Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/Q6EO3aP-jjJFw2iA2Iv66QHPMec.roa
File:                     Q6EO3aP-jjJFw2iA2Iv66QHPMec.roa (raw, json)
Hash identifier:          aHR2z/V+w3dsUyxS4wquU+wnGLivkjSNoIgrvTG78B0=
Subject key identifier:   43:A1:0E:DD:A3:FE:8E:32:45:C3:68:80:D8:8B:FA:E9:01:CF:31:E7
Certificate issuer:       /CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
Certificate serial:       019894EB4ACE280BB94A61BEC8E372430DA9
Authority key identifier: 40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/Q6EO3aP-jjJFw2iA2Iv66QHPMec.roa
Signing time:             Sun 10 Aug 2025 16:58:24 +0000
ROA not before:           Sun 10 Aug 2025 16:58:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207483
IP address blocks:        92.60.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 Aug 2025 22:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:94:eb:4a:ce:28:0b:b9:4a:61:be:c8:e3:72:43:0d:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
        Validity
            Not Before: Aug 10 16:58:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43a10edda3fe8e3245c36880d88bfae901cf31e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ed:63:14:ec:1a:0b:b2:4a:6c:4a:6d:83:a4:
                    4c:dc:6a:92:c6:42:40:b9:a6:4c:b5:f0:c5:a7:b7:
                    3d:a2:49:9b:3c:eb:0b:4d:56:7a:53:71:20:fb:ef:
                    ea:e2:f4:c1:c1:82:67:ce:33:a9:01:a1:70:ac:92:
                    7f:3a:ca:18:31:53:d9:31:95:ad:e5:ab:e6:8e:c9:
                    d8:a5:97:35:1e:dd:b1:dc:99:b6:d5:76:93:a5:e9:
                    7b:04:98:e4:e3:8b:13:1b:13:08:62:5f:98:1f:86:
                    bc:4a:f5:16:6a:e0:1c:03:5a:05:51:73:cb:ff:4f:
                    bd:7e:41:d8:3b:ac:44:f0:a9:35:4f:70:fa:84:83:
                    07:0a:fd:d8:9b:dd:ed:19:d0:78:fa:62:8b:c0:8e:
                    55:84:5c:7d:90:11:8d:18:25:c6:f1:e1:63:49:4b:
                    82:b2:59:5c:4f:b0:4b:05:51:38:84:fe:eb:f6:52:
                    76:2a:e2:37:0b:10:3d:cf:b4:03:e9:dd:c4:91:02:
                    50:e0:9a:1f:c7:96:39:5c:e8:1d:09:7d:27:a7:c4:
                    37:e7:46:44:e8:e8:4b:31:22:31:82:4e:a6:73:b4:
                    be:fd:28:93:cc:2b:25:48:7e:cb:e7:e8:0b:98:9b:
                    62:76:6c:c9:3b:31:db:03:2b:f0:a7:4d:9a:9f:e1:
                    32:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:A1:0E:DD:A3:FE:8E:32:45:C3:68:80:D8:8B:FA:E9:01:CF:31:E7
            X509v3 Authority Key Identifier:
                keyid:40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/Q6EO3aP-jjJFw2iA2Iv66QHPMec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:b8:90:46:70:1e:55:97:51:ac:0e:62:0c:b9:26:51:57:46:
         81:71:02:9b:1a:f1:9b:d1:e4:3c:6f:9c:cb:3b:f4:12:69:41:
         10:f2:17:00:5b:c6:c1:f5:f1:76:3e:5c:f2:5f:14:3d:65:65:
         97:e9:79:1a:9a:3f:1b:12:5d:3a:13:37:6f:ce:4b:3b:4d:7e:
         f9:df:ee:b8:24:2a:cc:4d:53:2e:81:dd:1b:28:14:d7:d0:40:
         82:c0:3c:75:d4:ff:2d:43:74:2d:b1:62:37:8a:17:0a:de:ef:
         d2:27:85:b4:a5:28:49:b1:ff:ed:3a:f8:57:93:cd:82:66:b0:
         d6:a5:25:e9:17:8a:e8:c9:c6:16:8f:1d:7e:13:bd:84:48:17:
         74:21:b7:b9:28:eb:7f:5f:8a:8f:38:1a:ba:69:64:fe:c6:8d:
         b4:b1:0b:14:39:66:61:b9:04:b3:a2:1f:f3:c9:63:3a:52:8e:
         87:0b:65:af:f8:e7:b3:3e:f1:11:77:ae:05:58:5c:ea:d7:95:
         82:d1:8c:b4:d1:c1:54:f3:ff:07:9f:a6:0f:26:a8:1c:0b:bd:
         48:76:e5:b0:3a:7e:a1:d8:ed:70:37:83:4e:af:9b:b1:6c:ce:
         ea:ad:d2:75:1c:39:50:4b:c7:63:26:40:88:e5:3f:22:f1:06:
         2c:b8:3e:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiU60rOKAu5SmG+yONyQw2pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZGRlNzFiNDFiZmZiMWI1MTZlMDdiMGM2MTM5MWJkZjRk
M2JmMTEwHhcNMjUwODEwMTY1ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2ExMGVkZGEzZmU4ZTMyNDVjMzY4ODBkODhiZmFlOTAxY2YzMWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1e1jFOwaC7JKbEptg6RM3GqSxkJA
uaZMtfDFp7c9okmbPOsLTVZ6U3Eg++/q4vTBwYJnzjOpAaFwrJJ/OsoYMVPZMZWt
5avmjsnYpZc1Ht2x3Jm21XaTpel7BJjk44sTGxMIYl+YH4a8SvUWauAcA1oFUXPL
/0+9fkHYO6xE8Kk1T3D6hIMHCv3Ym93tGdB4+mKLwI5VhFx9kBGNGCXG8eFjSUuC
sllcT7BLBVE4hP7r9lJ2KuI3CxA9z7QD6d3EkQJQ4Jofx5Y5XOgdCX0np8Q350ZE
6OhLMSIxgk6mc7S+/SiTzCslSH7L5+gLmJtidmzJOzHbAyvwp02an+EyBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOhDt2j/o4yRcNogNiL+ukBzzHnMB8GA1UdIwQY
MBaAFEDd5xtBv/sbUW4HsMYTkb30078RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYt
MmJhZGNlNDY2ODUzLzEvUTZFTzNhUC1qakpGdzJpQTJJdjY2UUhQTWVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYtMmJhZGNlNDY2ODUz
LzEvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXDxGMA0G
CSqGSIb3DQEBCwUAA4IBAQAguJBGcB5Vl1GsDmIMuSZRV0aBcQKbGvGb0eQ8b5zL
O/QSaUEQ8hcAW8bB9fF2PlzyXxQ9ZWWX6Xkamj8bEl06Ezdvzks7TX753+64JCrM
TVMugd0bKBTX0ECCwDx11P8tQ3QtsWI3ihcK3u/SJ4W0pShJsf/tOvhXk82CZrDW
pSXpF4roycYWjx1+E72ESBd0Ibe5KOt/X4qPOBq6aWT+xo20sQsUOWZhuQSzoh/z
yWM6Uo6HC2Wv+OezPvERd64FWFzq15WC0Yy00cFU8/8Hn6YPJqgcC71IduWwOn6h
2O1wN4NOr5uxbM7qrdJ1HDlQS8djJkCI5T8i8QYsuD6O
-----END CERTIFICATE-----