Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/64c431-5330-437b-b207-28fecc63398c/1/RMQRbyTVfc3R_WDxvN9gz-bLDAA.roa
File:                     RMQRbyTVfc3R_WDxvN9gz-bLDAA.roa (raw, json)
Hash identifier:          yUAcbteBmeavQmfUpyblSFjPWzK2WK88NO5Ejqu8jfI=
Subject key identifier:   44:C4:11:6F:24:D5:7D:CD:D1:FD:60:F1:BC:DF:60:CF:E6:CB:0C:00
Certificate issuer:       /CN=8ab5b9a9368797a86baebc81f623b3f4e786f51a
Certificate serial:       0199E6FB61332EBC553F62D4921D0CAC095A
Authority key identifier: 8A:B5:B9:A9:36:87:97:A8:6B:AE:BC:81:F6:23:B3:F4:E7:86:F5:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/irW5qTaHl6hrrryB9iOz9OeG9Ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/64c431-5330-437b-b207-28fecc63398c/1/RMQRbyTVfc3R_WDxvN9gz-bLDAA.roa
Signing time:             Wed 15 Oct 2025 08:27:38 +0000
ROA not before:           Wed 15 Oct 2025 08:27:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39686
IP address blocks:        185.65.124.0/23 maxlen: 24
                          185.65.125.0/24 maxlen: 24
                          2a04:f840::/32 maxlen: 40
                          2a04:f840::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/64c431-5330-437b-b207-28fecc63398c/1/irW5qTaHl6hrrryB9iOz9OeG9Ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/64c431-5330-437b-b207-28fecc63398c/1/irW5qTaHl6hrrryB9iOz9OeG9Ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/irW5qTaHl6hrrryB9iOz9OeG9Ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e6:fb:61:33:2e:bc:55:3f:62:d4:92:1d:0c:ac:09:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ab5b9a9368797a86baebc81f623b3f4e786f51a
        Validity
            Not Before: Oct 15 08:27:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44c4116f24d57dcdd1fd60f1bcdf60cfe6cb0c00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0d:00:56:72:fc:48:7f:af:be:9b:a9:ac:ac:
                    ae:81:9d:4e:77:a3:ce:c5:e9:9b:98:94:de:16:2f:
                    7f:ae:4a:0d:f9:bb:a3:9d:a1:ec:e5:3d:7d:8a:0e:
                    47:5f:61:a8:b8:e8:a7:1a:d0:fc:04:01:a7:7a:57:
                    04:20:63:ea:af:7b:fe:4d:78:d7:99:56:2b:18:1a:
                    bc:6f:6a:cf:9e:2a:ed:b0:3a:ae:aa:3c:bb:52:13:
                    8c:dd:f6:13:26:24:e3:c8:1d:ca:60:4f:46:55:ff:
                    06:e1:80:5f:30:75:26:42:c0:af:69:4c:27:5e:60:
                    e6:96:ac:67:5f:c3:2e:88:e9:98:83:a0:03:b6:28:
                    6d:7f:12:89:db:d0:16:48:53:fd:3c:7f:4f:3c:48:
                    7f:d1:0b:15:48:c1:fa:13:48:cf:06:4d:b1:91:e0:
                    03:6f:5b:b9:5a:7a:17:85:37:d0:75:c3:31:17:e0:
                    ec:f3:8a:98:9a:2a:f7:6e:9e:01:2e:8e:21:0d:89:
                    de:40:9e:74:e4:84:f7:71:35:fd:81:c3:4d:f1:69:
                    57:5b:38:92:41:cf:a9:a0:b9:20:a7:cb:54:e2:5a:
                    46:5b:43:1a:30:86:7d:2a:23:c3:89:39:d0:23:84:
                    38:70:bd:9a:c5:80:70:72:60:a2:1a:98:9c:91:33:
                    db:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:C4:11:6F:24:D5:7D:CD:D1:FD:60:F1:BC:DF:60:CF:E6:CB:0C:00
            X509v3 Authority Key Identifier:
