Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/f26514-aef5-4a46-8851-b66300a7f9f1/1/BrmKnel9vz9ZJoRYmUMmfv_fkdA.roa
File:                     BrmKnel9vz9ZJoRYmUMmfv_fkdA.roa (raw, json)
Hash identifier:          iTZbysj75EFXeStqkEh3kRfDOJLprFh8UOBLsS70Pok=
Subject key identifier:   06:B9:8A:9D:E9:7D:BF:3F:59:26:84:58:99:43:26:7E:FF:DF:91:D0
Certificate issuer:       /CN=ab7916f3609834ed4014da8c695b340a7b0a580e
Certificate serial:       0198F03C0D83FE92E99119A5D6F5D957D171
Authority key identifier: AB:79:16:F3:60:98:34:ED:40:14:DA:8C:69:5B:34:0A:7B:0A:58:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q3kW82CYNO1AFNqMaVs0CnsKWA4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/f26514-aef5-4a46-8851-b66300a7f9f1/1/BrmKnel9vz9ZJoRYmUMmfv_fkdA.roa
Signing time:             Thu 28 Aug 2025 10:32:04 +0000
ROA not before:           Thu 28 Aug 2025 10:32:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49697
IP address blocks:        2001:678:964::/48 maxlen: 48
                          2001:678:a00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/f26514-aef5-4a46-8851-b66300a7f9f1/1/q3kW82CYNO1AFNqMaVs0CnsKWA4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/f26514-aef5-4a46-8851-b66300a7f9f1/1/q3kW82CYNO1AFNqMaVs0CnsKWA4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q3kW82CYNO1AFNqMaVs0CnsKWA4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 22:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f0:3c:0d:83:fe:92:e9:91:19:a5:d6:f5:d9:57:d1:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab7916f3609834ed4014da8c695b340a7b0a580e
        Validity
            Not Before: Aug 28 10:32:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06b98a9de97dbf3f592684589943267effdf91d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a9:6e:0d:60:e0:d8:1d:47:74:07:42:ae:86:
                    e5:d2:07:ab:07:5a:3c:d0:d7:26:1c:ed:6b:75:a4:
                    1d:f1:8b:96:11:28:62:b2:08:a8:d9:df:a8:a4:31:
                    72:32:d2:72:92:8e:d4:a6:4a:ce:af:53:65:4c:bf:
                    4f:b3:2c:c4:bf:d8:f5:45:16:a0:91:b9:46:82:aa:
                    8a:79:f9:ec:e9:a8:16:b1:b1:f8:2c:30:7a:25:93:
                    a2:49:6c:a2:c4:05:0c:60:76:f1:5b:a2:45:59:12:
                    d7:3b:a8:22:47:39:67:21:cb:db:0b:9d:d0:83:49:
                    24:b0:57:73:ce:89:a9:dd:ae:74:90:15:7d:38:2f:
                    50:b2:71:36:11:9c:5d:e4:10:3a:92:49:47:8b:c4:
                    de:57:c9:e3:75:3b:8f:bd:b8:b7:c1:c8:ff:ac:97:
                    7d:0d:4d:3b:bb:69:53:04:62:d0:b3:df:71:f2:d1:
                    58:a2:62:d6:ba:42:18:d1:19:4e:1f:c5:bc:ee:84:
                    7e:8a:cb:27:6c:88:13:5f:7c:e2:da:f8:26:ed:28:
                    c0:80:08:87:c1:de:ef:74:f7:94:33:99:40:ec:5b:
                    fc:38:91:61:ac:79:46:4c:c4:1c:9b:f4:af:a3:e5:
                    f9:51:fe:32:9e:c3:e3:de:19:f5:ba:8b:4e:19:47:
                    ed:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B9:8A:9D:E9:7D:BF:3F:59:26:84:58:99:43:26:7E:FF:DF:91:D0
            X509v3 Authority Key Identifier:
                keyid:AB:79:16:F3:60:98:34:ED:40:14:DA:8C:69:5B:34:0A:7B:0A:58:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3kW82CYNO1AFNqMaVs0CnsKWA4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/f26514-aef5-4a46-8851-b66300a7f9f1/1/BrmKnel9vz9ZJoRYmUMmfv_fkdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/f26514-aef5-4a46-8851-b66300a7f9f1/1/q3kW82CYNO1AFNqMaVs0CnsKWA4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:964::/48
                  2001:678:a00::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:8e:75:bf:5f:61:cc:e5:89:a5:34:c7:2e:3d:53:ef:1d:59:
         47:95:bf:92:f0:e8:02:21:ba:b5:03:5c:2b:83:00:7f:ce:b6:
         f4:29:52:45:6a:ed:21:f0:35:9d:39:75:94:95:8f:34:50:1f:
         7d:67:0c:c7:28:34:00:a7:99:99:46:b7:1e:b9:d1:b2:0f:3a:
         60:bd:a4:b3:2c:59:12:98:d5:f2:68:78:ab:ba:3a:a7:31:9d:
         a5:2e:56:28:31:8d:d4:dd:0e:0a:6f:c4:62:ac:0c:73:5b:45:
         1d:f7:70:b2:ee:6e:37:67:06:11:3c:01:80:5d:45:99:ec:24:
         57:10:a8:b0:93:46:ec:0b:aa:b3:5c:2a:49:ea:bb:08:e6:64:
         37:53:08:52:cf:b4:5f:4e:0a:9f:51:a5:19:85:df:ba:f3:06:
         5f:31:a2:45:37:ee:a9:7f:e6:65:68:b0:c2:5c:19:f3:46:7f:
         a5:93:8c:a2:2b:77:ca:7b:87:2a:ac:15:8c:de:8d:a2:47:91:
         bd:25:c1:42:03:06:c6:b7:d7:e9:fe:7b:77:c0:92:f8:32:43:
         59:b7:4a:30:70:91:f4:90:fe:3c:f7:f9:92:c3:6c:52:52:03:
         fc:6b:e8:f7:55:df:9c:22:47:30:75:f1:58:8a:eb:12:5a:58:
         c1:31:6d:38
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZjwPA2D/pLpkRml1vXZV9FxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzkxNmYzNjA5ODM0ZWQ0MDE0ZGE4YzY5NWIzNDBhN2Iw
YTU4MGUwHhcNMjUwODI4MTAzMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmI5OGE5ZGU5N2RiZjNmNTkyNjg0NTg5OTQzMjY3ZWZmZGY5MWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKluDWDg2B1HdAdCrobl0gerB1o8
0NcmHO1rdaQd8YuWEShisgio2d+opDFyMtJyko7UpkrOr1NlTL9PsyzEv9j1RRag
kblGgqqKefns6agWsbH4LDB6JZOiSWyixAUMYHbxW6JFWRLXO6giRzlnIcvbC53Q
g0kksFdzzomp3a50kBV9OC9QsnE2EZxd5BA6kklHi8TeV8njdTuPvbi3wcj/rJd9
DU07u2lTBGLQs99x8tFYomLWukIY0RlOH8W87oR+issnbIgTX3zi2vgm7SjAgAiH
wd7vdPeUM5lA7Fv8OJFhrHlGTMQcm/Svo+X5Uf4ynsPj3hn1uotOGUft1wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAa5ip3pfb8/WSaEWJlDJn7/35HQMB8GA1UdIwQY
MBaAFKt5FvNgmDTtQBTajGlbNAp7ClgOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNrVzgyQ1lOTzFBRk5xTWFWczBDbnNLV0E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9mMjY1MTQtYWVmNS00YTQ2LTg4NTEt
YjY2MzAwYTdmOWYxLzEvQnJtS25lbDl2ejlaSm9SWW1VTW1mdl9ma2RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9mMjY1MTQtYWVmNS00YTQ2LTg4NTEtYjY2MzAwYTdmOWYx
LzEvcTNrVzgyQ1lOTzFBRk5xTWFWczBDbnNLV0E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGeAlk
AwcAIAEGeAoAMA0GCSqGSIb3DQEBCwUAA4IBAQAcjnW/X2HM5YmlNMcuPVPvHVlH
lb+S8OgCIbq1A1wrgwB/zrb0KVJFau0h8DWdOXWUlY80UB99ZwzHKDQAp5mZRrce
udGyDzpgvaSzLFkSmNXyaHirujqnMZ2lLlYoMY3U3Q4Kb8RirAxzW0Ud93Cy7m43
ZwYRPAGAXUWZ7CRXEKiwk0bsC6qzXCpJ6rsI5mQ3UwhSz7RfTgqfUaUZhd+68wZf
MaJFN+6pf+ZlaLDCXBnzRn+lk4yiK3fKe4cqrBWM3o2iR5G9JcFCAwbGt9fp/nt3
wJL4MkNZt0owcJH0kP489/mSw2xSUgP8a+j3Vd+cIkcwdfFYiusSWljBMW04
-----END CERTIFICATE-----