Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/ca641f-db3a-4f64-a25b-cfa6a91481e2/1/QZlBG2kRh6vni73fkptkgN279c4.roa
File:                     QZlBG2kRh6vni73fkptkgN279c4.roa (raw, json)
Hash identifier:          XJG4jHJv96gh6e1pmElIHEBthdc/xrtURDP4u20xHEU=
Subject key identifier:   41:99:41:1B:69:11:87:AB:E7:8B:BD:DF:92:9B:64:80:DD:BB:F5:CE
Certificate issuer:       /CN=97d23ae28cd860c8edfd618356f8b31f5e4dc928
Certificate serial:       019977B91A4B3639878AB56F889B118B403D
Authority key identifier: 97:D2:3A:E2:8C:D8:60:C8:ED:FD:61:83:56:F8:B3:1F:5E:4D:C9:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l9I64ozYYMjt_WGDVvizH15NySg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/ca641f-db3a-4f64-a25b-cfa6a91481e2/1/QZlBG2kRh6vni73fkptkgN279c4.roa
Signing time:             Tue 23 Sep 2025 17:57:23 +0000
ROA not before:           Tue 23 Sep 2025 17:57:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213438
IP address blocks:        2a13:29c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/ca641f-db3a-4f64-a25b-cfa6a91481e2/1/l9I64ozYYMjt_WGDVvizH15NySg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/ca641f-db3a-4f64-a25b-cfa6a91481e2/1/l9I64ozYYMjt_WGDVvizH15NySg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l9I64ozYYMjt_WGDVvizH15NySg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:77:b9:1a:4b:36:39:87:8a:b5:6f:88:9b:11:8b:40:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97d23ae28cd860c8edfd618356f8b31f5e4dc928
        Validity
            Not Before: Sep 23 17:57:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4199411b691187abe78bbddf929b6480ddbbf5ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:07:c0:78:33:28:d5:9d:36:c5:fd:d8:5e:cf:
                    69:a6:7e:6d:d3:10:02:59:44:fb:08:77:bf:6d:bb:
                    3a:e6:4e:c9:cb:1e:a9:d6:42:c5:7b:2b:7e:f1:a4:
                    2a:8c:49:88:2f:35:62:c3:66:ac:7b:a4:8f:f9:4c:
                    d1:c8:9b:d1:26:f2:b7:9f:63:99:fe:9e:2d:38:9a:
                    16:46:0a:94:97:bf:0f:cb:b8:e2:cd:bb:35:3e:59:
                    5b:bc:e2:f4:7c:17:24:54:91:f5:26:5e:e2:a4:68:
                    c8:03:8f:3a:46:74:02:36:09:58:5e:f6:5c:23:54:
                    34:d9:31:18:55:df:0a:f7:2c:bf:2f:94:b1:64:43:
                    26:13:cd:d4:38:2a:38:a9:b1:b1:c5:3a:ef:20:a3:
                    e2:2a:49:03:e4:85:94:ed:b7:fd:70:ca:a8:df:a9:
                    1f:ee:53:63:7d:1e:78:38:91:fb:57:82:f9:88:9d:
                    a8:82:ad:1e:7d:5a:f2:6e:ae:10:7b:24:8f:ab:01:
                    bb:a6:c8:27:d7:36:b6:16:c3:bd:e6:ac:13:71:ff:
                    4a:d0:6e:de:41:8c:17:27:22:11:a4:59:01:64:ad:
                    f2:6e:ec:5b:8a:c4:8d:8d:20:e9:60:09:38:b3:73:
                    21:ce:a6:f8:3e:67:32:0a:3f:71:55:61:4f:82:39:
                    ab:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:99:41:1B:69:11:87:AB:E7:8B:BD:DF:92:9B:64:80:DD:BB:F5:CE
            X509v3 Authority Key Identifier:
