Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/qaQUpfJ78ajLWnFqySa3J-O838E.roa
File:                     qaQUpfJ78ajLWnFqySa3J-O838E.roa (raw, json)
Hash identifier:          nDdXmewTWVZu9YGc6WcCDXl+N5+kiqRv14ocIaCYN6M=
Subject key identifier:   A9:A4:14:A5:F2:7B:F1:A8:CB:5A:71:6A:C9:26:B7:27:E3:BC:DF:C1
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       019A1EFA2DE1FCCE820646923B131F3E0822
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/qaQUpfJ78ajLWnFqySa3J-O838E.roa
Signing time:             Sun 26 Oct 2025 05:25:03 +0000
ROA not before:           Sun 26 Oct 2025 05:25:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        109.205.193.0/24 maxlen: 24
                          2a01:fb00::/32 maxlen: 34
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:1e:fa:2d:e1:fc:ce:82:06:46:92:3b:13:1f:3e:08:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Oct 26 05:25:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9a414a5f27bf1a8cb5a716ac926b727e3bcdfc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:04:8e:fd:a4:ef:8a:af:24:0b:1c:fc:06:aa:
                    b3:18:c2:0e:d9:f1:75:b1:0f:c5:47:d6:7a:d5:57:
                    39:21:c7:ef:c1:06:5b:53:ba:24:d5:8e:ef:28:0e:
                    25:8b:13:9f:da:fa:52:a9:c4:39:84:eb:f8:b4:b5:
                    b8:f2:46:5d:7a:0f:18:98:80:23:fa:9b:2e:31:8a:
                    02:e6:1d:10:b0:6e:2d:1b:21:7d:9b:8e:d8:dc:69:
                    18:3a:d0:de:9e:e2:e4:a5:cc:be:2d:64:1a:7e:b5:
                    98:ba:7b:99:64:da:4d:be:02:a2:11:4b:bc:f7:11:
                    fc:5f:9f:05:7b:5f:13:12:3a:2c:de:fd:f6:9a:7d:
                    b6:d9:a5:75:10:e6:e5:4f:cc:51:75:ce:41:1d:7c:
                    7c:b6:06:53:dd:cb:84:7c:2f:66:a0:54:68:1f:59:
                    5c:1c:1f:3f:04:c2:ac:65:1d:c3:6b:53:27:b1:fa:
                    c6:b3:d5:f7:f5:30:1f:da:4c:d9:0f:11:00:79:13:
                    08:7c:84:4a:93:26:3d:fd:99:e1:c3:9a:e1:50:7f:
                    4c:70:b6:b0:9d:ca:fa:e5:59:de:e7:56:8f:96:17:
                    74:c1:a6:75:ba:04:43:ce:c3:87:cc:fb:54:78:bd:
                    a2:08:c0:2f:1c:7b:14:72:4a:53:20:92:cc:3c:c6:
                    69:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:A4:14:A5:F2:7B:F1:A8:CB:5A:71:6A:C9:26:B7:27:E3:BC:DF:C1
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/qaQUpfJ78ajLWnFqySa3J-O838E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.193.0/24
                IPv6:
                  2a01:fb00::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:7d:b9:db:92:51:00:32:aa:6f:af:05:6a:51:e6:9e:a4:a7:
         6f:5d:2f:de:03:4d:df:e5:5b:ce:25:c9:bc:e1:37:a8:d1:b7:
         06:24:9d:f0:27:1b:75:b1:0b:19:11:f6:b1:11:4e:0f:af:3e:
         90:95:ca:5d:75:47:7a:ac:6c:88:d4:ec:50:cd:38:a9:dd:f0:
         73:d5:4f:87:f8:07:b0:3f:f3:89:19:e7:08:95:a9:8d:46:65:
         f5:1d:84:07:f3:06:95:f3:a0:5a:de:61:ea:41:c4:f1:a7:5f:
         c8:72:5c:be:31:1b:8d:2b:22:d0:ae:f7:82:c7:f5:d4:cb:7d:
         bd:a5:ea:94:a5:51:ed:c9:c0:b0:8f:17:e4:4c:0a:87:d3:8d:
         e4:ed:be:26:3c:44:e0:3a:ea:b7:ef:50:71:1c:66:bd:9f:e5:
         85:a0:37:ac:e4:67:6c:f1:12:69:a6:0f:76:5e:db:9b:08:dd:
         cd:b9:90:f2:8c:1b:8e:1e:61:a2:90:b1:15:0a:6e:a4:d4:2e:
         4e:10:aa:81:34:cd:ed:ee:ad:fd:11:56:02:e7:42:ef:6b:4c:
         9d:ba:28:e9:50:6f:69:1a:e1:16:05:91:78:1b:8f:66:c4:dd:
         d7:5e:80:e0:7f:c6:50:40:9f:7f:87:b6:ba:ce:a0:73:2d:f1:
         64:b0:6e:01
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZoe+i3h/M6CBkaSOxMfPggiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUxMDI2MDUyNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWE0MTRhNWYyN2JmMWE4Y2I1YTcxNmFjOTI2YjcyN2UzYmNkZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQSO/aTviq8kCxz8BqqzGMIO2fF1
sQ/FR9Z61Vc5IcfvwQZbU7ok1Y7vKA4lixOf2vpSqcQ5hOv4tLW48kZdeg8YmIAj
+psuMYoC5h0QsG4tGyF9m47Y3GkYOtDenuLkpcy+LWQafrWYunuZZNpNvgKiEUu8
9xH8X58Fe18TEjos3v32mn222aV1EOblT8xRdc5BHXx8tgZT3cuEfC9moFRoH1lc
HB8/BMKsZR3Da1MnsfrGs9X39TAf2kzZDxEAeRMIfIRKkyY9/Znhw5rhUH9McLaw
ncr65Vne51aPlhd0waZ1ugRDzsOHzPtUeL2iCMAvHHsUckpTIJLMPMZpVQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKmkFKXye/Goy1pxaskmtyfjvN/BMB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvcWFRVXBmSjc4YWpMV25GcXlTYTNKLU84MzhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAbc3BMA0E
AgACMAcDBQAqAfsAMA0GCSqGSIb3DQEBCwUAA4IBAQAFfbnbklEAMqpvrwVqUeae
pKdvXS/eA03f5VvOJcm84Teo0bcGJJ3wJxt1sQsZEfaxEU4Prz6QlcpddUd6rGyI
1OxQzTip3fBz1U+H+AewP/OJGecIlamNRmX1HYQH8waV86Ba3mHqQcTxp1/Icly+
MRuNKyLQrveCx/XUy329peqUpVHtycCwjxfkTAqH043k7b4mPETgOuq371BxHGa9
n+WFoDes5Gds8RJppg92XtubCN3NuZDyjBuOHmGikLEVCm6k1C5OEKqBNM3t7q39
EVYC50Lva0yduijpUG9pGuEWBZF4G49mxN3XXoDgf8ZQQJ9/h7a6zqBzLfFksG4B
-----END CERTIFICATE-----