Aug 2025 13:35:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48944
IP address blocks:        2a05:63c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 22:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d7:23:cc:6e:6a:92:9f:ca:d4:af:a2:3f:5c:61:57:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
        Validity
            Not Before: Aug 23 13:35:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd097078f1792920fae0c377eddcdb9f02595f4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6b:d3:43:bc:af:a5:10:35:8b:32:4d:30:cb:
                    3d:34:25:9b:9c:d9:f5:4a:82:78:08:33:8f:66:d9:
                    83:a0:f8:ed:2c:77:e7:e0:80:39:64:28:5b:57:6c:
                    fe:d0:0b:14:23:44:f6:ff:d4:f9:83:8c:c0:b0:c5:
                    07:07:fb:ff:e4:2d:4c:31:b5:7b:2a:7b:30:5e:0b:
                    81:a6:56:ce:74:8b:cc:3a:19:a0:ff:e3:9d:70:7e:
                    4c:28:e4:1f:4d:85:b9:57:fd:97:00:c6:c0:82:6b:
                    a2:fe:98:9e:4b:3c:ad:4a:ee:af:68:cc:3a:cc:cd:
                    10:ff:cc:85:36:a5:22:eb:11:aa:41:85:19:c7:7d:
                    05:e0:7e:7c:1f:e3:d2:b4:43:2c:71:89:a0:68:79:
                    20:c6:c7:bb:bf:8b:a2:c5:4c:3c:8d:00:0c:33:9b:
                    fe:90:47:fa:c4:04:f5:52:60:e3:55:47:55:85:21:
                    10:d4:54:df:06:4c:a6:ad:18:32:02:6c:2f:0a:f8:
                    d0:94:69:95:79:8d:d9:5a:77:12:18:56:e7:fb:3e:
                    a3:73:75:38:2b:7f:b5:f3:6a:2c:52:b9:d2:2b:5a:
                    55:c4:1b:1c:3c:d4:23:dc:e4:fd:39:7a:9e:d2:c4:
                    4b:55:e5:d3:cd:45:0f:51:3e:29:49:62:ae:ca:db:
                    f5:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:09:70:78:F1:79:29:20:FA:E0:C3:77:ED:DC:DB:9F:02:59:5F:4A
            X509v3 Authority Key Identifier:
                keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/_QlwePF5KSD64MN37dzbnwJZX0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:63c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:4e:e9:33:e6:1d:55:ac:7d:8a:d1:44:05:eb:f9:64:27:d2:
         1f:42:57:fb:a6:16:d4:1e:91:d3:05:bf:c6:c9:20:9e:bc:4a:
         4c:08:a1:24:05:e5:c2:29:44:7e:bb:51:4b:de:c5:d7:c7:59:
         0c:c5:5f:80:07:11:7b:d0:41:a6:5e:e6:cf:13:cb:67:96:bc:
         55:85:3e:75:fe:0b:2c:c0:0d:f3:f6:f3:ec:2f:52:b6:da:c3:
         eb:03:d2:f9:1f:f4:db:d2:fa:c2:f2:91:5e:b6:a3:a3:e1:4b:
         39:74:7d:84:7f:42:cc:b2:e9:72:10:fc:d7:46:b1:19:95:79:
         28:ed:d3:a1:c5:28:b8:d3:ad:85:fd:15:e8:ee:8c:d9:f2:a8:
         d5:f9:cd:d9:3a:7a:70:de:ef:f5:90:51:e8:1b:14:63:b1:f9:
         91:b0:2e:14:01:2b:db:b7:f5:77:b9:70:87:69:c0:fd:d9:d1:
         d8:b7:cd:80:68:c0:d2:5e:30:9e:a0:4e:8a:ca:a1:29:bb:31:
         b6:51:96:2b:dc:71:74:25:cd:03:40:a7:e6:62:52:51:e6:d7:
         7c:01:1c:33:48:a5:80:5a:43:53:4b:5a:cd:35:38:62:4f:52:
         7f:04:10:ab:67:0d:25:e4:9e:cc:22:f9:52:b8:6f:12:a3:83:
         b5:fc:df:c6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZjXI8xuapKfytSvoj9cYVddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjUwODIzMTMzNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDA5NzA3OGYxNzkyOTIwZmFlMGMzNzdlZGRjZGI5ZjAyNTk1ZjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGvTQ7yvpRA1izJNMMs9NCWbnNn1
SoJ4CDOPZtmDoPjtLHfn4IA5ZChbV2z+0AsUI0T2/9T5g4zAsMUHB/v/5C1MMbV7
KnswXguBplbOdIvMOhmg/+OdcH5MKOQfTYW5V/2XAMbAgmui/pieSzytSu6vaMw6
zM0Q/8yFNqUi6xGqQYUZx30F4H58H+PStEMscYmgaHkgxse7v4uixUw8jQAMM5v+
kEf6xAT1UmDjVUdVhSEQ1FTfBkymrRgyAmwvCvjQlGmVeY3ZWncSGFbn+z6jc3U4
K3+182osUrnSK1pVxBscPNQj3OT9OXqe0sRLVeXTzUUPUT4pSWKuytv1twIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP0JcHjxeSkg+uDDd+3c258CWV9KMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvX1Fsd2VQRjVLU0Q2NE1OMzdkemJud0paWDBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgVjwDAN
BgkqhkiG9w0BAQsFAAOCAQEAXU7pM+YdVax9itFEBev5ZCfSH0JX+6YW1B6R0wW/
xskgnrxKTAihJAXlwilEfrtRS97F18dZDMVfgAcRe9BBpl7mzxPLZ5a8VYU+df4L
LMAN8/bz7C9SttrD6wPS+R/029L6wvKRXrajo+FLOXR9hH9CzLLpchD810axGZV5
KO3TocUouNOthf0V6O6M2fKo1fnN2Tp6cN7v9ZBR6BsUY7H5kbAuFAEr27f1d7lw
h2nA/dnR2LfNgGjA0l4wnqBOisqhKbsxtlGWK9xxdCXNA0Cn5mJSUebXfAEcM0il
gFpDU0tazTU4Yk9SfwQQq2cNJeSezCL5UrhvEqODtfzfxg==
-----END CERTIFICATE-----