Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/e6727c-0803-4a03-9771-1d08addca271/1/7G5W8sa7fSyifeCi1ZnKppfC-do.roa
File:                     7G5W8sa7fSyifeCi1ZnKppfC-do.roa (raw, json)
Hash identifier:          cD9RHT+kmZED51KQST3KvwR9LcSJB8J5G4yP5BSC29Y=
Subject key identifier:   EC:6E:56:F2:C6:BB:7D:2C:A2:7D:E0:A2:D5:99:CA:A6:97:C2:F9:DA
Certificate issuer:       /CN=699ee08ff671600d4034a3e1d9d5a90245cc9c15
Certificate serial:       0199056D0AD2F6F019B530F2AF9826722BBE
Authority key identifier: 69:9E:E0:8F:F6:71:60:0D:40:34:A3:E1:D9:D5:A9:02:45:CC:9C:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZ7gj_ZxYA1ANKPh2dWpAkXMnBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/e6727c-0803-4a03-9771-1d08addca271/1/7G5W8sa7fSyifeCi1ZnKppfC-do.roa
Signing time:             Mon 01 Sep 2025 13:17:36 +0000
ROA not before:           Mon 01 Sep 2025 13:17:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3209
IP address blocks:        2001:67c:818::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/e6727c-0803-4a03-9771-1d08addca271/1/aZ7gj_ZxYA1ANKPh2dWpAkXMnBU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/e6727c-0803-4a03-9771-1d08addca271/1/aZ7gj_ZxYA1ANKPh2dWpAkXMnBU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZ7gj_ZxYA1ANKPh2dWpAkXMnBU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 22:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:05:6d:0a:d2:f6:f0:19:b5:30:f2:af:98:26:72:2b:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=699ee08ff671600d4034a3e1d9d5a90245cc9c15
        Validity
            Not Before: Sep  1 13:17:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec6e56f2c6bb7d2ca27de0a2d599caa697c2f9da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a1:c9:9b:a3:e6:9b:e0:25:ad:f4:94:9c:10:
                    f1:96:f2:97:c1:e7:db:7e:ca:f2:48:76:fa:ae:32:
                    f9:14:ce:8d:25:dc:42:12:61:d5:d3:d1:31:a9:3a:
                    40:85:27:28:87:b0:01:1d:39:d1:ec:f7:a0:a5:5c:
                    2e:07:42:52:0c:ee:51:f1:24:1d:df:24:f2:3c:7b:
                    50:53:2c:5b:bd:49:fb:c2:7b:e8:ec:8f:2a:b0:f7:
                    c8:a4:74:84:86:01:7e:7b:9d:c6:5f:d2:48:45:53:
                    6e:65:b4:bf:21:e5:38:0e:3b:1e:3d:b9:bd:41:f7:
                    5e:50:1d:8f:ab:54:33:fe:0d:ed:68:a6:ef:7e:93:
                    6b:29:ea:7e:03:61:f6:ed:8d:c9:1e:5f:5d:8c:c0:
                    7c:1a:4e:0e:9a:c5:33:08:d0:ee:60:2f:c0:9d:11:
                    92:ec:fa:cd:fd:83:d9:35:84:8f:21:2f:9d:24:29:
                    c6:ef:4a:38:5d:8f:c2:c6:61:6a:57:61:78:2f:c0:
                    b8:93:0c:a2:c6:f5:18:74:9d:59:85:a5:1b:ed:0b:
                    26:b5:49:e4:92:7f:f2:f7:79:73:6e:ea:67:66:83:
                    7b:0c:fc:93:7e:c9:9c:22:c0:05:03:7b:fa:20:7e:
                    67:bd:2f:06:54:a6:26:60:e7:f9:de:45:6c:20:02:
                    26:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:6E:56:F2:C6:BB:7D:2C:A2:7D:E0:A2:D5:99:CA:A6:97:C2:F9:DA
            X509v3 Authority Key Identifier:
                keyid:69:9E:E0:8F:F6:71:60:0D:40:34:A3:E1:D9:D5:A9:02:45:CC:9C:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZ7gj_ZxYA1ANKPh2dWpAkXMnBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/e6727c-0803-4a03-9771-1d08addca271/1/7G5W8sa7fSyifeCi1ZnKppfC-do.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/e6727c-0803-4a03-9771-1d08addca271/1/aZ7gj_ZxYA1ANKPh2dWpAkXMnBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:818::/48

    Signature Algorithm: sha256WithRSAEncryption
         bd:9c:f9:4a:f9:1f:cc:02:bb:f5:e4:3a:49:c9:c1:f6:66:c4:
         2e:69:a7:04:73:7c:b9:ca:c4:b6:d1:89:62:3b:20:21:cb:1a:
         74:dc:54:35:11:ab:37:eb:18:b4:c9:84:40:8b:ec:4d:be:c0:
         00:4a:37:70:db:dc:28:90:fd:38:40:99:3b:27:a3:e9:de:5e:
         0e:2e:42:58:ad:2e:11:5b:e1:42:df:18:66:2e:11:25:0d:55:
         4f:59:44:b2:9a:d0:f3:a2:93:10:be:19:d5:20:ee:62:28:e0:
         1b:d1:98:6d:aa:dd:a9:94:c8:94:52:f9:77:62:a3:31:bd:7f:
         4a:a9:74:4e:a1:eb:1a:bc:af:d4:3d:5b:61:c7:3f:05:9c:76:
         cf:d5:fa:c3:5a:15:e5:d6:fa:ce:f3:89:1a:aa:55:97:bd:72:
         fb:03:a3:12:24:ec:68:35:ee:b8:40:cc:89:fb:39:cb:bd:bd:
         73:2c:76:08:0d:32:53:9f:1c:b7:76:21:2a:40:de:84:80:c6:
         e0:6f:00:5a:c2:21:db:49:70:39:bf:4c:41:a9:b6:f2:c8:89:
         e1:77:be:17:86:20:cf:83:13:60:3c:30:61:31:e7:71:3d:92:
         bb:07:9e:09:4e:f4:0d:39:b3:7c:ee:af:c0:3e:ef:50:f2:2c:
         fa:f0:d3:31
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZkFbQrS9vAZtTDyr5gmciu+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OWVlMDhmZjY3MTYwMGQ0MDM0YTNlMWQ5ZDVhOTAyNDVj
YzljMTUwHhcNMjUwOTAxMTMxNzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzZlNTZmMmM2YmI3ZDJjYTI3ZGUwYTJkNTk5Y2FhNjk3YzJmOWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06HJm6Pmm+AlrfSUnBDxlvKXwefb
fsrySHb6rjL5FM6NJdxCEmHV09ExqTpAhScoh7ABHTnR7PegpVwuB0JSDO5R8SQd
3yTyPHtQUyxbvUn7wnvo7I8qsPfIpHSEhgF+e53GX9JIRVNuZbS/IeU4DjsePbm9
QfdeUB2Pq1Qz/g3taKbvfpNrKep+A2H27Y3JHl9djMB8Gk4OmsUzCNDuYC/AnRGS
7PrN/YPZNYSPIS+dJCnG70o4XY/CxmFqV2F4L8C4kwyixvUYdJ1ZhaUb7QsmtUnk
kn/y93lzbupnZoN7DPyTfsmcIsAFA3v6IH5nvS8GVKYmYOf53kVsIAImNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOxuVvLGu30son3gotWZyqaXwvnaMB8GA1UdIwQY
MBaAFGme4I/2cWANQDSj4dnVqQJFzJwVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVo3Z2pfWnhZQTFBTktQaDJkV3BBa1hNbkJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9lNjcyN2MtMDgwMy00YTAzLTk3NzEt
MWQwOGFkZGNhMjcxLzEvN0c1VzhzYTdmU3lpZmVDaTFabktwcGZDLWRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9lNjcyN2MtMDgwMy00YTAzLTk3NzEtMWQwOGFkZGNhMjcx
LzEvYVo3Z2pfWnhZQTFBTktQaDJkV3BBa1hNbkJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAgY
MA0GCSqGSIb3DQEBCwUAA4IBAQC9nPlK+R/MArv15DpJycH2ZsQuaacEc3y5ysS2
0YliOyAhyxp03FQ1Eas36xi0yYRAi+xNvsAASjdw29wokP04QJk7J6Pp3l4OLkJY
rS4RW+FC3xhmLhElDVVPWUSymtDzopMQvhnVIO5iKOAb0Zhtqt2plMiUUvl3YqMx
vX9KqXROoesavK/UPVthxz8FnHbP1frDWhXl1vrO84kaqlWXvXL7A6MSJOxoNe64
QMyJ+znLvb1zLHYIDTJTnxy3diEqQN6EgMbgbwBawiHbSXA5v0xBqbbyyInhd74X
hiDPgxNgPDBhMedxPZK7B54JTvQNObN87q/APu9Q8iz68NMx
-----END CERTIFICATE-----