Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/FN5Ke6qZ9WFTebO_qSnsGPrtdwA.roa
File:                     FN5Ke6qZ9WFTebO_qSnsGPrtdwA.roa (raw, json)
Hash identifier:          znT88sYfk6NGdvoBku5OfzDNqhRT8YmCdSbEF1DvoG4=
Subject key identifier:   14:DE:4A:7B:AA:99:F5:61:53:79:B3:BF:A9:29:EC:18:FA:ED:77:00
Certificate issuer:       /CN=892f3ff3c0a1ffb3af20f5b95e8cb64c88043f39
Certificate serial:       0197F61127CF6849016B0F907F693C7183D2
Authority key identifier: 89:2F:3F:F3:C0:A1:FF:B3:AF:20:F5:B9:5E:8C:B6:4C:88:04:3F:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/FN5Ke6qZ9WFTebO_qSnsGPrtdwA.roa
Signing time:             Thu 10 Jul 2025 20:40:08 +0000
ROA not before:           Thu 10 Jul 2025 20:40:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207059
IP address blocks:        2a07:bf80::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f6:11:27:cf:68:49:01:6b:0f:90:7f:69:3c:71:83:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=892f3ff3c0a1ffb3af20f5b95e8cb64c88043f39
        Validity
            Not Before: Jul 10 20:40:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14de4a7baa99f5615379b3bfa929ec18faed7700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:0e:1a:24:99:c6:64:e1:5c:5e:a9:96:6b:02:
                    d0:7b:81:23:0c:1e:c6:42:bb:77:b6:11:48:bb:98:
                    dc:31:62:5f:b8:dd:5d:57:6c:84:bc:86:83:ae:00:
                    54:f8:63:cc:7d:03:f6:d8:02:29:9d:53:dd:51:6b:
                    81:bc:5f:6e:41:99:ef:cd:7f:eb:80:28:a3:5d:b5:
                    80:65:c3:3c:35:b4:58:9e:7b:7b:7a:23:b0:a7:87:
                    fd:e9:75:f3:c2:ff:89:9f:2a:80:9e:61:9d:75:57:
                    eb:e6:55:f2:5b:fd:86:3f:fd:14:10:14:04:da:8a:
                    f9:f8:ef:17:41:2a:8c:8c:8c:8f:c3:6a:d8:d2:ec:
                    59:55:e6:69:c7:49:18:6d:29:aa:8c:5b:ba:de:21:
                    eb:b2:e4:79:d7:52:37:2d:c7:39:30:75:0b:34:b6:
                    0e:64:9d:28:ac:b3:35:c6:cc:06:13:af:aa:e3:52:
                    0d:e3:16:b7:bf:fa:fd:29:28:5f:07:f0:a0:8f:c7:
                    6b:8e:83:02:29:5e:12:12:e1:c4:8d:63:bd:0e:5b:
                    6c:df:fb:e7:f3:46:ff:01:e9:8e:a4:73:cf:ae:99:
                    17:3a:51:4c:32:2d:7f:60:75:36:68:44:23:3f:05:
                    81:ae:24:fd:62:19:2e:d1:27:fc:38:bd:78:f2:a1:
                    56:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:DE:4A:7B:AA:99:F5:61:53:79:B3:BF:A9:29:EC:18:FA:ED:77:00
            X509v3 Authority Key Identifier:
                keyid:89:2F:3F:F3:C0:A1:FF:B3:AF:20:F5:B9:5E:8C:B6:4C:88:04:3F:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/FN5Ke6qZ9WFTebO_qSnsGPrtdwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:bf80::/32

