Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/8da5e8-8544-49d9-a83f-8c91f96be625/1/qWCmFtsXHG35E1fSvLwIlYexFOQ.roa
File:                     qWCmFtsXHG35E1fSvLwIlYexFOQ.roa (raw, json)
Hash identifier:          DZEUcJBHB58OY/U7lPR8QQCuA+d6j3m8DCG3gbMXeLc=
Subject key identifier:   A9:60:A6:16:DB:17:1C:6D:F9:13:57:D2:BC:BC:08:95:87:B1:14:E4
Certificate issuer:       /CN=f6b91c2c08f00d6763d2e9e6a2c4421130f3ddbd
Certificate serial:       0198583E8530D7B58B2E8327F92EB9255A2E
Authority key identifier: F6:B9:1C:2C:08:F0:0D:67:63:D2:E9:E6:A2:C4:42:11:30:F3:DD:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9rkcLAjwDWdj0unmosRCETDz3b0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/8da5e8-8544-49d9-a83f-8c91f96be625/1/qWCmFtsXHG35E1fSvLwIlYexFOQ.roa
Signing time:             Tue 29 Jul 2025 22:12:28 +0000
ROA not before:           Tue 29 Jul 2025 22:12:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213939
IP address blocks:        62.164.197.0/24 maxlen: 24
                          212.108.103.0/24 maxlen: 24
                          2a01:e340::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/8da5e8-8544-49d9-a83f-8c91f96be625/1/9rkcLAjwDWdj0unmosRCETDz3b0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/8da5e8-8544-49d9-a83f-8c91f96be625/1/9rkcLAjwDWdj0unmosRCETDz3b0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9rkcLAjwDWdj0unmosRCETDz3b0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:58:3e:85:30:d7:b5:8b:2e:83:27:f9:2e:b9:25:5a:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6b91c2c08f00d6763d2e9e6a2c4421130f3ddbd
        Validity
            Not Before: Jul 29 22:12:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a960a616db171c6df91357d2bcbc089587b114e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c6:d2:ef:d0:68:9d:75:1c:c0:5e:98:9d:e4:
                    ee:39:10:f7:a4:af:52:cc:ca:22:e2:ca:c4:64:93:
                    d9:50:0b:2e:22:61:0f:5b:bb:68:de:f3:4c:ea:5b:
                    83:69:82:c4:81:7b:46:a2:0d:c7:5d:42:6b:79:a2:
                    2b:fb:58:0e:fb:55:43:55:ce:f3:d9:da:cd:66:6f:
                    b8:2a:e2:a5:2c:f8:e6:11:81:63:2c:3e:ad:49:36:
                    ac:aa:01:08:9b:4e:9a:42:5b:7e:b0:1b:ff:7a:e4:
                    71:32:d6:51:f2:c0:00:8c:2b:f0:73:ac:6f:e7:a4:
                    8d:88:f1:2b:af:93:ac:71:b7:57:d2:ca:35:83:2e:
                    6a:1a:85:db:2c:ef:87:83:b3:84:18:d5:b3:89:31:
                    2e:7a:60:68:2e:0b:b4:c7:09:02:f3:6f:71:ba:5a:
                    41:d9:b0:20:65:23:c7:54:25:54:d1:1a:2c:7e:81:
                    3c:78:7a:1e:f1:c9:f1:e3:78:78:f0:18:83:4b:44:
                    5c:7d:82:27:de:f6:a4:fa:70:a1:59:d6:1e:f8:71:
                    ee:a0:bc:47:33:f8:a5:3d:e8:45:83:2e:96:77:aa:
                    63:5e:a9:0a:a1:c8:a1:de:c1:2d:d5:f1:bd:47:9c:
                    d1:66:27:dc:af:b7:01:06:17:8c:3b:fa:69:57:05:
                    95:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:60:A6:16:DB:17:1C:6D:F9:13:57:D2:BC:BC:08:95:87:B1:14:E4
            X509v3 Authority Key Identifier:
