Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/085ae7-99f8-4190-aa53-d49923a15fd9/1/b0DuHL5Cx5oz0wmVPh9cLl0pYOs.roa
File:                     b0DuHL5Cx5oz0wmVPh9cLl0pYOs.roa (raw, json)
Hash identifier:          0vfXcmcuR2v9A+x1r5OGZhYbvc69ht+h4cnEKv+PZSo=
Subject key identifier:   6F:40:EE:1C:BE:42:C7:9A:33:D3:09:95:3E:1F:5C:2E:5D:29:60:EB
Certificate issuer:       /CN=47eeffc2714624b9237dade53fbd2441f4192ac7
Certificate serial:       01981580E58E0462C6263641734E2E6EED12
Authority key identifier: 47:EE:FF:C2:71:46:24:B9:23:7D:AD:E5:3F:BD:24:41:F4:19:2A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R-7_wnFGJLkjfa3lP70kQfQZKsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/085ae7-99f8-4190-aa53-d49923a15fd9/1/b0DuHL5Cx5oz0wmVPh9cLl0pYOs.roa
Signing time:             Wed 16 Jul 2025 23:10:25 +0000
ROA not before:           Wed 16 Jul 2025 23:10:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215692
IP address blocks:        2001:678:10d4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/085ae7-99f8-4190-aa53-d49923a15fd9/1/R-7_wnFGJLkjfa3lP70kQfQZKsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/085ae7-99f8-4190-aa53-d49923a15fd9/1/R-7_wnFGJLkjfa3lP70kQfQZKsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R-7_wnFGJLkjfa3lP70kQfQZKsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:15:80:e5:8e:04:62:c6:26:36:41:73:4e:2e:6e:ed:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47eeffc2714624b9237dade53fbd2441f4192ac7
        Validity
            Not Before: Jul 16 23:10:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f40ee1cbe42c79a33d309953e1f5c2e5d2960eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:48:4d:f3:18:77:53:40:be:95:0c:4a:d0:bd:
                    e4:27:ab:2b:b4:63:75:6c:4e:62:06:7e:a6:db:a9:
                    95:30:bd:81:d3:2f:5a:91:3b:0b:d1:a6:98:7f:93:
                    07:53:34:5f:60:fc:fd:bf:93:19:1d:00:16:9d:31:
                    04:e6:02:51:ed:e6:54:5f:9f:c8:7e:c3:9e:58:82:
                    db:92:3e:f2:b7:bf:a0:a1:49:d5:5a:30:3a:89:c7:
                    5d:43:42:2d:72:1f:a6:e0:57:a6:de:75:7d:7b:60:
                    50:98:ce:08:ab:38:83:b3:af:d6:f7:d1:b2:cb:f3:
                    aa:b3:0a:53:7c:55:c9:38:dd:25:da:f4:8c:fc:5d:
                    73:21:b7:78:76:54:b0:98:7e:ca:85:6c:64:fd:56:
                    15:00:73:cc:1f:da:35:74:1a:85:09:a7:c4:8b:17:
                    6b:4c:fb:42:c9:af:5a:d7:8d:62:51:c0:cb:54:fb:
                    1a:ca:29:ed:29:1c:96:59:48:03:21:a9:0a:7c:69:
                    17:b5:48:20:75:6f:5f:6c:97:8d:4c:60:7b:6b:31:
                    0d:42:d9:5a:21:df:80:fd:63:14:76:73:1e:95:8d:
                    be:fc:b7:cd:f5:9f:31:0d:28:87:66:0c:87:0d:0e:
                    e1:52:29:59:df:f6:de:7f:39:2f:fb:a0:4e:26:40:
                    a5:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:40:EE:1C:BE:42:C7:9A:33:D3:09:95:3E:1F:5C:2E:5D:29:60:EB
            X509v3 Authority Key Identifier:
