Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/IvRgmT2reOzeuytZym-ijAGPPBk.roa
File:                     IvRgmT2reOzeuytZym-ijAGPPBk.roa (raw, json)
Hash identifier:          dSmrvci4sQWpc2gVp+CZfEWf5dBDbTlu7yUnaMUzc1w=
Subject key identifier:   22:F4:60:99:3D:AB:78:EC:DE:BB:2B:59:CA:6F:A2:8C:01:8F:3C:19
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019804EFEAEB3431A76D2D990AB83EF0FA19
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/IvRgmT2reOzeuytZym-ijAGPPBk.roa
Signing time:             Sun 13 Jul 2025 17:58:08 +0000
ROA not before:           Sun 13 Jul 2025 17:58:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215496
IP address blocks:        2a05:9080:12::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:04:ef:ea:eb:34:31:a7:6d:2d:99:0a:b8:3e:f0:fa:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jul 13 17:58:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22f460993dab78ecdebb2b59ca6fa28c018f3c19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8b:60:d4:6c:03:77:16:1c:36:e3:98:03:5b:
                    6e:41:35:ee:6f:ae:25:14:2e:99:8c:90:d8:85:c7:
                    69:82:85:b0:47:56:2f:ee:e4:0d:1c:09:e2:fe:e8:
                    37:3c:75:2c:0a:66:56:cb:d9:05:88:70:e5:fa:f1:
                    51:fb:27:21:30:80:ba:fc:40:f8:9b:39:f6:31:0a:
                    68:4a:95:3e:0c:0f:05:cf:c8:f5:20:1b:ef:72:c0:
                    ea:50:0e:08:50:85:6b:ed:c9:96:b9:ad:16:cc:91:
                    95:68:9f:f3:04:6a:5f:90:1f:22:35:a0:56:32:b6:
                    03:5d:17:46:ec:db:08:0b:d9:ac:40:3b:c5:87:7d:
                    98:9c:cb:5b:65:89:88:45:b6:fe:02:e1:45:8e:0b:
                    89:b1:71:93:5e:c2:51:79:89:3a:03:91:1e:6c:7c:
                    94:32:ae:03:11:75:6d:ad:78:f0:e8:fd:e0:2a:85:
                    0b:d9:2c:0e:e2:79:89:94:63:9b:76:3e:b2:ec:be:
                    bc:44:9c:b6:c2:da:09:8d:a6:2f:8c:17:24:92:5f:
                    9c:af:34:0e:9e:f3:10:59:fc:27:c5:3a:ec:e6:74:
                    21:df:89:a9:bd:4e:f2:c7:09:fe:dc:69:1a:09:9b:
                    3a:a4:49:c9:c8:ca:e5:bb:30:72:a2:10:ca:d4:6a:
                    a9:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:F4:60:99:3D:AB:78:EC:DE:BB:2B:59:CA:6F:A2:8C:01:8F:3C:19
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/IvRgmT2reOzeuytZym-ijAGPPBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:1f:69:c4:11:64:3d:16:00:76:17:21:0a:41:fc:89:c6:76:
         c5:60:12:2c:9b:3e:bb:9f:f7:21:bf:92:4f:a2:d5:8b:df:38:
         f9:eb:0b:8b:90:a0:6e:b8:c1:ce:85:77:07:ec:69:4f:db:78:
         5a:22:d8:76:5f:7b:9c:87:ac:72:78:49:48:4c:7d:84:f6:f7:
         cc:5c:78:b6:1a:2f:b2:9b:79:f8:eb:d0:f0:4f:c2:d1:44:9f:
         21:d9:34:d9:b5:0c:3c:3c:78:27:a0:4f:f2:88:cc:b5:7e:4d:
         1b:34:93:3c:5d:33:e1:3a:36:13:42:35:8b:0b:b6:5a:92:50:
         79:a0:7d:2e:b4:1e:26:62:1f:82:17:39:41:ee:98:95:0d:0b:
         7d:7a:c7:20:dc:64:4c:27:ae:19:84:98:54:ef:87:2c:87:69:
         2e:f0:57:e0:ed:28:bb:f0:80:59:9f:71:d8:b6:ff:d7:2d:f4:
         88:45:08:5e:60:94:a1:10:f7:70:48:98:f0:fe:59:5b:f7:39:
         43:79:e3:39:82:11:c7:78:d3:c4:1e:0a:40:18:8d:0f:9c:28:
         82:27:5c:06:5c:07:46:6c:bd:23:22:d5:ec:17:6a:86:ce:27:
         ed:0a:75:19:cc:30:9c:bf:64:1f:c4:de:02:21:db:78:11:ca:
         99:b8:2d:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgE7+rrNDGnbS2ZCrg+8PoZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwNzEzMTc1ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmY0NjA5OTNkYWI3OGVjZGViYjJiNTljYTZmYTI4YzAxOGYzYzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApotg1GwDdxYcNuOYA1tuQTXub64l
FC6ZjJDYhcdpgoWwR1Yv7uQNHAni/ug3PHUsCmZWy9kFiHDl+vFR+ychMIC6/ED4
mzn2MQpoSpU+DA8Fz8j1IBvvcsDqUA4IUIVr7cmWua0WzJGVaJ/zBGpfkB8iNaBW
MrYDXRdG7NsIC9msQDvFh32YnMtbZYmIRbb+AuFFjguJsXGTXsJReYk6A5EebHyU
Mq4DEXVtrXjw6P3gKoUL2SwO4nmJlGObdj6y7L68RJy2wtoJjaYvjBckkl+crzQO
nvMQWfwnxTrs5nQh34mpvU7yxwn+3GkaCZs6pEnJyMrluzByohDK1GqpfQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCL0YJk9q3js3rsrWcpvoowBjzwZMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvSXZSZ21UMnJlT3pldXl0WnltLWlqQUdQUEJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWQgAAS
MA0GCSqGSIb3DQEBCwUAA4IBAQApH2nEEWQ9FgB2FyEKQfyJxnbFYBIsmz67n/ch
v5JPotWL3zj56wuLkKBuuMHOhXcH7GlP23haIth2X3uch6xyeElITH2E9vfMXHi2
Gi+ym3n469DwT8LRRJ8h2TTZtQw8PHgnoE/yiMy1fk0bNJM8XTPhOjYTQjWLC7Za
klB5oH0utB4mYh+CFzlB7piVDQt9escg3GRMJ64ZhJhU74csh2ku8Ffg7Si78IBZ
n3HYtv/XLfSIRQheYJShEPdwSJjw/llb9zlDeeM5ghHHeNPEHgpAGI0PnCiCJ1wG
XAdGbL0jItXsF2qGziftCnUZzDCcv2QfxN4CIdt4EcqZuC39
-----END CERTIFICATE-----