Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/590e6a-c4fb-4e4d-9ff4-717cf7d73587/1/m7F8-ZMUyz1-psOjPUnaE9Me5Vs.roa
File:                     m7F8-ZMUyz1-psOjPUnaE9Me5Vs.roa (raw, json)
Hash identifier:          HODFa2mR9I0a1zz0sbXkdYMjQ984IJTX1WYokvEP+JA=
Subject key identifier:   9B:B1:7C:F9:93:14:CB:3D:7E:A6:C3:A3:3D:49:DA:13:D3:1E:E5:5B
Certificate issuer:       /CN=c15f0608297e9f94371a72d93ad7b11f79c1f83f
Certificate serial:       019A0BE97EA2F6C71750C8DD4E879DF03BFD
Authority key identifier: C1:5F:06:08:29:7E:9F:94:37:1A:72:D9:3A:D7:B1:1F:79:C1:F8:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wV8GCCl-n5Q3GnLZOtexH3nB-D8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/590e6a-c4fb-4e4d-9ff4-717cf7d73587/1/m7F8-ZMUyz1-psOjPUnaE9Me5Vs.roa
Signing time:             Wed 22 Oct 2025 12:34:02 +0000
ROA not before:           Wed 22 Oct 2025 12:34:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57399
IP address blocks:        2a12:79c0:f000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/590e6a-c4fb-4e4d-9ff4-717cf7d73587/1/wV8GCCl-n5Q3GnLZOtexH3nB-D8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/590e6a-c4fb-4e4d-9ff4-717cf7d73587/1/wV8GCCl-n5Q3GnLZOtexH3nB-D8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wV8GCCl-n5Q3GnLZOtexH3nB-D8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Oct 2025 06:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0b:e9:7e:a2:f6:c7:17:50:c8:dd:4e:87:9d:f0:3b:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c15f0608297e9f94371a72d93ad7b11f79c1f83f
        Validity
            Not Before: Oct 22 12:34:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bb17cf99314cb3d7ea6c3a33d49da13d31ee55b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b7:f4:8b:73:9a:d6:35:70:b9:af:1f:89:d9:
                    3b:c5:91:54:39:f9:32:4b:94:a2:03:65:e2:2a:5e:
                    3f:46:f8:9f:ed:b5:ff:85:3c:d6:6e:b5:01:cc:36:
                    19:67:d7:23:72:36:6c:78:4e:61:7f:7f:38:74:26:
                    22:00:cc:7d:69:75:66:d0:2f:b1:71:2c:e3:90:45:
                    47:c9:10:e9:bf:30:9b:85:3e:cb:ef:28:aa:7d:cf:
                    25:96:91:77:91:f2:05:c0:fc:84:a6:d3:9f:21:45:
                    ab:52:82:cc:33:24:3d:e1:76:d7:b7:dc:28:49:b1:
                    0e:d4:74:05:78:43:07:39:73:ce:1b:31:ba:b3:cb:
                    e4:97:79:87:d2:75:77:81:eb:2c:35:8b:1e:b1:16:
                    f9:c7:48:57:37:43:9c:b0:6f:5e:0b:f5:c9:1e:2c:
                    1f:5e:a7:c5:c7:1e:b3:55:2f:cd:89:f7:42:46:c8:
                    be:23:92:93:9f:cb:63:79:a8:56:fc:28:aa:05:27:
                    92:75:a9:6b:9d:d5:2c:0c:02:22:d2:b2:c5:eb:4e:
                    b2:d9:28:d8:9f:c6:84:f3:13:13:52:db:5f:c3:50:
                    f3:cd:8d:6a:08:01:94:d8:0f:39:0a:c9:70:7e:34:
                    17:91:99:55:2b:84:75:6a:96:71:ea:e2:af:fd:c2:
                    57:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:B1:7C:F9:93:14:CB:3D:7E:A6:C3:A3:3D:49:DA:13:D3:1E:E5:5B
            X509v3 Authority Key Identifier:
