Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/8MrJou4jHWMvbrgNdX-4pxWfc90.roa
File:                     8MrJou4jHWMvbrgNdX-4pxWfc90.roa (raw, json)
Hash identifier:          WNU23R3SY6kHyJmbcKZj6sAJrT/H2apTu6VsmiUGadk=
Subject key identifier:   F0:CA:C9:A2:EE:23:1D:63:2F:6E:B8:0D:75:7F:B8:A7:15:9F:73:DD
Certificate issuer:       /CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
Certificate serial:       019906C56E616B090BA788CD153600CACCC0
Authority key identifier: FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/8MrJou4jHWMvbrgNdX-4pxWfc90.roa
Signing time:             Mon 01 Sep 2025 19:33:46 +0000
ROA not before:           Mon 01 Sep 2025 19:33:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205723
IP address blocks:        2a0a:4540:2000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 16:33:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:06:c5:6e:61:6b:09:0b:a7:88:cd:15:36:00:ca:cc:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
        Validity
            Not Before: Sep  1 19:33:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0cac9a2ee231d632f6eb80d757fb8a7159f73dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:aa:e4:05:ca:51:60:c7:cf:05:09:83:4a:a5:
                    7a:ba:d1:6b:27:2c:b9:82:6c:c0:e9:26:fa:2c:06:
                    80:8e:93:72:a5:5d:a8:09:9a:6d:fb:de:9a:62:b6:
                    a3:36:10:5b:dc:6b:69:b6:5a:f7:33:b4:cf:5b:32:
                    76:9b:00:2d:79:04:8d:7c:9e:68:dd:40:20:91:83:
                    46:02:4b:32:52:08:89:f4:aa:0a:a4:f6:3d:21:b7:
                    f9:e3:cc:92:4a:e9:68:13:b2:7f:ab:5f:8b:4b:79:
                    56:2a:21:be:6b:79:6f:c8:8f:f8:94:44:62:b2:c6:
                    d9:26:85:d2:a2:92:1b:7c:9e:21:1e:29:fb:70:7a:
                    78:9b:3e:44:fa:99:4c:04:30:3f:46:85:00:1d:25:
                    3d:61:d4:f8:f1:b4:1f:6f:0a:58:f4:1b:eb:6f:42:
                    15:5a:78:d7:e3:3f:48:c1:5a:7c:39:bb:8e:69:43:
                    dd:af:03:b1:41:5f:a4:95:05:b0:c7:0a:5d:1c:ea:
                    28:19:90:5c:f5:70:7f:f1:94:cd:78:95:fa:74:94:
                    dd:84:54:0d:89:13:38:6c:07:8d:52:8b:8a:d3:d7:
                    11:b6:08:86:b0:3f:2a:bd:5a:ac:94:a5:c0:08:e5:
                    b7:47:78:b6:d9:c0:5a:58:63:6a:de:3d:bd:fb:5c:
                    ae:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:CA:C9:A2:EE:23:1D:63:2F:6E:B8:0D:75:7F:B8:A7:15:9F:73:DD
            X509v3 Authority Key Identifier:
                keyid:FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/8MrJou4jHWMvbrgNdX-4pxWfc90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4540:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:74:f1:27:6d:04:68:28:e5:86:32:73:12:48:43:f0:c6:2f:
         cc:5d:56:2e:33:07:da:27:0e:4b:a4:c6:39:aa:45:d6:74:fc:
         e4:09:38:1a:bf:2b:e9:a3:eb:42:39:0c:20:62:5a:12:42:43:
         ae:02:6f:e5:03:0e:62:51:85:52:87:a5:47:e8:c9:6d:7f:11:
         ce:10:08:d1:53:dc:7c:90:7c:7b:19:dc:e0:25:29:4e:10:19:
         32:08:dc:c3:e7:5c:e4:3f:1b:ec:12:6c:ad:7c:82:c3:8b:cb:
         48:cf:b7:e2:9c:1c:a0:c6:62:91:82:51:e4:06:28:23:90:e5:
         30:f2:77:ab:ed:ef:8a:1a:d0:0e:a8:93:1b:49:68:1e:1d:99:
         1e:6e:9a:54:59:ac:c6:4f:2a:71:46:f4:e4:a2:9e:63:1a:aa:
         53:85:52:91:59:59:12:4c:37:d3:7c:b6:e8:8c:09:18:2a:5b:
         be:8d:e4:3b:a5:8c:dc:1f:a2:c7:fe:47:d7:09:ba:b4:7e:80:
         a7:e9:4b:65:18:a6:be:2f:0c:03:42:b1:46:a7:24:34:5b:86:
         24:6f:af:fe:a7:91:7b:4e:17:ae:b3:26:9e:83:55:9d:f3:fd:
         05:c4:81:3b:ba:f7:80:79:22:4b:1b:9c:9c:60:1d:d8:ed:11:
         9a:97:b4:aa
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZkGxW5hawkLp4jNFTYAyszAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYWM1MGYxOWQ5OTMwYWVlYzA5Y2QyN2Y1MDhmYzUwMmVh
MTRkMWYwHhcNMjUwOTAxMTkzMzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGNhYzlhMmVlMjMxZDYzMmY2ZWI4MGQ3NTdmYjhhNzE1OWY3M2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqrkBcpRYMfPBQmDSqV6utFrJyy5
gmzA6Sb6LAaAjpNypV2oCZpt+96aYrajNhBb3Gtptlr3M7TPWzJ2mwAteQSNfJ5o
3UAgkYNGAksyUgiJ9KoKpPY9Ibf548ySSuloE7J/q1+LS3lWKiG+a3lvyI/4lERi
ssbZJoXSopIbfJ4hHin7cHp4mz5E+plMBDA/RoUAHSU9YdT48bQfbwpY9Bvrb0IV
WnjX4z9IwVp8ObuOaUPdrwOxQV+klQWwxwpdHOooGZBc9XB/8ZTNeJX6dJTdhFQN
iRM4bAeNUouK09cRtgiGsD8qvVqslKXACOW3R3i22cBaWGNq3j29+1yuQQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFPDKyaLuIx1jL264DXV/uKcVn3PdMB8GA1UdIwQY
MBaAFPusUPGdmTCu7AnNJ/UI/FAuoU0fMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS02eFE4WjJaTUs3c0NjMG45UWo4VUM2aFRSOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04Yjkx
LWQ2MmU0NTRiZjM3Zi8xLzhNckpvdTRqSFdNdmJyZ05kWC00cHhXZmM5MC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04YjkxLWQ2MmU0NTRiZjM3
Zi8xLzEtNnhROFoyWk1LN3NDYzBuOVFqOFVDNmhUUjguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqCkVA
IAAwDQYJKoZIhvcNAQELBQADggEBABh08SdtBGgo5YYycxJIQ/DGL8xdVi4zB9on
DkukxjmqRdZ0/OQJOBq/K+mj60I5DCBiWhJCQ64Cb+UDDmJRhVKHpUfoyW1/Ec4Q
CNFT3HyQfHsZ3OAlKU4QGTII3MPnXOQ/G+wSbK18gsOLy0jPt+KcHKDGYpGCUeQG
KCOQ5TDyd6vt74oa0A6okxtJaB4dmR5umlRZrMZPKnFG9OSinmMaqlOFUpFZWRJM
N9N8tuiMCRgqW76N5DuljNwfosf+R9cJurR+gKfpS2UYpr4vDANCsUanJDRbhiRv
r/6nkXtOF66zJp6DVZ3z/QXEgTu694B5IksbnJxgHdjtEZqXtKo=
-----END CERTIFICATE-----