Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/6cqUaiJ5_cSjrz1gUY79pg6KFCA.roa
File:                     6cqUaiJ5_cSjrz1gUY79pg6KFCA.roa (raw, json)
Hash identifier:          8mrKsNK0O0TzM5RZwmhgDmRIGfUO/NQosIhs7QKSDag=
Subject key identifier:   E9:CA:94:6A:22:79:FD:C4:A3:AF:3D:60:51:8E:FD:A6:0E:8A:14:20
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       019965DCF651EA85AAC5F89C8BA64AD3B601
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/6cqUaiJ5_cSjrz1gUY79pg6KFCA.roa
Signing time:             Sat 20 Sep 2025 06:43:23 +0000
ROA not before:           Sat 20 Sep 2025 06:43:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215415
IP address blocks:        2a0f:7802:e200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:65:dc:f6:51:ea:85:aa:c5:f8:9c:8b:a6:4a:d3:b6:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Sep 20 06:43:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9ca946a2279fdc4a3af3d60518efda60e8a1420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:58:bf:63:0b:57:b4:3a:e9:45:2e:32:37:ab:
                    ef:e5:00:b9:5e:e6:63:ca:36:ec:d7:a5:14:24:15:
                    2c:1b:ca:6f:06:cb:2c:11:81:de:73:01:37:9f:35:
                    6a:ef:1f:74:4a:53:03:e4:7a:da:3d:36:2b:2d:db:
                    1c:32:29:e3:f7:af:a4:91:0b:79:d2:e7:36:98:79:
                    66:c3:fd:ef:f6:37:b4:70:1a:1e:95:4a:da:ae:37:
                    66:2a:ea:b3:fa:ec:e1:b1:13:98:ab:36:0f:f8:46:
                    20:09:33:12:4b:f8:87:a3:0a:a7:1f:da:5c:17:c6:
                    59:d9:1c:81:58:cd:c7:cb:ed:5c:b2:99:22:2a:ab:
                    d6:1d:2f:78:76:28:b1:51:0f:c6:bf:2a:07:b2:5f:
                    70:8b:75:06:a1:a3:7d:4a:4c:ea:d1:03:d0:3b:25:
                    51:67:ed:22:4c:28:e1:c8:5d:45:46:d6:89:23:b5:
                    46:61:bd:98:a5:d6:fc:45:80:52:fa:ed:55:6d:a4:
                    1a:b6:3d:b9:32:fc:51:e1:ab:19:b1:32:bd:ca:f6:
                    37:10:30:ff:55:3d:20:a6:dc:1a:d4:a1:fd:cb:54:
                    bc:7d:60:4a:fc:2d:2b:c3:87:65:75:c8:05:c5:9a:
                    7b:a7:8b:22:ca:da:e3:98:d1:77:30:0e:37:a0:2c:
                    b5:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:CA:94:6A:22:79:FD:C4:A3:AF:3D:60:51:8E:FD:A6:0E:8A:14:20
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/6cqUaiJ5_cSjrz1gUY79pg6KFCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:e200::/40

    Signature Algorithm: sha256WithRSAEncryption
         76:79:cf:79:cb:5a:66:74:5d:19:44:22:eb:27:73:a7:d5:af:
         d2:55:fc:25:30:f2:cf:78:69:86:77:03:66:c0:48:55:76:2d:
         f4:c8:d2:02:3d:23:04:9c:3e:00:2c:d0:15:40:5e:a0:82:3f:
         34:9f:73:ee:1a:5f:23:78:c3:e7:0b:71:6b:0b:12:e7:30:74:
         cf:58:c0:bd:71:e4:a6:c4:da:ad:01:dd:1b:37:c0:f7:56:4e:
         61:4a:e0:19:44:6f:a9:a9:a6:b5:ba:7e:16:8c:31:16:0d:bc:
         5d:86:18:25:f7:77:27:d5:25:b3:ab:3d:e7:1b:37:0f:73:03:
         77:a3:d3:94:a7:4f:8e:2c:bb:83:25:83:52:b3:d7:51:42:4d:
         58:11:0b:a7:7e:3c:01:de:c6:1b:9d:d9:93:20:36:34:9d:ce:
         11:72:2c:72:47:f1:7a:61:68:9b:7f:5c:5d:6d:ee:b1:ce:14:
         eb:7a:dd:ba:25:c3:cf:00:4f:09:85:90:be:e4:31:81:6d:bd:
         00:5d:65:20:bf:f4:91:ee:47:a3:05:04:85:78:39:ba:89:6d:
         bb:a9:46:75:37:4a:07:ab:2f:d7:24:8a:65:0f:0c:08:52:4a:
         04:b1:09:79:eb:5b:e3:10:da:4c:ee:48:90:57:54:a1:3b:e2:
         d5:d6:46:35
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZll3PZR6oWqxfici6ZK07YBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwOTIwMDY0MzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWNhOTQ2YTIyNzlmZGM0YTNhZjNkNjA1MThlZmRhNjBlOGExNDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Vi/YwtXtDrpRS4yN6vv5QC5XuZj
yjbs16UUJBUsG8pvBsssEYHecwE3nzVq7x90SlMD5HraPTYrLdscMinj96+kkQt5
0uc2mHlmw/3v9je0cBoelUrarjdmKuqz+uzhsROYqzYP+EYgCTMSS/iHowqnH9pc
F8ZZ2RyBWM3Hy+1cspkiKqvWHS94diixUQ/GvyoHsl9wi3UGoaN9Skzq0QPQOyVR
Z+0iTCjhyF1FRtaJI7VGYb2Ypdb8RYBS+u1VbaQatj25MvxR4asZsTK9yvY3EDD/
VT0gptwa1KH9y1S8fWBK/C0rw4dldcgFxZp7p4siytrjmNF3MA43oCy1TwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOnKlGoief3Eo689YFGO/aYOihQgMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvNmNxVWFpSjVfY1NqcnoxZ1VZNzlwZzZLRkNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg94AuIw
DQYJKoZIhvcNAQELBQADggEBAHZ5z3nLWmZ0XRlEIusnc6fVr9JV/CUw8s94aYZ3
A2bASFV2LfTI0gI9IwScPgAs0BVAXqCCPzSfc+4aXyN4w+cLcWsLEucwdM9YwL1x
5KbE2q0B3Rs3wPdWTmFK4BlEb6mpprW6fhaMMRYNvF2GGCX3dyfVJbOrPecbNw9z
A3ej05SnT44su4Mlg1Kz11FCTVgRC6d+PAHexhud2ZMgNjSdzhFyLHJH8XphaJt/
XF1t7rHOFOt63bolw88ATwmFkL7kMYFtvQBdZSC/9JHuR6MFBIV4ObqJbbupRnU3
SgerL9ckimUPDAhSSgSxCXnrW+MQ2kzuSJBXVKE74tXWRjU=
-----END CERTIFICATE-----