Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/u_qHWW7Hs6TG9DcD4BT0NhbWLvI.roa
File:                     u_qHWW7Hs6TG9DcD4BT0NhbWLvI.roa (raw, json)
Hash identifier:          yQWdgUPHoOST9WB6Rg3EXAASM0wMNoAjl/d3+4N9/4k=
Subject key identifier:   BB:FA:87:59:6E:C7:B3:A4:C6:F4:37:03:E0:14:F4:36:16:D6:2E:F2
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       01987A8135F40CB734543A7C22961FB8E6E7
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/u_qHWW7Hs6TG9DcD4BT0NhbWLvI.roa
Signing time:             Tue 05 Aug 2025 13:52:24 +0000
ROA not before:           Tue 05 Aug 2025 13:52:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200590
IP address blocks:        2a02:c6c1:e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 23:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7a:81:35:f4:0c:b7:34:54:3a:7c:22:96:1f:b8:e6:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Aug  5 13:52:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bbfa87596ec7b3a4c6f43703e014f43616d62ef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:21:78:f4:f5:20:6c:ee:1d:9a:f7:ea:3a:d9:
                    22:4c:45:b9:bb:23:82:98:66:1f:57:bf:bf:64:8b:
                    e7:c2:6b:f3:e2:83:e7:92:ea:ce:eb:c9:53:7a:c9:
                    08:65:d3:35:c8:54:1a:b5:7e:fd:f6:b7:d7:08:a0:
                    2d:a8:fa:86:b8:4c:be:36:88:52:9e:fe:6b:78:64:
                    14:32:f6:30:8d:6f:06:4c:02:21:50:39:c3:b4:86:
                    c4:fb:ba:72:ad:e9:79:c6:86:5f:6e:fd:c1:b0:83:
                    9b:ee:80:d7:d2:40:98:b8:20:e5:df:85:3d:01:93:
                    73:0b:02:eb:57:b4:1f:c1:1f:77:a9:b1:c0:3e:28:
                    1b:55:ac:3b:db:26:81:d8:35:40:9c:5b:83:5f:f5:
                    1f:19:f3:11:de:ba:b4:d8:6a:73:49:56:f2:41:19:
                    86:f5:8e:73:fe:19:9d:4c:3d:31:9b:53:53:2c:d0:
                    71:4b:a1:e4:1d:67:41:79:ed:40:d1:54:ae:a9:f0:
                    7f:a6:a6:3c:cf:3c:2c:e6:21:dc:3a:2d:5d:93:c0:
                    7d:46:2e:8d:7d:d1:52:2d:dd:81:a1:fe:d0:ed:1e:
                    5e:ea:ff:14:df:68:52:e9:cf:79:0f:b2:b9:ff:a9:
                    dd:ed:71:35:a8:42:af:11:a8:e4:0c:59:83:2d:d0:
                    82:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:FA:87:59:6E:C7:B3:A4:C6:F4:37:03:E0:14:F4:36:16:D6:2E:F2
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/u_qHWW7Hs6TG9DcD4BT0NhbWLvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:c6c1:e::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:7c:72:51:fe:27:97:dc:d6:ca:f7:85:58:72:1b:ef:d6:b7:
         24:b2:2e:db:bc:8f:23:84:01:96:19:eb:70:9a:f2:6b:9b:22:
         2f:9e:5a:00:b3:4b:3e:b1:0e:8d:74:4e:32:2e:9d:cc:41:5a:
         3d:bc:50:db:18:65:c2:e1:0e:6f:79:83:ad:9a:05:72:06:cf:
         1b:de:56:57:9a:65:e8:43:22:b0:10:a4:a2:9a:97:f8:69:30:
         ce:8c:45:e4:aa:e6:3c:6a:31:28:ad:4c:8b:95:73:01:5f:bc:
         73:e3:8c:01:85:a3:25:11:95:28:44:86:7c:de:b0:b7:a6:aa:
         5c:7e:be:02:69:b0:ff:1a:e8:88:4c:ab:9c:50:e1:46:c3:22:
         c4:de:02:cb:8f:9b:a1:c5:61:8f:7a:2d:93:b1:14:9c:b1:48:
         46:54:11:ad:53:35:99:60:11:07:6a:95:0c:e4:dc:e7:af:0b:
         42:5e:5e:38:de:ba:f5:1e:6e:e9:cc:a8:bd:1e:52:6c:ca:1a:
         1d:a2:7d:1e:b9:00:db:85:43:1b:cd:e1:ff:a3:6d:24:17:de:
         10:de:80:6b:d6:da:70:77:2a:03:61:cb:25:04:44:2d:fd:d7:
         fa:0c:5f:5a:0d:cb:a6:49:1b:a9:3a:14:60:f9:16:62:b3:97:
         66:f4:4c:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZh6gTX0DLc0VDp8IpYfuObnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjUwODA1MTM1MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmZhODc1OTZlYzdiM2E0YzZmNDM3MDNlMDE0ZjQzNjE2ZDYyZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yF49PUgbO4dmvfqOtkiTEW5uyOC
mGYfV7+/ZIvnwmvz4oPnkurO68lTeskIZdM1yFQatX799rfXCKAtqPqGuEy+NohS
nv5reGQUMvYwjW8GTAIhUDnDtIbE+7pyrel5xoZfbv3BsIOb7oDX0kCYuCDl34U9
AZNzCwLrV7QfwR93qbHAPigbVaw72yaB2DVAnFuDX/UfGfMR3rq02GpzSVbyQRmG
9Y5z/hmdTD0xm1NTLNBxS6HkHWdBee1A0VSuqfB/pqY8zzws5iHcOi1dk8B9Ri6N
fdFSLd2Bof7Q7R5e6v8U32hS6c95D7K5/6nd7XE1qEKvEajkDFmDLdCCOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLv6h1lux7OkxvQ3A+AU9DYW1i7yMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvdV9xSFdXN0hzNlRHOURjRDRCVDBOaGJXTHZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgLGwQAO
MA0GCSqGSIb3DQEBCwUAA4IBAQB4fHJR/ieX3NbK94VYchvv1rcksi7bvI8jhAGW
GetwmvJrmyIvnloAs0s+sQ6NdE4yLp3MQVo9vFDbGGXC4Q5veYOtmgVyBs8b3lZX
mmXoQyKwEKSimpf4aTDOjEXkquY8ajEorUyLlXMBX7xz44wBhaMlEZUoRIZ83rC3
pqpcfr4CabD/GuiITKucUOFGwyLE3gLLj5uhxWGPei2TsRScsUhGVBGtUzWZYBEH
apUM5NznrwtCXl443rr1Hm7pzKi9HlJsyhodon0euQDbhUMbzeH/o20kF94Q3oBr
1tpwdyoDYcslBEQt/df6DF9aDcumSRupOhRg+RZis5dm9EyC
-----END CERTIFICATE-----