Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/b59d3c-9def-4ccf-a9da-1b3379aff51d/1/I-zs-8rljmDPlErQ03m2L3NV_DU.roa
File:                     I-zs-8rljmDPlErQ03m2L3NV_DU.roa (raw, json)
Hash identifier:          UzoSi4X1KX7g6G8RqFjoqfYd2UGDWS9dFOixZ89hyRU=
Subject key identifier:   23:EC:EC:FB:CA:E5:8E:60:CF:94:4A:D0:D3:79:B6:2F:73:55:FC:35
Certificate issuer:       /CN=d7ec3c0285bc458332de8150364ab2a219ba61e2
Certificate serial:       0199070647B7B08547B2E5C652BF0963ACFD
Authority key identifier: D7:EC:3C:02:85:BC:45:83:32:DE:81:50:36:4A:B2:A2:19:BA:61:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-w8AoW8RYMy3oFQNkqyohm6YeI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/b59d3c-9def-4ccf-a9da-1b3379aff51d/1/I-zs-8rljmDPlErQ03m2L3NV_DU.roa
Signing time:             Mon 01 Sep 2025 20:44:36 +0000
ROA not before:           Mon 01 Sep 2025 20:44:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202587
IP address blocks:        2a07:bf40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/b59d3c-9def-4ccf-a9da-1b3379aff51d/1/1-w8AoW8RYMy3oFQNkqyohm6YeI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/b59d3c-9def-4ccf-a9da-1b3379aff51d/1/1-w8AoW8RYMy3oFQNkqyohm6YeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-w8AoW8RYMy3oFQNkqyohm6YeI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:07:06:47:b7:b0:85:47:b2:e5:c6:52:bf:09:63:ac:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7ec3c0285bc458332de8150364ab2a219ba61e2
        Validity
            Not Before: Sep  1 20:44:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23ececfbcae58e60cf944ad0d379b62f7355fc35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:de:21:5c:06:27:3c:11:9b:06:44:e5:52:75:
                    a4:49:f7:0b:86:cf:f2:8f:48:ae:14:00:36:3e:fb:
                    e8:19:37:72:e3:46:8e:94:f7:c4:07:53:bd:5e:31:
                    55:c3:de:e3:a8:12:29:3a:3a:f1:08:00:f8:76:42:
                    7b:d7:f9:ff:23:b2:9d:a3:a2:b1:38:fd:02:96:1f:
                    90:bf:87:00:ce:2c:7f:7e:7c:5f:3e:be:41:bc:91:
                    1f:af:ad:5c:24:25:be:0b:6c:61:1a:2c:11:96:16:
                    00:ca:8b:b1:4c:9e:a9:59:ae:23:47:00:7e:c2:9d:
                    5e:1d:ff:a2:30:d6:4b:3a:96:a4:b8:01:fc:e4:43:
                    56:c5:86:ec:de:e1:f5:0d:f4:0f:0a:c9:06:b9:f1:
                    f0:e3:50:cf:8d:58:97:c9:f0:31:d3:b9:67:a0:4f:
                    2d:9b:5b:e7:53:4b:4c:85:74:87:3d:99:8b:30:d3:
                    ec:46:a2:c9:8f:07:a5:45:c2:9e:a3:e4:d6:82:bc:
                    de:41:32:21:a2:c0:70:e2:89:fc:37:66:46:7f:77:
                    f8:21:fe:65:8e:94:99:45:c9:9d:74:69:f4:a3:44:
                    cf:bc:55:f5:0c:37:fd:72:82:51:80:7d:ec:e0:ac:
                    4f:97:b5:14:1b:78:83:4a:d4:04:61:e7:f1:46:8c:
                    4c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:EC:EC:FB:CA:E5:8E:60:CF:94:4A:D0:D3:79:B6:2F:73:55:FC:35
            X509v3 Authority Key Identifier:
                keyid:D7:EC:3C:02:85:BC:45:83:32:DE:81:50:36:4A:B2:A2:19:BA:61:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-w8AoW8RYMy3oFQNkqyohm6YeI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/b59d3c-9def-4ccf-a9da-1b3379aff51d/1/I-zs-8rljmDPlErQ03m2L3NV_DU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/b59d3c-9def-4ccf-a9da-1b3379aff51d/1/1-w8AoW8RYMy3oFQNkqyohm6YeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:bf40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:67:43:a6:31:8f:e1:9a:b7:30:07:1f:1b:14:92:67:e9:cb:
         f5:59:5b:be:b4:99:f8:30:4c:4d:75:eb:89:4c:4f:94:44:de:
         1f:8a:06:a6:d0:21:09:9b:1b:f9:b4:cb:b3:16:44:aa:8a:29:
         6f:02:32:d4:10:1b:43:fe:40:19:74:d3:5c:06:03:f9:cb:b6:
         6f:f9:35:79:c7:7f:1f:1f:ec:0a:f5:35:04:32:1e:6c:ce:f3:
         66:25:05:a9:10:4a:77:3f:c3:cc:f8:a8:aa:e7:5c:f6:af:26:
         f8:a3:d6:93:4a:59:3f:a3:6f:4c:98:89:46:6c:6f:9d:98:7c:
         89:36:e0:11:c1:80:68:62:88:02:3a:69:7a:56:8b:7a:fa:b5:
         f7:b4:a1:b3:45:6c:9b:97:e6:ca:41:4b:94:fc:e4:30:b7:55:
         3e:dc:01:25:0d:42:8d:0c:f6:05:49:38:4d:6a:2a:5f:19:db:
         26:a2:d8:98:24:a5:ab:60:6c:90:fc:eb:ca:07:1e:92:9f:43:
         07:f0:09:0b:0c:7d:82:73:0e:24:93:8f:17:b6:4f:72:39:8e:
         a6:78:bf:bb:b7:af:f0:55:1e:50:f8:6e:6e:4f:a4:a0:73:a7:
         fd:1a:74:30:93:52:77:74:b1:af:a3:35:6f:10:fe:e0:7a:45:
         ee:9a:bf:4b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZkHBke3sIVHsuXGUr8JY6z9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3ZWMzYzAyODViYzQ1ODMzMmRlODE1MDM2NGFiMmEyMTli
YTYxZTIwHhcNMjUwOTAxMjA0NDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2VjZWNmYmNhZTU4ZTYwY2Y5NDRhZDBkMzc5YjYyZjczNTVmYzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA494hXAYnPBGbBkTlUnWkSfcLhs/y
j0iuFAA2PvvoGTdy40aOlPfEB1O9XjFVw97jqBIpOjrxCAD4dkJ71/n/I7Kdo6Kx
OP0Clh+Qv4cAzix/fnxfPr5BvJEfr61cJCW+C2xhGiwRlhYAyouxTJ6pWa4jRwB+
wp1eHf+iMNZLOpakuAH85ENWxYbs3uH1DfQPCskGufHw41DPjViXyfAx07lnoE8t
m1vnU0tMhXSHPZmLMNPsRqLJjwelRcKeo+TWgrzeQTIhosBw4on8N2ZGf3f4If5l
jpSZRcmddGn0o0TPvFX1DDf9coJRgH3s4KxPl7UUG3iDStQEYefxRoxMqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCPs7PvK5Y5gz5RK0NN5ti9zVfw1MB8GA1UdIwQY
MBaAFNfsPAKFvEWDMt6BUDZKsqIZumHiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS13OEFvVzhSWU15M29GUU5rcXlvaG02WWVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9iNTlkM2MtOWRlZi00Y2NmLWE5ZGEt
MWIzMzc5YWZmNTFkLzEvSS16cy04cmxqbURQbEVyUTAzbTJMM05WX0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9iNTlkM2MtOWRlZi00Y2NmLWE5ZGEtMWIzMzc5YWZmNTFk
LzEvMS13OEFvVzhSWU15M29GUU5rcXlvaG02WWVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKge/QDAN
BgkqhkiG9w0BAQsFAAOCAQEADmdDpjGP4Zq3MAcfGxSSZ+nL9VlbvrSZ+DBMTXXr
iUxPlETeH4oGptAhCZsb+bTLsxZEqoopbwIy1BAbQ/5AGXTTXAYD+cu2b/k1ecd/
Hx/sCvU1BDIebM7zZiUFqRBKdz/DzPioqudc9q8m+KPWk0pZP6NvTJiJRmxvnZh8
iTbgEcGAaGKIAjppelaLevq197Shs0Vsm5fmykFLlPzkMLdVPtwBJQ1CjQz2BUk4
TWoqXxnbJqLYmCSlq2BskPzrygcekp9DB/AJCwx9gnMOJJOPF7ZPcjmOpni/u7ev
8FUeUPhubk+koHOn/Rp0MJNSd3Sxr6M1bxD+4HpF7pq/Sw==
-----END CERTIFICATE-----