Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/50ca35-bde6-4508-b80f-236789587997/1/QBIBdna_N55TAI8c27vs4Q0wnVg.roa
File:                     QBIBdna_N55TAI8c27vs4Q0wnVg.roa (raw, json)
Hash identifier:          P8QRt+F8Et/8aZlkMH7Eh3/f/wH7wjwP9nhmPnZRb+E=
Subject key identifier:   40:12:01:76:76:BF:37:9E:53:00:8F:1C:DB:BB:EC:E1:0D:30:9D:58
Certificate issuer:       /CN=22cb36f8506c118bfc41f5dae362264a96814990
Certificate serial:       019A508F0B04370D8A153B5768C2802BB8DC
Authority key identifier: 22:CB:36:F8:50:6C:11:8B:FC:41:F5:DA:E3:62:26:4A:96:81:49:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iss2-FBsEYv8QfXa42ImSpaBSZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/50ca35-bde6-4508-b80f-236789587997/1/QBIBdna_N55TAI8c27vs4Q0wnVg.roa
Signing time:             Tue 04 Nov 2025 20:29:02 +0000
ROA not before:           Tue 04 Nov 2025 20:29:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209025
IP address blocks:        2a10:cd44::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/50ca35-bde6-4508-b80f-236789587997/1/Iss2-FBsEYv8QfXa42ImSpaBSZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/50ca35-bde6-4508-b80f-236789587997/1/Iss2-FBsEYv8QfXa42ImSpaBSZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iss2-FBsEYv8QfXa42ImSpaBSZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:50:8f:0b:04:37:0d:8a:15:3b:57:68:c2:80:2b:b8:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22cb36f8506c118bfc41f5dae362264a96814990
        Validity
            Not Before: Nov  4 20:29:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4012017676bf379e53008f1cdbbbece10d309d58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:3e:90:4d:c2:9a:b1:cc:a4:08:4d:2a:4a:34:
                    fa:b4:23:f9:36:82:17:3f:c6:5b:af:8b:f9:2c:d1:
                    1a:ba:c7:e3:e9:1c:6e:1f:c0:0d:3b:d7:0d:67:f3:
                    26:0b:9c:e5:81:14:1b:7b:5d:1f:c3:1f:94:de:c9:
                    1d:ae:f4:40:7d:3e:40:d0:b1:83:68:28:9b:97:54:
                    ab:1a:82:45:1c:ad:c3:a6:a3:e9:59:e1:88:08:8a:
                    07:ec:b6:3e:ff:9a:e3:ad:57:f1:a5:d4:99:2c:63:
                    9c:bf:86:aa:b3:42:08:d1:80:e7:e1:5a:71:bc:a5:
                    b5:a1:28:d1:4a:eb:dd:c4:3b:11:36:a3:9d:87:8d:
                    a7:ad:b2:26:e9:e7:21:71:c5:65:99:46:6e:b9:41:
                    d0:95:30:28:d3:41:a7:05:14:c6:d2:1c:c7:f4:04:
                    44:56:61:e6:f6:82:8b:62:b1:f4:93:27:64:09:80:
                    c5:e9:b6:19:e4:e0:8e:4e:af:09:60:de:81:dd:b1:
                    95:d4:8b:e1:cc:20:54:00:3c:9c:da:64:80:b2:28:
                    21:e5:30:1f:08:00:bf:17:f2:bd:e9:33:1c:77:9a:
                    d7:99:88:e0:bb:d3:97:bf:87:17:d3:61:51:8d:43:
                    67:9c:67:a5:8a:69:8b:48:b1:00:ab:56:24:51:bc:
                    20:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:12:01:76:76:BF:37:9E:53:00:8F:1C:DB:BB:EC:E1:0D:30:9D:58
            X509v3 Authority Key Identifier:
