Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/CFVCvABZ4JeVnMfUGEdvXaPGi6c.roa
File:                     CFVCvABZ4JeVnMfUGEdvXaPGi6c.roa (raw, json)
Hash identifier:          qdyBV98y+dN9cZyWuQBlSwusoRHtNOg4mywQWrk0FVQ=
Subject key identifier:   08:55:42:BC:00:59:E0:97:95:9C:C7:D4:18:47:6F:5D:A3:C6:8B:A7
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       0197D4C35E9CB09A5D03001E61DBDE2A3D2B
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/CFVCvABZ4JeVnMfUGEdvXaPGi6c.roa
Signing time:             Fri 04 Jul 2025 09:27:42 +0000
ROA not before:           Fri 04 Jul 2025 09:27:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12389
IP address blocks:        2a09:6285::/32 maxlen: 32
                          2a13:93c2::/32 maxlen: 32
                          2a13:93c4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d4:c3:5e:9c:b0:9a:5d:03:00:1e:61:db:de:2a:3d:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jul  4 09:27:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=085542bc0059e097959cc7d418476f5da3c68ba7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e3:03:58:33:e1:23:c6:99:39:31:70:ef:91:
                    d4:6f:59:bf:b3:cf:c6:b7:9d:35:2a:7e:f1:4b:91:
                    0d:14:66:16:87:59:e6:8e:76:8c:92:04:6e:23:56:
                    5b:77:41:51:ee:e0:4b:c5:c7:12:c3:8d:e8:35:33:
                    84:32:37:0a:89:ac:da:bd:07:0b:9b:db:61:88:be:
                    06:02:c1:85:d0:f6:b2:6c:4b:c9:45:50:af:f6:db:
                    2f:77:c4:a0:16:39:13:8c:30:99:6e:54:20:63:8f:
                    59:01:3b:c7:8b:c6:c0:71:a9:b8:1c:c6:15:f0:5e:
                    5c:bc:39:94:fd:38:bc:7f:c4:6c:32:4b:01:ff:3e:
                    af:32:93:6b:90:0c:73:aa:87:0d:c0:55:aa:10:0c:
                    76:c9:37:e1:9a:31:ef:b1:fe:4b:82:39:fa:8d:97:
                    47:6b:7f:45:0f:1a:2e:cd:db:64:b3:20:51:e9:af:
                    a6:2e:f5:ec:80:49:a2:e6:3c:8f:18:d6:cc:96:e5:
                    16:66:32:16:5a:d6:3a:59:09:4b:a6:11:a2:7f:0c:
                    6f:f0:f9:5d:92:fd:52:c5:af:02:74:c4:5f:09:8a:
                    19:68:df:9c:59:68:58:f1:b7:d2:06:1a:43:77:ee:
                    95:ae:ab:4b:4c:ac:c2:fa:bf:ea:01:ce:d3:eb:51:
                    bd:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:55:42:BC:00:59:E0:97:95:9C:C7:D4:18:47:6F:5D:A3:C6:8B:A7
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/CFVCvABZ4JeVnMfUGEdvXaPGi6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6285::/32
                  2a13:93c2::/32
                  2a13:93c4::/32

    Signature Algorithm: sha256WithRSAEncryption
         ac:6e:ef:0c:a8:9a:da:7a:aa:0d:04:70:d0:a4:3f:73:6f:28:
         3b:4e:b2:28:d2:31:93:76:2d:37:18:54:40:87:02:f4:76:49:
         f5:bd:89:55:09:d7:90:a6:4d:fa:e7:df:65:db:a4:af:78:04:
         f6:3b:6a:41:ab:51:8f:f7:dd:fe:7e:7c:4b:88:40:49:97:89:
         43:76:35:37:18:94:f0:fd:7e:fa:b0:4a:9e:49:d2:0f:59:40:
         b7:43:f8:d5:45:5f:82:8a:9f:70:0a:4a:0e:f3:3d:d7:f6:53:
         c9:32:3a:d9:75:95:d9:a0:a7:db:84:c5:cb:8d:2d:3a:2d:0f:
         12:c9:59:1b:73:db:ab:78:96:de:e8:a1:c4:2b:12:17:1f:29:
         e5:b1:f7:46:d3:b9:f3:21:60:b7:b3:59:14:70:d1:db:55:e4:
         38:50:77:b5:02:65:d8:1a:32:29:6a:9f:19:9a:8e:c9:a9:b1:
         f0:d2:50:7b:77:74:f2:d5:e4:64:d6:9f:2b:57:02:24:27:98:
         17:52:9b:11:41:9b:ab:2e:70:11:d7:ad:c1:ca:b6:07:f1:81:
         7f:28:c2:3e:d0:de:ac:78:76:09:31:51:a3:6b:5c:c0:f1:e4:
         b5:92:58:ff:4a:eb:00:49:10:c3:a6:a7:85:57:3e:77:08:2b:
         a7:d2:a8:60
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZfUw16csJpdAwAeYdveKj0rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwNzA0MDkyNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODU1NDJiYzAwNTllMDk3OTU5Y2M3ZDQxODQ3NmY1ZGEzYzY4YmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+MDWDPhI8aZOTFw75HUb1m/s8/G
t501Kn7xS5ENFGYWh1nmjnaMkgRuI1Zbd0FR7uBLxccSw43oNTOEMjcKiazavQcL
m9thiL4GAsGF0PaybEvJRVCv9tsvd8SgFjkTjDCZblQgY49ZATvHi8bAcam4HMYV
8F5cvDmU/Ti8f8RsMksB/z6vMpNrkAxzqocNwFWqEAx2yTfhmjHvsf5Lgjn6jZdH
a39FDxouzdtksyBR6a+mLvXsgEmi5jyPGNbMluUWZjIWWtY6WQlLphGifwxv8Pld
kv1Sxa8CdMRfCYoZaN+cWWhY8bfSBhpDd+6VrqtLTKzC+r/qAc7T61G9dQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAhVQrwAWeCXlZzH1BhHb12jxounMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvQ0ZWQ3ZBQlo0SmVWbk1mVUdFZHZYYVBHaTZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKglihQMF
ACoTk8IDBQAqE5PEMA0GCSqGSIb3DQEBCwUAA4IBAQCsbu8MqJraeqoNBHDQpD9z
byg7TrIo0jGTdi03GFRAhwL0dkn1vYlVCdeQpk36599l26SveAT2O2pBq1GP993+
fnxLiEBJl4lDdjU3GJTw/X76sEqeSdIPWUC3Q/jVRV+Cip9wCkoO8z3X9lPJMjrZ
dZXZoKfbhMXLjS06LQ8SyVkbc9ureJbe6KHEKxIXHynlsfdG07nzIWC3s1kUcNHb
VeQ4UHe1AmXYGjIpap8Zmo7JqbHw0lB7d3Ty1eRk1p8rVwIkJ5gXUpsRQZurLnAR
163ByrYH8YF/KMI+0N6seHYJMVGja1zA8eS1klj/SusASRDDpqeFVz53CCun0qhg
-----END CERTIFICATE-----