                keyid:F6:B9:1C:2C:08:F0:0D:67:63:D2:E9:E6:A2:C4:42:11:30:F3:DD:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9rkcLAjwDWdj0unmosRCETDz3b0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/8da5e8-8544-49d9-a83f-8c91f96be625/1/qWCmFtsXHG35E1fSvLwIlYexFOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/8da5e8-8544-49d9-a83f-8c91f96be625/1/9rkcLAjwDWdj0unmosRCETDz3b0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.197.0/24
                  212.108.103.0/24
                IPv6:
                  2a01:e340::/29

    Signature Algorithm: sha256WithRSAEncryption
         bc:da:15:2b:56:0b:a9:6a:be:7c:91:87:f6:43:73:bf:ae:36:
         99:19:b5:86:b2:b0:92:0c:89:b7:b9:01:bf:ab:bd:38:36:20:
         a9:c7:b5:39:8d:3d:18:35:2b:f7:0f:74:75:46:22:a3:0f:85:
         ce:6c:ce:bd:c6:b2:f1:89:8e:f4:8f:df:76:1e:b2:dc:67:69:
         4a:84:36:71:10:c8:eb:7f:0e:ac:39:08:82:2d:73:6f:8d:55:
         f0:4e:32:5f:9c:cd:a5:c2:29:4b:8c:d3:85:af:23:57:05:1d:
         77:22:88:62:1d:1b:50:2c:2a:2c:76:cb:29:8e:86:3e:88:37:
         8f:ee:a9:d4:b7:4c:85:19:b1:3b:ca:35:d2:8d:b8:ef:1f:2e:
         f8:0f:9b:a8:cf:8f:34:8c:ce:64:0d:ee:10:5b:13:cf:a6:31:
         d9:2d:75:33:ed:54:2e:e5:7a:e6:17:4e:7f:51:f0:43:ee:3f:
         47:c6:53:64:56:84:cb:f6:e2:c5:32:ed:1f:7a:c7:86:09:bb:
         5e:20:61:e9:e9:53:46:29:d8:ee:96:97:3d:2d:2a:23:ff:5d:
         a0:15:2d:4e:87:52:e7:f8:ad:b1:ea:d9:7f:62:2f:e8:f1:94:
         1f:ce:be:82:50:e2:a2:2a:88:f9:ce:b1:8c:be:cc:a1:44:58:
         14:7c:e8:0c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZhYPoUw17WLLoMn+S65JVouMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YjkxYzJjMDhmMDBkNjc2M2QyZTllNmEyYzQ0MjExMzBm
M2RkYmQwHhcNMjUwNzI5MjIxMjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTYwYTYxNmRiMTcxYzZkZjkxMzU3ZDJiY2JjMDg5NTg3YjExNGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksbS79BonXUcwF6YneTuORD3pK9S
zMoi4srEZJPZUAsuImEPW7to3vNM6luDaYLEgXtGog3HXUJreaIr+1gO+1VDVc7z
2drNZm+4KuKlLPjmEYFjLD6tSTasqgEIm06aQlt+sBv/euRxMtZR8sAAjCvwc6xv
56SNiPErr5OscbdX0so1gy5qGoXbLO+Hg7OEGNWziTEuemBoLgu0xwkC829xulpB
2bAgZSPHVCVU0RosfoE8eHoe8cnx43h48BiDS0RcfYIn3vak+nChWdYe+HHuoLxH
M/ilPehFgy6Wd6pjXqkKocih3sEt1fG9R5zRZifcr7cBBheMO/ppVwWVoQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKlgphbbFxxt+RNX0ry8CJWHsRTkMB8GA1UdIwQY
MBaAFPa5HCwI8A1nY9Lp5qLEQhEw8929MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXJrY0xBandEV2RqMHVubW9zUkNFVER6M2IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS84ZGE1ZTgtODU0NC00OWQ5LWE4M2Yt
OGM5MWY5NmJlNjI1LzEvcVdDbUZ0c1hIRzM1RTFmU3ZMd0lsWWV4Rk9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS84ZGE1ZTgtODU0NC00OWQ5LWE4M2YtOGM5MWY5NmJlNjI1
LzEvOXJrY0xBandEV2RqMHVubW9zUkNFVER6M2IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAPqTFAwQA
1GxnMA0EAgACMAcDBQMqAeNAMA0GCSqGSIb3DQEBCwUAA4IBAQC82hUrVgupar58
kYf2Q3O/rjaZGbWGsrCSDIm3uQG/q704NiCpx7U5jT0YNSv3D3R1RiKjD4XObM69
xrLxiY70j992HrLcZ2lKhDZxEMjrfw6sOQiCLXNvjVXwTjJfnM2lwilLjNOFryNX
BR13IohiHRtQLCosdsspjoY+iDeP7qnUt0yFGbE7yjXSjbjvHy74D5uoz480jM5k
De4QWxPPpjHZLXUz7VQu5XrmF05/UfBD7j9HxlNkVoTL9uLFMu0feseGCbteIGHp
6VNGKdjulpc9LSoj/12gFS1Oh1Ln+K2x6tl/Yi/o8ZQfzr6CUOKiKoj5zrGMvsyh
RFgUfOgM
-----END CERTIFICATE-----