Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/0f087b-7253-461e-9021-9a91219f06e1/1/ciRoloBEp337Qlo90VFtPltKd2A.roa
File:                     ciRoloBEp337Qlo90VFtPltKd2A.roa (raw, json)
Hash identifier:          Lk9kN0nmqw0o7bbuGulOuenC/GERk7m25lHoaP1uzNQ=
Subject key identifier:   72:24:68:96:80:44:A7:7D:FB:42:5A:3D:D1:51:6D:3E:5B:4A:77:60
Certificate issuer:       /CN=0b30057817ed2fd9595846320fdb814c9fc44a13
Certificate serial:       01990B139460472F5384BB2B98C28B2FE28F
Authority key identifier: 0B:30:05:78:17:ED:2F:D9:59:58:46:32:0F:DB:81:4C:9F:C4:4A:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CzAFeBftL9lZWEYyD9uBTJ_EShM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/0f087b-7253-461e-9021-9a91219f06e1/1/ciRoloBEp337Qlo90VFtPltKd2A.roa
Signing time:             Tue 02 Sep 2025 15:37:36 +0000
ROA not before:           Tue 02 Sep 2025 15:37:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205183
IP address blocks:        2a0c:d780::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/0f087b-7253-461e-9021-9a91219f06e1/1/CzAFeBftL9lZWEYyD9uBTJ_EShM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/0f087b-7253-461e-9021-9a91219f06e1/1/CzAFeBftL9lZWEYyD9uBTJ_EShM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CzAFeBftL9lZWEYyD9uBTJ_EShM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0b:13:94:60:47:2f:53:84:bb:2b:98:c2:8b:2f:e2:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b30057817ed2fd9595846320fdb814c9fc44a13
        Validity
            Not Before: Sep  2 15:37:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=722468968044a77dfb425a3dd1516d3e5b4a7760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:72:55:b2:7b:c8:ea:5f:a8:fa:6c:c4:6c:55:
                    e6:03:24:2f:42:7f:dd:01:ab:bd:9e:d1:f0:44:af:
                    d2:2c:fb:36:95:8b:96:47:58:7d:bb:db:58:32:fb:
                    8e:82:b1:ef:2e:11:e2:1c:cc:a7:d0:ac:d9:4f:70:
                    7e:09:08:53:d5:aa:47:51:c6:12:fd:62:fa:47:55:
                    1d:09:f5:9d:61:94:7a:8d:1d:1a:36:6d:05:1f:86:
                    13:52:ba:bf:29:a3:0b:fd:bb:d7:b0:c1:1e:8e:c1:
                    68:57:9d:0f:fe:bb:33:7a:e3:40:27:b4:fc:4a:ef:
                    83:cd:5b:02:4c:b5:6f:19:f3:82:b7:b0:14:b2:58:
                    21:6d:68:3d:df:0a:7b:66:63:63:8c:94:11:4a:d1:
                    7c:83:a6:ca:c5:27:4e:d1:f7:01:cd:15:75:60:48:
                    76:28:42:94:7b:2e:35:94:8a:1f:b4:26:61:16:de:
                    89:ba:02:b4:77:75:fd:b0:af:8d:9e:ff:ed:0c:40:
                    15:40:57:0d:30:a1:47:c9:01:f2:6d:1c:ad:48:51:
                    8b:89:e6:2d:a4:c9:bf:bb:d9:6f:4b:06:70:3a:2d:
                    cb:d3:51:6a:77:4d:77:3c:b4:c4:94:6f:de:90:4b:
                    d9:17:0a:64:d4:f4:3a:5f:30:ed:3c:af:52:7e:e6:
                    4b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:24:68:96:80:44:A7:7D:FB:42:5A:3D:D1:51:6D:3E:5B:4A:77:60
            X509v3 Authority Key Identifier:
