Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/JxZ2PV2RYnx-i5FgEdX8_ua6vLk.roa
File:                     JxZ2PV2RYnx-i5FgEdX8_ua6vLk.roa (raw, json)
Hash identifier:          knnuID3189A1YGf/2FgAAdsJ3ixY4wa1onnycZbuIbI=
Subject key identifier:   27:16:76:3D:5D:91:62:7C:7E:8B:91:60:11:D5:FC:FE:E6:BA:BC:B9
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       01982DD62689E8F57CAEA2999536FC473AD7
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/JxZ2PV2RYnx-i5FgEdX8_ua6vLk.roa
Signing time:             Mon 21 Jul 2025 16:34:26 +0000
ROA not before:           Mon 21 Jul 2025 16:34:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214515
IP address blocks:        2a05:9080:6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:d6:26:89:e8:f5:7c:ae:a2:99:95:36:fc:47:3a:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jul 21 16:34:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2716763d5d91627c7e8b916011d5fcfee6babcb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:cd:58:18:f5:6c:fa:f5:c4:0f:00:d2:53:92:
                    fe:3c:8b:72:fe:4e:a3:86:fc:40:c1:62:c0:b1:f8:
                    75:7b:2f:5e:0b:df:a9:4c:d8:65:6c:f5:e8:46:12:
                    13:02:5a:f3:fc:ee:ba:2d:e9:c3:15:f5:ec:4c:e1:
                    b5:e8:c0:de:45:ab:66:f3:fb:3b:fa:50:d0:d5:7e:
                    b3:63:fb:19:34:8d:da:40:83:11:44:7d:59:c3:07:
                    bb:1f:9c:9b:f5:04:ca:75:7a:14:f1:02:b4:e8:35:
                    38:7c:59:59:2d:95:7e:e9:36:0b:f2:59:f5:64:e4:
                    b0:86:15:ba:e0:e5:4f:59:a5:1b:d9:06:a3:dc:cc:
                    f5:24:99:d6:0e:f8:08:35:6e:ec:51:c5:72:75:44:
                    90:b2:38:1c:bf:b4:5e:61:b8:78:fd:30:ed:ed:a1:
                    ca:f2:0a:0c:96:88:f3:8c:0e:e7:f6:19:e6:97:4f:
                    ca:8b:96:f6:0e:2b:15:b5:70:5e:91:5a:74:da:a5:
                    86:7d:8d:0c:c0:fa:c2:25:63:e3:86:93:93:52:63:
                    7c:9c:73:1b:c2:b8:fc:3c:4d:88:26:07:10:d7:88:
                    f9:f5:42:33:9e:0f:7b:c3:eb:fc:98:a5:a1:73:d8:
                    5f:17:d6:16:9f:d2:ea:c3:59:35:13:2c:20:8e:e6:
                    71:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:16:76:3D:5D:91:62:7C:7E:8B:91:60:11:D5:FC:FE:E6:BA:BC:B9
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/JxZ2PV2RYnx-i5FgEdX8_ua6vLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:8b:79:fb:f4:a8:ec:60:d8:a2:69:49:f7:29:28:e5:a0:d4:
         10:a5:0a:12:ce:ba:2d:af:18:a0:75:14:46:a6:2c:2f:02:e3:
         1d:81:a2:f8:43:63:b7:94:78:68:08:03:99:93:e7:54:6d:d1:
         f2:a6:e3:37:6f:9e:d5:c9:ad:20:4c:c3:bf:2f:99:98:6c:c9:
         fc:c3:7b:af:74:20:76:0d:06:81:df:aa:23:96:42:3a:70:ed:
         67:49:dd:8a:a3:ff:8b:e9:73:f6:3b:f7:83:82:47:42:74:34:
         b8:a3:11:85:aa:7b:5c:6d:55:8c:98:b4:c8:d0:05:89:fe:22:
         fe:8c:e9:00:71:9a:02:81:3d:66:cb:2e:34:c5:74:03:e0:46:
         c9:f8:ca:8a:35:ae:a9:86:ab:f9:94:e4:4c:90:56:12:c7:ed:
         f8:a7:b1:6e:06:12:36:88:ec:44:78:b0:24:de:02:67:c9:cf:
         d3:a1:f4:f3:67:87:d8:7d:c1:fb:a1:3e:67:67:b1:4c:d7:fe:
         36:5b:34:ec:c4:d0:59:5a:f3:15:d3:bf:9b:42:60:72:03:e6:
         68:20:55:1e:e2:4a:61:ef:f4:c9:ca:f6:8c:a3:f4:e8:5d:49:
         f7:2f:26:47:82:3e:5a:1d:d5:cd:ed:47:bc:85:72:d9:e4:f0:
         69:d7:43:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgt1iaJ6PV8rqKZlTb8RzrXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwNzIxMTYzNDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzE2NzYzZDVkOTE2MjdjN2U4YjkxNjAxMWQ1ZmNmZWU2YmFiY2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3c1YGPVs+vXEDwDSU5L+PIty/k6j
hvxAwWLAsfh1ey9eC9+pTNhlbPXoRhITAlrz/O66LenDFfXsTOG16MDeRatm8/s7
+lDQ1X6zY/sZNI3aQIMRRH1Zwwe7H5yb9QTKdXoU8QK06DU4fFlZLZV+6TYL8ln1
ZOSwhhW64OVPWaUb2Qaj3Mz1JJnWDvgINW7sUcVydUSQsjgcv7ReYbh4/TDt7aHK
8goMlojzjA7n9hnml0/Ki5b2DisVtXBekVp02qWGfY0MwPrCJWPjhpOTUmN8nHMb
wrj8PE2IJgcQ14j59UIzng97w+v8mKWhc9hfF9YWn9Lqw1k1EywgjuZxCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCcWdj1dkWJ8fouRYBHV/P7mury5MB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvSnhaMlBWMlJZbngtaTVGZ0VkWDhfdWE2dkxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWQgAAG
MA0GCSqGSIb3DQEBCwUAA4IBAQCpi3n79KjsYNiiaUn3KSjloNQQpQoSzrotrxig
dRRGpiwvAuMdgaL4Q2O3lHhoCAOZk+dUbdHypuM3b57Vya0gTMO/L5mYbMn8w3uv
dCB2DQaB36ojlkI6cO1nSd2Ko/+L6XP2O/eDgkdCdDS4oxGFqntcbVWMmLTI0AWJ
/iL+jOkAcZoCgT1myy40xXQD4EbJ+MqKNa6phqv5lORMkFYSx+34p7FuBhI2iOxE
eLAk3gJnyc/TofTzZ4fYfcH7oT5nZ7FM1/42WzTsxNBZWvMV07+bQmByA+ZoIFUe
4kph7/TJyvaMo/ToXUn3LyZHgj5aHdXN7Ue8hXLZ5PBp10Mn
-----END CERTIFICATE-----