                keyid:97:D2:3A:E2:8C:D8:60:C8:ED:FD:61:83:56:F8:B3:1F:5E:4D:C9:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l9I64ozYYMjt_WGDVvizH15NySg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/ca641f-db3a-4f64-a25b-cfa6a91481e2/1/QZlBG2kRh6vni73fkptkgN279c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/ca641f-db3a-4f64-a25b-cfa6a91481e2/1/l9I64ozYYMjt_WGDVvizH15NySg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:29c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ac:93:3c:61:ba:b4:41:67:2c:88:c6:14:9d:cd:4f:dd:5e:fc:
         63:48:27:4a:ef:03:d9:46:9d:97:60:b3:b9:78:1f:31:6e:60:
         00:55:d3:d2:2b:29:dd:48:95:28:64:c6:7a:5f:97:3e:80:90:
         86:fb:0c:5b:44:74:e9:49:8c:f0:46:91:52:5f:8c:4d:cc:d3:
         15:75:af:53:9d:46:19:35:be:2d:20:ce:26:8d:9b:e1:4c:69:
         43:87:cc:e7:db:33:40:b7:b8:17:b8:21:f2:0a:e1:bb:ec:52:
         a0:12:97:d2:45:ff:7f:0e:b6:69:c7:2f:4d:5b:e8:94:1a:85:
         00:8e:a1:9a:79:5e:25:df:b7:fc:62:8e:63:7a:d5:82:d5:d2:
         23:64:a6:03:38:08:06:19:0b:f2:ca:8a:7e:c2:59:aa:53:86:
         36:a1:a0:21:0f:17:8e:c1:0e:03:c4:29:c9:fd:59:00:b0:9a:
         f8:e6:52:40:63:33:19:71:55:b0:2f:b0:e0:9c:53:3b:b3:28:
         a4:00:f0:0f:96:89:20:6c:4c:4d:3f:e0:7f:80:f4:bf:b1:80:
         07:be:ff:d5:b5:0c:e6:dd:d8:54:1b:80:0c:f5:b7:15:34:29:
         51:6e:d2:b2:e5:2f:ab:41:50:13:b5:f6:7b:b2:9a:c0:00:48:
         5f:b8:5c:4e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZl3uRpLNjmHirVviJsRi0A9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZDIzYWUyOGNkODYwYzhlZGZkNjE4MzU2ZjhiMzFmNWU0
ZGM5MjgwHhcNMjUwOTIzMTc1NzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTk5NDExYjY5MTE4N2FiZTc4YmJkZGY5MjliNjQ4MGRkYmJmNWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAfAeDMo1Z02xf3YXs9ppn5t0xAC
WUT7CHe/bbs65k7Jyx6p1kLFeyt+8aQqjEmILzViw2ase6SP+UzRyJvRJvK3n2OZ
/p4tOJoWRgqUl78Py7jizbs1PllbvOL0fBckVJH1Jl7ipGjIA486RnQCNglYXvZc
I1Q02TEYVd8K9yy/L5SxZEMmE83UOCo4qbGxxTrvIKPiKkkD5IWU7bf9cMqo36kf
7lNjfR54OJH7V4L5iJ2ogq0efVrybq4QeySPqwG7psgn1za2FsO95qwTcf9K0G7e
QYwXJyIRpFkBZK3ybuxbisSNjSDpYAk4s3Mhzqb4PmcyCj9xVWFPgjmrEwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEGZQRtpEYer54u935KbZIDdu/XOMB8GA1UdIwQY
MBaAFJfSOuKM2GDI7f1hg1b4sx9eTckoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDlJNjRvellZTWp0X1dHRFZ2aXpIMTVOeVNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9jYTY0MWYtZGIzYS00ZjY0LWEyNWIt
Y2ZhNmE5MTQ4MWUyLzEvUVpsQkcya1JoNnZuaTczZmtwdGtnTjI3OWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9jYTY0MWYtZGIzYS00ZjY0LWEyNWItY2ZhNmE5MTQ4MWUy
LzEvbDlJNjRvellZTWp0X1dHRFZ2aXpIMTVOeVNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhMpwDAN
BgkqhkiG9w0BAQsFAAOCAQEArJM8Ybq0QWcsiMYUnc1P3V78Y0gnSu8D2Uadl2Cz
uXgfMW5gAFXT0isp3UiVKGTGel+XPoCQhvsMW0R06UmM8EaRUl+MTczTFXWvU51G
GTW+LSDOJo2b4UxpQ4fM59szQLe4F7gh8grhu+xSoBKX0kX/fw62accvTVvolBqF
AI6hmnleJd+3/GKOY3rVgtXSI2SmAzgIBhkL8sqKfsJZqlOGNqGgIQ8XjsEOA8Qp
yf1ZALCa+OZSQGMzGXFVsC+w4JxTO7MopADwD5aJIGxMTT/gf4D0v7GAB77/1bUM
5t3YVBuADPW3FTQpUW7SsuUvq0FQE7X2e7KawABIX7hcTg==
-----END CERTIFICATE-----