                keyid:0B:30:05:78:17:ED:2F:D9:59:58:46:32:0F:DB:81:4C:9F:C4:4A:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CzAFeBftL9lZWEYyD9uBTJ_EShM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/0f087b-7253-461e-9021-9a91219f06e1/1/ciRoloBEp337Qlo90VFtPltKd2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/0f087b-7253-461e-9021-9a91219f06e1/1/CzAFeBftL9lZWEYyD9uBTJ_EShM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:d780::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:5f:c6:84:fe:ee:fb:a7:f2:ca:2f:24:6c:4c:ff:0c:b7:fb:
         54:fe:89:9f:b1:77:06:41:9a:00:a1:4d:fe:3f:e7:1a:85:eb:
         33:74:af:99:15:05:8c:56:1d:8f:4f:43:3e:8e:ac:6b:3b:09:
         11:89:d9:40:fc:4e:bd:60:3b:4c:95:85:31:a8:3d:fc:a2:f1:
         bd:a4:5d:68:d5:f2:31:df:23:03:ac:bb:88:f1:99:cf:4e:88:
         f2:e9:09:8b:c3:50:27:4a:45:0d:d7:7e:5d:88:18:9d:3c:dc:
         b7:cb:73:fc:1e:cb:62:c4:f2:cb:4e:2d:62:f4:5a:8e:c1:99:
         1a:0a:89:ad:3a:96:a4:0b:8f:64:87:ef:8c:69:7e:2f:59:7e:
         14:0d:c1:03:d9:08:61:39:58:03:09:cb:81:ee:44:c5:77:a6:
         3a:be:3e:5d:5b:b5:36:6e:a0:8f:cb:b0:b8:c0:0c:0c:84:cb:
         2a:ab:61:48:59:97:73:50:f5:ad:cb:9f:5a:ee:5b:52:64:69:
         c0:94:28:36:ee:68:13:32:bf:b0:fc:66:b7:c8:b9:cd:4f:ba:
         f8:60:35:26:f3:74:34:a9:af:c8:81:78:d3:b9:eb:82:a1:a7:
         52:ec:da:cd:20:c6:9e:b1:23:21:6c:64:c1:47:bc:d8:20:fe:
         98:57:b8:fe
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZkLE5RgRy9ThLsrmMKLL+KPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMzAwNTc4MTdlZDJmZDk1OTU4NDYzMjBmZGI4MTRjOWZj
NDRhMTMwHhcNMjUwOTAyMTUzNzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjI0Njg5NjgwNDRhNzdkZmI0MjVhM2RkMTUxNmQzZTViNGE3NzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3JVsnvI6l+o+mzEbFXmAyQvQn/d
Aau9ntHwRK/SLPs2lYuWR1h9u9tYMvuOgrHvLhHiHMyn0KzZT3B+CQhT1apHUcYS
/WL6R1UdCfWdYZR6jR0aNm0FH4YTUrq/KaML/bvXsMEejsFoV50P/rszeuNAJ7T8
Su+DzVsCTLVvGfOCt7AUslghbWg93wp7ZmNjjJQRStF8g6bKxSdO0fcBzRV1YEh2
KEKUey41lIoftCZhFt6JugK0d3X9sK+Nnv/tDEAVQFcNMKFHyQHybRytSFGLieYt
pMm/u9lvSwZwOi3L01Fqd013PLTElG/ekEvZFwpk1PQ6XzDtPK9SfuZLyQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHIkaJaARKd9+0JaPdFRbT5bSndgMB8GA1UdIwQY
MBaAFAswBXgX7S/ZWVhGMg/bgUyfxEoTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3pBRmVCZnRMOWxaV0VZeUQ5dUJUSl9FU2hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wZjA4N2ItNzI1My00NjFlLTkwMjEt
OWE5MTIxOWYwNmUxLzEvY2lSb2xvQkVwMzM3UWxvOTBWRnRQbHRLZDJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wZjA4N2ItNzI1My00NjFlLTkwMjEtOWE5MTIxOWYwNmUx
LzEvQ3pBRmVCZnRMOWxaV0VZeUQ5dUJUSl9FU2hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgzXgDAN
BgkqhkiG9w0BAQsFAAOCAQEAQV/GhP7u+6fyyi8kbEz/DLf7VP6Jn7F3BkGaAKFN
/j/nGoXrM3SvmRUFjFYdj09DPo6sazsJEYnZQPxOvWA7TJWFMag9/KLxvaRdaNXy
Md8jA6y7iPGZz06I8ukJi8NQJ0pFDdd+XYgYnTzct8tz/B7LYsTyy04tYvRajsGZ
GgqJrTqWpAuPZIfvjGl+L1l+FA3BA9kIYTlYAwnLge5ExXemOr4+XVu1Nm6gj8uw
uMAMDITLKqthSFmXc1D1rcufWu5bUmRpwJQoNu5oEzK/sPxmt8i5zU+6+GA1JvN0
NKmvyIF407nrgqGnUuzazSDGnrEjIWxkwUe82CD+mFe4/g==
-----END CERTIFICATE-----