Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/3391ce-a795-401f-839d-a4d0d10c9016/1/Lbnf37L0cOCr3IAAWKOV73UBuSA.roa
File:                     Lbnf37L0cOCr3IAAWKOV73UBuSA.roa (raw, json)
Hash identifier:          F0DnyoLgnE4+CT+QkMCTrdUjM8hRrPUxywL+Wut5lCI=
Subject key identifier:   2D:B9:DF:DF:B2:F4:70:E0:AB:DC:80:00:58:A3:95:EF:75:01:B9:20
Certificate issuer:       /CN=7b732b6e5710ba8289cff4bb226b75bc4b07819f
Certificate serial:       019A4E0D4247D264AAF90ED64061EB442A5C
Authority key identifier: 7B:73:2B:6E:57:10:BA:82:89:CF:F4:BB:22:6B:75:BC:4B:07:81:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e3MrblcQuoKJz_S7Imt1vEsHgZ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/3391ce-a795-401f-839d-a4d0d10c9016/1/Lbnf37L0cOCr3IAAWKOV73UBuSA.roa
Signing time:             Tue 04 Nov 2025 08:48:03 +0000
ROA not before:           Tue 04 Nov 2025 08:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43350
IP address blocks:        2a05:840::/48 maxlen: 48
                          2a05:840:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/3391ce-a795-401f-839d-a4d0d10c9016/1/e3MrblcQuoKJz_S7Imt1vEsHgZ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/3391ce-a795-401f-839d-a4d0d10c9016/1/e3MrblcQuoKJz_S7Imt1vEsHgZ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e3MrblcQuoKJz_S7Imt1vEsHgZ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Nov 2025 14:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4e:0d:42:47:d2:64:aa:f9:0e:d6:40:61:eb:44:2a:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b732b6e5710ba8289cff4bb226b75bc4b07819f
        Validity
            Not Before: Nov  4 08:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2db9dfdfb2f470e0abdc800058a395ef7501b920
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:15:27:41:3c:d0:a0:0a:f3:0e:07:d8:11:72:
                    60:37:63:3f:d0:0c:eb:09:37:df:63:15:24:2b:01:
                    7d:6e:f4:67:07:4e:d5:bc:32:3a:b1:87:a4:cb:5d:
                    38:43:ba:1d:68:f7:bc:14:17:75:be:05:b1:ad:6b:
                    70:27:1d:48:64:21:46:82:3c:70:bf:b6:57:49:f1:
                    de:22:e1:73:4a:c5:52:c8:86:b3:5f:ff:f1:2e:7e:
                    b0:a6:48:be:f0:1a:81:5c:3a:b8:66:74:42:17:cd:
                    b0:b4:42:1a:83:7e:ec:ff:e8:34:6a:34:30:33:8f:
                    53:79:89:27:86:5c:e3:81:1d:7c:fa:4a:2a:fa:88:
                    48:01:2c:0a:aa:1c:22:34:aa:af:7f:30:33:30:ef:
                    dd:c8:dc:e1:23:f6:df:f7:75:b6:04:59:5a:ff:b5:
                    d3:34:d3:9d:df:22:b8:2a:e7:36:e9:bd:4d:46:cd:
                    16:b8:a9:9b:46:98:15:58:90:28:ca:6e:93:78:17:
                    ca:f5:19:45:57:ad:f2:15:3a:12:a8:0a:0e:36:1a:
                    f7:b7:8b:77:d1:42:bf:ea:47:54:39:be:e5:1c:97:
                    10:52:11:2f:42:a7:2c:72:f6:f9:ef:72:ef:b4:b2:
                    82:b0:86:d5:cd:49:49:b5:98:f6:9d:65:5c:27:0c:
                    65:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:B9:DF:DF:B2:F4:70:E0:AB:DC:80:00:58:A3:95:EF:75:01:B9:20
            X509v3 Authority Key Identifier:
