Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/lZukny4gRRAbVF3dKXqwn_KyFBw.roa
File:                     lZukny4gRRAbVF3dKXqwn_KyFBw.roa (raw, json)
Hash identifier:          t6swQwQmIa1eN/zEdNHgEaUt2oscEvnPTFHu+v0P3/E=
Subject key identifier:   95:9B:A4:9F:2E:20:45:10:1B:54:5D:DD:29:7A:B0:9F:F2:B2:14:1C
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0198093368950532CF65B22E1317739C9E3D
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/lZukny4gRRAbVF3dKXqwn_KyFBw.roa
Signing time:             Mon 14 Jul 2025 13:50:20 +0000
ROA not before:           Mon 14 Jul 2025 13:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62282
IP address blocks:        2a0f:7b80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:33:68:95:05:32:cf:65:b2:2e:13:17:73:9c:9e:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul 14 13:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=959ba49f2e2045101b545ddd297ab09ff2b2141c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6d:a5:35:0b:00:2d:12:44:3b:1c:91:ee:c2:
                    81:df:85:7b:1d:6d:32:a0:6a:9d:ed:e8:d5:f8:b2:
                    09:4c:d5:43:15:91:5c:a4:5c:29:a8:99:9e:e1:02:
                    a5:e0:44:4d:b0:6f:7f:37:a4:25:25:96:2d:75:69:
                    2b:f3:91:70:5a:f0:07:81:a7:28:f5:f0:93:a7:79:
                    56:13:c7:df:c8:41:a9:0f:95:53:0f:1b:4c:0f:aa:
                    77:c7:1b:2a:e3:0f:c6:9f:f5:b1:b2:dd:78:7e:f2:
                    89:12:7a:d3:90:4f:00:02:15:5e:6c:db:be:a0:f7:
                    b7:b6:be:69:d6:80:0c:89:c7:bb:18:9e:8c:23:42:
                    fd:3c:a5:f6:e8:e2:f7:9c:3f:ea:29:62:c9:7d:f1:
                    97:8d:f7:12:94:3f:00:66:6d:1e:e1:6c:f2:c4:16:
                    73:9b:fc:9e:b3:d3:ff:10:bc:bb:31:1f:35:ac:27:
                    27:37:16:38:0b:b2:06:4d:1c:77:b4:32:ad:8a:21:
                    e3:10:43:82:32:9e:74:62:e6:e5:05:24:6e:da:47:
                    10:2e:2e:2c:52:3d:0a:b7:59:95:be:71:06:85:e3:
                    b5:fa:2d:43:61:e1:3e:2d:2c:b3:43:4c:d6:54:06:
                    74:99:c7:7e:8c:03:0f:83:e1:0a:52:b2:e3:98:36:
                    a9:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:9B:A4:9F:2E:20:45:10:1B:54:5D:DD:29:7A:B0:9F:F2:B2:14:1C
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/lZukny4gRRAbVF3dKXqwn_KyFBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7b80::/48

    Signature Algorithm: sha256WithRSAEncryption
         ba:cb:83:fe:ea:89:f3:54:32:dd:16:13:86:78:5f:c7:ee:0a:
         80:ef:a4:05:f2:7e:c2:c7:12:75:83:75:ea:ad:85:53:b8:b5:
         76:5b:b7:0a:43:27:97:df:22:b2:1f:40:ad:27:67:06:36:da:
         e0:ec:9a:cb:1b:a3:98:7d:78:ef:ef:3f:33:b6:71:d7:be:3c:
         48:e0:70:36:72:39:b2:dc:72:ef:10:2d:9c:51:f5:2e:3f:c6:
         28:f7:66:38:7c:0d:04:6b:24:4b:00:19:2a:58:83:4a:aa:62:
         f1:86:53:9d:69:12:55:a7:e6:ab:d1:89:a9:62:19:18:4b:a2:
         8e:92:fa:07:b0:af:72:c1:9b:55:fa:ae:0b:34:c7:a7:64:5d:
         ff:01:21:cf:86:99:45:51:a2:8b:d6:ed:c7:a6:69:79:7a:ce:
         f9:36:eb:3d:85:f5:fd:2a:19:d7:a7:f5:3e:dc:84:e3:f7:29:
         e1:c5:75:ba:4e:5a:00:45:b2:bb:00:40:64:51:66:ec:9c:14:
         ed:8d:b0:8a:dc:d2:2e:49:f6:a7:2f:92:a1:a1:4b:0d:21:b0:
         af:29:71:e7:be:69:7d:af:54:24:23:9a:90:c8:f9:66:e1:5b:
         ec:e3:f3:62:47:d4:b6:f2:04:2f:6c:98:df:0c:6b:69:70:9f:
         43:b1:ae:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgJM2iVBTLPZbIuExdznJ49MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwNzE0MTM1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTliYTQ5ZjJlMjA0NTEwMWI1NDVkZGQyOTdhYjA5ZmYyYjIxNDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuW2lNQsALRJEOxyR7sKB34V7HW0y
oGqd7ejV+LIJTNVDFZFcpFwpqJme4QKl4ERNsG9/N6QlJZYtdWkr85FwWvAHgaco
9fCTp3lWE8ffyEGpD5VTDxtMD6p3xxsq4w/Gn/Wxst14fvKJEnrTkE8AAhVebNu+
oPe3tr5p1oAMice7GJ6MI0L9PKX26OL3nD/qKWLJffGXjfcSlD8AZm0e4WzyxBZz
m/yes9P/ELy7MR81rCcnNxY4C7IGTRx3tDKtiiHjEEOCMp50YublBSRu2kcQLi4s
Uj0Kt1mVvnEGheO1+i1DYeE+LSyzQ0zWVAZ0mcd+jAMPg+EKUrLjmDapOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJWbpJ8uIEUQG1Rd3Sl6sJ/yshQcMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvbFp1a255NGdSUkFiVkYzZEtYcXduX0t5RkJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg97gAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQC6y4P+6onzVDLdFhOGeF/H7gqA76QF8n7CxxJ1
g3XqrYVTuLV2W7cKQyeX3yKyH0CtJ2cGNtrg7JrLG6OYfXjv7z8ztnHXvjxI4HA2
cjmy3HLvEC2cUfUuP8Yo92Y4fA0EayRLABkqWINKqmLxhlOdaRJVp+ar0YmpYhkY
S6KOkvoHsK9ywZtV+q4LNMenZF3/ASHPhplFUaKL1u3Hpml5es75Nus9hfX9KhnX
p/U+3ITj9ynhxXW6TloARbK7AEBkUWbsnBTtjbCK3NIuSfanL5KhoUsNIbCvKXHn
vml9r1QkI5qQyPlm4Vvs4/NiR9S28gQvbJjfDGtpcJ9Dsa5h
-----END CERTIFICATE-----