Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/L8Gc_X7bZAUGdUO0Sr8HyAWVb-g.roa
File:                     L8Gc_X7bZAUGdUO0Sr8HyAWVb-g.roa (raw, json)
Hash identifier:          8rLSft2oN72eJM5VTpbF4YVueWAKxs3k3SS74tE7lKU=
Subject key identifier:   2F:C1:9C:FD:7E:DB:64:05:06:75:43:B4:4A:BF:07:C8:05:95:6F:E8
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019A7F27F9F76FA56BE2CCF06C6841FCA74B
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/L8Gc_X7bZAUGdUO0Sr8HyAWVb-g.roa
Signing time:             Thu 13 Nov 2025 21:38:37 +0000
ROA not before:           Thu 13 Nov 2025 21:38:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215474
IP address blocks:        2a0d:d940:b1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Nov 2025 12:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:7f:27:f9:f7:6f:a5:6b:e2:cc:f0:6c:68:41:fc:a7:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Nov 13 21:38:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2fc19cfd7edb6405067543b44abf07c805956fe8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:45:74:c4:46:e4:5d:e4:29:d2:3d:1d:d2:2a:
                    a5:12:71:14:c7:91:27:0b:9c:6c:44:95:13:3a:82:
                    e9:a3:c4:cf:08:8f:1b:a7:65:54:c8:0b:27:7f:aa:
                    27:8a:db:ad:52:93:df:27:01:b2:3b:76:8c:ab:20:
                    fe:87:b7:c0:7a:86:7c:9a:34:bf:84:20:b4:e1:6f:
                    26:35:ba:e4:de:4e:34:44:9f:56:60:b3:50:90:58:
                    79:71:8d:6a:82:8b:e7:cf:df:f1:c3:65:bf:ff:39:
                    e2:ab:38:24:5e:21:2b:25:cb:94:0f:f1:15:96:94:
                    ed:a5:b4:37:9a:18:a8:f4:14:3f:45:89:f7:c0:0b:
                    a9:f8:58:88:5e:b2:18:96:d3:09:bc:eb:77:e7:67:
                    53:85:3a:d8:2f:da:b8:73:dc:74:70:14:33:d9:e8:
                    09:d0:5b:bc:36:26:96:50:e7:f8:6f:14:13:7d:f3:
                    b4:19:af:08:8f:12:9b:4e:6f:43:0a:a7:98:b9:de:
                    d6:e9:2b:42:f8:ad:36:93:23:6b:fd:ac:12:6b:c9:
                    2e:4c:c1:59:87:ea:47:98:e2:f8:99:c8:2e:ad:3b:
                    86:31:42:4a:fe:8e:89:93:c4:02:ad:51:39:dc:41:
                    d3:92:67:b3:08:5f:62:30:8e:7d:7d:9e:95:2e:92:
                    96:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:C1:9C:FD:7E:DB:64:05:06:75:43:B4:4A:BF:07:C8:05:95:6F:E8
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/L8Gc_X7bZAUGdUO0Sr8HyAWVb-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:b1::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:82:14:75:3e:93:ea:cf:92:82:8c:9c:f6:17:d3:a1:c1:33:
         f4:45:c1:6e:90:c7:9b:ff:53:e9:5d:f6:27:f1:71:41:a5:77:
         c5:7b:3b:50:97:8d:bd:dd:a0:bb:55:10:73:f2:d1:b2:1f:f1:
         fc:bf:fd:f5:4e:61:d8:80:b0:f8:76:f1:cc:f7:dd:54:f4:5f:
         8d:25:d4:d0:f9:8a:ec:a1:cb:c3:27:74:5d:aa:77:5d:0f:df:
         de:b9:e9:06:1a:68:70:74:c4:bc:e2:8a:41:44:27:af:1c:86:
         bc:9f:d6:8d:a4:fa:3e:fe:33:a9:78:73:2b:ff:32:4c:67:18:
         0b:ef:a2:75:bb:02:d6:0f:63:b7:a0:18:2e:fb:23:0c:a8:f8:
         5c:12:b4:f3:9c:fe:0c:d8:e0:d5:75:f6:b5:25:65:1b:93:55:
         a6:fb:ea:6b:3d:83:91:18:60:fa:e4:6b:14:d5:78:92:1e:27:
         a2:a6:b9:c2:bc:70:15:ec:75:eb:a7:5b:f4:2c:fd:4a:f3:95:
         09:7f:34:53:b9:ea:c5:d5:37:68:99:7d:ec:4c:78:e3:07:8e:
         e6:20:f9:5b:8c:8d:df:5a:fb:f8:30:e1:b6:95:b8:fe:16:dd:
         73:6f:8f:de:2e:24:7d:e6:8c:ce:ab:fa:c2:b8:20:d8:60:8c:
         47:e0:b9:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZp/J/n3b6Vr4szwbGhB/KdLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUxMTEzMjEzODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmMxOWNmZDdlZGI2NDA1MDY3NTQzYjQ0YWJmMDdjODA1OTU2ZmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5kV0xEbkXeQp0j0d0iqlEnEUx5En
C5xsRJUTOoLpo8TPCI8bp2VUyAsnf6onitutUpPfJwGyO3aMqyD+h7fAeoZ8mjS/
hCC04W8mNbrk3k40RJ9WYLNQkFh5cY1qgovnz9/xw2W//zniqzgkXiErJcuUD/EV
lpTtpbQ3mhio9BQ/RYn3wAup+FiIXrIYltMJvOt352dThTrYL9q4c9x0cBQz2egJ
0Fu8NiaWUOf4bxQTffO0Ga8IjxKbTm9DCqeYud7W6StC+K02kyNr/awSa8kuTMFZ
h+pHmOL4mcgurTuGMUJK/o6Jk8QCrVE53EHTkmezCF9iMI59fZ6VLpKWWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC/BnP1+22QFBnVDtEq/B8gFlW/oMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvTDhHY19YN2JaQVVHZFVPMFNyOEh5QVdWYi1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3ZQACx
MA0GCSqGSIb3DQEBCwUAA4IBAQCughR1PpPqz5KCjJz2F9OhwTP0RcFukMeb/1Pp
XfYn8XFBpXfFeztQl4293aC7VRBz8tGyH/H8v/31TmHYgLD4dvHM991U9F+NJdTQ
+YrsocvDJ3RdqnddD9/euekGGmhwdMS84opBRCevHIa8n9aNpPo+/jOpeHMr/zJM
ZxgL76J1uwLWD2O3oBgu+yMMqPhcErTznP4M2ODVdfa1JWUbk1Wm++prPYORGGD6
5GsU1XiSHieiprnCvHAV7HXrp1v0LP1K85UJfzRTuerF1TdomX3sTHjjB47mIPlb
jI3fWvv4MOG2lbj+Ft1zb4/eLiR95ozOq/rCuCDYYIxH4LmZ
-----END CERTIFICATE-----