                keyid:7B:73:2B:6E:57:10:BA:82:89:CF:F4:BB:22:6B:75:BC:4B:07:81:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3MrblcQuoKJz_S7Imt1vEsHgZ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/3391ce-a795-401f-839d-a4d0d10c9016/1/Lbnf37L0cOCr3IAAWKOV73UBuSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/3391ce-a795-401f-839d-a4d0d10c9016/1/e3MrblcQuoKJz_S7Imt1vEsHgZ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:840::/47

    Signature Algorithm: sha256WithRSAEncryption
         2d:9c:8a:4e:e4:9a:45:79:ea:f6:9b:32:aa:d8:54:01:d1:3b:
         82:56:d1:85:d5:01:d0:34:ff:08:00:44:67:79:de:9c:f2:9f:
         05:4a:d9:cc:4a:5f:81:84:92:1d:19:5e:a0:e1:3d:1d:bb:38:
         5f:7f:8d:c9:9d:f6:e7:59:bd:8d:8e:fb:a8:09:2b:ac:24:04:
         d3:3f:56:d6:97:72:bb:5f:f1:40:36:db:e0:5f:f3:32:4d:58:
         0e:6d:e7:e7:6d:69:15:f6:85:d8:42:b3:6b:09:8c:52:3c:c2:
         5b:f6:be:21:9c:ef:04:0b:d2:01:e7:ed:3c:f8:c8:2b:79:80:
         52:10:3e:93:89:86:03:a7:ee:89:e0:27:4b:bc:28:ae:20:2d:
         a1:be:f1:bf:f8:20:d4:d3:af:c4:04:c9:03:d7:9c:6d:84:46:
         32:f9:c1:62:1e:4d:f3:5f:3e:28:bc:e1:22:a4:8d:49:67:37:
         a1:da:17:2d:b2:3d:ae:fd:b0:90:22:dd:99:13:ad:c9:9f:e3:
         c0:2e:02:0b:32:9e:a1:54:5a:1b:1e:f1:11:56:74:0b:78:31:
         0f:27:8b:33:9b:c7:3e:ce:38:3c:ca:f0:68:b9:b3:69:5e:04:
         f0:f4:e1:b7:8c:e5:ad:f7:4a:06:43:1b:65:3d:d9:67:bc:53:
         c5:0a:a7:26
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZpODUJH0mSq+Q7WQGHrRCpcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNzMyYjZlNTcxMGJhODI4OWNmZjRiYjIyNmI3NWJjNGIw
NzgxOWYwHhcNMjUxMTA0MDg0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGI5ZGZkZmIyZjQ3MGUwYWJkYzgwMDA1OGEzOTVlZjc1MDFiOTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1xUnQTzQoArzDgfYEXJgN2M/0Azr
CTffYxUkKwF9bvRnB07VvDI6sYeky104Q7odaPe8FBd1vgWxrWtwJx1IZCFGgjxw
v7ZXSfHeIuFzSsVSyIazX//xLn6wpki+8BqBXDq4ZnRCF82wtEIag37s/+g0ajQw
M49TeYknhlzjgR18+koq+ohIASwKqhwiNKqvfzAzMO/dyNzhI/bf93W2BFla/7XT
NNOd3yK4Kuc26b1NRs0WuKmbRpgVWJAoym6TeBfK9RlFV63yFToSqAoONhr3t4t3
0UK/6kdUOb7lHJcQUhEvQqcscvb573LvtLKCsIbVzUlJtZj2nWVcJwxl2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC2539+y9HDgq9yAAFijle91AbkgMB8GA1UdIwQY
MBaAFHtzK25XELqCic/0uyJrdbxLB4GfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTNNcmJsY1F1b0tKel9TN0ltdDF2RXNIZ1o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8zMzkxY2UtYTc5NS00MDFmLTgzOWQt
YTRkMGQxMGM5MDE2LzEvTGJuZjM3TDBjT0NyM0lBQVdLT1Y3M1VCdVNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8zMzkxY2UtYTc5NS00MDFmLTgzOWQtYTRkMGQxMGM5MDE2
LzEvZTNNcmJsY1F1b0tKel9TN0ltdDF2RXNIZ1o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgUIQAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAtnIpO5JpFeer2mzKq2FQB0TuCVtGF1QHQNP8I
AERned6c8p8FStnMSl+BhJIdGV6g4T0duzhff43JnfbnWb2NjvuoCSusJATTP1bW
l3K7X/FANtvgX/MyTVgObefnbWkV9oXYQrNrCYxSPMJb9r4hnO8EC9IB5+08+Mgr
eYBSED6TiYYDp+6J4CdLvCiuIC2hvvG/+CDU06/EBMkD15xthEYy+cFiHk3zXz4o
vOEipI1JZzeh2hctsj2u/bCQIt2ZE63Jn+PALgILMp6hVFobHvERVnQLeDEPJ4sz
m8c+zjg8yvBoubNpXgTw9OG3jOWt90oGQxtlPdlnvFPFCqcm
-----END CERTIFICATE-----