                keyid:8A:B5:B9:A9:36:87:97:A8:6B:AE:BC:81:F6:23:B3:F4:E7:86:F5:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/irW5qTaHl6hrrryB9iOz9OeG9Ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/64c431-5330-437b-b207-28fecc63398c/1/RMQRbyTVfc3R_WDxvN9gz-bLDAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/64c431-5330-437b-b207-28fecc63398c/1/irW5qTaHl6hrrryB9iOz9OeG9Ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.124.0/23
                IPv6:
                  2a04:f840::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:51:08:33:72:4e:e0:b8:e9:68:0c:03:7a:49:ac:b8:a8:23:
         ae:09:fa:c7:fd:9a:b6:f5:20:40:e9:a5:f9:14:85:63:7d:30:
         81:b7:21:3e:4b:5f:e6:d9:dd:fd:c4:d7:34:e7:eb:21:54:2b:
         36:a1:c1:b0:60:3d:2f:17:38:6c:6b:b1:96:e4:74:b0:28:32:
         5a:0a:58:11:ef:88:7f:c2:11:51:7b:6e:82:6b:d0:6d:b3:2c:
         60:21:ef:cb:18:f0:ab:72:91:3a:78:8f:d5:44:f1:a2:a2:2b:
         7c:45:e5:fe:01:b1:3c:60:82:9b:36:72:70:99:69:e0:2b:cd:
         2e:5e:28:d3:04:f0:67:4a:f7:50:22:c6:de:94:5d:b5:6a:4d:
         00:99:ae:28:6b:b3:81:31:fe:72:2e:62:a2:5f:0d:21:95:a7:
         c6:9d:e4:d6:56:fb:34:0d:5a:aa:bc:7c:a0:4b:0e:90:e7:fd:
         df:fa:c3:b9:ae:e3:1f:d5:83:10:d3:ef:80:68:d9:96:04:41:
         0d:b2:32:7f:30:6a:a7:69:d2:5b:bb:b4:bf:d3:36:8f:e8:af:
         bb:82:4c:bc:93:2f:9b:fe:b5:91:18:1c:bd:6e:a3:cd:f8:e1:
         bb:7a:35:9e:e1:93:42:e9:b1:2f:f6:7f:70:d6:12:da:b8:17:
         b2:c6:c0:cd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZnm+2EzLrxVP2LUkh0MrAlaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYjViOWE5MzY4Nzk3YTg2YmFlYmM4MWY2MjNiM2Y0ZTc4
NmY1MWEwHhcNMjUxMDE1MDgyNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGM0MTE2ZjI0ZDU3ZGNkZDFmZDYwZjFiY2RmNjBjZmU2Y2IwYzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQ0AVnL8SH+vvpuprKyugZ1Od6PO
xembmJTeFi9/rkoN+bujnaHs5T19ig5HX2GouOinGtD8BAGnelcEIGPqr3v+TXjX
mVYrGBq8b2rPnirtsDquqjy7UhOM3fYTJiTjyB3KYE9GVf8G4YBfMHUmQsCvaUwn
XmDmlqxnX8MuiOmYg6ADtihtfxKJ29AWSFP9PH9PPEh/0QsVSMH6E0jPBk2xkeAD
b1u5WnoXhTfQdcMxF+Ds84qYmir3bp4BLo4hDYneQJ505IT3cTX9gcNN8WlXWziS
Qc+poLkgp8tU4lpGW0MaMIZ9KiPDiTnQI4Q4cL2axYBwcmCiGpickTPbfQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFETEEW8k1X3N0f1g8bzfYM/mywwAMB8GA1UdIwQY
MBaAFIq1uak2h5eoa668gfYjs/TnhvUaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXJXNXFUYUhsNmhycnJ5QjlpT3o5T2VHOVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy82NGM0MzEtNTMzMC00MzdiLWIyMDct
MjhmZWNjNjMzOThjLzEvUk1RUmJ5VFZmYzNSX1dEeHZOOWd6LWJMREFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy82NGM0MzEtNTMzMC00MzdiLWIyMDctMjhmZWNjNjMzOThj
LzEvaXJXNXFUYUhsNmhycnJ5QjlpT3o5T2VHOVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuUF8MA0E
AgACMAcDBQAqBPhAMA0GCSqGSIb3DQEBCwUAA4IBAQBrUQgzck7guOloDAN6Say4
qCOuCfrH/Zq29SBA6aX5FIVjfTCBtyE+S1/m2d39xNc05+shVCs2ocGwYD0vFzhs
a7GW5HSwKDJaClgR74h/whFRe26Ca9BtsyxgIe/LGPCrcpE6eI/VRPGioit8ReX+
AbE8YIKbNnJwmWngK80uXijTBPBnSvdQIsbelF21ak0Ama4oa7OBMf5yLmKiXw0h
lafGneTWVvs0DVqqvHygSw6Q5/3f+sO5ruMf1YMQ0++AaNmWBEENsjJ/MGqnadJb
u7S/0zaP6K+7gky8ky+b/rWRGBy9bqPN+OG7ejWe4ZNC6bEv9n9w1hLauBeyxsDN
-----END CERTIFICATE-----