Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/c9c370-7123-4081-b956-88ec579f88ca/1/iVyGcqEr-8jpKzhjzp-9QCdtZEk.roa
File:                     iVyGcqEr-8jpKzhjzp-9QCdtZEk.roa (raw, json)
Hash identifier:          WZTPxZfIiSNVbHI/rXhUWX8AA/N1Zc9JCSpIzBxCWKU=
Subject key identifier:   89:5C:86:72:A1:2B:FB:C8:E9:2B:38:63:CE:9F:BD:40:27:6D:64:49
Certificate issuer:       /CN=7b11318d4bdd3ec5943386e701d7d02bd68300ad
Certificate serial:       0199DBFB37B68BC8A1E3E6A9935D75A8F701
Authority key identifier: 7B:11:31:8D:4B:DD:3E:C5:94:33:86:E7:01:D7:D0:2B:D6:83:00:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/exExjUvdPsWUM4bnAdfQK9aDAK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/c9c370-7123-4081-b956-88ec579f88ca/1/iVyGcqEr-8jpKzhjzp-9QCdtZEk.roa
Signing time:             Mon 13 Oct 2025 05:11:38 +0000
ROA not before:           Mon 13 Oct 2025 05:11:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10103
IP address blocks:        2a14:60c7:8100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/c9c370-7123-4081-b956-88ec579f88ca/1/exExjUvdPsWUM4bnAdfQK9aDAK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/c9c370-7123-4081-b956-88ec579f88ca/1/exExjUvdPsWUM4bnAdfQK9aDAK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/exExjUvdPsWUM4bnAdfQK9aDAK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Oct 2025 20:35:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:db:fb:37:b6:8b:c8:a1:e3:e6:a9:93:5d:75:a8:f7:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b11318d4bdd3ec5943386e701d7d02bd68300ad
        Validity
            Not Before: Oct 13 05:11:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=895c8672a12bfbc8e92b3863ce9fbd40276d6449
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:93:6e:42:c5:63:fe:9b:5e:e1:22:22:cf:8b:
                    c4:50:d9:2d:49:dd:fb:8f:98:b4:df:45:ab:b1:26:
                    d7:92:4e:38:76:50:58:f8:e1:4e:b8:06:25:fd:86:
                    1b:37:84:d0:68:bc:5b:24:88:32:13:fa:5e:dd:74:
                    1b:df:2d:7a:8f:12:34:0b:7b:be:61:4a:cd:83:ae:
                    4d:89:ef:d3:b4:1f:40:7c:b9:1a:a9:44:3f:a6:74:
                    65:92:e3:6e:68:97:91:77:ec:50:91:4a:31:70:f7:
                    f9:5c:e5:47:3c:94:d6:ca:6e:73:7d:5d:47:d1:72:
                    51:72:2d:7d:15:64:a1:44:ae:8c:9d:63:12:c0:f6:
                    36:06:24:f6:ea:2d:c3:58:bd:8a:fe:64:db:28:8f:
                    81:c7:35:e7:54:df:05:fb:f5:98:55:30:85:ef:ad:
                    53:81:36:f6:ea:8c:23:cd:b9:0b:d2:3b:e7:ed:2f:
                    e1:e5:20:a2:07:cb:2f:65:9f:04:90:ad:39:59:df:
                    cd:56:73:2a:46:e6:c9:bf:34:90:37:e3:f9:2a:ba:
                    14:f6:79:69:eb:45:8a:ae:c6:89:32:81:f5:90:3a:
                    c6:20:27:40:99:8a:1d:cd:88:fc:01:8e:cc:b1:f3:
                    4c:87:ea:19:af:8a:5c:fd:5a:a6:a2:16:0f:a9:ff:
                    82:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:5C:86:72:A1:2B:FB:C8:E9:2B:38:63:CE:9F:BD:40:27:6D:64:49
            X509v3 Authority Key Identifier:
                keyid:7B:11:31:8D:4B:DD:3E:C5:94:33:86:E7:01:D7:D0:2B:D6:83:00:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/exExjUvdPsWUM4bnAdfQK9aDAK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/c9c370-7123-4081-b956-88ec579f88ca/1/iVyGcqEr-8jpKzhjzp-9QCdtZEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/c9c370-7123-4081-b956-88ec579f88ca/1/exExjUvdPsWUM4bnAdfQK9aDAK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:60c7:8100::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:9d:d7:d4:6a:89:42:ff:34:a5:62:3e:5f:21:f3:89:49:0c:
         9c:a3:4b:78:41:a1:7e:2a:b5:3d:0e:ab:09:51:3a:8c:ba:5c:
         85:32:1e:c9:15:d0:9c:9f:27:8e:c4:48:96:83:c9:9f:c5:16:
         4c:a3:ca:79:35:a6:7c:83:1e:22:a9:20:9e:c7:43:89:fc:22:
         05:ec:21:14:f6:ed:62:02:4a:0d:d7:b9:c5:3b:62:58:eb:56:
         a6:3f:94:37:7a:8b:a1:c3:c4:f1:a7:f0:fc:d3:b1:56:eb:fd:
         e1:69:fc:c1:cb:34:51:ed:68:af:b0:5e:11:d6:df:e4:eb:76:
         2c:23:01:c7:db:c6:c6:fe:06:cc:c9:c8:f2:57:fb:76:0b:15:
         61:2b:b8:58:ec:1e:a0:72:f8:b7:7f:42:a5:3f:e4:3c:51:bb:
         9b:c8:0d:72:50:8d:f3:98:5f:ef:e6:49:7e:06:ff:8f:0a:52:
         4a:7a:ac:58:c4:71:39:ad:dd:19:3b:60:95:60:35:6f:3b:61:
         b4:17:aa:d4:64:3e:46:20:4f:0b:09:53:21:90:9d:ee:4b:4d:
         0e:e0:73:0c:b4:39:ac:bd:fd:01:1e:a2:5c:03:93:f3:e1:70:
         c6:3c:dc:59:b3:3f:80:3b:63:5f:d5:73:89:f2:00:95:46:38:
         6a:69:fa:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZnb+ze2i8ih4+apk111qPcBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMTEzMThkNGJkZDNlYzU5NDMzODZlNzAxZDdkMDJiZDY4
MzAwYWQwHhcNMjUxMDEzMDUxMTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTVjODY3MmExMmJmYmM4ZTkyYjM4NjNjZTlmYmQ0MDI3NmQ2NDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5NuQsVj/pte4SIiz4vEUNktSd37
j5i030WrsSbXkk44dlBY+OFOuAYl/YYbN4TQaLxbJIgyE/pe3XQb3y16jxI0C3u+
YUrNg65Nie/TtB9AfLkaqUQ/pnRlkuNuaJeRd+xQkUoxcPf5XOVHPJTWym5zfV1H
0XJRci19FWShRK6MnWMSwPY2BiT26i3DWL2K/mTbKI+BxzXnVN8F+/WYVTCF761T
gTb26owjzbkL0jvn7S/h5SCiB8svZZ8EkK05Wd/NVnMqRubJvzSQN+P5KroU9nlp
60WKrsaJMoH1kDrGICdAmYodzYj8AY7MsfNMh+oZr4pc/VqmohYPqf+CtQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIlchnKhK/vI6Ss4Y86fvUAnbWRJMB8GA1UdIwQY
MBaAFHsRMY1L3T7FlDOG5wHX0CvWgwCtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXhFeGpVdmRQc1dVTTRibkFkZlFLOWFEQUswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9jOWMzNzAtNzEyMy00MDgxLWI5NTYt
ODhlYzU3OWY4OGNhLzEvaVZ5R2NxRXItOGpwS3poanpwLTlRQ2R0WkVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9jOWMzNzAtNzEyMy00MDgxLWI5NTYtODhlYzU3OWY4OGNh
LzEvZXhFeGpVdmRQc1dVTTRibkFkZlFLOWFEQUswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRgx4EA
MA0GCSqGSIb3DQEBCwUAA4IBAQBrndfUaolC/zSlYj5fIfOJSQyco0t4QaF+KrU9
DqsJUTqMulyFMh7JFdCcnyeOxEiWg8mfxRZMo8p5NaZ8gx4iqSCex0OJ/CIF7CEU
9u1iAkoN17nFO2JY61amP5Q3eouhw8Txp/D807FW6/3hafzByzRR7WivsF4R1t/k
63YsIwHH28bG/gbMycjyV/t2CxVhK7hY7B6gcvi3f0KlP+Q8UbubyA1yUI3zmF/v
5kl+Bv+PClJKeqxYxHE5rd0ZO2CVYDVvO2G0F6rUZD5GIE8LCVMhkJ3uS00O4HMM
tDmsvf0BHqJcA5Pz4XDGPNxZsz+AO2Nf1XOJ8gCVRjhqafq3
-----END CERTIFICATE-----