Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/fcfec7-d6c3-4b40-ba2c-f988d48e51e8/1/gnZzs6ma6bupZv_QFfeHC2w5vfs.roa
File:                     gnZzs6ma6bupZv_QFfeHC2w5vfs.roa (raw, json)
Hash identifier:          tmmh6VOJ4XQ6zqxdY06hmFVr0WRGDB+DoX6nJefrwl4=
Subject key identifier:   82:76:73:B3:A9:9A:E9:BB:A9:66:FF:D0:15:F7:87:0B:6C:39:BD:FB
Certificate issuer:       /CN=6dfecfa0e6692595cfbea5266076e8e53efd9461
Certificate serial:       019920EBFB8A74A3EBD53624D59C7124EBC5
Authority key identifier: 6D:FE:CF:A0:E6:69:25:95:CF:BE:A5:26:60:76:E8:E5:3E:FD:94:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bf7PoOZpJZXPvqUmYHbo5T79lGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/fcfec7-d6c3-4b40-ba2c-f988d48e51e8/1/gnZzs6ma6bupZv_QFfeHC2w5vfs.roa
Signing time:             Sat 06 Sep 2025 21:26:00 +0000
ROA not before:           Sat 06 Sep 2025 21:26:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215246
IP address blocks:        2a0c:e304:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/fcfec7-d6c3-4b40-ba2c-f988d48e51e8/1/bf7PoOZpJZXPvqUmYHbo5T79lGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/fcfec7-d6c3-4b40-ba2c-f988d48e51e8/1/bf7PoOZpJZXPvqUmYHbo5T79lGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bf7PoOZpJZXPvqUmYHbo5T79lGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 06:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:20:eb:fb:8a:74:a3:eb:d5:36:24:d5:9c:71:24:eb:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dfecfa0e6692595cfbea5266076e8e53efd9461
        Validity
            Not Before: Sep  6 21:26:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=827673b3a99ae9bba966ffd015f7870b6c39bdfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:92:c4:7c:6c:b4:da:bc:0c:0e:dd:9f:b4:11:
                    ba:8e:35:9f:85:74:7c:b0:da:ec:ec:63:c7:29:fa:
                    c9:fd:b8:67:43:82:e9:7d:8d:57:f3:5c:cd:47:8b:
                    78:a2:e8:b5:23:e8:6f:7c:36:82:0b:ab:81:28:42:
                    af:ba:15:ac:92:ce:a2:3e:92:a3:75:6f:fb:48:3c:
                    0b:19:1f:53:5d:13:c3:6b:53:d9:0b:09:7b:96:8d:
                    d6:a4:d7:97:20:06:b7:f1:56:cd:dc:6a:cb:3a:b1:
                    dc:e5:a4:47:d8:a6:a5:0b:9c:13:ab:2b:4d:69:27:
                    84:65:94:16:01:f6:4b:7f:72:84:af:35:68:09:a9:
                    6a:08:09:c3:65:70:bb:b1:2c:9f:57:e6:5b:86:74:
                    8f:3c:34:c9:da:4c:3a:2c:eb:fb:53:bd:ca:3a:c1:
                    b3:c4:08:4d:b0:b9:21:19:b0:ac:59:94:b5:00:a1:
                    39:ac:b6:92:fc:b3:f2:27:87:d3:eb:ae:90:c1:44:
                    0f:8d:15:4b:b5:10:1d:4a:30:60:97:5c:7c:14:f6:
                    af:28:f4:88:d4:91:d1:a7:12:9b:87:83:93:1b:8d:
                    86:31:35:94:6c:94:37:d1:18:bf:96:2d:77:20:21:
                    5c:26:00:bf:77:15:30:13:b4:9d:1a:e4:2c:e7:56:
                    b9:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:76:73:B3:A9:9A:E9:BB:A9:66:FF:D0:15:F7:87:0B:6C:39:BD:FB
            X509v3 Authority Key Identifier:
                keyid:6D:FE:CF:A0:E6:69:25:95:CF:BE:A5:26:60:76:E8:E5:3E:FD:94:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf7PoOZpJZXPvqUmYHbo5T79lGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/fcfec7-d6c3-4b40-ba2c-f988d48e51e8/1/gnZzs6ma6bupZv_QFfeHC2w5vfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/fcfec7-d6c3-4b40-ba2c-f988d48e51e8/1/bf7PoOZpJZXPvqUmYHbo5T79lGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:e304:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:5a:fc:32:a9:61:8d:61:d4:b3:95:e3:89:00:67:8c:65:1c:
         06:d6:a8:04:62:b4:c7:58:39:cd:35:d0:9f:40:ce:0f:13:96:
         74:5e:ca:54:1c:b5:50:9d:38:46:b3:8a:90:22:b0:72:29:8b:
         3a:21:f2:26:44:5e:22:1e:3a:da:25:76:4b:f6:4d:56:ed:e1:
         94:0b:ba:34:3b:59:91:df:62:b1:53:cc:5c:c7:64:1f:6b:39:
         9b:cf:ab:a2:be:bd:04:34:ed:34:71:46:b1:07:0a:83:0e:50:
         b2:8c:b6:be:da:69:a6:2c:77:05:59:1f:66:14:a2:74:f2:b8:
         a9:06:24:0d:b9:6a:34:2e:f7:b7:97:15:cd:d6:96:0a:94:56:
         00:49:bf:d6:a3:06:6b:4c:67:cd:ca:f2:77:cc:9e:a4:88:84:
         4f:3c:82:68:1d:6a:e8:c8:ae:2f:bd:1f:76:43:52:f5:35:e3:
         d6:23:cd:1f:6e:35:4d:30:a0:52:a4:f3:d4:8b:19:8c:72:0c:
         d5:34:12:7d:ef:d6:87:49:f5:e3:f9:80:3a:9e:8f:0a:86:26:
         a7:c9:ca:57:e1:fc:7d:2c:57:f8:5b:bc:c4:75:94:df:e8:a5:
         4c:96:d5:02:56:45:50:75:8e:90:a9:bc:90:4e:4e:bf:95:9b:
         d6:c4:39:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZkg6/uKdKPr1TYk1ZxxJOvFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZmVjZmEwZTY2OTI1OTVjZmJlYTUyNjYwNzZlOGU1M2Vm
ZDk0NjEwHhcNMjUwOTA2MjEyNjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjc2NzNiM2E5OWFlOWJiYTk2NmZmZDAxNWY3ODcwYjZjMzliZGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpLEfGy02rwMDt2ftBG6jjWfhXR8
sNrs7GPHKfrJ/bhnQ4LpfY1X81zNR4t4oui1I+hvfDaCC6uBKEKvuhWsks6iPpKj
dW/7SDwLGR9TXRPDa1PZCwl7lo3WpNeXIAa38VbN3GrLOrHc5aRH2KalC5wTqytN
aSeEZZQWAfZLf3KErzVoCalqCAnDZXC7sSyfV+ZbhnSPPDTJ2kw6LOv7U73KOsGz
xAhNsLkhGbCsWZS1AKE5rLaS/LPyJ4fT666QwUQPjRVLtRAdSjBgl1x8FPavKPSI
1JHRpxKbh4OTG42GMTWUbJQ30Ri/li13ICFcJgC/dxUwE7SdGuQs51a5fwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIJ2c7Opmum7qWb/0BX3hwtsOb37MB8GA1UdIwQY
MBaAFG3+z6DmaSWVz76lJmB26OU+/ZRhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmY3UG9PWnBKWlhQdnFVbVlIYm81VDc5bEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9mY2ZlYzctZDZjMy00YjQwLWJhMmMt
Zjk4OGQ0OGU1MWU4LzEvZ25aenM2bWE2YnVwWnZfUUZmZUhDMnc1dmZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9mY2ZlYzctZDZjMy00YjQwLWJhMmMtZjk4OGQ0OGU1MWU4
LzEvYmY3UG9PWnBKWlhQdnFVbVlIYm81VDc5bEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgzjBAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCOWvwyqWGNYdSzleOJAGeMZRwG1qgEYrTHWDnN
NdCfQM4PE5Z0XspUHLVQnThGs4qQIrByKYs6IfImRF4iHjraJXZL9k1W7eGUC7o0
O1mR32KxU8xcx2Qfazmbz6uivr0ENO00cUaxBwqDDlCyjLa+2mmmLHcFWR9mFKJ0
8ripBiQNuWo0Lve3lxXN1pYKlFYASb/WowZrTGfNyvJ3zJ6kiIRPPIJoHWroyK4v
vR92Q1L1NePWI80fbjVNMKBSpPPUixmMcgzVNBJ979aHSfXj+YA6no8KhianycpX
4fx9LFf4W7zEdZTf6KVMltUCVkVQdY6QqbyQTk6/lZvWxDkc
-----END CERTIFICATE-----