Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/I2TVT7DNE2G9XXNPIvC7ssj4vy0.roa
File:                     I2TVT7DNE2G9XXNPIvC7ssj4vy0.roa (raw, json)
Hash identifier:          5m+YSBm5ZTcuXSiyQRLawLxfa0qfeuRlBCs8VexXa7Q=
Subject key identifier:   23:64:D5:4F:B0:CD:13:61:BD:5D:73:4F:22:F0:BB:B2:C8:F8:BF:2D
Certificate issuer:       /CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
Certificate serial:       019906C56EE3C0D8A64FC5CC9311519600C6
Authority key identifier: FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/I2TVT7DNE2G9XXNPIvC7ssj4vy0.roa
Signing time:             Mon 01 Sep 2025 19:33:46 +0000
ROA not before:           Mon 01 Sep 2025 19:33:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213396
IP address blocks:        2a0a:4540:3000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 16:33:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:06:c5:6e:e3:c0:d8:a6:4f:c5:cc:93:11:51:96:00:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
        Validity
            Not Before: Sep  1 19:33:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2364d54fb0cd1361bd5d734f22f0bbb2c8f8bf2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:52:77:3a:27:41:a6:42:01:de:f2:58:d6:2a:
                    b3:6d:6e:28:a5:58:f4:1b:ff:6f:a1:75:26:ca:98:
                    de:4d:f0:35:c5:0c:9d:77:dd:79:41:0f:85:22:9e:
                    e0:47:94:54:fe:c7:ca:c6:73:c0:00:06:fd:e3:6c:
                    f9:08:22:a6:b9:32:a1:c0:8d:9e:ba:1b:5d:9f:da:
                    10:06:3e:11:dd:92:71:5e:a8:43:84:a6:97:7d:0c:
                    d0:24:14:e7:15:ed:2d:fc:79:43:05:a1:3b:a2:77:
                    ce:ae:90:14:0e:f5:14:c8:87:5b:78:13:ca:1e:38:
                    bf:9b:68:d0:4e:28:44:74:85:f4:1a:1c:3b:04:93:
                    35:bf:d3:4e:17:45:64:74:7d:f1:1f:5b:14:8f:6d:
                    d6:44:95:bf:8e:9b:1f:50:e2:00:dd:d5:43:8a:a9:
                    89:03:64:27:a1:37:1e:d0:4e:75:a4:4e:34:55:ea:
                    5b:f2:62:64:0b:b1:2d:ac:32:65:32:07:f4:be:a4:
                    f1:56:16:8a:ae:14:f9:cf:2e:62:e1:1a:4a:5e:55:
                    78:b1:0d:77:6d:26:b3:e2:85:08:b3:03:42:63:32:
                    79:94:ae:bc:b4:38:e2:39:ea:f6:57:2d:07:bd:d3:
                    d8:8d:4c:f1:c7:5e:e0:a3:22:b5:12:00:0d:2c:bc:
                    a6:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:64:D5:4F:B0:CD:13:61:BD:5D:73:4F:22:F0:BB:B2:C8:F8:BF:2D
            X509v3 Authority Key Identifier:
                keyid:FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/I2TVT7DNE2G9XXNPIvC7ssj4vy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4540:3000::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:d7:09:16:b9:20:9d:93:99:54:9e:4d:97:76:d8:13:38:d0:
         7f:79:a5:59:16:3c:33:d5:5d:0b:68:1a:3a:42:1c:5b:ef:af:
         0b:39:c7:61:5b:05:8b:ea:2d:bd:d2:69:d3:54:ff:a2:d7:ff:
         28:f7:40:cd:38:f5:29:5d:1f:24:a2:9d:11:af:d8:52:01:47:
         69:ef:4b:6d:6b:6f:a8:0b:d5:26:e5:24:df:e0:f7:f7:a5:0f:
         34:5c:59:01:87:f6:b9:13:25:ac:08:67:c5:a1:1e:63:21:a1:
         a7:a1:79:03:7e:f0:6b:0e:fe:44:94:e9:3e:8a:50:68:ed:bd:
         1e:eb:88:e2:bc:33:b9:f4:40:39:16:c0:e3:da:a2:8d:7e:ac:
         fc:af:84:0c:f3:29:9c:ef:15:7a:a6:b4:78:25:6f:01:5a:03:
         a8:c1:61:13:e9:ed:0f:a8:10:d4:d3:22:3d:01:50:70:fc:98:
         f9:be:db:5d:8f:25:ab:2b:03:6e:f6:a7:45:3b:90:d3:aa:d9:
         77:ff:d0:5c:a2:f5:d5:c3:0d:e3:c4:85:73:0b:89:27:c0:65:
         eb:b4:6b:1e:75:89:4e:ed:2e:e6:82:78:7d:7f:93:41:53:70:
         78:45:af:36:5b:a1:a8:65:9c:a3:58:15:c9:cb:fe:77:e2:75:
         b5:81:c9:cf
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZkGxW7jwNimT8XMkxFRlgDGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYWM1MGYxOWQ5OTMwYWVlYzA5Y2QyN2Y1MDhmYzUwMmVh
MTRkMWYwHhcNMjUwOTAxMTkzMzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzY0ZDU0ZmIwY2QxMzYxYmQ1ZDczNGYyMmYwYmJiMmM4ZjhiZjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVJ3OidBpkIB3vJY1iqzbW4opVj0
G/9voXUmypjeTfA1xQydd915QQ+FIp7gR5RU/sfKxnPAAAb942z5CCKmuTKhwI2e
uhtdn9oQBj4R3ZJxXqhDhKaXfQzQJBTnFe0t/HlDBaE7onfOrpAUDvUUyIdbeBPK
Hji/m2jQTihEdIX0Ghw7BJM1v9NOF0VkdH3xH1sUj23WRJW/jpsfUOIA3dVDiqmJ
A2QnoTce0E51pE40Vepb8mJkC7EtrDJlMgf0vqTxVhaKrhT5zy5i4RpKXlV4sQ13
bSaz4oUIswNCYzJ5lK68tDjiOer2Vy0HvdPYjUzxx17goyK1EgANLLymLQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFCNk1U+wzRNhvV1zTyLwu7LI+L8tMB8GA1UdIwQY
MBaAFPusUPGdmTCu7AnNJ/UI/FAuoU0fMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS02eFE4WjJaTUs3c0NjMG45UWo4VUM2aFRSOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04Yjkx
LWQ2MmU0NTRiZjM3Zi8xL0kyVFZUN0RORTJHOVhYTlBJdkM3c3NqNHZ5MC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04YjkxLWQ2MmU0NTRiZjM3
Zi8xLzEtNnhROFoyWk1LN3NDYzBuOVFqOFVDNmhUUjguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqCkVA
MAAwDQYJKoZIhvcNAQELBQADggEBADTXCRa5IJ2TmVSeTZd22BM40H95pVkWPDPV
XQtoGjpCHFvvrws5x2FbBYvqLb3SadNU/6LX/yj3QM049SldHySinRGv2FIBR2nv
S21rb6gL1SblJN/g9/elDzRcWQGH9rkTJawIZ8WhHmMhoaeheQN+8GsO/kSU6T6K
UGjtvR7riOK8M7n0QDkWwOPaoo1+rPyvhAzzKZzvFXqmtHglbwFaA6jBYRPp7Q+o
ENTTIj0BUHD8mPm+212PJasrA272p0U7kNOq2Xf/0Fyi9dXDDePEhXMLiSfAZeu0
ax51iU7tLuaCeH1/k0FTcHhFrzZboahlnKNYFcnL/nfidbWByc8=
-----END CERTIFICATE-----