Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Td9hazueLfEXPFDbopIDJI-Frug.roa
File:                     Td9hazueLfEXPFDbopIDJI-Frug.roa (raw, json)
Hash identifier:          +e8fRD9ErEQ9ltPvgwUlEj8In3CCFsDB8p2NBcPWpPs=
Subject key identifier:   4D:DF:61:6B:3B:9E:2D:F1:17:3C:50:DB:A2:92:03:24:8F:85:AE:E8
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       019A05A1D4C7DD24A6147C8E73C888D6711A
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Td9hazueLfEXPFDbopIDJI-Frug.roa
Signing time:             Tue 21 Oct 2025 07:18:03 +0000
ROA not before:           Tue 21 Oct 2025 07:18:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204921
IP address blocks:        2a0f:7803:f4b0::/44 maxlen: 48
                          2a0f:7806:fff0::/48 maxlen: 48
                          2a0f:7807::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 14:12:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:05:a1:d4:c7:dd:24:a6:14:7c:8e:73:c8:88:d6:71:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Oct 21 07:18:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ddf616b3b9e2df1173c50dba29203248f85aee8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:5a:04:29:1f:7c:e6:42:21:b7:4e:9d:c8:83:
                    bb:34:5d:cb:27:78:0b:59:b7:76:99:14:a5:37:68:
                    e3:08:9d:ed:f2:e7:ea:fa:be:25:48:33:98:bd:c5:
                    28:86:4f:28:61:a5:67:ba:3d:cf:5e:90:a6:92:62:
                    d8:7d:eb:77:81:e4:98:fa:d8:a5:1a:c5:d5:60:b4:
                    d8:68:1b:4a:8f:3a:d1:d8:b9:2e:e4:5e:6d:60:b9:
                    00:5e:1b:01:39:c7:dc:9f:1a:d9:f3:05:00:f7:d1:
                    95:a9:3c:48:ec:45:03:36:12:3e:e2:4a:61:a9:39:
                    36:05:79:89:28:d8:31:ea:5e:96:10:19:96:18:a3:
                    6d:3b:20:aa:67:92:54:e3:5a:75:61:6a:33:ce:e3:
                    ce:79:d0:5b:cd:c1:8d:05:02:17:9f:03:ce:10:84:
                    7a:74:04:e3:f4:8e:7c:61:cc:11:8b:4f:8f:0a:d8:
                    9b:65:1d:18:51:1a:16:30:c4:b3:ae:94:64:53:d0:
                    e9:0b:7c:9e:1b:60:49:fe:a3:10:a8:1f:6e:c4:c2:
                    ae:21:3a:3a:4f:1b:86:37:a8:fd:df:c8:d9:ea:75:
                    6b:65:a1:91:91:f9:90:65:78:80:33:23:46:d2:eb:
                    c2:08:3e:f4:01:c0:26:59:9b:80:38:65:6b:e6:7d:
                    aa:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:DF:61:6B:3B:9E:2D:F1:17:3C:50:DB:A2:92:03:24:8F:85:AE:E8
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Td9hazueLfEXPFDbopIDJI-Frug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:f4b0::/44
                  2a0f:7806:fff0::/48
                  2a0f:7807::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:50:a1:8a:21:60:0c:e9:c6:10:e2:d4:b5:88:7c:3c:66:e3:
         b2:56:b3:54:3f:86:5d:d1:5a:f4:12:c5:8f:e0:e2:76:49:cc:
         07:9d:6c:91:9c:ec:cc:32:98:6a:b4:36:15:a3:cf:bf:4f:cb:
         62:41:49:4e:15:64:d3:a6:0e:9b:a3:16:be:17:18:5d:20:17:
         5b:70:ef:6c:ce:ea:a3:b9:1a:f1:17:d1:d4:48:e4:d1:2f:be:
         cc:e0:a4:7c:e8:e7:c6:a1:33:db:a6:75:f1:55:b4:c9:68:15:
         df:7d:af:02:d9:80:e6:74:5a:05:30:26:0a:06:50:d1:11:63:
         8b:cf:80:dc:d5:7f:a6:1c:17:1d:95:78:e8:b8:d8:df:a4:24:
         8e:32:0c:c0:29:ba:d7:ad:eb:8e:2b:cd:e9:a0:86:ce:61:27:
         be:1d:77:4c:79:ec:b7:43:c8:3b:91:1b:c3:dc:95:cf:25:fa:
         12:49:dd:0c:02:48:56:30:c2:fa:f2:45:b2:78:f7:4e:98:70:
         40:53:04:69:a3:f7:82:fd:40:9d:6f:90:3e:3f:27:38:54:f4:
         49:39:d2:41:74:7f:b3:aa:68:11:81:ca:59:8b:5b:17:2a:f1:
         5c:d9:e7:c9:f7:19:60:f6:65:e9:c6:dd:3d:32:fb:29:86:1c:
         1a:33:d2:ee
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZoFodTH3SSmFHyOc8iI1nEaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUxMDIxMDcxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGRmNjE2YjNiOWUyZGYxMTczYzUwZGJhMjkyMDMyNDhmODVhZWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1oEKR985kIht06dyIO7NF3LJ3gL
Wbd2mRSlN2jjCJ3t8ufq+r4lSDOYvcUohk8oYaVnuj3PXpCmkmLYfet3geSY+til
GsXVYLTYaBtKjzrR2Lku5F5tYLkAXhsBOcfcnxrZ8wUA99GVqTxI7EUDNhI+4kph
qTk2BXmJKNgx6l6WEBmWGKNtOyCqZ5JU41p1YWozzuPOedBbzcGNBQIXnwPOEIR6
dATj9I58YcwRi0+PCtibZR0YURoWMMSzrpRkU9DpC3yeG2BJ/qMQqB9uxMKuITo6
TxuGN6j938jZ6nVrZaGRkfmQZXiAMyNG0uvCCD70AcAmWZuAOGVr5n2qjQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFE3fYWs7ni3xFzxQ26KSAySPha7oMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvVGQ5aGF6dWVMZkVYUEZEYm9wSURKSS1GcnVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAfBAIAAjAZAwcEKg94A/Sw
AwcAKg94Bv/wAwUAKg94BzANBgkqhkiG9w0BAQsFAAOCAQEAXVChiiFgDOnGEOLU
tYh8PGbjslazVD+GXdFa9BLFj+DidknMB51skZzszDKYarQ2FaPPv0/LYkFJThVk
06YOm6MWvhcYXSAXW3DvbM7qo7ka8RfR1Ejk0S++zOCkfOjnxqEz26Z18VW0yWgV
332vAtmA5nRaBTAmCgZQ0RFji8+A3NV/phwXHZV46LjY36QkjjIMwCm6163rjivN
6aCGzmEnvh13THnst0PIO5Ebw9yVzyX6EkndDAJIVjDC+vJFsnj3TphwQFMEaaP3
gv1AnW+QPj8nOFT0STnSQXR/s6poEYHKWYtbFyrxXNnnyfcZYPZl6cbdPTL7KYYc
GjPS7g==
-----END CERTIFICATE-----