Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/9e3dcd-f1a2-4fb9-8c7e-d54562f52e93/1/FoUBO1CLvHv9IUZgMqlXSTP27UE.roa
File:                     FoUBO1CLvHv9IUZgMqlXSTP27UE.roa (raw, json)
Hash identifier:          UWDESR9+S/CWXTmG2rrRD+fM1FniiIp0n2rFP03so88=
Subject key identifier:   16:85:01:3B:50:8B:BC:7B:FD:21:46:60:32:A9:57:49:33:F6:ED:41
Certificate issuer:       /CN=d7f4f64b510a41b07c9d50004b3525694cc42233
Certificate serial:       0199104478A42BB63F1A630A5A1C8C42B8E7
Authority key identifier: D7:F4:F6:4B:51:0A:41:B0:7C:9D:50:00:4B:35:25:69:4C:C4:22:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1_T2S1EKQbB8nVAASzUlaUzEIjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/9e3dcd-f1a2-4fb9-8c7e-d54562f52e93/1/FoUBO1CLvHv9IUZgMqlXSTP27UE.roa
Signing time:             Wed 03 Sep 2025 15:49:06 +0000
ROA not before:           Wed 03 Sep 2025 15:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216091
IP address blocks:        2001:67c:d38::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/9e3dcd-f1a2-4fb9-8c7e-d54562f52e93/1/1_T2S1EKQbB8nVAASzUlaUzEIjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/9e3dcd-f1a2-4fb9-8c7e-d54562f52e93/1/1_T2S1EKQbB8nVAASzUlaUzEIjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1_T2S1EKQbB8nVAASzUlaUzEIjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:10:44:78:a4:2b:b6:3f:1a:63:0a:5a:1c:8c:42:b8:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7f4f64b510a41b07c9d50004b3525694cc42233
        Validity
            Not Before: Sep  3 15:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1685013b508bbc7bfd21466032a9574933f6ed41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:31:9f:45:5c:07:fc:8b:12:ec:42:f9:fb:05:
                    0f:51:1a:47:f8:8e:13:21:9b:b0:d6:74:0c:b4:12:
                    0a:e6:59:cd:54:26:b1:f3:35:f7:75:4a:76:02:cf:
                    86:41:8b:e3:95:1c:48:98:05:d1:f5:8e:60:07:9b:
                    67:7f:52:d7:8b:55:3d:cd:0b:d3:7a:7d:a9:7f:7d:
                    f0:1f:e1:da:55:1d:76:9b:1d:43:1e:2e:5a:5a:db:
                    66:85:16:23:d8:47:d8:9e:0b:03:fd:40:67:9c:24:
                    f9:16:8d:b4:59:55:fa:94:7d:24:eb:7c:25:82:4b:
                    e3:ae:df:b3:35:04:a9:f3:7d:b4:cd:7d:8a:e4:ac:
                    1f:d1:05:fc:e4:39:af:1c:30:cf:3b:38:ac:c6:97:
                    b9:04:6e:63:e5:88:c7:fb:dc:92:f2:7c:a6:8c:28:
                    b1:2f:9d:ba:7d:b0:f3:ad:a8:2e:af:b9:01:05:cd:
                    ce:9c:d9:1c:2d:46:2f:8d:37:02:4a:f6:fb:47:bc:
                    53:91:ba:89:0c:04:7d:86:28:36:91:15:75:b3:6e:
                    1f:22:1f:79:d7:65:15:b9:30:a4:fe:a0:dc:4e:00:
                    fd:c0:59:58:93:a3:8d:c8:4c:b4:2b:5e:b1:76:9e:
                    69:5c:8b:48:6c:61:00:41:2c:1f:3b:9b:24:5e:55:
                    7a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:85:01:3B:50:8B:BC:7B:FD:21:46:60:32:A9:57:49:33:F6:ED:41
            X509v3 Authority Key Identifier:
                keyid:D7:F4:F6:4B:51:0A:41:B0:7C:9D:50:00:4B:35:25:69:4C:C4:22:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1_T2S1EKQbB8nVAASzUlaUzEIjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/9e3dcd-f1a2-4fb9-8c7e-d54562f52e93/1/FoUBO1CLvHv9IUZgMqlXSTP27UE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/9e3dcd-f1a2-4fb9-8c7e-d54562f52e93/1/1_T2S1EKQbB8nVAASzUlaUzEIjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d38::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:55:ca:d3:55:90:3a:33:06:74:85:b7:96:96:a8:e3:1f:75:
         05:86:11:29:67:8c:44:a3:43:ec:09:05:54:20:a6:48:b8:73:
         55:db:00:c8:06:12:a7:37:4a:dd:80:ba:75:9f:f2:82:22:11:
         5b:1a:d4:9f:69:3b:7c:de:5f:69:83:69:f6:8c:4a:f3:2e:61:
         03:57:26:2b:5a:88:f1:55:ba:2c:f9:37:0a:25:b5:da:fd:91:
         2e:67:4a:b2:de:c4:96:33:bd:32:f2:40:c3:29:d2:62:ce:98:
         05:af:15:d3:55:df:51:ff:86:71:72:1c:66:da:18:d9:fd:d9:
         a1:8c:44:74:1d:1b:f7:c0:11:0f:9a:00:f8:27:9c:cb:9e:11:
         6a:96:64:f0:15:61:17:7e:70:7f:06:0d:62:e3:48:35:3e:7e:
         65:c5:3b:1a:e9:3c:45:ea:b0:6d:cc:dd:5a:1d:77:b9:28:3d:
         a7:5b:6a:fe:a4:99:a2:d8:02:d3:6e:08:07:5d:cd:1f:f9:10:
         ff:ba:25:e9:8f:0c:fb:c1:90:f9:01:7b:68:fe:d8:f4:62:e1:
         90:03:e1:0e:5c:2d:86:b8:b4:6c:d9:67:33:ff:17:83:df:ab:
         84:13:73:38:01:d8:68:b1:1c:8b:72:0d:91:c0:a8:b6:57:a7:
         65:2e:99:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZkQRHikK7Y/GmMKWhyMQrjnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3ZjRmNjRiNTEwYTQxYjA3YzlkNTAwMDRiMzUyNTY5NGNj
NDIyMzMwHhcNMjUwOTAzMTU0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjg1MDEzYjUwOGJiYzdiZmQyMTQ2NjAzMmE5NTc0OTMzZjZlZDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjGfRVwH/IsS7EL5+wUPURpH+I4T
IZuw1nQMtBIK5lnNVCax8zX3dUp2As+GQYvjlRxImAXR9Y5gB5tnf1LXi1U9zQvT
en2pf33wH+HaVR12mx1DHi5aWttmhRYj2EfYngsD/UBnnCT5Fo20WVX6lH0k63wl
gkvjrt+zNQSp8320zX2K5Kwf0QX85DmvHDDPOzisxpe5BG5j5YjH+9yS8nymjCix
L526fbDzragur7kBBc3OnNkcLUYvjTcCSvb7R7xTkbqJDAR9hig2kRV1s24fIh95
12UVuTCk/qDcTgD9wFlYk6ONyEy0K16xdp5pXItIbGEAQSwfO5skXlV6eQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBaFATtQi7x7/SFGYDKpV0kz9u1BMB8GA1UdIwQY
MBaAFNf09ktRCkGwfJ1QAEs1JWlMxCIzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMV9UMlMxRUtRYkI4blZBQVN6VWxhVXpFSWpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy85ZTNkY2QtZjFhMi00ZmI5LThjN2Ut
ZDU0NTYyZjUyZTkzLzEvRm9VQk8xQ0x2SHY5SVVaZ01xbFhTVFAyN1VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy85ZTNkY2QtZjFhMi00ZmI5LThjN2UtZDU0NTYyZjUyZTkz
LzEvMV9UMlMxRUtRYkI4blZBQVN6VWxhVXpFSWpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA04
MA0GCSqGSIb3DQEBCwUAA4IBAQCmVcrTVZA6MwZ0hbeWlqjjH3UFhhEpZ4xEo0Ps
CQVUIKZIuHNV2wDIBhKnN0rdgLp1n/KCIhFbGtSfaTt83l9pg2n2jErzLmEDVyYr
WojxVbos+TcKJbXa/ZEuZ0qy3sSWM70y8kDDKdJizpgFrxXTVd9R/4Zxchxm2hjZ
/dmhjER0HRv3wBEPmgD4J5zLnhFqlmTwFWEXfnB/Bg1i40g1Pn5lxTsa6TxF6rBt
zN1aHXe5KD2nW2r+pJmi2ALTbggHXc0f+RD/uiXpjwz7wZD5AXto/tj0YuGQA+EO
XC2GuLRs2Wcz/xeD36uEE3M4AdhosRyLcg2RwKi2V6dlLplu
-----END CERTIFICATE-----