Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/mFwXB_3EhYgPmb02XlkNrRIYAks.roa
File:                     mFwXB_3EhYgPmb02XlkNrRIYAks.roa (raw, json)
Hash identifier:          +phEwBPGNbWcGWHb9f7x0gtZyCJo2VWruE9fcfo0yZQ=
Subject key identifier:   98:5C:17:07:FD:C4:85:88:0F:99:BD:36:5E:59:0D:AD:12:18:02:4B
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       01996B168C308156AB033438050B5A260DE9
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/mFwXB_3EhYgPmb02XlkNrRIYAks.roa
Signing time:             Sun 21 Sep 2025 07:04:23 +0000
ROA not before:           Sun 21 Sep 2025 07:04:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212112
IP address blocks:        2a0d:d940:9009::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:6b:16:8c:30:81:56:ab:03:34:38:05:0b:5a:26:0d:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Sep 21 07:04:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=985c1707fdc485880f99bd365e590dad1218024b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:71:44:03:99:60:d5:88:5f:09:37:47:59:fb:
                    27:59:b0:7a:b6:d1:12:89:ea:62:3c:e6:ca:e8:33:
                    fc:b6:64:09:f1:25:b8:21:50:6c:88:25:87:9d:e0:
                    66:b4:c9:4e:8c:81:aa:88:ed:07:c3:cb:e1:01:f1:
                    60:d1:b8:36:09:eb:21:c2:0c:fa:5b:00:83:5f:b6:
                    e3:49:88:7a:2b:58:3c:a8:a9:19:39:5d:58:a1:5a:
                    5a:d1:99:e9:57:ec:4b:b2:90:4d:d2:cf:d2:bd:1c:
                    a5:da:c0:ea:6f:96:31:73:97:bc:69:53:fa:1d:41:
                    3d:11:bf:e4:02:e6:aa:b3:fb:94:53:6b:3a:7b:89:
                    d6:04:54:ca:fa:45:ed:ff:86:ee:f6:cf:ce:f4:ab:
                    43:01:c3:9d:3b:c1:29:3f:5b:72:71:61:48:05:91:
                    91:d5:97:7e:9b:13:03:61:5b:19:a9:7a:b5:38:ae:
                    05:21:05:5d:c0:51:1f:71:48:6b:f1:0d:1e:52:4f:
                    6c:14:49:77:f1:d4:7b:71:bd:77:69:8c:64:78:f3:
                    ae:f3:d3:da:4e:67:d4:4a:b1:45:4c:71:d0:38:58:
                    ee:34:44:c5:f7:e2:ca:21:0c:81:03:b5:86:cb:92:
                    67:72:f9:64:01:08:f8:06:1e:24:b0:91:ab:f3:3c:
                    83:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:5C:17:07:FD:C4:85:88:0F:99:BD:36:5E:59:0D:AD:12:18:02:4B
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/mFwXB_3EhYgPmb02XlkNrRIYAks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:9009::/48

    Signature Algorithm: sha256WithRSAEncryption
         c6:f3:9a:86:8e:69:f4:24:76:91:78:0c:98:08:aa:38:88:47:
         c6:c7:de:c3:73:56:35:82:13:c3:ba:d7:6f:ce:38:ba:ba:d6:
         eb:c4:4b:e0:d2:67:58:a5:11:30:73:18:97:58:da:c5:7c:e2:
         04:7f:c1:2e:4b:06:98:7c:94:65:f2:a9:ca:c3:07:c8:41:62:
         48:7b:f9:67:67:59:52:f6:69:41:9c:ac:d9:c1:e2:f9:32:cd:
         30:95:f5:98:80:b2:f9:c0:30:18:5a:90:0d:0a:f2:a4:ee:71:
         bc:34:ed:2f:1b:1f:da:cf:cb:00:46:cd:24:ef:90:c0:36:f7:
         ec:74:38:15:68:92:a7:da:b0:b7:4a:0b:2b:22:81:fe:b8:6d:
         ce:38:c6:0b:9c:29:56:0a:e5:85:dd:c7:e6:3d:fc:ba:c5:9a:
         77:24:f5:98:30:b9:f6:a5:5f:92:fe:14:2f:0e:c5:0b:dc:59:
         3c:36:c6:52:4c:32:1d:86:41:6a:2e:f6:94:1f:5a:e4:5c:42:
         dd:84:04:33:4c:14:76:f4:69:1d:61:5a:7f:19:55:34:1d:41:
         2d:d3:aa:74:33:01:00:c1:33:28:46:ac:ee:58:99:99:e1:c1:
         d6:69:44:43:35:6e:1b:5a:43:d7:e1:64:0b:3f:78:70:c7:df:
         8e:14:0e:31
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZlrFowwgVarAzQ4BQtaJg3pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwOTIxMDcwNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODVjMTcwN2ZkYzQ4NTg4MGY5OWJkMzY1ZTU5MGRhZDEyMTgwMjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHFEA5lg1YhfCTdHWfsnWbB6ttES
iepiPObK6DP8tmQJ8SW4IVBsiCWHneBmtMlOjIGqiO0Hw8vhAfFg0bg2Ceshwgz6
WwCDX7bjSYh6K1g8qKkZOV1YoVpa0ZnpV+xLspBN0s/SvRyl2sDqb5Yxc5e8aVP6
HUE9Eb/kAuaqs/uUU2s6e4nWBFTK+kXt/4bu9s/O9KtDAcOdO8EpP1tycWFIBZGR
1Zd+mxMDYVsZqXq1OK4FIQVdwFEfcUhr8Q0eUk9sFEl38dR7cb13aYxkePOu89Pa
TmfUSrFFTHHQOFjuNETF9+LKIQyBA7WGy5JncvlkAQj4Bh4ksJGr8zyDBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJhcFwf9xIWID5m9Nl5ZDa0SGAJLMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvbUZ3WEJfM0VoWWdQbWIwMlhsa05yUklZQWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3ZQJAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQDG85qGjmn0JHaReAyYCKo4iEfGx97Dc1Y1ghPD
utdvzji6utbrxEvg0mdYpREwcxiXWNrFfOIEf8EuSwaYfJRl8qnKwwfIQWJIe/ln
Z1lS9mlBnKzZweL5Ms0wlfWYgLL5wDAYWpANCvKk7nG8NO0vGx/az8sARs0k75DA
NvfsdDgVaJKn2rC3SgsrIoH+uG3OOMYLnClWCuWF3cfmPfy6xZp3JPWYMLn2pV+S
/hQvDsUL3Fk8NsZSTDIdhkFqLvaUH1rkXELdhAQzTBR29GkdYVp/GVU0HUEt06p0
MwEAwTMoRqzuWJmZ4cHWaURDNW4bWkPX4WQLP3hwx9+OFA4x
-----END CERTIFICATE-----