Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/Q-OBGjb6oBDZXn0az_tHjhT317o.roa
File:                     Q-OBGjb6oBDZXn0az_tHjhT317o.roa (raw, json)
Hash identifier:          955aOscnf+j7V/Y/zcZbXtZ0JZfV473pEcIFT2Lzb6s=
Subject key identifier:   43:E3:81:1A:36:FA:A0:10:D9:5E:7D:1A:CF:FB:47:8E:14:F7:D7:BA
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       0199C809525C3CC357BC32391BC7B1FCB2BD
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/Q-OBGjb6oBDZXn0az_tHjhT317o.roa
Signing time:             Thu 09 Oct 2025 08:14:38 +0000
ROA not before:           Thu 09 Oct 2025 08:14:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35661
IP address blocks:        109.205.193.0/24 maxlen: 24
                          2a01:fb06::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c8:09:52:5c:3c:c3:57:bc:32:39:1b:c7:b1:fc:b2:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Oct  9 08:14:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43e3811a36faa010d95e7d1acffb478e14f7d7ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:70:6b:14:a6:6c:76:eb:9d:32:d7:c6:45:d1:
                    34:34:66:b4:4f:19:23:14:91:48:a0:b7:db:ef:d4:
                    70:56:ad:98:f8:94:84:21:35:ed:08:b0:81:31:6c:
                    e9:ad:8d:20:27:d3:96:c0:a4:95:24:17:6c:7f:18:
                    71:68:c0:0b:65:1d:1b:c0:cc:31:27:21:85:ed:13:
                    02:5e:9f:46:9e:fe:49:ef:6d:aa:2e:8b:eb:9c:fb:
                    a2:c3:be:45:d4:f7:0e:cb:8a:a4:39:bf:1b:9d:23:
                    bf:e3:31:b2:35:62:7c:d6:a6:63:b1:7e:73:c1:4e:
                    d7:5c:eb:cd:46:8a:38:04:37:fd:14:e5:27:1d:c4:
                    71:c3:58:58:73:c4:f1:fe:3e:79:3a:24:48:b3:3c:
                    c7:e3:3a:ce:19:97:cd:17:e4:41:90:d0:8d:55:68:
                    7f:06:90:7b:76:63:85:47:38:f7:d6:32:14:52:23:
                    8a:b4:6f:fa:d5:bb:26:d2:ef:09:33:cc:06:36:74:
                    90:9a:21:92:82:91:77:6e:6c:75:8d:5f:ee:5e:80:
                    d4:88:a6:29:6e:13:b0:16:5d:64:50:8a:7c:8f:db:
                    f8:bc:c6:5d:93:bb:43:f3:e9:9c:9b:11:2c:f2:c8:
                    b9:8d:be:51:68:39:f3:52:4f:5f:02:6a:ce:10:70:
                    11:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E3:81:1A:36:FA:A0:10:D9:5E:7D:1A:CF:FB:47:8E:14:F7:D7:BA
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/Q-OBGjb6oBDZXn0az_tHjhT317o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.193.0/24
                IPv6:
                  2a01:fb06::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:24:2c:a2:23:c1:be:3c:3b:c5:bd:64:22:26:99:27:69:65:
         db:12:e7:ab:c4:b7:88:f5:ef:de:fa:34:8c:ed:c2:f1:01:1c:
         6a:a8:a3:88:6f:2e:f3:b3:30:a0:46:15:28:6e:8f:0e:7e:28:
         7d:3f:48:c3:6c:94:ee:fe:32:f6:a6:1e:e3:82:94:b8:85:14:
         3b:3f:08:14:36:e8:6b:f4:d2:2f:c1:cf:64:43:15:9b:b8:f7:
         aa:84:e0:25:71:9b:a2:c3:22:19:4d:73:ec:be:67:f7:a5:0c:
         1a:e1:c7:23:3f:89:95:7d:86:9f:84:5a:8e:c1:43:eb:f8:fd:
         96:7f:6f:ad:fe:68:b7:f9:0a:2b:b6:fc:42:a3:16:f7:22:de:
         5e:2c:1c:03:3d:89:ac:57:45:7b:f5:f1:f8:3a:d0:87:6b:57:
         1a:ac:9c:87:9f:5a:be:a7:1b:02:44:0b:cc:cd:14:da:a1:7d:
         cc:a9:65:d8:3e:00:d0:1e:cb:50:fc:03:59:34:58:50:2e:f4:
         8a:bb:db:d1:6a:99:79:3f:ff:6c:8c:98:ae:e3:f0:9a:d0:d3:
         ae:30:00:f4:de:37:7f:3b:74:c1:04:e0:90:f4:99:a9:aa:0a:
         da:be:61:a9:c8:a5:09:8e:80:d6:c8:92:6a:92:78:92:88:f7:
         97:01:7a:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZnICVJcPMNXvDI5G8ex/LK9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUxMDA5MDgxNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2UzODExYTM2ZmFhMDEwZDk1ZTdkMWFjZmZiNDc4ZTE0ZjdkN2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXBrFKZsduudMtfGRdE0NGa0Txkj
FJFIoLfb79RwVq2Y+JSEITXtCLCBMWzprY0gJ9OWwKSVJBdsfxhxaMALZR0bwMwx
JyGF7RMCXp9Gnv5J722qLovrnPuiw75F1PcOy4qkOb8bnSO/4zGyNWJ81qZjsX5z
wU7XXOvNRoo4BDf9FOUnHcRxw1hYc8Tx/j55OiRIszzH4zrOGZfNF+RBkNCNVWh/
BpB7dmOFRzj31jIUUiOKtG/61bsm0u8JM8wGNnSQmiGSgpF3bmx1jV/uXoDUiKYp
bhOwFl1kUIp8j9v4vMZdk7tD8+mcmxEs8si5jb5RaDnzUk9fAmrOEHARDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEPjgRo2+qAQ2V59Gs/7R44U99e6MB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvUS1PQkdqYjZvQkRaWG4wYXpfdEhqaFQzMTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAbc3BMA0E
AgACMAcDBQAqAfsGMA0GCSqGSIb3DQEBCwUAA4IBAQBGJCyiI8G+PDvFvWQiJpkn
aWXbEuerxLeI9e/e+jSM7cLxARxqqKOIby7zszCgRhUobo8Ofih9P0jDbJTu/jL2
ph7jgpS4hRQ7PwgUNuhr9NIvwc9kQxWbuPeqhOAlcZuiwyIZTXPsvmf3pQwa4ccj
P4mVfYafhFqOwUPr+P2Wf2+t/mi3+QortvxCoxb3It5eLBwDPYmsV0V79fH4OtCH
a1carJyHn1q+pxsCRAvMzRTaoX3MqWXYPgDQHstQ/ANZNFhQLvSKu9vRapl5P/9s
jJiu4/Ca0NOuMAD03jd/O3TBBOCQ9JmpqgravmGpyKUJjoDWyJJqkniSiPeXAXrW
-----END CERTIFICATE-----