                keyid:47:EE:FF:C2:71:46:24:B9:23:7D:AD:E5:3F:BD:24:41:F4:19:2A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R-7_wnFGJLkjfa3lP70kQfQZKsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/085ae7-99f8-4190-aa53-d49923a15fd9/1/b0DuHL5Cx5oz0wmVPh9cLl0pYOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/085ae7-99f8-4190-aa53-d49923a15fd9/1/R-7_wnFGJLkjfa3lP70kQfQZKsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:10d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:35:c1:fa:13:c2:8e:7b:c2:75:c7:0b:84:3e:85:30:47:60:
         9d:dd:56:d1:66:60:2e:c1:d8:a2:f8:e5:0f:f0:7e:02:47:08:
         f5:79:8b:fd:83:ce:c5:90:c6:3d:fd:0a:27:f4:3c:0f:12:bc:
         75:14:f0:be:9c:03:b9:53:90:3d:47:0b:a4:39:18:89:2a:8d:
         83:88:42:5d:97:49:6a:de:1f:e7:f2:ab:4c:f1:01:e6:d0:17:
         e3:74:4c:70:e1:52:04:97:82:cd:6b:90:95:04:66:45:1c:46:
         d5:0a:09:85:d7:e6:37:21:22:ba:01:b6:de:e6:2a:e1:bb:03:
         12:1e:3f:32:1a:91:9e:f1:af:5c:b3:6a:3d:de:5c:e1:ea:81:
         6e:f2:74:09:23:74:74:e5:65:f7:16:c9:03:92:88:0b:e9:4e:
         8c:90:82:ae:f3:d7:78:cc:0c:bf:55:df:0e:69:f9:2a:a2:49:
         96:be:b8:5d:db:ba:9c:5f:6b:ba:14:24:8f:3a:11:43:e3:57:
         9c:ba:16:20:e0:53:e1:1d:67:07:66:0b:90:40:ac:20:a4:ce:
         73:cb:c3:8a:60:98:b3:7a:ba:5b:c3:50:2b:48:f1:ad:46:bb:
         88:67:07:62:79:8c:a1:a0:3f:8e:44:3b:fc:f7:09:a8:9f:44:
         6a:41:fa:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgVgOWOBGLGJjZBc04ubu0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZWVmZmMyNzE0NjI0YjkyMzdkYWRlNTNmYmQyNDQxZjQx
OTJhYzcwHhcNMjUwNzE2MjMxMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjQwZWUxY2JlNDJjNzlhMzNkMzA5OTUzZTFmNWMyZTVkMjk2MGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10hN8xh3U0C+lQxK0L3kJ6srtGN1
bE5iBn6m26mVML2B0y9akTsL0aaYf5MHUzRfYPz9v5MZHQAWnTEE5gJR7eZUX5/I
fsOeWILbkj7yt7+goUnVWjA6icddQ0Itch+m4Fem3nV9e2BQmM4IqziDs6/W99Gy
y/OqswpTfFXJON0l2vSM/F1zIbd4dlSwmH7KhWxk/VYVAHPMH9o1dBqFCafEixdr
TPtCya9a141iUcDLVPsayintKRyWWUgDIakKfGkXtUggdW9fbJeNTGB7azENQtla
Id+A/WMUdnMelY2+/LfN9Z8xDSiHZgyHDQ7hUilZ3/befzkv+6BOJkCliQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG9A7hy+QseaM9MJlT4fXC5dKWDrMB8GA1UdIwQY
MBaAFEfu/8JxRiS5I32t5T+9JEH0GSrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUi03X3duRkdKTGtqZmEzbFA3MGtRZlFaS3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8wODVhZTctOTlmOC00MTkwLWFhNTMt
ZDQ5OTIzYTE1ZmQ5LzEvYjBEdUhMNUN4NW96MHdtVlBoOWNMbDBwWU9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8wODVhZTctOTlmOC00MTkwLWFhNTMtZDQ5OTIzYTE1ZmQ5
LzEvUi03X3duRkdKTGtqZmEzbFA3MGtRZlFaS3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBDU
MA0GCSqGSIb3DQEBCwUAA4IBAQBeNcH6E8KOe8J1xwuEPoUwR2Cd3VbRZmAuwdii
+OUP8H4CRwj1eYv9g87FkMY9/Qon9DwPErx1FPC+nAO5U5A9RwukORiJKo2DiEJd
l0lq3h/n8qtM8QHm0BfjdExw4VIEl4LNa5CVBGZFHEbVCgmF1+Y3ISK6Abbe5irh
uwMSHj8yGpGe8a9cs2o93lzh6oFu8nQJI3R05WX3FskDkogL6U6MkIKu89d4zAy/
Vd8OafkqokmWvrhd27qcX2u6FCSPOhFD41ecuhYg4FPhHWcHZguQQKwgpM5zy8OK
YJizerpbw1ArSPGtRruIZwdieYyhoD+ORDv89wmon0RqQfqG
-----END CERTIFICATE-----