Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/VliM74cUB27zXPoFL0FWOeXRIlk.roa
File:                     VliM74cUB27zXPoFL0FWOeXRIlk.roa (raw, json)
Hash identifier:          0/MfIsQIxcICHCrqkcEZGbkULpAHKRw0QMQaxLs2zh8=
Subject key identifier:   56:58:8C:EF:87:14:07:6E:F3:5C:FA:05:2F:41:56:39:E5:D1:22:59
Certificate issuer:       /CN=37431f1be9fdc2419098479cde457bbf79571759
Certificate serial:       01991D133D6D149D8A775161A725DDF819AA
Authority key identifier: 37:43:1F:1B:E9:FD:C2:41:90:98:47:9C:DE:45:7B:BF:79:57:17:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N0MfG-n9wkGQmEec3kV7v3lXF1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/VliM74cUB27zXPoFL0FWOeXRIlk.roa
Signing time:             Sat 06 Sep 2025 03:30:24 +0000
ROA not before:           Sat 06 Sep 2025 03:30:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401922
IP address blocks:        2a0b:65c0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/N0MfG-n9wkGQmEec3kV7v3lXF1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/N0MfG-n9wkGQmEec3kV7v3lXF1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N0MfG-n9wkGQmEec3kV7v3lXF1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 18:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1d:13:3d:6d:14:9d:8a:77:51:61:a7:25:dd:f8:19:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37431f1be9fdc2419098479cde457bbf79571759
        Validity
            Not Before: Sep  6 03:30:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56588cef8714076ef35cfa052f415639e5d12259
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1f:a2:57:f4:01:d8:85:32:98:38:90:cd:64:
                    b2:12:1d:e3:4d:bf:9c:db:f0:ff:c9:56:e9:03:00:
                    b9:0d:42:30:86:42:0b:1f:54:dc:e7:75:34:be:10:
                    28:a6:32:79:28:2e:8a:36:25:03:a8:86:3f:32:46:
                    85:12:45:4d:92:22:43:16:eb:8a:91:04:7b:13:d9:
                    e3:4c:d5:52:a8:13:cf:7a:20:89:96:ce:3f:4c:30:
                    d5:1c:f6:f1:65:98:01:0c:23:11:2c:a8:a9:97:3e:
                    8d:0a:c5:ae:e9:17:d3:e6:d5:9b:6a:12:be:0b:e9:
                    83:e4:d0:b0:f9:c2:5f:d0:99:54:14:d3:72:61:fb:
                    a6:38:d5:47:b6:6f:3b:b6:4e:b9:0d:ba:5c:91:fa:
                    78:5d:fd:25:8d:6d:18:54:7a:bd:58:fd:86:46:99:
                    85:41:99:b2:7d:4b:7c:44:4a:63:3c:5f:03:98:57:
                    90:93:3d:cd:d1:fd:1b:2c:e5:f9:29:6c:c3:f0:f8:
                    6b:6d:a0:cf:cf:04:8c:71:b7:fb:15:02:18:ed:5a:
                    f9:c8:99:76:1c:26:8d:9e:ae:6c:f5:6f:8e:fe:36:
                    a6:8f:2f:e4:a3:84:71:dc:6b:ce:fc:b5:6a:2d:4d:
                    04:34:b3:6a:a9:35:05:d3:05:c3:bc:88:1b:3a:2a:
                    3e:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:58:8C:EF:87:14:07:6E:F3:5C:FA:05:2F:41:56:39:E5:D1:22:59
            X509v3 Authority Key Identifier:
                keyid:37:43:1F:1B:E9:FD:C2:41:90:98:47:9C:DE:45:7B:BF:79:57:17:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N0MfG-n9wkGQmEec3kV7v3lXF1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/VliM74cUB27zXPoFL0FWOeXRIlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/N0MfG-n9wkGQmEec3kV7v3lXF1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:65c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:74:e2:e0:3d:33:ee:b7:0d:13:54:f1:34:67:99:5f:54:ee:
         e5:c5:00:9a:1a:3b:aa:1f:82:fa:71:02:f2:cb:4a:b2:ca:ae:
         f6:08:65:6a:59:13:2d:21:32:af:d6:8f:2e:ff:7a:12:f5:a8:
         eb:17:8b:6e:4f:e0:81:73:5f:71:5c:af:fb:d5:9d:59:6e:88:
         ab:ad:cb:bc:d1:1f:7d:ce:ea:f2:ab:6a:52:0a:8e:4d:e9:90:
         1c:03:3d:c0:8b:82:88:56:cb:7e:01:7c:19:d3:7f:23:67:f5:
         d9:cb:b4:30:08:b7:3f:d0:8c:2b:60:63:69:c1:d8:c8:c0:d2:
         31:ec:a4:45:78:e5:b2:d8:55:fb:c4:93:43:83:d3:8d:ab:70:
         b1:3a:fd:8e:1c:12:6a:76:e9:7d:24:83:20:4a:2a:c4:22:35:
         84:35:ef:3e:0f:c9:ea:89:32:80:5e:c7:12:07:5a:98:a8:89:
         2d:89:9e:bb:5d:e6:1c:91:90:dd:ee:8e:e5:eb:5a:60:75:65:
         85:e1:75:43:10:e0:67:aa:b7:b5:08:0f:51:43:a5:d1:ed:58:
         b1:f5:82:cc:24:db:ee:23:22:ee:00:bd:e1:d5:e2:69:dc:19:
         83:f5:af:73:61:f7:58:a2:55:ce:04:29:a7:4a:7f:a8:a6:ef:
         75:b5:f8:06
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZkdEz1tFJ2Kd1FhpyXd+BmqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NDMxZjFiZTlmZGMyNDE5MDk4NDc5Y2RlNDU3YmJmNzk1
NzE3NTkwHhcNMjUwOTA2MDMzMDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjU4OGNlZjg3MTQwNzZlZjM1Y2ZhMDUyZjQxNTYzOWU1ZDEyMjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxR+iV/QB2IUymDiQzWSyEh3jTb+c
2/D/yVbpAwC5DUIwhkILH1Tc53U0vhAopjJ5KC6KNiUDqIY/MkaFEkVNkiJDFuuK
kQR7E9njTNVSqBPPeiCJls4/TDDVHPbxZZgBDCMRLKiplz6NCsWu6RfT5tWbahK+
C+mD5NCw+cJf0JlUFNNyYfumONVHtm87tk65Dbpckfp4Xf0ljW0YVHq9WP2GRpmF
QZmyfUt8REpjPF8DmFeQkz3N0f0bLOX5KWzD8PhrbaDPzwSMcbf7FQIY7Vr5yJl2
HCaNnq5s9W+O/jamjy/ko4Rx3GvO/LVqLU0ENLNqqTUF0wXDvIgbOio+FQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFZYjO+HFAdu81z6BS9BVjnl0SJZMB8GA1UdIwQY
MBaAFDdDHxvp/cJBkJhHnN5Fe795VxdZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjBNZkctbjl3a0dRbUVlYzNrVjd2M2xYRjFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iNTM1NDctZDM0MC00MzkyLWFmNDYt
NjE1OTYxMzEyYjUyLzEvVmxpTTc0Y1VCMjd6WFBvRkwwRldPZVhSSWxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iNTM1NDctZDM0MC00MzkyLWFmNDYtNjE1OTYxMzEyYjUy
LzEvTjBNZkctbjl3a0dRbUVlYzNrVjd2M2xYRjFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgtlwAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBmdOLgPTPutw0TVPE0Z5lfVO7lxQCaGjuqH4L6
cQLyy0qyyq72CGVqWRMtITKv1o8u/3oS9ajrF4tuT+CBc19xXK/71Z1Zboirrcu8
0R99zuryq2pSCo5N6ZAcAz3Ai4KIVst+AXwZ038jZ/XZy7QwCLc/0IwrYGNpwdjI
wNIx7KRFeOWy2FX7xJNDg9ONq3CxOv2OHBJqdul9JIMgSirEIjWENe8+D8nqiTKA
XscSB1qYqIktiZ67XeYckZDd7o7l61pgdWWF4XVDEOBnqre1CA9RQ6XR7Vix9YLM
JNvuIyLuAL3h1eJp3BmD9a9zYfdYolXOBCmnSn+opu91tfgG
-----END CERTIFICATE-----