Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/3533d0-1367-44b2-9048-00281a5ba6c7/1/f8J05R1DiyfQNVJpqFL4fbooOhg.roa
File:                     f8J05R1DiyfQNVJpqFL4fbooOhg.roa (raw, json)
Hash identifier:          Dkqb7BcnwOOceNgCAbq8lzyD7hu5TVYuIlv372mwXcU=
Subject key identifier:   7F:C2:74:E5:1D:43:8B:27:D0:35:52:69:A8:52:F8:7D:BA:28:3A:18
Certificate issuer:       /CN=70c6d535b0f275a26185f8f4dca580d26d7a9746
Certificate serial:       019A3AEC1A3C54AC13DA966F649AF70E53F8
Authority key identifier: 70:C6:D5:35:B0:F2:75:A2:61:85:F8:F4:DC:A5:80:D2:6D:7A:97:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMbVNbDydaJhhfj03KWA0m16l0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/3533d0-1367-44b2-9048-00281a5ba6c7/1/f8J05R1DiyfQNVJpqFL4fbooOhg.roa
Signing time:             Fri 31 Oct 2025 15:39:02 +0000
ROA not before:           Fri 31 Oct 2025 15:39:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204183
IP address blocks:        2a0f:c000::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/3533d0-1367-44b2-9048-00281a5ba6c7/1/cMbVNbDydaJhhfj03KWA0m16l0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/3533d0-1367-44b2-9048-00281a5ba6c7/1/cMbVNbDydaJhhfj03KWA0m16l0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMbVNbDydaJhhfj03KWA0m16l0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:3a:ec:1a:3c:54:ac:13:da:96:6f:64:9a:f7:0e:53:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70c6d535b0f275a26185f8f4dca580d26d7a9746
        Validity
            Not Before: Oct 31 15:39:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7fc274e51d438b27d0355269a852f87dba283a18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8c:cb:70:21:58:5c:1b:ec:01:1d:b1:a5:e7:
                    38:cd:a9:59:7b:c9:8e:51:10:94:c9:4d:a9:48:ce:
                    b6:25:c6:99:ff:a6:05:c1:49:49:cb:30:11:4a:26:
                    c0:c4:77:90:f1:e3:97:c3:29:4c:ee:fd:54:87:29:
                    f9:e3:30:03:8d:d1:b2:48:a1:a9:bd:f7:1e:0c:ed:
                    8d:74:11:8d:a1:88:08:f7:49:19:4f:2d:80:c5:f8:
                    6c:4c:7e:01:bd:f3:38:e4:0f:90:88:72:e7:47:ec:
                    ff:8b:39:80:f4:18:41:b4:92:a6:3d:02:65:30:97:
                    81:7b:ab:8a:7b:6d:bc:79:ec:d0:38:67:9a:e5:cd:
                    b8:e3:b8:d0:bb:62:46:6b:41:10:a8:2d:fb:d1:c5:
                    27:99:d1:e8:d5:b0:5b:a0:90:9d:19:c6:6f:70:e4:
                    26:ef:61:20:89:dc:be:5a:07:8d:44:2c:69:74:bc:
                    c6:a2:4c:45:b9:ba:51:95:b5:6a:e8:a9:9b:d8:03:
                    e6:ed:fd:e4:b7:14:47:f8:cb:f8:c6:cb:a3:ad:89:
                    df:9a:f0:93:98:d6:39:08:69:6f:b9:a2:1a:25:d4:
                    d5:f6:5a:9c:6d:21:ed:8f:9b:7a:9d:03:f2:26:1a:
                    09:a3:82:bf:a9:4f:60:e0:e4:12:02:e0:42:d1:44:
                    60:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:C2:74:E5:1D:43:8B:27:D0:35:52:69:A8:52:F8:7D:BA:28:3A:18
            X509v3 Authority Key Identifier:
                keyid:70:C6:D5:35:B0:F2:75:A2:61:85:F8:F4:DC:A5:80:D2:6D:7A:97:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMbVNbDydaJhhfj03KWA0m16l0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/3533d0-1367-44b2-9048-00281a5ba6c7/1/f8J05R1DiyfQNVJpqFL4fbooOhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/3533d0-1367-44b2-9048-00281a5ba6c7/1/cMbVNbDydaJhhfj03KWA0m16l0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:c000::/29

    Signature Algorithm: sha256WithRSAEncryption
         3a:7e:e0:52:65:18:69:45:ae:6d:1d:57:70:4a:78:d4:79:0b:
         80:d3:46:4c:6b:62:2a:b8:2e:57:51:fa:b3:c5:9e:ef:bf:a1:
         c3:d3:84:bf:82:e4:a3:3d:db:15:b9:10:3c:08:49:f9:ee:8b:
         e3:29:a4:fb:c2:ae:cf:57:9a:fc:6b:c2:4f:53:ad:c7:af:ab:
         d6:5c:66:19:da:5c:b2:5f:bf:68:8d:05:b7:2f:ce:09:9f:05:
         c6:b8:74:29:e1:b9:ec:73:45:76:5d:39:56:50:c0:97:66:23:
         9a:c2:f6:a9:96:3f:c7:5d:6b:ef:03:8b:86:85:ca:56:fd:28:
         29:62:da:9b:a9:30:2a:2e:ce:de:f3:75:68:e0:1c:61:b0:14:
         2a:eb:f8:95:e5:e3:61:7a:3b:c7:e4:de:67:e2:c9:04:5f:d4:
         99:68:97:4c:f8:b6:ea:b0:02:f4:aa:ec:ae:53:15:f5:c4:1d:
         70:a5:62:16:d4:25:29:da:57:a3:7b:ac:28:5c:5a:ab:d3:72:
         69:cb:64:40:69:63:8a:54:52:d0:34:1f:56:31:ab:e2:94:c6:
         71:04:a0:5a:1f:1e:8b:ba:f9:69:ef:48:39:6a:77:e0:90:33:
         92:ef:ff:d0:ff:90:68:25:64:42:26:b7:bb:01:af:3d:d4:c6:
         43:78:4f:4a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZo67Bo8VKwT2pZvZJr3DlP4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYzZkNTM1YjBmMjc1YTI2MTg1ZjhmNGRjYTU4MGQyNmQ3
YTk3NDYwHhcNMjUxMDMxMTUzOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmMyNzRlNTFkNDM4YjI3ZDAzNTUyNjlhODUyZjg3ZGJhMjgzYTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYzLcCFYXBvsAR2xpec4zalZe8mO
URCUyU2pSM62JcaZ/6YFwUlJyzARSibAxHeQ8eOXwylM7v1Uhyn54zADjdGySKGp
vfceDO2NdBGNoYgI90kZTy2AxfhsTH4BvfM45A+QiHLnR+z/izmA9BhBtJKmPQJl
MJeBe6uKe228eezQOGea5c2447jQu2JGa0EQqC370cUnmdHo1bBboJCdGcZvcOQm
72Egidy+WgeNRCxpdLzGokxFubpRlbVq6Kmb2APm7f3ktxRH+Mv4xsujrYnfmvCT
mNY5CGlvuaIaJdTV9lqcbSHtj5t6nQPyJhoJo4K/qU9g4OQSAuBC0URgHQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFH/CdOUdQ4sn0DVSaahS+H26KDoYMB8GA1UdIwQY
MBaAFHDG1TWw8nWiYYX49NylgNJtepdGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY01iVk5iRHlkYUpoaGZqMDNLV0EwbTE2bDBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC8zNTMzZDAtMTM2Ny00NGIyLTkwNDgt
MDAyODFhNWJhNmM3LzEvZjhKMDVSMURpeWZRTlZKcHFGTDRmYm9vT2hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC8zNTMzZDAtMTM2Ny00NGIyLTkwNDgtMDAyODFhNWJhNmM3
LzEvY01iVk5iRHlkYUpoaGZqMDNLV0EwbTE2bDBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg/AADAN
BgkqhkiG9w0BAQsFAAOCAQEAOn7gUmUYaUWubR1XcEp41HkLgNNGTGtiKrguV1H6
s8We77+hw9OEv4Lkoz3bFbkQPAhJ+e6L4ymk+8Kuz1ea/GvCT1Otx6+r1lxmGdpc
sl+/aI0Fty/OCZ8Fxrh0KeG57HNFdl05VlDAl2YjmsL2qZY/x11r7wOLhoXKVv0o
KWLam6kwKi7O3vN1aOAcYbAUKuv4leXjYXo7x+TeZ+LJBF/UmWiXTPi26rAC9Krs
rlMV9cQdcKViFtQlKdpXo3usKFxaq9NyactkQGljilRS0DQfVjGr4pTGcQSgWh8e
i7r5ae9IOWp34JAzku//0P+QaCVkQia3uwGvPdTGQ3hPSg==
-----END CERTIFICATE-----