Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/c230b5-4791-48d0-b887-b34d649cfb7b/1/zwxcNGqyixnsFcfdyGwVj0HrB4Y.roa
File:                     zwxcNGqyixnsFcfdyGwVj0HrB4Y.roa (raw, json)
Hash identifier:          m6nq1O6bXfDYzMGdYPA+3lugXvsGYj60cX9+kL6NB8M=
Subject key identifier:   CF:0C:5C:34:6A:B2:8B:19:EC:15:C7:DD:C8:6C:15:8F:41:EB:07:86
Certificate issuer:       /CN=6faf48b02b97dc2d312250aa234083b8c1bb9e81
Certificate serial:       019853C967F5F139B5B13219CB041714F9F7
Authority key identifier: 6F:AF:48:B0:2B:97:DC:2D:31:22:50:AA:23:40:83:B8:C1:BB:9E:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b69IsCuX3C0xIlCqI0CDuMG7noE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/c230b5-4791-48d0-b887-b34d649cfb7b/1/zwxcNGqyixnsFcfdyGwVj0HrB4Y.roa
Signing time:             Tue 29 Jul 2025 01:26:04 +0000
ROA not before:           Tue 29 Jul 2025 01:26:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206507
IP address blocks:        2001:30c0:fffd::/56 maxlen: 56
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/c230b5-4791-48d0-b887-b34d649cfb7b/1/b69IsCuX3C0xIlCqI0CDuMG7noE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/c230b5-4791-48d0-b887-b34d649cfb7b/1/b69IsCuX3C0xIlCqI0CDuMG7noE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b69IsCuX3C0xIlCqI0CDuMG7noE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Jul 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:53:c9:67:f5:f1:39:b5:b1:32:19:cb:04:17:14:f9:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6faf48b02b97dc2d312250aa234083b8c1bb9e81
        Validity
            Not Before: Jul 29 01:26:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf0c5c346ab28b19ec15c7ddc86c158f41eb0786
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d9:84:da:ed:9a:f2:8f:36:08:07:79:ef:0d:
                    3a:b2:fb:fd:ca:49:77:5d:6b:a4:02:18:4a:16:bf:
                    b8:ba:0e:ef:90:c2:95:e1:85:06:7b:39:db:6d:31:
                    e9:2c:42:f3:68:3d:d9:20:87:3c:1d:2e:2f:24:86:
                    37:89:ee:1c:f1:4c:ff:a0:67:15:93:b1:eb:22:ad:
                    97:a3:d7:e7:66:b5:33:d3:4b:bc:2e:e3:5d:71:9d:
                    5a:cc:d3:3f:31:67:ba:f9:df:4e:e1:fb:c9:b1:ac:
                    38:39:f8:f3:0f:4b:9e:cd:42:52:25:53:74:aa:cd:
                    bb:1e:f8:47:8d:9c:83:4b:fe:0e:58:f3:ec:df:a3:
                    84:45:a5:5c:f0:8d:89:cf:c1:1d:44:b5:58:4e:03:
                    19:ee:0e:52:da:19:ee:16:a6:e3:79:dc:a6:63:62:
                    ce:89:07:35:09:90:fa:98:6e:da:98:94:a7:22:07:
                    51:b9:13:e0:da:e1:0f:55:1c:88:fc:aa:dc:9d:a6:
                    34:42:e0:99:d6:e7:3a:22:c1:8c:50:31:0d:77:15:
                    0a:7f:4b:a0:2b:da:18:f7:a6:29:45:f4:62:44:54:
                    e6:83:cb:8b:3f:3b:e8:70:a7:4d:c2:32:5e:6d:85:
                    d2:2b:c5:59:07:c1:0e:e5:7a:e4:21:5d:7a:a6:24:
                    9b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:0C:5C:34:6A:B2:8B:19:EC:15:C7:DD:C8:6C:15:8F:41:EB:07:86
            X509v3 Authority Key Identifier:
                keyid:6F:AF:48:B0:2B:97:DC:2D:31:22:50:AA:23:40:83:B8:C1:BB:9E:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b69IsCuX3C0xIlCqI0CDuMG7noE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c230b5-4791-48d0-b887-b34d649cfb7b/1/zwxcNGqyixnsFcfdyGwVj0HrB4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c230b5-4791-48d0-b887-b34d649cfb7b/1/b69IsCuX3C0xIlCqI0CDuMG7noE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:30c0:fffd::/56

    Signature Algorithm: sha256WithRSAEncryption
         3d:84:f7:42:32:5a:63:80:c1:a0:c4:97:9d:c7:c3:f9:ab:12:
         3d:4b:fc:8c:d6:81:36:6c:c3:54:03:85:74:04:c1:bd:98:90:
         8a:33:82:0d:03:8f:d5:6e:4d:dd:5e:22:5b:fe:3c:b4:0d:4f:
         c0:bd:d0:7e:c2:53:f2:44:e1:e7:ef:30:9c:61:f3:c0:52:d8:
         bc:58:62:1c:65:03:6d:4b:e2:95:33:56:2b:40:39:1a:96:cc:
         e1:d8:63:45:30:83:7d:06:b7:e3:1d:c4:b9:cf:1e:a9:7c:84:
         c2:60:83:6d:c4:63:0e:cf:32:be:18:74:b1:45:e6:49:ab:f9:
         0f:0e:45:79:5f:c3:45:47:79:62:de:21:dc:9f:e4:be:1a:e8:
         aa:44:5e:31:f6:66:50:77:4f:ba:f5:8a:8d:16:29:f2:03:0a:
         d6:65:87:8c:04:08:ba:d7:6c:e2:1a:8c:ba:da:03:0d:be:2c:
         af:3a:10:97:23:2d:3c:51:e9:16:4b:3f:84:5b:af:26:7b:60:
         63:e4:8b:1d:a0:33:9c:99:93:46:a8:3b:ce:c0:ef:64:23:7d:
         21:70:16:ea:d5:07:63:44:78:1f:5f:8f:4b:5e:87:af:4b:e5:
         d0:db:cf:7c:8a:a5:c1:64:17:dc:40:5f:e7:a3:53:25:03:39:
         04:f4:9d:63
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAZhTyWf18Tm1sTIZywQXFPn3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYWY0OGIwMmI5N2RjMmQzMTIyNTBhYTIzNDA4M2I4YzFi
YjllODEwHhcNMjUwNzI5MDEyNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjBjNWMzNDZhYjI4YjE5ZWMxNWM3ZGRjODZjMTU4ZjQxZWIwNzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtmE2u2a8o82CAd57w06svv9ykl3
XWukAhhKFr+4ug7vkMKV4YUGeznbbTHpLELzaD3ZIIc8HS4vJIY3ie4c8Uz/oGcV
k7HrIq2Xo9fnZrUz00u8LuNdcZ1azNM/MWe6+d9O4fvJsaw4OfjzD0uezUJSJVN0
qs27HvhHjZyDS/4OWPPs36OERaVc8I2Jz8EdRLVYTgMZ7g5S2hnuFqbjedymY2LO
iQc1CZD6mG7amJSnIgdRuRPg2uEPVRyI/KrcnaY0QuCZ1uc6IsGMUDENdxUKf0ug
K9oY96YpRfRiRFTmg8uLPzvocKdNwjJebYXSK8VZB8EO5XrkIV16piSbYwIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFM8MXDRqsosZ7BXH3chsFY9B6weGMB8GA1UdIwQY
MBaAFG+vSLArl9wtMSJQqiNAg7jBu56BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjY5SXNDdVgzQzB4SWxDcUkwQ0R1TUc3bm9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9jMjMwYjUtNDc5MS00OGQwLWI4ODct
YjM0ZDY0OWNmYjdiLzEvend4Y05HcXlpeG5zRmNmZHlHd1ZqMEhyQjRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9jMjMwYjUtNDc5MS00OGQwLWI4ODctYjM0ZDY0OWNmYjdi
LzEvYjY5SXNDdVgzQzB4SWxDcUkwQ0R1TUc3bm9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAAjAKAwgAIAEwwP/9
ADANBgkqhkiG9w0BAQsFAAOCAQEAPYT3QjJaY4DBoMSXncfD+asSPUv8jNaBNmzD
VAOFdATBvZiQijOCDQOP1W5N3V4iW/48tA1PwL3QfsJT8kTh5+8wnGHzwFLYvFhi
HGUDbUvilTNWK0A5GpbM4dhjRTCDfQa34x3Euc8eqXyEwmCDbcRjDs8yvhh0sUXm
Sav5Dw5FeV/DRUd5Yt4h3J/kvhroqkReMfZmUHdPuvWKjRYp8gMK1mWHjAQIutds
4hqMutoDDb4srzoQlyMtPFHpFks/hFuvJntgY+SLHaAznJmTRqg7zsDvZCN9IXAW
6tUHY0R4H1+PS16Hr0vl0NvPfIqlwWQX3EBf56NTJQM5BPSdYw==
-----END CERTIFICATE-----