Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/gOx9XmYhCyjSpHomUwwzFBdaZWQ.roa
File:                     gOx9XmYhCyjSpHomUwwzFBdaZWQ.roa (raw, json)
Hash identifier:          85LFD2QKpvWOX3g3rfg4tLiCpfGOYDN+7e9dqcdwykA=
Subject key identifier:   80:EC:7D:5E:66:21:0B:28:D2:A4:7A:26:53:0C:33:14:17:5A:65:64
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0198093366D17B85700530CB2B953E3DFF92
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/gOx9XmYhCyjSpHomUwwzFBdaZWQ.roa
Signing time:             Mon 14 Jul 2025 13:50:20 +0000
ROA not before:           Mon 14 Jul 2025 13:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        2a0f:7b81::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:33:66:d1:7b:85:70:05:30:cb:2b:95:3e:3d:ff:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul 14 13:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80ec7d5e66210b28d2a47a26530c3314175a6564
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7d:8e:8b:29:5b:4a:7e:5f:66:39:33:a9:d7:
                    cf:c2:c5:51:84:35:bf:89:cf:d5:2b:13:36:27:ab:
                    00:29:a0:92:c7:eb:7f:69:9d:ce:7d:64:ae:e2:1d:
                    b2:5c:8f:f2:a2:c9:61:c5:a7:ba:7d:dd:f5:2a:93:
                    fb:77:e8:28:3b:4d:ca:c1:0b:bd:07:3b:eb:47:a9:
                    17:0b:1c:77:3e:99:50:a3:70:b2:82:34:1d:95:25:
                    f6:9a:df:38:c6:bc:ce:82:35:ff:85:28:ff:d5:49:
                    56:37:4b:12:66:33:34:5c:b3:b3:41:ca:39:b8:97:
                    1e:cc:1d:60:fb:f6:7d:84:b4:9a:5c:66:93:7a:0c:
                    7d:66:93:47:1e:76:c6:fd:8e:34:e2:07:23:71:a2:
                    46:08:13:94:a1:7c:73:e3:96:02:1e:a7:54:61:41:
                    8a:85:b0:7b:e9:1e:e7:da:11:61:f2:3e:f2:3a:6b:
                    9e:11:f1:c9:1f:18:15:7e:82:6a:b7:f9:01:68:6e:
                    bd:1d:43:47:e1:60:b1:c6:39:3d:e8:7a:f1:a0:70:
                    91:01:e8:b7:ae:fe:8e:0e:4c:ae:8f:61:d3:61:fe:
                    d2:5e:5a:b0:5a:1d:90:28:fc:83:3a:f4:e4:4d:c9:
                    e9:de:92:51:73:f1:c2:fc:93:ec:ab:26:36:3e:72:
                    9d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:EC:7D:5E:66:21:0B:28:D2:A4:7A:26:53:0C:33:14:17:5A:65:64
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/gOx9XmYhCyjSpHomUwwzFBdaZWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7b81::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:0f:ee:54:7c:f6:12:4a:29:b9:c3:22:63:4d:00:8e:d3:b5:
         25:fd:03:c0:21:4f:79:7a:5d:81:81:7a:0d:f9:cc:e7:00:7c:
         52:2d:8a:da:7d:c3:9c:d2:32:30:dd:03:cb:3d:28:02:34:5a:
         01:6d:26:74:74:08:5c:eb:3d:ba:bc:0f:a6:25:0b:c7:5d:24:
         17:3a:b8:aa:63:95:99:f7:f7:91:a7:51:45:82:14:ba:1b:30:
         30:79:8a:7c:a5:5d:5b:e7:91:cd:89:b0:47:b3:fc:0f:63:24:
         b8:1b:e3:7f:2a:44:f5:fb:ed:1b:cd:c4:93:1f:b3:99:07:18:
         6c:ba:a4:f7:cc:92:b7:93:81:32:de:25:77:ee:e0:5f:29:59:
         5c:82:3e:94:0a:fd:43:ef:dc:c7:f4:93:21:24:1d:be:df:9b:
         15:c7:39:99:3e:56:73:1a:96:f4:3e:82:14:96:30:64:4f:88:
         47:4e:2e:47:66:3c:0f:ca:3c:db:b9:ba:30:a0:cb:70:7a:ce:
         4b:86:2f:36:d3:40:1b:83:29:39:77:bf:07:97:ad:15:05:15:
         72:94:f7:7d:4c:8f:49:20:d1:47:2f:55:3a:64:fc:d4:cd:6c:
         9e:0a:d0:fa:09:3d:84:6d:df:f0:a5:31:55:64:a7:b0:0e:c7:
         82:3f:7b:e0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgJM2bRe4VwBTDLK5U+Pf+SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwNzE0MTM1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGVjN2Q1ZTY2MjEwYjI4ZDJhNDdhMjY1MzBjMzMxNDE3NWE2NTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsX2OiylbSn5fZjkzqdfPwsVRhDW/
ic/VKxM2J6sAKaCSx+t/aZ3OfWSu4h2yXI/yoslhxae6fd31KpP7d+goO03KwQu9
BzvrR6kXCxx3PplQo3CygjQdlSX2mt84xrzOgjX/hSj/1UlWN0sSZjM0XLOzQco5
uJcezB1g+/Z9hLSaXGaTegx9ZpNHHnbG/Y404gcjcaJGCBOUoXxz45YCHqdUYUGK
hbB76R7n2hFh8j7yOmueEfHJHxgVfoJqt/kBaG69HUNH4WCxxjk96HrxoHCRAei3
rv6ODkyuj2HTYf7SXlqwWh2QKPyDOvTkTcnp3pJRc/HC/JPsqyY2PnKd8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIDsfV5mIQso0qR6JlMMMxQXWmVkMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvZ094OVhtWWhDeWpTcEhvbVV3d3pGQmRhWldRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg97gQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCuD+5UfPYSSim5wyJjTQCO07Ul/QPAIU95el2B
gXoN+cznAHxSLYrafcOc0jIw3QPLPSgCNFoBbSZ0dAhc6z26vA+mJQvHXSQXOriq
Y5WZ9/eRp1FFghS6GzAweYp8pV1b55HNibBHs/wPYyS4G+N/KkT1++0bzcSTH7OZ
BxhsuqT3zJK3k4Ey3iV37uBfKVlcgj6UCv1D79zH9JMhJB2+35sVxzmZPlZzGpb0
PoIUljBkT4hHTi5HZjwPyjzbubowoMtwes5Lhi8200Abgyk5d78Hl60VBRVylPd9
TI9JINFHL1U6ZPzUzWyeCtD6CT2Ebd/wpTFVZKewDseCP3vg
-----END CERTIFICATE-----