    Signature Algorithm: sha256WithRSAEncryption
         60:36:92:b0:b1:7f:d5:bd:f8:47:1c:c9:ef:e7:1e:d1:79:4e:
         40:fa:db:6c:2a:ae:80:4a:db:06:17:54:b2:36:f5:57:84:40:
         d9:7a:02:27:8e:88:35:7c:6f:e8:ab:f1:19:31:4f:00:f1:d6:
         47:e3:44:9c:9d:35:9c:d4:98:a8:88:de:83:f5:d1:6c:92:90:
         63:36:ec:dc:29:4d:04:46:0a:6e:55:9a:97:5d:e3:2d:e3:42:
         e1:b5:a2:2f:3b:73:3e:59:ad:a2:24:cc:5b:06:f6:df:2b:36:
         2c:ff:fa:79:46:3a:4b:46:d5:70:ce:fb:7e:3f:ef:24:c1:01:
         f8:fe:dc:ca:54:f6:23:d4:cc:c3:ca:f3:70:f9:0a:67:cb:17:
         14:02:d8:40:75:06:75:34:82:ea:34:82:b7:c5:a5:e2:a7:e6:
         f3:d1:ca:b5:9e:c4:20:a7:e6:54:40:ca:c7:bf:77:b8:6c:9d:
         fc:f3:e3:fa:00:ae:ce:f6:01:f3:0d:82:4e:06:97:36:e1:1c:
         8d:ae:05:7a:f9:9a:db:44:74:22:65:c9:48:ae:5c:43:b9:f8:
         9e:79:33:ef:48:15:9f:88:8f:89:cf:cc:c8:07:90:55:e8:ca:
         b6:d1:bc:a7:21:73:42:00:4a:da:37:06:c6:9b:24:1c:17:15:
         3f:16:e9:05
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZf2ESfPaEkBaw+Qf2k8cYPSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MmYzZmYzYzBhMWZmYjNhZjIwZjViOTVlOGNiNjRjODgw
NDNmMzkwHhcNMjUwNzEwMjA0MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGRlNGE3YmFhOTlmNTYxNTM3OWIzYmZhOTI5ZWMxOGZhZWQ3NzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuw4aJJnGZOFcXqmWawLQe4EjDB7G
Qrt3thFIu5jcMWJfuN1dV2yEvIaDrgBU+GPMfQP22AIpnVPdUWuBvF9uQZnvzX/r
gCijXbWAZcM8NbRYnnt7eiOwp4f96XXzwv+JnyqAnmGddVfr5lXyW/2GP/0UEBQE
2or5+O8XQSqMjIyPw2rY0uxZVeZpx0kYbSmqjFu63iHrsuR511I3Lcc5MHULNLYO
ZJ0orLM1xswGE6+q41IN4xa3v/r9KShfB/Cgj8drjoMCKV4SEuHEjWO9Dlts3/vn
80b/AemOpHPPrpkXOlFMMi1/YHU2aEQjPwWBriT9Yhku0Sf8OL148qFWkQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBTeSnuqmfVhU3mzv6kp7Bj67XcAMB8GA1UdIwQY
MBaAFIkvP/PAof+zryD1uV6MtkyIBD85MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVM4Xzg4Q2hfN092SVBXNVhveTJUSWdFUHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81ZDJhZjctMzgyYi00ZGQ2LWE4YjQt
ZjkyMWRiNzViZGY5LzEvRk41S2U2cVo5V0ZUZWJPX3FTbnNHUHJ0ZHdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81ZDJhZjctMzgyYi00ZGQ2LWE4YjQtZjkyMWRiNzViZGY5
LzEvaVM4Xzg4Q2hfN092SVBXNVhveTJUSWdFUHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKge/gDAN
BgkqhkiG9w0BAQsFAAOCAQEAYDaSsLF/1b34RxzJ7+ce0XlOQPrbbCqugErbBhdU
sjb1V4RA2XoCJ46INXxv6KvxGTFPAPHWR+NEnJ01nNSYqIjeg/XRbJKQYzbs3ClN
BEYKblWal13jLeNC4bWiLztzPlmtoiTMWwb23ys2LP/6eUY6S0bVcM77fj/vJMEB
+P7cylT2I9TMw8rzcPkKZ8sXFALYQHUGdTSC6jSCt8Wl4qfm89HKtZ7EIKfmVEDK
x793uGyd/PPj+gCuzvYB8w2CTgaXNuEcja4Fevma20R0ImXJSK5cQ7n4nnkz70gV
n4iPic/MyAeQVejKttG8pyFzQgBK2jcGxpskHBcVPxbpBQ==
-----END CERTIFICATE-----