                keyid:22:CB:36:F8:50:6C:11:8B:FC:41:F5:DA:E3:62:26:4A:96:81:49:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iss2-FBsEYv8QfXa42ImSpaBSZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/50ca35-bde6-4508-b80f-236789587997/1/QBIBdna_N55TAI8c27vs4Q0wnVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/50ca35-bde6-4508-b80f-236789587997/1/Iss2-FBsEYv8QfXa42ImSpaBSZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cd44::/30

    Signature Algorithm: sha256WithRSAEncryption
         48:86:e3:95:1a:b4:4c:54:74:12:bc:40:11:a6:ca:aa:68:52:
         ce:f3:46:f3:cc:16:05:52:a5:b4:b3:16:c7:7c:a4:bd:1c:16:
         f7:8f:00:e5:67:6b:b5:0a:49:e4:5d:ab:fa:32:dd:53:5c:cb:
         0d:dc:3a:48:22:00:53:5f:24:da:5f:41:83:b8:9c:a9:ea:25:
         ea:70:e1:64:5e:a8:f2:9f:78:f5:08:f3:a7:2b:84:41:ed:2d:
         e2:c4:3a:57:b4:42:38:6d:ca:f1:65:f0:81:a5:d1:2d:fc:4c:
         dc:dc:88:92:4b:7f:83:fe:01:51:8e:1d:4b:05:da:b2:ab:a0:
         ba:9b:43:a3:41:59:40:2c:aa:48:f3:6c:6f:fd:b1:1e:37:17:
         37:8f:b1:f9:54:02:ab:59:5c:95:96:93:91:95:0f:3a:12:4a:
         52:7d:cc:4c:fa:3e:e3:ae:08:70:6c:f6:82:d3:62:8a:24:43:
         08:ea:58:fa:24:fe:4b:e7:81:8f:02:a4:00:89:ad:6d:cd:05:
         b8:94:df:3d:be:5b:c1:4d:af:1a:b5:69:e5:1b:97:a4:57:96:
         2c:3a:1c:41:8b:6a:0e:64:d0:34:3f:43:16:76:ea:f1:1b:b4:
         d3:be:83:3c:64:fd:ee:e8:41:14:c9:29:99:2b:a2:d4:27:57:
         a1:48:d4:2a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZpQjwsENw2KFTtXaMKAK7jcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyY2IzNmY4NTA2YzExOGJmYzQxZjVkYWUzNjIyNjRhOTY4
MTQ5OTAwHhcNMjUxMTA0MjAyOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDEyMDE3Njc2YmYzNzllNTMwMDhmMWNkYmJiZWNlMTBkMzA5ZDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwj6QTcKascykCE0qSjT6tCP5NoIX
P8Zbr4v5LNEausfj6RxuH8ANO9cNZ/MmC5zlgRQbe10fwx+U3skdrvRAfT5A0LGD
aCibl1SrGoJFHK3DpqPpWeGICIoH7LY+/5rjrVfxpdSZLGOcv4aqs0II0YDn4Vpx
vKW1oSjRSuvdxDsRNqOdh42nrbIm6echccVlmUZuuUHQlTAo00GnBRTG0hzH9ARE
VmHm9oKLYrH0kydkCYDF6bYZ5OCOTq8JYN6B3bGV1IvhzCBUADyc2mSAsigh5TAf
CAC/F/K96TMcd5rXmYjgu9OXv4cX02FRjUNnnGelimmLSLEAq1YkUbwghwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEASAXZ2vzeeUwCPHNu77OENMJ1YMB8GA1UdIwQY
MBaAFCLLNvhQbBGL/EH12uNiJkqWgUmQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNzMi1GQnNFWXY4UWZYYTQySW1TcGFCU1pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy81MGNhMzUtYmRlNi00NTA4LWI4MGYt
MjM2Nzg5NTg3OTk3LzEvUUJJQmRuYV9ONTVUQUk4YzI3dnM0UTB3blZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy81MGNhMzUtYmRlNi00NTA4LWI4MGYtMjM2Nzg5NTg3OTk3
LzEvSXNzMi1GQnNFWXY4UWZYYTQySW1TcGFCU1pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUCKhDNRDAN
BgkqhkiG9w0BAQsFAAOCAQEASIbjlRq0TFR0ErxAEabKqmhSzvNG88wWBVKltLMW
x3ykvRwW948A5WdrtQpJ5F2r+jLdU1zLDdw6SCIAU18k2l9Bg7icqeol6nDhZF6o
8p949QjzpyuEQe0t4sQ6V7RCOG3K8WXwgaXRLfxM3NyIkkt/g/4BUY4dSwXasqug
uptDo0FZQCyqSPNsb/2xHjcXN4+x+VQCq1lclZaTkZUPOhJKUn3MTPo+464IcGz2
gtNiiiRDCOpY+iT+S+eBjwKkAImtbc0FuJTfPb5bwU2vGrVp5RuXpFeWLDocQYtq
DmTQND9DFnbq8Ru0076DPGT97uhBFMkpmSui1CdXoUjUKg==
-----END CERTIFICATE-----