Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/f83w0UBpgcJD0dA64iAq7lmXARw.roa
File:                     f83w0UBpgcJD0dA64iAq7lmXARw.roa (raw, json)
Hash identifier:          f9wovq1EqzUTh58ehH2r8oD0Nk4JJQcPOCa3DaAqpnI=
Subject key identifier:   7F:CD:F0:D1:40:69:81:C2:43:D1:D0:3A:E2:20:2A:EE:59:97:01:1C
Certificate issuer:       /CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
Certificate serial:       0197D0C4BC2A84A9FB8C61DC5E2AEECE92C9
Authority key identifier: 48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/f83w0UBpgcJD0dA64iAq7lmXARw.roa
Signing time:             Thu 03 Jul 2025 14:50:43 +0000
ROA not before:           Thu 03 Jul 2025 14:50:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50926
IP address blocks:        2a0b:8f80:202::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:07:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d0:c4:bc:2a:84:a9:fb:8c:61:dc:5e:2a:ee:ce:92:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
        Validity
            Not Before: Jul  3 14:50:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7fcdf0d1406981c243d1d03ae2202aee5997011c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:18:df:0f:0b:03:a9:83:04:2d:46:77:42:78:
                    b3:9d:58:10:e7:5a:8d:a0:31:d3:d9:88:d1:a2:81:
                    10:69:90:95:99:e6:f3:a0:e2:3e:8a:dd:7d:1e:35:
                    05:4a:9e:13:94:b4:d9:5c:11:45:d4:27:72:15:d5:
                    0e:35:14:9e:1b:12:b8:1a:00:64:95:df:f8:cc:1a:
                    82:b5:0f:2b:e8:3c:42:45:ba:f2:72:7f:d8:4e:b3:
                    70:6d:c0:70:d2:b2:c4:cb:b2:66:36:9e:e2:6a:30:
                    4e:f6:05:1a:b7:de:97:33:d4:1a:9b:af:cd:19:46:
                    34:fd:07:0c:e3:dc:fa:e5:c3:db:78:db:8c:b1:82:
                    75:a5:ff:da:47:4d:6c:64:fc:2c:68:91:19:9f:0a:
                    8a:0d:84:36:2b:70:ab:c7:3d:5d:0c:aa:5f:a3:84:
                    d6:dd:c2:9b:d1:20:27:69:47:c0:c1:74:61:b0:1d:
                    9a:d8:7f:87:95:ef:d4:a8:50:80:31:6d:fb:1b:b1:
                    95:0c:24:b2:65:64:5a:31:84:12:39:bc:ea:7c:e2:
                    00:6b:39:de:4e:51:f6:e0:bd:9e:b0:b7:8e:0d:83:
                    c5:83:1e:b3:8a:fe:8e:79:87:1e:63:77:24:09:4d:
                    75:2d:03:0a:8c:a0:77:ea:a2:76:3d:21:09:5a:d4:
                    5f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:CD:F0:D1:40:69:81:C2:43:D1:D0:3A:E2:20:2A:EE:59:97:01:1C
            X509v3 Authority Key Identifier:
                keyid:48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/f83w0UBpgcJD0dA64iAq7lmXARw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:8f80:202::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:78:2c:07:c5:e6:cf:8d:9e:27:aa:bd:38:62:14:0f:b1:b7:
         8f:05:ad:9f:91:4d:02:59:51:da:82:82:5b:c7:ee:67:46:fe:
         bc:18:7a:6f:a2:b3:12:b8:b3:ac:9a:9d:38:64:73:5f:25:8b:
         df:7d:51:39:48:c3:78:f3:85:36:c7:cf:94:af:35:2a:2e:9e:
         0a:88:48:ec:a6:72:5b:a4:2e:be:86:e5:e5:2a:76:b2:ee:29:
         19:1a:bd:61:8f:7e:62:aa:d1:2e:dc:02:07:0d:bd:3a:87:89:
         7b:23:70:db:a4:2b:b8:93:07:4b:6e:cc:ad:04:fa:45:cd:93:
         5c:50:1c:7d:e6:8a:bb:d9:0c:3b:f0:06:b7:66:44:2f:94:74:
         5b:24:61:c7:5f:d5:94:92:aa:40:56:21:14:a8:a1:b8:bf:62:
         45:3a:12:2e:43:b7:3a:61:66:2f:96:f1:38:f0:27:12:25:e2:
         fb:ac:03:74:8c:23:ef:21:6c:ad:4c:44:e8:85:a9:c2:18:15:
         11:ef:81:2d:e5:e0:b4:1b:da:a7:7d:31:42:14:e2:d4:29:b4:
         c1:35:58:bc:8c:82:d8:ba:77:97:e7:6b:dd:c3:12:de:31:1d:
         40:df:5b:53:08:fe:8b:b5:40:8a:04:cc:26:1d:3a:bc:5f:17:
         3c:6c:69:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZfQxLwqhKn7jGHcXiruzpLJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4OGM2NWRjMzU5YjU4Y2E2YmE1ZDNkYWViODc0ZjA1ODY4
NGU4YzYwHhcNMjUwNzAzMTQ1MDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmNkZjBkMTQwNjk4MWMyNDNkMWQwM2FlMjIwMmFlZTU5OTcwMTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRjfDwsDqYMELUZ3QniznVgQ51qN
oDHT2YjRooEQaZCVmebzoOI+it19HjUFSp4TlLTZXBFF1CdyFdUONRSeGxK4GgBk
ld/4zBqCtQ8r6DxCRbrycn/YTrNwbcBw0rLEy7JmNp7iajBO9gUat96XM9Qam6/N
GUY0/QcM49z65cPbeNuMsYJ1pf/aR01sZPwsaJEZnwqKDYQ2K3Crxz1dDKpfo4TW
3cKb0SAnaUfAwXRhsB2a2H+Hle/UqFCAMW37G7GVDCSyZWRaMYQSObzqfOIAazne
TlH24L2esLeODYPFgx6ziv6OeYceY3ckCU11LQMKjKB36qJ2PSEJWtRf+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH/N8NFAaYHCQ9HQOuIgKu5ZlwEcMB8GA1UdIwQY
MBaAFEiMZdw1m1jKa6XT2uuHTwWGhOjGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQt
YjBkNzJlOTEwZWZlLzEvZjgzdzBVQnBnY0pEMGRBNjRpQXE3bG1YQVJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQtYjBkNzJlOTEwZWZl
LzEvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKguPgAIC
MA0GCSqGSIb3DQEBCwUAA4IBAQAOeCwHxebPjZ4nqr04YhQPsbePBa2fkU0CWVHa
goJbx+5nRv68GHpvorMSuLOsmp04ZHNfJYvffVE5SMN484U2x8+UrzUqLp4KiEjs
pnJbpC6+huXlKnay7ikZGr1hj35iqtEu3AIHDb06h4l7I3DbpCu4kwdLbsytBPpF
zZNcUBx95oq72Qw78Aa3ZkQvlHRbJGHHX9WUkqpAViEUqKG4v2JFOhIuQ7c6YWYv
lvE48CcSJeL7rAN0jCPvIWytTETohanCGBUR74Et5eC0G9qnfTFCFOLUKbTBNVi8
jILYuneX52vdwxLeMR1A31tTCP6LtUCKBMwmHTq8Xxc8bGlU
-----END CERTIFICATE-----