Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/QsNbKGprIHnxXc4RUlDgiRoQXnA.roa
File:                     QsNbKGprIHnxXc4RUlDgiRoQXnA.roa (raw, json)
Hash identifier:          Pkna9W4kPAK2Op+5aCMmruJy0CfjIezVw48VbjKBW/w=
Subject key identifier:   42:C3:5B:28:6A:6B:20:79:F1:5D:CE:11:52:50:E0:89:1A:10:5E:70
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       0199EC60507AB8F5EDB9FE4C9454DDBB01AF
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/QsNbKGprIHnxXc4RUlDgiRoQXnA.roa
Signing time:             Thu 16 Oct 2025 09:35:59 +0000
ROA not before:           Thu 16 Oct 2025 09:35:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42881
IP address blocks:        2a09:6282::/32 maxlen: 32
                          2a10:4107::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ec:60:50:7a:b8:f5:ed:b9:fe:4c:94:54:dd:bb:01:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Oct 16 09:35:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42c35b286a6b2079f15dce115250e0891a105e70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c5:c2:a0:c9:e1:c9:e5:a8:36:1b:32:86:73:
                    20:84:d2:0f:9f:81:dc:1e:12:62:6e:3e:fb:89:7f:
                    97:11:f7:bf:6e:d3:48:c5:45:76:8b:ae:18:f9:0b:
                    9d:7a:50:9c:a4:73:94:42:82:e5:04:17:f8:d7:1d:
                    7a:1e:7f:a4:3f:cb:d1:ca:58:db:48:51:1f:93:17:
                    6b:98:0c:d6:cf:f9:ac:b7:9e:ec:d6:ce:61:8f:8c:
                    0e:92:e1:a2:2e:09:7a:9f:6a:d4:e5:2c:42:32:de:
                    05:dd:a0:ec:b0:3b:3c:c0:f8:12:7d:45:20:2d:83:
                    c4:7d:19:f6:5e:d2:3a:cc:b3:df:45:7b:1c:8d:eb:
                    ca:48:5e:9a:ab:5f:ca:f3:97:bb:72:75:fa:5d:d1:
                    e3:d3:1e:51:cf:95:3d:7e:07:65:db:6d:7b:c5:e4:
                    31:33:0a:b0:13:82:78:54:76:bc:20:7f:ce:04:67:
                    3c:26:ef:61:86:d1:25:6f:8a:1e:cc:05:fe:33:db:
                    ff:5a:7e:bb:a1:45:3e:74:a2:12:95:d1:f3:52:1e:
                    28:2d:7c:6f:9c:d9:f6:c3:25:2d:69:d8:88:cf:f8:
                    0b:03:9a:d4:83:6b:e3:4f:09:a3:07:2f:33:05:6e:
                    38:7a:cd:28:5a:ca:61:f6:27:8c:2e:f7:8d:b3:20:
                    25:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:C3:5B:28:6A:6B:20:79:F1:5D:CE:11:52:50:E0:89:1A:10:5E:70
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/QsNbKGprIHnxXc4RUlDgiRoQXnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6282::/32
                  2a10:4107::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:72:ce:cc:5f:30:98:ce:f8:db:f4:e2:5e:94:91:a4:d1:19:
         73:de:27:7f:24:d7:92:83:b9:10:40:26:4e:a5:5f:46:a9:7c:
         b4:40:e8:d2:2e:28:85:4e:12:6d:f6:08:20:bf:cc:eb:a8:f1:
         cf:04:e8:23:95:31:bc:7d:1a:0a:91:18:79:2f:cb:6a:10:54:
         1a:e5:1e:f1:82:06:63:94:4f:ee:9f:e7:48:3a:27:da:5b:94:
         b6:b6:4a:37:56:8d:04:44:41:a3:b2:09:94:23:6e:d9:d4:86:
         d1:b1:82:b1:3e:6f:1a:07:a6:43:63:f6:65:34:27:3a:21:7d:
         56:9d:37:13:c6:6f:89:f1:80:5b:2b:43:f6:2f:a7:1d:66:32:
         53:00:28:ae:56:d5:38:9c:34:f8:2f:71:ad:67:d3:6f:7d:a9:
         e0:0f:d0:8a:85:98:a5:fb:97:de:20:51:39:d9:7e:af:6d:fe:
         a1:9e:1d:8a:8f:33:60:8d:91:8e:09:29:0b:e6:49:90:38:a1:
         c9:b7:7a:90:b6:f3:7b:f9:9f:9f:f2:dd:fc:ff:43:61:6f:22:
         9b:b7:68:71:d9:2a:5e:39:7b:ea:08:64:94:bb:18:95:01:d1:
         20:fc:be:d4:fd:b0:39:d0:13:c2:4f:b5:55:4d:dc:7d:d4:06:
         24:57:f3:33
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZnsYFB6uPXtuf5MlFTduwGvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUxMDE2MDkzNTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmMzNWIyODZhNmIyMDc5ZjE1ZGNlMTE1MjUwZTA4OTFhMTA1ZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMXCoMnhyeWoNhsyhnMghNIPn4Hc
HhJibj77iX+XEfe/btNIxUV2i64Y+QudelCcpHOUQoLlBBf41x16Hn+kP8vRyljb
SFEfkxdrmAzWz/mst57s1s5hj4wOkuGiLgl6n2rU5SxCMt4F3aDssDs8wPgSfUUg
LYPEfRn2XtI6zLPfRXscjevKSF6aq1/K85e7cnX6XdHj0x5Rz5U9fgdl2217xeQx
MwqwE4J4VHa8IH/OBGc8Ju9hhtElb4oezAX+M9v/Wn67oUU+dKISldHzUh4oLXxv
nNn2wyUtadiIz/gLA5rUg2vjTwmjBy8zBW44es0oWsph9ieMLveNsyAlgwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFELDWyhqayB58V3OEVJQ4IkaEF5wMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvUXNOYktHcHJJSG54WGM0UlVsRGdpUm9RWG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgliggMF
ACoQQQcwDQYJKoZIhvcNAQELBQADggEBAKpyzsxfMJjO+Nv04l6UkaTRGXPeJ38k
15KDuRBAJk6lX0apfLRA6NIuKIVOEm32CCC/zOuo8c8E6COVMbx9GgqRGHkvy2oQ
VBrlHvGCBmOUT+6f50g6J9pblLa2SjdWjQREQaOyCZQjbtnUhtGxgrE+bxoHpkNj
9mU0JzohfVadNxPGb4nxgFsrQ/Yvpx1mMlMAKK5W1TicNPgvca1n0299qeAP0IqF
mKX7l94gUTnZfq9t/qGeHYqPM2CNkY4JKQvmSZA4ocm3epC283v5n5/y3fz/Q2Fv
Ipu3aHHZKl45e+oIZJS7GJUB0SD8vtT9sDnQE8JPtVVN3H3UBiRX8zM=
-----END CERTIFICATE-----