Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/7LJP4TTrnOvYHrxDIcD68WvMpkk.roa
File:                     7LJP4TTrnOvYHrxDIcD68WvMpkk.roa (raw, json)
Hash identifier:          lLcekHLAvj7EJiZGkNr9eVZ0bS3xvv53hGQkkk7vZH0=
Subject key identifier:   EC:B2:4F:E1:34:EB:9C:EB:D8:1E:BC:43:21:C0:FA:F1:6B:CC:A6:49
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       01994EC6313B670E63D2739A25C85AD7BE1F
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/7LJP4TTrnOvYHrxDIcD68WvMpkk.roa
Signing time:             Mon 15 Sep 2025 19:07:15 +0000
ROA not before:           Mon 15 Sep 2025 19:07:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204968
IP address blocks:        2a12:6600::/29 maxlen: 29
                          2a12:9e00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 19:21:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4e:c6:31:3b:67:0e:63:d2:73:9a:25:c8:5a:d7:be:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Sep 15 19:07:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecb24fe134eb9cebd81ebc4321c0faf16bcca649
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:65:92:de:21:9d:71:ff:ea:e5:c5:0b:8f:50:
                    5e:c6:06:66:13:a6:3c:4e:f0:ff:cb:fb:7b:80:8e:
                    8d:84:82:13:a7:2e:8a:13:35:22:9f:a1:72:cc:c6:
                    04:a4:6a:d2:bb:35:f3:bd:2d:18:5a:1d:5a:0d:67:
                    bf:cb:3b:77:fb:b2:27:5f:d7:f3:07:e7:90:25:7b:
                    50:54:b8:52:f9:05:ea:b9:39:a0:c0:6d:63:a4:06:
                    47:aa:a6:c3:eb:fb:50:5d:cd:c7:7c:74:de:d3:75:
                    9b:cf:e6:bc:cd:f6:91:87:4c:e0:2e:33:a0:a9:6c:
                    b2:e1:c4:c3:d4:5f:e1:53:88:7e:1c:7e:b1:72:75:
                    09:24:2e:2e:df:f8:01:60:63:9b:c1:62:49:5f:b8:
                    04:be:87:11:1a:0a:b9:e5:2f:08:49:83:43:e2:1f:
                    e6:b4:3f:1a:af:83:64:00:25:e6:84:90:4d:44:f9:
                    f7:c2:68:60:e1:50:ca:ed:3e:64:70:2a:41:1f:5c:
                    ee:24:54:5e:e5:a8:44:98:9a:e1:63:ee:46:b8:8d:
                    ad:d8:1f:9e:21:38:64:7a:3e:aa:30:28:d3:36:88:
                    65:f3:af:01:c8:63:55:9a:c3:f8:9f:e3:cb:9d:1c:
                    48:58:63:f1:57:e4:37:cb:f2:43:a7:81:34:80:d0:
                    fa:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:B2:4F:E1:34:EB:9C:EB:D8:1E:BC:43:21:C0:FA:F1:6B:CC:A6:49
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/7LJP4TTrnOvYHrxDIcD68WvMpkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:6600::/29
                  2a12:9e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         96:37:94:c2:8f:62:20:2f:a1:18:b1:a5:4a:d1:16:2f:37:5e:
         28:7b:3c:02:81:9c:c0:df:47:35:38:33:67:fd:30:4f:55:a6:
         2f:a6:cf:88:e9:63:0b:35:66:ac:f6:b2:73:22:6d:99:f7:a7:
         0a:0e:a4:35:7c:a2:9c:76:f1:e7:6a:70:5e:d4:9b:ab:1c:c3:
         1c:d8:cd:83:ba:ea:4d:82:65:fa:d6:26:26:66:ba:fd:a2:71:
         68:54:16:f4:92:f4:f0:c2:ea:ea:3b:c1:a0:83:b2:da:e1:eb:
         a7:30:da:61:46:e4:dd:0b:14:13:9b:f2:a5:13:5d:60:6d:20:
         05:13:63:ae:b4:91:9f:16:33:38:e0:aa:5b:b8:dd:2d:c1:52:
         2f:a3:c9:b5:41:fb:43:a0:10:fa:5c:ff:a2:79:98:22:6c:09:
         53:af:80:a6:e3:3a:9a:0d:1b:d7:ef:4d:78:be:88:f6:be:0d:
         c5:37:d6:c6:48:20:1f:97:a2:da:80:00:b2:7c:ec:5a:5d:69:
         d1:8e:98:20:d2:45:f6:c8:7a:42:7a:fa:1d:7b:cb:6e:d2:2d:
         c0:61:27:4a:78:da:c1:ab:7e:e9:1b:88:52:ac:c7:8b:c1:14:
         b2:a3:8c:d4:87:a1:1d:07:cf:13:8f:e9:28:b5:21:90:96:76:
         b5:77:e7:d0
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZlOxjE7Zw5j0nOaJcha174fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwOTE1MTkwNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2IyNGZlMTM0ZWI5Y2ViZDgxZWJjNDMyMWMwZmFmMTZiY2NhNjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2WS3iGdcf/q5cULj1BexgZmE6Y8
TvD/y/t7gI6NhIITpy6KEzUin6FyzMYEpGrSuzXzvS0YWh1aDWe/yzt3+7InX9fz
B+eQJXtQVLhS+QXquTmgwG1jpAZHqqbD6/tQXc3HfHTe03Wbz+a8zfaRh0zgLjOg
qWyy4cTD1F/hU4h+HH6xcnUJJC4u3/gBYGObwWJJX7gEvocRGgq55S8ISYND4h/m
tD8ar4NkACXmhJBNRPn3wmhg4VDK7T5kcCpBH1zuJFRe5ahEmJrhY+5GuI2t2B+e
IThkej6qMCjTNohl868ByGNVmsP4n+PLnRxIWGPxV+Q3y/JDp4E0gND6EQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOyyT+E065zr2B68QyHA+vFrzKZJMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvN0xKUDRUVHJuT3ZZSHJ4REljRDY4V3ZNcGtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhJmAAMF
AyoSngAwDQYJKoZIhvcNAQELBQADggEBAJY3lMKPYiAvoRixpUrRFi83Xih7PAKB
nMDfRzU4M2f9ME9Vpi+mz4jpYws1Zqz2snMibZn3pwoOpDV8opx28edqcF7Um6sc
wxzYzYO66k2CZfrWJiZmuv2icWhUFvSS9PDC6uo7waCDstrh66cw2mFG5N0LFBOb
8qUTXWBtIAUTY660kZ8WMzjgqlu43S3BUi+jybVB+0OgEPpc/6J5mCJsCVOvgKbj
OpoNG9fvTXi+iPa+DcU31sZIIB+XotqAALJ87FpdadGOmCDSRfbIekJ6+h17y27S
LcBhJ0p42sGrfukbiFKsx4vBFLKjjNSHoR0HzxOP6Si1IZCWdrV359A=
-----END CERTIFICATE-----