Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/FDmDvOACHulfshItBSDCX5mBYSQ.roa
File:                     FDmDvOACHulfshItBSDCX5mBYSQ.roa (raw, json)
Hash identifier:          aexzHKGvD/WM+wZ6/qx7vyWxEHAqx7gswtzEcmCk74k=
Subject key identifier:   14:39:83:BC:E0:02:1E:E9:5F:B2:12:2D:05:20:C2:5F:99:81:61:24
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       01982250516F86A0507F981569E950F05B08
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/FDmDvOACHulfshItBSDCX5mBYSQ.roa
Signing time:             Sat 19 Jul 2025 10:52:25 +0000
ROA not before:           Sat 19 Jul 2025 10:52:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208393
IP address blocks:        2a05:4741:f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 17:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:22:50:51:6f:86:a0:50:7f:98:15:69:e9:50:f0:5b:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Jul 19 10:52:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=143983bce0021ee95fb2122d0520c25f99816124
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:54:b4:fd:a3:b7:1d:29:23:4f:c7:5a:7d:14:
                    a6:5b:c9:0e:0f:ca:38:ef:77:e4:ed:e1:4a:9b:0d:
                    20:51:99:42:51:41:26:05:3a:ad:c8:49:b5:13:9d:
                    3e:f8:e4:f6:3f:93:db:df:d5:52:78:7a:9b:79:77:
                    10:15:40:2f:a8:21:ab:fa:21:42:66:5e:b7:26:13:
                    cf:f9:3e:f5:ce:60:48:9d:82:d1:c5:c6:f4:2d:72:
                    09:6d:2f:d7:8b:f6:1b:fd:b4:ba:42:9a:af:35:25:
                    90:f8:8f:c2:1e:93:97:ff:ed:94:50:d3:b7:cc:4e:
                    a6:a4:7d:81:0e:59:a8:90:c5:94:23:b9:ed:2f:90:
                    e2:85:65:d2:73:b0:72:47:c0:34:a3:c0:88:4c:25:
                    20:8e:17:23:5a:45:6c:83:8d:a1:e8:b0:86:8d:6c:
                    9e:63:0d:b9:a9:54:d6:74:9a:86:39:d2:ed:60:6a:
                    dd:2e:71:68:8e:a3:69:46:f3:bb:4f:af:40:40:83:
                    04:e5:75:96:d7:9b:b5:e9:18:13:9f:dc:b2:8a:9d:
                    b1:52:4d:37:fa:ef:7f:f6:6a:d6:93:30:4f:73:b6:
                    f0:62:56:33:ea:55:f1:ca:43:e6:c7:ed:ec:11:db:
                    9a:97:63:f6:48:30:d0:13:88:f3:91:aa:03:1b:bc:
                    93:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:39:83:BC:E0:02:1E:E9:5F:B2:12:2D:05:20:C2:5F:99:81:61:24
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/FDmDvOACHulfshItBSDCX5mBYSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4741:f::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:44:24:c6:cd:3b:5c:f6:33:c9:eb:06:dc:fd:64:40:ca:6d:
         88:3d:84:f7:5d:c7:91:90:25:29:99:a6:76:bd:21:24:ab:30:
         6c:92:9e:5f:0b:b4:ce:dd:9f:fe:6f:f2:6b:d8:0c:4e:d3:e3:
         fd:26:ca:e0:19:88:12:77:6d:41:1e:af:a3:ee:5e:47:c3:83:
         20:0f:30:41:01:23:9b:06:7d:03:d2:f7:67:5b:7f:0c:5f:49:
         12:dc:4b:1e:75:fb:6b:3b:7f:47:80:07:d9:5f:3e:a4:2b:0c:
         08:c6:50:b8:98:b7:65:b3:8a:7f:51:c0:83:0b:c6:35:2a:73:
         48:1f:fe:2f:2f:d2:bd:f2:ee:88:54:89:42:9b:29:c6:47:26:
         73:1e:1a:3e:ef:a8:38:b9:57:94:4a:1e:5d:18:04:66:6f:23:
         cf:0c:2a:b6:c1:8b:90:b7:ee:69:5e:c1:01:16:95:58:33:b5:
         5b:19:a0:bc:60:d1:8b:5b:40:e0:73:c8:d4:aa:87:ed:21:f2:
         44:50:ab:d1:42:b9:1b:bf:49:ec:40:46:95:50:85:cc:b3:85:
         62:a2:3b:d7:a5:dd:f3:c3:71:8c:3b:c2:de:82:84:a4:88:16:
         62:c7:ae:78:8b:3b:f7:c0:2f:48:b7:4e:28:55:00:b7:c5:42:
         9c:79:21:bd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgiUFFvhqBQf5gVaelQ8FsIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjUwNzE5MTA1MjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDM5ODNiY2UwMDIxZWU5NWZiMjEyMmQwNTIwYzI1Zjk5ODE2MTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVS0/aO3HSkjT8dafRSmW8kOD8o4
73fk7eFKmw0gUZlCUUEmBTqtyEm1E50++OT2P5Pb39VSeHqbeXcQFUAvqCGr+iFC
Zl63JhPP+T71zmBInYLRxcb0LXIJbS/Xi/Yb/bS6QpqvNSWQ+I/CHpOX/+2UUNO3
zE6mpH2BDlmokMWUI7ntL5DihWXSc7ByR8A0o8CITCUgjhcjWkVsg42h6LCGjWye
Yw25qVTWdJqGOdLtYGrdLnFojqNpRvO7T69AQIME5XWW15u16RgTn9yyip2xUk03
+u9/9mrWkzBPc7bwYlYz6lXxykPmx+3sEdual2P2SDDQE4jzkaoDG7yTQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBQ5g7zgAh7pX7ISLQUgwl+ZgWEkMB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEvRkRtRHZPQUNIdWxmc2hJdEJTRENYNW1CWVNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzktMTJlYzIyYzljNWEy
LzEvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVHQQAP
MA0GCSqGSIb3DQEBCwUAA4IBAQCXRCTGzTtc9jPJ6wbc/WRAym2IPYT3XceRkCUp
maZ2vSEkqzBskp5fC7TO3Z/+b/Jr2AxO0+P9JsrgGYgSd21BHq+j7l5Hw4MgDzBB
ASObBn0D0vdnW38MX0kS3EsedftrO39HgAfZXz6kKwwIxlC4mLdls4p/UcCDC8Y1
KnNIH/4vL9K98u6IVIlCmynGRyZzHho+76g4uVeUSh5dGARmbyPPDCq2wYuQt+5p
XsEBFpVYM7VbGaC8YNGLW0Dgc8jUqoftIfJEUKvRQrkbv0nsQEaVUIXMs4ViojvX
pd3zw3GMO8LegoSkiBZix654izv3wC9It04oVQC3xUKceSG9
-----END CERTIFICATE-----