Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/c2357a-c3e5-4173-bc41-a0646762d567/1/7Xs2O9Awldvq_tdrSlwSHIZGxrA.roa
File:                     7Xs2O9Awldvq_tdrSlwSHIZGxrA.roa (raw, json)
Hash identifier:          k+cTXScEND34YVsYY+IQYbjLgi/okHp1fhBK53hmBF8=
Subject key identifier:   ED:7B:36:3B:D0:30:95:DB:EA:FE:D7:6B:4A:5C:12:1C:86:46:C6:B0
Certificate issuer:       /CN=afac83e5677b11050dcecbc27730831c5e6f9c6a
Certificate serial:       019A5DFF345EC6D3DA16F95A5C41F40F548E
Authority key identifier: AF:AC:83:E5:67:7B:11:05:0D:CE:CB:C2:77:30:83:1C:5E:6F:9C:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r6yD5Wd7EQUNzsvCdzCDHF5vnGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/c2357a-c3e5-4173-bc41-a0646762d567/1/7Xs2O9Awldvq_tdrSlwSHIZGxrA.roa
Signing time:             Fri 07 Nov 2025 11:06:37 +0000
ROA not before:           Fri 07 Nov 2025 11:06:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        2001:67c:2b20::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/c2357a-c3e5-4173-bc41-a0646762d567/1/r6yD5Wd7EQUNzsvCdzCDHF5vnGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/c2357a-c3e5-4173-bc41-a0646762d567/1/r6yD5Wd7EQUNzsvCdzCDHF5vnGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r6yD5Wd7EQUNzsvCdzCDHF5vnGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 05:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5d:ff:34:5e:c6:d3:da:16:f9:5a:5c:41:f4:0f:54:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afac83e5677b11050dcecbc27730831c5e6f9c6a
        Validity
            Not Before: Nov  7 11:06:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed7b363bd03095dbeafed76b4a5c121c8646c6b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:0e:b6:29:bc:88:f9:b5:66:0e:1d:8f:ab:d0:
                    77:5b:14:79:23:12:ed:f4:38:a5:9c:ff:4d:91:79:
                    d5:80:36:f0:f3:e7:f9:23:f9:c6:bb:b7:2c:3a:7b:
                    b3:49:54:a3:e4:0a:b4:6d:74:ed:ac:17:ba:37:2c:
                    30:5b:2c:c9:d2:81:9a:47:3e:97:d5:29:71:40:09:
                    7b:1c:51:6f:61:8a:a0:0d:95:63:84:d5:bd:83:cf:
                    7b:5d:07:63:29:c1:2c:2c:dc:09:36:d4:ce:76:69:
                    48:b2:b7:8f:ba:76:5b:6c:f2:02:e6:87:ac:4a:02:
                    5e:f7:2b:94:0c:62:c3:9d:0a:37:91:18:4a:d2:6e:
                    c7:3f:2b:61:3b:e4:d3:82:a3:d6:10:dd:07:80:b6:
                    ce:2e:04:26:01:64:6e:ed:9d:4b:73:a9:5f:49:35:
                    2d:58:de:0b:dc:77:b7:b5:21:af:3d:e5:f5:67:26:
                    e7:c9:93:a4:8d:1e:e1:da:f8:f9:28:4d:57:db:d9:
                    f1:67:cb:15:69:05:63:dc:98:c0:62:9c:d8:d2:af:
                    7e:29:c2:13:85:9b:d9:cd:18:26:15:ac:84:2b:e3:
                    32:a8:5a:5a:87:8c:7b:06:cd:68:9c:aa:55:c6:dd:
                    db:45:ba:14:5a:f1:6d:70:b7:18:f4:63:d3:d0:3e:
                    31:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:7B:36:3B:D0:30:95:DB:EA:FE:D7:6B:4A:5C:12:1C:86:46:C6:B0
            X509v3 Authority Key Identifier:
                keyid:AF:AC:83:E5:67:7B:11:05:0D:CE:CB:C2:77:30:83:1C:5E:6F:9C:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r6yD5Wd7EQUNzsvCdzCDHF5vnGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/c2357a-c3e5-4173-bc41-a0646762d567/1/7Xs2O9Awldvq_tdrSlwSHIZGxrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/c2357a-c3e5-4173-bc41-a0646762d567/1/r6yD5Wd7EQUNzsvCdzCDHF5vnGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2b20::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:2a:38:54:19:ca:f1:4d:a5:a7:6c:60:33:85:f9:52:c6:a0:
         11:2f:7d:04:9b:56:ce:31:ba:5f:c1:a4:a5:49:2a:04:97:8c:
         92:f0:4f:a9:97:4e:33:22:03:15:3d:61:d3:c0:d8:13:79:2f:
         0b:48:9a:49:08:d5:70:3f:c6:9f:90:f2:2b:39:7a:92:4a:ee:
         68:da:20:1f:d4:aa:4a:52:06:09:71:9f:c2:72:3d:44:1a:2e:
         86:54:04:60:89:af:71:6c:5c:35:59:c6:23:b6:d3:71:9f:d8:
         dd:ee:7e:a3:20:88:cf:0f:ed:29:8a:99:6a:89:e4:ad:31:75:
         fd:7f:54:f4:09:e2:71:63:58:aa:15:99:bd:4f:fd:d1:03:71:
         d0:6b:1b:7f:66:d9:19:ca:02:dc:49:3c:f9:4e:a6:de:a6:73:
         81:a8:ae:ad:ea:7a:62:cf:82:a0:db:3c:cf:38:7f:50:3e:c6:
         52:d6:02:56:67:df:87:47:6f:ac:a1:f5:4c:40:ba:d4:fe:a8:
         fc:f2:05:a1:43:ee:de:1f:d2:94:1a:1e:97:0d:17:fb:4e:2e:
         81:5c:5f:33:05:7c:d5:04:8a:e7:1a:6f:9d:e0:93:2b:e0:6f:
         e4:06:d5:13:06:cd:93:56:d6:4f:f9:84:e1:44:b1:65:da:29:
         0d:32:8d:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZpd/zRextPaFvlaXEH0D1SOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmYWM4M2U1Njc3YjExMDUwZGNlY2JjMjc3MzA4MzFjNWU2
ZjljNmEwHhcNMjUxMTA3MTEwNjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDdiMzYzYmQwMzA5NWRiZWFmZWQ3NmI0YTVjMTIxYzg2NDZjNmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzA62KbyI+bVmDh2Pq9B3WxR5IxLt
9DilnP9NkXnVgDbw8+f5I/nGu7csOnuzSVSj5Aq0bXTtrBe6NywwWyzJ0oGaRz6X
1SlxQAl7HFFvYYqgDZVjhNW9g897XQdjKcEsLNwJNtTOdmlIsrePunZbbPIC5oes
SgJe9yuUDGLDnQo3kRhK0m7HPythO+TTgqPWEN0HgLbOLgQmAWRu7Z1Lc6lfSTUt
WN4L3He3tSGvPeX1ZybnyZOkjR7h2vj5KE1X29nxZ8sVaQVj3JjAYpzY0q9+KcIT
hZvZzRgmFayEK+MyqFpah4x7Bs1onKpVxt3bRboUWvFtcLcY9GPT0D4xgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO17NjvQMJXb6v7Xa0pcEhyGRsawMB8GA1UdIwQY
MBaAFK+sg+VnexEFDc7Lwncwgxxeb5xqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjZ5RDVXZDdFUVVOenN2Q2R6Q0RIRjV2bkdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9jMjM1N2EtYzNlNS00MTczLWJjNDEt
YTA2NDY3NjJkNTY3LzEvN1hzMk85QXdsZHZxX3RkclNsd1NISVpHeHJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9jMjM1N2EtYzNlNS00MTczLWJjNDEtYTA2NDY3NjJkNTY3
LzEvcjZ5RDVXZDdFUVVOenN2Q2R6Q0RIRjV2bkdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCsg
MA0GCSqGSIb3DQEBCwUAA4IBAQCwKjhUGcrxTaWnbGAzhflSxqARL30Em1bOMbpf
waSlSSoEl4yS8E+pl04zIgMVPWHTwNgTeS8LSJpJCNVwP8afkPIrOXqSSu5o2iAf
1KpKUgYJcZ/Ccj1EGi6GVARgia9xbFw1WcYjttNxn9jd7n6jIIjPD+0piplqieSt
MXX9f1T0CeJxY1iqFZm9T/3RA3HQaxt/ZtkZygLcSTz5TqbepnOBqK6t6npiz4Kg
2zzPOH9QPsZS1gJWZ9+HR2+sofVMQLrU/qj88gWhQ+7eH9KUGh6XDRf7Ti6BXF8z
BXzVBIrnGm+d4JMr4G/kBtUTBs2TVtZP+YThRLFl2ikNMo2Z
-----END CERTIFICATE-----