                keyid:C1:5F:06:08:29:7E:9F:94:37:1A:72:D9:3A:D7:B1:1F:79:C1:F8:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wV8GCCl-n5Q3GnLZOtexH3nB-D8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/590e6a-c4fb-4e4d-9ff4-717cf7d73587/1/m7F8-ZMUyz1-psOjPUnaE9Me5Vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/590e6a-c4fb-4e4d-9ff4-717cf7d73587/1/wV8GCCl-n5Q3GnLZOtexH3nB-D8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:79c0:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         4c:eb:20:6e:04:fd:ca:4e:52:fb:26:22:9d:5d:9e:47:d6:41:
         90:c0:56:ba:16:7f:d0:ae:b9:3e:84:6d:d9:c1:e9:8a:22:a3:
         18:cf:d8:e6:6d:c4:10:57:22:a8:48:e7:6f:3c:83:0c:c5:77:
         e9:1b:4f:31:64:44:81:fe:3d:16:62:83:da:58:b2:9d:27:83:
         6c:b6:3a:32:98:3c:73:10:ac:d4:2f:1f:73:eb:46:85:8c:91:
         f3:19:e2:76:3b:ec:c7:59:f1:47:7a:0c:11:08:80:26:b9:5b:
         ff:b7:89:88:45:71:7d:c9:04:7a:a3:0b:05:bb:63:f5:eb:5f:
         4f:52:85:0d:de:ba:7e:ad:c6:6e:7c:ee:de:f2:69:9d:eb:fe:
         ec:3d:59:6e:94:6d:47:f6:d1:d3:e7:d6:cb:92:06:ca:49:05:
         80:ed:ab:d0:f6:81:6a:9d:39:c3:21:3d:45:fb:2b:74:e5:2d:
         24:52:24:37:c3:c8:21:f7:f2:82:70:ef:ee:cb:f6:f8:4f:cf:
         b7:f2:db:b0:7c:9f:a0:e4:b6:06:8f:74:ec:d9:e1:56:e8:ab:
         ee:0c:af:67:a1:2b:3a:60:d0:ff:d1:9e:e3:54:e8:26:fb:a0:
         5a:3d:21:fe:a4:98:fc:7b:1c:ec:cc:b7:cb:e9:5d:b9:ab:64:
         71:de:fd:54
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZoL6X6i9scXUMjdToed8Dv9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNWYwNjA4Mjk3ZTlmOTQzNzFhNzJkOTNhZDdiMTFmNzlj
MWY4M2YwHhcNMjUxMDIyMTIzNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmIxN2NmOTkzMTRjYjNkN2VhNmMzYTMzZDQ5ZGExM2QzMWVlNTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLf0i3Oa1jVwua8fidk7xZFUOfky
S5SiA2XiKl4/Rvif7bX/hTzWbrUBzDYZZ9cjcjZseE5hf384dCYiAMx9aXVm0C+x
cSzjkEVHyRDpvzCbhT7L7yiqfc8llpF3kfIFwPyEptOfIUWrUoLMMyQ94XbXt9wo
SbEO1HQFeEMHOXPOGzG6s8vkl3mH0nV3gessNYsesRb5x0hXN0OcsG9eC/XJHiwf
XqfFxx6zVS/NifdCRsi+I5KTn8tjeahW/CiqBSeSdalrndUsDAIi0rLF606y2SjY
n8aE8xMTUttfw1DzzY1qCAGU2A85CslwfjQXkZlVK4R1apZx6uKv/cJX9QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJuxfPmTFMs9fqbDoz1J2hPTHuVbMB8GA1UdIwQY
MBaAFMFfBggpfp+UNxpy2TrXsR95wfg/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1Y4R0NDbC1uNVEzR25MWk90ZXhIM25CLUQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC81OTBlNmEtYzRmYi00ZTRkLTlmZjQt
NzE3Y2Y3ZDczNTg3LzEvbTdGOC1aTVV5ejEtcHNPalBVbmFFOU1lNVZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC81OTBlNmEtYzRmYi00ZTRkLTlmZjQtNzE3Y2Y3ZDczNTg3
LzEvd1Y4R0NDbC1uNVEzR25MWk90ZXhIM25CLUQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhJ5wPAw
DQYJKoZIhvcNAQELBQADggEBAEzrIG4E/cpOUvsmIp1dnkfWQZDAVroWf9CuuT6E
bdnB6YoioxjP2OZtxBBXIqhI5288gwzFd+kbTzFkRIH+PRZig9pYsp0ng2y2OjKY
PHMQrNQvH3PrRoWMkfMZ4nY77MdZ8Ud6DBEIgCa5W/+3iYhFcX3JBHqjCwW7Y/Xr
X09ShQ3eun6txm587t7yaZ3r/uw9WW6UbUf20dPn1suSBspJBYDtq9D2gWqdOcMh
PUX7K3TlLSRSJDfDyCH38oJw7+7L9vhPz7fy27B8n6DktgaPdOzZ4Vboq+4Mr2eh
Kzpg0P/RnuNU6Cb7oFo9If6kmPx7HOzMt8vpXbmrZHHe/VQ=
-----END CERTIFICATE-----