Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/22f0a8-b6f0-44b6-9aa1-8747daa593f2/1/_uXBkuhUshA9qmVceLo2r4NfxjI.roa
File:                     _uXBkuhUshA9qmVceLo2r4NfxjI.roa (raw, json)
Hash identifier:          eLDt5MUCNFk11wBf0J4j69ReU2zTScT7dm7QbxFh55c=
Subject key identifier:   FE:E5:C1:92:E8:54:B2:10:3D:AA:65:5C:78:BA:36:AF:83:5F:C6:32
Certificate issuer:       /CN=fb7f191a8dbbf1f131474975358f2444d6950e82
Certificate serial:       01992B565BF46B7271926B7797B0B51CA729
Authority key identifier: FB:7F:19:1A:8D:BB:F1:F1:31:47:49:75:35:8F:24:44:D6:95:0E:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-38ZGo278fExR0l1NY8kRNaVDoI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/22f0a8-b6f0-44b6-9aa1-8747daa593f2/1/_uXBkuhUshA9qmVceLo2r4NfxjI.roa
Signing time:             Mon 08 Sep 2025 21:58:23 +0000
ROA not before:           Mon 08 Sep 2025 21:58:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211715
IP address blocks:        2001:67c:1350::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/22f0a8-b6f0-44b6-9aa1-8747daa593f2/1/1-38ZGo278fExR0l1NY8kRNaVDoI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/22f0a8-b6f0-44b6-9aa1-8747daa593f2/1/1-38ZGo278fExR0l1NY8kRNaVDoI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-38ZGo278fExR0l1NY8kRNaVDoI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2b:56:5b:f4:6b:72:71:92:6b:77:97:b0:b5:1c:a7:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb7f191a8dbbf1f131474975358f2444d6950e82
        Validity
            Not Before: Sep  8 21:58:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fee5c192e854b2103daa655c78ba36af835fc632
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:67:8f:c3:50:d3:7f:c8:5d:80:cd:3d:78:1a:
                    21:49:49:e7:59:8b:bc:3a:fd:28:e3:c4:26:0c:d3:
                    49:a4:1e:68:00:07:86:c2:02:6a:93:1a:03:06:f3:
                    2c:f2:5d:af:ea:70:18:04:18:28:80:be:3b:3e:93:
                    fa:80:ca:58:8f:31:1a:7d:0d:61:51:fb:9b:c1:6a:
                    a4:c5:a7:6d:03:94:e8:18:bf:72:f3:d6:9a:c3:73:
                    09:f4:e3:66:af:08:bc:c9:f5:03:d5:8d:67:10:2f:
                    5a:d2:26:89:da:c2:cd:dc:fc:c5:db:4e:99:2d:b7:
                    17:55:a1:4c:f7:f4:b8:5d:30:b3:20:7e:94:35:b4:
                    ab:48:86:ee:20:e1:17:34:5a:c4:04:82:e0:34:75:
                    dc:6f:1c:54:1f:44:9e:a7:51:27:ea:88:69:1d:08:
                    c4:38:9a:36:a2:34:28:8f:7a:bd:be:f8:16:a2:47:
                    e5:f1:c3:84:bb:4e:c8:68:8c:9a:92:9f:88:fb:38:
                    26:a0:57:42:3c:c0:32:c0:40:82:12:6e:f3:82:94:
                    03:6a:69:6f:30:05:8c:2a:ec:75:d9:40:65:dc:d9:
                    1e:4a:63:e1:6e:8f:f7:46:67:92:cd:da:25:a4:84:
                    a7:3a:ca:eb:dc:21:3d:64:49:cb:fc:b3:bb:a5:a1:
                    68:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:E5:C1:92:E8:54:B2:10:3D:AA:65:5C:78:BA:36:AF:83:5F:C6:32
            X509v3 Authority Key Identifier:
                keyid:FB:7F:19:1A:8D:BB:F1:F1:31:47:49:75:35:8F:24:44:D6:95:0E:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-38ZGo278fExR0l1NY8kRNaVDoI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/22f0a8-b6f0-44b6-9aa1-8747daa593f2/1/_uXBkuhUshA9qmVceLo2r4NfxjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/22f0a8-b6f0-44b6-9aa1-8747daa593f2/1/1-38ZGo278fExR0l1NY8kRNaVDoI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1350::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:98:82:3e:06:9d:09:e3:26:a9:92:2c:66:49:d6:83:cc:87:
         6e:f2:20:73:6b:87:99:c3:55:66:07:6b:da:09:e9:21:47:e9:
         94:15:97:37:c3:74:79:5c:6a:1a:05:48:b6:29:42:24:ee:bf:
         ba:5c:86:4f:f3:d3:22:30:93:e3:9f:4b:53:42:31:b9:2f:7d:
         ce:74:5d:85:de:ef:a6:9a:b0:90:89:58:fe:3e:3d:36:c8:40:
         92:7f:51:aa:72:29:95:96:9e:3a:28:a0:a6:60:ae:79:60:c2:
         1b:1a:4b:9a:f1:88:71:e6:3c:6c:56:73:23:bd:0b:db:1a:25:
         db:2f:23:b1:83:32:cb:62:01:b6:28:6e:07:ca:65:fb:2d:8f:
         66:2d:62:d7:59:ef:83:36:db:ee:12:cf:ee:c1:70:33:ce:e5:
         75:fc:2b:e5:48:48:11:9a:6a:92:65:f3:92:79:f5:45:9f:53:
         88:0f:52:4c:fe:3b:9b:dd:78:95:42:b2:49:74:45:81:70:a7:
         dc:91:c0:14:0b:ee:a6:9f:e5:2b:32:e0:91:25:c5:a8:f3:96:
         8a:c5:db:3c:8c:f5:21:94:78:f6:4d:ee:c2:f3:4b:db:1b:71:
         d8:76:65:30:17:0c:0f:32:8b:57:53:36:ad:f6:27:66:63:b3:
         37:5b:9c:24
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZkrVlv0a3Jxkmt3l7C1HKcpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiN2YxOTFhOGRiYmYxZjEzMTQ3NDk3NTM1OGYyNDQ0ZDY5
NTBlODIwHhcNMjUwOTA4MjE1ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWU1YzE5MmU4NTRiMjEwM2RhYTY1NWM3OGJhMzZhZjgzNWZjNjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWePw1DTf8hdgM09eBohSUnnWYu8
Ov0o48QmDNNJpB5oAAeGwgJqkxoDBvMs8l2v6nAYBBgogL47PpP6gMpYjzEafQ1h
UfubwWqkxadtA5ToGL9y89aaw3MJ9ONmrwi8yfUD1Y1nEC9a0iaJ2sLN3PzF206Z
LbcXVaFM9/S4XTCzIH6UNbSrSIbuIOEXNFrEBILgNHXcbxxUH0Sep1En6ohpHQjE
OJo2ojQoj3q9vvgWokfl8cOEu07IaIyakp+I+zgmoFdCPMAywECCEm7zgpQDamlv
MAWMKux12UBl3NkeSmPhbo/3RmeSzdolpISnOsrr3CE9ZEnL/LO7paFo3wIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFP7lwZLoVLIQPaplXHi6Nq+DX8YyMB8GA1UdIwQY
MBaAFPt/GRqNu/HxMUdJdTWPJETWlQ6CMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0zOFpHbzI3OGZFeFIwbDFOWThrUk5hVkRvSS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2QvMjJmMGE4LWI2ZjAtNDRiNi05YWEx
LTg3NDdkYWE1OTNmMi8xL191WEJrdWhVc2hBOXFtVmNlTG8ycjROZnhqSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2QvMjJmMGE4LWI2ZjAtNDRiNi05YWExLTg3NDdkYWE1OTNm
Mi8xLzEtMzhaR28yNzhmRXhSMGwxTlk4a1JOYVZEb0kuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ8
E1AwDQYJKoZIhvcNAQELBQADggEBAIOYgj4GnQnjJqmSLGZJ1oPMh27yIHNrh5nD
VWYHa9oJ6SFH6ZQVlzfDdHlcahoFSLYpQiTuv7pchk/z0yIwk+OfS1NCMbkvfc50
XYXe76aasJCJWP4+PTbIQJJ/UapyKZWWnjoooKZgrnlgwhsaS5rxiHHmPGxWcyO9
C9saJdsvI7GDMstiAbYobgfKZfstj2YtYtdZ74M22+4Sz+7BcDPO5XX8K+VISBGa
apJl85J59UWfU4gPUkz+O5vdeJVCskl0RYFwp9yRwBQL7qaf5Ssy4JElxajzlorF
2zyM9SGUePZN7sLzS9sbcdh2ZTAXDA8yi1dTNq32J2ZjszdbnCQ=
-----END CERTIFICATE-----