Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/QkhJmR64J_fio_ZcoWDCOqbBN24.roa
File:                     QkhJmR64J_fio_ZcoWDCOqbBN24.roa (raw, json)
Hash identifier:          OYz2fnh0LE0HbS2bx5pxQ3mdkMMJfDH5810V+9CjEvw=
Subject key identifier:   42:48:49:99:1E:B8:27:F7:E2:A3:F6:5C:A1:60:C2:3A:A6:C1:37:6E
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       019A2AA00BAC96B5F51BDD1FA992783413B2
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/QkhJmR64J_fio_ZcoWDCOqbBN24.roa
Signing time:             Tue 28 Oct 2025 11:42:03 +0000
ROA not before:           Tue 28 Oct 2025 11:42:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206174
IP address blocks:        2a09:6800::/29 maxlen: 29
                          2a0c:1240::/29 maxlen: 29
                          2a12:3740::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2a:a0:0b:ac:96:b5:f5:1b:dd:1f:a9:92:78:34:13:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Oct 28 11:42:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=424849991eb827f7e2a3f65ca160c23aa6c1376e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b9:d6:68:fd:27:a8:18:9d:a5:cf:f7:ad:3b:
                    af:54:71:a6:b8:48:c7:36:03:46:85:1c:d0:18:9a:
                    45:db:16:92:d2:58:96:d5:70:e6:33:78:b2:89:8a:
                    9c:33:3e:15:ed:70:80:ea:a7:5a:8f:73:05:0a:cb:
                    b3:83:d9:dc:02:1f:33:c8:d8:56:b5:3d:97:4b:18:
                    a4:d0:6d:76:b3:c0:f4:af:65:a8:23:30:96:a1:00:
                    3f:96:41:fe:57:ff:0a:9d:8b:fe:46:be:65:59:7b:
                    9a:84:8e:f0:ea:ad:9b:bd:11:2d:f8:79:25:ff:4c:
                    60:44:be:9b:41:9d:e2:a5:60:23:b2:63:06:00:a8:
                    95:44:87:2e:ad:e8:32:cd:14:b1:73:51:e5:80:a9:
                    4e:56:ed:2e:a9:a5:af:cb:82:50:7f:ca:52:86:10:
                    b6:b4:76:18:f1:03:7f:31:7c:55:ca:87:8f:f6:3d:
                    2e:ce:87:aa:dd:9d:1b:8f:1d:5a:bf:78:2a:14:45:
                    6e:23:16:cd:1f:35:ea:77:9a:f4:9c:f1:13:37:82:
                    65:25:9d:f8:cf:24:2b:4b:ca:f9:60:be:b5:f3:67:
                    14:3e:ee:ad:47:86:f8:ca:37:2d:1a:90:d4:6f:71:
                    95:74:4d:04:d6:c9:91:9e:48:2f:c9:bd:18:19:1c:
                    7d:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:48:49:99:1E:B8:27:F7:E2:A3:F6:5C:A1:60:C2:3A:A6:C1:37:6E
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/QkhJmR64J_fio_ZcoWDCOqbBN24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6800::/29
                  2a0c:1240::/29
                  2a12:3740::/29

    Signature Algorithm: sha256WithRSAEncryption
         e3:6c:9e:c1:55:8d:85:14:b3:14:6d:69:fb:e4:9a:bc:56:36:
         f2:66:b7:18:3e:18:0d:69:d4:e8:29:d8:6c:f4:f4:6d:c3:be:
         ed:55:be:47:19:7a:e6:20:21:ce:06:53:a5:51:40:ee:6e:b1:
         45:81:45:6a:9e:b7:41:a8:36:ef:94:59:32:16:ca:59:3f:2e:
         17:d6:9f:e4:1a:9f:1f:e9:3e:0f:76:af:c6:ad:b4:49:96:87:
         51:94:16:31:38:fd:5a:9c:f9:f7:a6:37:ec:39:e0:2d:ef:a4:
         58:99:90:cb:15:f2:eb:03:40:e7:95:68:37:65:95:0b:26:63:
         d8:a8:2c:51:ec:07:d9:0a:fe:82:2d:1b:60:8b:ff:59:bd:46:
         44:b9:c4:9f:ab:e5:df:0e:b3:67:9a:84:0a:34:af:19:23:e1:
         f3:ce:dc:97:1b:29:9f:7d:15:ed:e9:b6:1d:4a:80:35:5c:73:
         3b:65:fa:32:72:ce:59:22:da:8c:1f:6e:0a:03:43:75:6b:dd:
         ee:d8:30:a2:0e:3a:93:05:29:e4:dd:17:3d:db:27:7f:53:f3:
         34:97:2b:82:ee:ca:fc:e0:33:96:35:49:c8:d4:60:ad:c0:36:
         7b:9c:54:0d:b0:9e:0c:83:b3:60:66:e6:9e:53:3b:c4:fc:6f:
         5f:15:84:da
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZoqoAuslrX1G90fqZJ4NBOyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUxMDI4MTE0MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjQ4NDk5OTFlYjgyN2Y3ZTJhM2Y2NWNhMTYwYzIzYWE2YzEzNzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7nWaP0nqBidpc/3rTuvVHGmuEjH
NgNGhRzQGJpF2xaS0liW1XDmM3iyiYqcMz4V7XCA6qdaj3MFCsuzg9ncAh8zyNhW
tT2XSxik0G12s8D0r2WoIzCWoQA/lkH+V/8KnYv+Rr5lWXuahI7w6q2bvREt+Hkl
/0xgRL6bQZ3ipWAjsmMGAKiVRIcuregyzRSxc1HlgKlOVu0uqaWvy4JQf8pShhC2
tHYY8QN/MXxVyoeP9j0uzoeq3Z0bjx1av3gqFEVuIxbNHzXqd5r0nPETN4JlJZ34
zyQrS8r5YL6182cUPu6tR4b4yjctGpDUb3GVdE0E1smRnkgvyb0YGRx9/wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEJISZkeuCf34qP2XKFgwjqmwTduMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvUWtoSm1SNjRKX2Zpb19aY29XRENPcWJCTjI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKgloAAMF
AyoMEkADBQMqEjdAMA0GCSqGSIb3DQEBCwUAA4IBAQDjbJ7BVY2FFLMUbWn75Jq8
VjbyZrcYPhgNadToKdhs9PRtw77tVb5HGXrmICHOBlOlUUDubrFFgUVqnrdBqDbv
lFkyFspZPy4X1p/kGp8f6T4Pdq/GrbRJlodRlBYxOP1anPn3pjfsOeAt76RYmZDL
FfLrA0DnlWg3ZZULJmPYqCxR7AfZCv6CLRtgi/9ZvUZEucSfq+XfDrNnmoQKNK8Z
I+HzztyXGymffRXt6bYdSoA1XHM7Zfoycs5ZItqMH24KA0N1a93u2DCiDjqTBSnk
3Rc92yd/U/M0lyuC7sr84DOWNUnI1GCtwDZ7nFQNsJ4Mg7NgZuaeUzvE/G9fFYTa
-----END CERTIFICATE-----