Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/L7IG9Ln6m_zfp5UQKVs9myh5Dc0.roa
File:                     L7IG9Ln6m_zfp5UQKVs9myh5Dc0.roa (raw, json)
Hash identifier:          jvI7jkzEKQADjdVqEl4h9ucF4+e+Qcpdc9H60hR13Xg=
Subject key identifier:   2F:B2:06:F4:B9:FA:9B:FC:DF:A7:95:10:29:5B:3D:9B:28:79:0D:CD
Certificate issuer:       /CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
Certificate serial:       0198B989FABE37ADBD0BE9FE41D07C5E3A31
Authority key identifier: 4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/L7IG9Ln6m_zfp5UQKVs9myh5Dc0.roa
Signing time:             Sun 17 Aug 2025 19:38:04 +0000
ROA not before:           Sun 17 Aug 2025 19:38:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13213
IP address blocks:        2a07:23c0::/48 maxlen: 48
                          2a07:23c0:8::/48 maxlen: 48
                          2a07:23c0:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 04:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b9:89:fa:be:37:ad:bd:0b:e9:fe:41:d0:7c:5e:3a:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
        Validity
            Not Before: Aug 17 19:38:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2fb206f4b9fa9bfcdfa79510295b3d9b28790dcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:89:65:a9:43:d5:ac:75:93:21:2d:f6:9e:89:
                    77:a5:93:55:68:27:6c:a1:41:4c:75:d8:cf:8f:f9:
                    b3:02:0d:35:bf:66:3c:0f:1e:c1:82:41:b1:42:bc:
                    f5:17:f2:2d:0f:e1:75:d5:30:21:9c:b4:39:5f:7f:
                    d9:36:d7:20:95:75:1f:b4:e4:5e:81:ff:03:b5:55:
                    f0:d2:8b:52:48:4f:4b:ee:13:0c:e7:aa:d0:ed:5f:
                    de:0c:06:ad:8d:e0:a1:8f:40:b5:fb:b6:49:6d:17:
                    ad:27:7a:15:84:83:ad:eb:10:cc:77:9b:a3:3f:6a:
                    4a:30:8a:b1:45:69:71:e9:9a:98:3a:1a:e9:dc:68:
                    e4:ab:03:f7:c9:99:40:10:e7:72:b5:04:8b:6e:49:
                    23:68:9f:8b:e2:e3:50:10:1f:70:b1:55:d1:22:ea:
                    6b:4c:34:5b:00:6f:aa:5a:d4:aa:32:9b:0f:8e:b5:
                    97:25:6a:da:29:85:48:1d:56:9d:ad:05:51:90:8e:
                    65:53:b1:14:e4:c6:6e:ed:bd:f1:f4:ec:08:77:35:
                    0e:b9:78:78:86:68:a6:8d:21:5e:a1:ae:8f:fc:6b:
                    81:c5:6f:b8:00:a3:05:2c:b2:73:5b:c3:29:83:8a:
                    b7:95:35:2f:77:c4:58:ac:43:94:35:a6:ef:e8:45:
                    9b:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:B2:06:F4:B9:FA:9B:FC:DF:A7:95:10:29:5B:3D:9B:28:79:0D:CD
            X509v3 Authority Key Identifier:
                keyid:4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/L7IG9Ln6m_zfp5UQKVs9myh5Dc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:23c0::/48
                  2a07:23c0:8::/47

    Signature Algorithm: sha256WithRSAEncryption
         6c:f0:0f:e8:56:eb:19:70:28:8b:ac:cb:79:c7:3a:00:fa:96:
         04:d2:f1:87:a4:77:ce:60:57:79:79:4b:6c:43:37:c8:8c:08:
         44:d1:e7:27:67:46:62:1c:08:a7:34:2d:46:d3:22:ea:34:5a:
         49:0f:9e:df:02:02:e8:07:c9:c5:ea:1d:1a:05:32:b5:f8:90:
         a1:f9:a4:dd:81:f7:50:91:7b:46:ab:5f:c0:cb:99:e8:51:31:
         4c:5c:17:f7:ba:31:93:50:ac:9e:dd:47:b4:ef:38:e3:27:49:
         68:5d:9c:c1:3d:3b:81:c1:52:34:11:d2:65:a0:c1:f2:85:fb:
         a6:f3:e0:83:52:d5:a9:f7:da:c0:70:cb:2b:a9:65:49:df:9e:
         ac:c6:6c:7a:7b:aa:ae:24:76:5f:e7:2b:6b:42:8d:7e:39:0c:
         6e:2d:d7:69:14:03:61:c0:5b:e6:a4:93:e8:58:e1:44:95:4e:
         95:37:1d:b4:9b:f1:af:35:75:ac:e4:56:28:00:6e:d2:91:1c:
         ef:df:1f:c5:83:7f:79:27:02:d6:fa:1d:13:1a:6b:21:fa:fc:
         c9:23:65:ec:92:e9:7b:49:12:6e:23:50:2a:78:17:3e:56:3b:
         a4:4e:fb:f7:64:1c:d4:b4:5f:48:cf:8c:a0:1d:f1:94:5d:67:
         2b:f4:a9:c5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZi5ifq+N629C+n+QdB8XjoxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYjJiYjdiYWQ1MGYxOTIxODEwYTAyOGU3OGVkZDY1Zjgx
ZjZhN2QwHhcNMjUwODE3MTkzODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmIyMDZmNGI5ZmE5YmZjZGZhNzk1MTAyOTViM2Q5YjI4NzkwZGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4llqUPVrHWTIS32nol3pZNVaCds
oUFMddjPj/mzAg01v2Y8Dx7BgkGxQrz1F/ItD+F11TAhnLQ5X3/ZNtcglXUftORe
gf8DtVXw0otSSE9L7hMM56rQ7V/eDAatjeChj0C1+7ZJbRetJ3oVhIOt6xDMd5uj
P2pKMIqxRWlx6ZqYOhrp3GjkqwP3yZlAEOdytQSLbkkjaJ+L4uNQEB9wsVXRIupr
TDRbAG+qWtSqMpsPjrWXJWraKYVIHVadrQVRkI5lU7EU5MZu7b3x9OwIdzUOuXh4
hmimjSFeoa6P/GuBxW+4AKMFLLJzW8Mpg4q3lTUvd8RYrEOUNabv6EWb7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC+yBvS5+pv836eVEClbPZsoeQ3NMB8GA1UdIwQY
MBaAFE+yu3utUPGSGBCgKOeO3WX4H2p9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYt
MjdmYmM5OWVhM2M2LzEvTDdJRzlMbjZtX3pmcDVVUUtWczlteWg1RGMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYtMjdmYmM5OWVhM2M2
LzEvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgcjwAAA
AwcBKgcjwAAIMA0GCSqGSIb3DQEBCwUAA4IBAQBs8A/oVusZcCiLrMt5xzoA+pYE
0vGHpHfOYFd5eUtsQzfIjAhE0ecnZ0ZiHAinNC1G0yLqNFpJD57fAgLoB8nF6h0a
BTK1+JCh+aTdgfdQkXtGq1/Ay5noUTFMXBf3ujGTUKye3Ue07zjjJ0loXZzBPTuB
wVI0EdJloMHyhfum8+CDUtWp99rAcMsrqWVJ356sxmx6e6quJHZf5ytrQo1+OQxu
LddpFANhwFvmpJPoWOFElU6VNx20m/GvNXWs5FYoAG7SkRzv3x/Fg395JwLW+h0T
Gmsh+vzJI2Xskul7SRJuI1AqeBc+VjukTvv3ZBzUtF9Iz4ygHfGUXWcr9KnF
-----END CERTIFICATE-----