Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/83dc2d-5311-45a6-a08a-62bf15c4674a/1/saWdrzat9gNhwDjToVtk8WsFYgw.roa
File:                     saWdrzat9gNhwDjToVtk8WsFYgw.roa (raw, json)
Hash identifier:          gICbNWmSBInV+7Bf/50oOLEAVR12IrqsEIFbrP0sB00=
Subject key identifier:   B1:A5:9D:AF:36:AD:F6:03:61:C0:38:D3:A1:5B:64:F1:6B:05:62:0C
Certificate issuer:       /CN=a2b62d3bf6b0c5247eddf4498c2cce60c0d1e508
Certificate serial:       0199C01AAE1044B786BD6A06FA8A72B5C64B
Authority key identifier: A2:B6:2D:3B:F6:B0:C5:24:7E:DD:F4:49:8C:2C:CE:60:C0:D1:E5:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orYtO_awxSR-3fRJjCzOYMDR5Qg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/83dc2d-5311-45a6-a08a-62bf15c4674a/1/saWdrzat9gNhwDjToVtk8WsFYgw.roa
Signing time:             Tue 07 Oct 2025 19:16:37 +0000
ROA not before:           Tue 07 Oct 2025 19:16:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214044
IP address blocks:        2001:678:d18::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/83dc2d-5311-45a6-a08a-62bf15c4674a/1/orYtO_awxSR-3fRJjCzOYMDR5Qg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/83dc2d-5311-45a6-a08a-62bf15c4674a/1/orYtO_awxSR-3fRJjCzOYMDR5Qg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orYtO_awxSR-3fRJjCzOYMDR5Qg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c0:1a:ae:10:44:b7:86:bd:6a:06:fa:8a:72:b5:c6:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b62d3bf6b0c5247eddf4498c2cce60c0d1e508
        Validity
            Not Before: Oct  7 19:16:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1a59daf36adf60361c038d3a15b64f16b05620c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2c:b1:ae:c3:8a:0c:37:9f:90:b8:0d:8a:cb:
                    1c:6b:61:f0:3b:0d:06:d7:79:68:a4:b6:a6:0c:65:
                    0d:fa:f9:16:60:b6:46:cf:ad:00:56:5f:52:2d:e1:
                    4b:99:35:a6:bb:ae:56:f3:e0:3a:e8:41:88:7c:c3:
                    c7:7f:01:3f:73:d4:c4:15:88:1c:ce:e1:5e:ab:22:
                    63:89:d5:d4:50:88:45:c8:dd:a7:2c:1e:10:42:68:
                    71:e2:45:90:5e:5b:9c:25:79:94:c7:a6:da:6b:b3:
                    f1:00:a2:21:d0:55:ef:71:7e:53:b7:8c:e4:15:16:
                    8b:f1:d4:48:3a:5c:f6:c7:07:94:cc:60:db:18:f9:
                    61:11:f8:68:f5:8c:87:69:fa:23:75:2f:5b:21:f4:
                    4c:82:24:aa:a8:fd:03:0e:8e:73:46:88:ac:b9:c6:
                    fc:e1:8b:58:e5:60:d9:8a:d1:6a:f1:d0:fc:22:ab:
                    cd:d9:83:21:c3:5c:66:01:72:1d:7b:cf:39:0d:f4:
                    6f:9c:d1:76:bf:ee:0b:41:7c:49:48:b4:71:ae:e4:
                    0c:a1:e1:89:77:9f:e4:24:68:c3:18:32:ab:9a:a6:
                    db:79:0e:9f:07:61:b2:a7:48:22:dc:dc:75:44:c5:
                    0b:ee:3e:2b:54:71:6d:15:88:01:eb:a4:db:5f:f9:
                    a4:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A5:9D:AF:36:AD:F6:03:61:C0:38:D3:A1:5B:64:F1:6B:05:62:0C
            X509v3 Authority Key Identifier:
                keyid:A2:B6:2D:3B:F6:B0:C5:24:7E:DD:F4:49:8C:2C:CE:60:C0:D1:E5:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orYtO_awxSR-3fRJjCzOYMDR5Qg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/83dc2d-5311-45a6-a08a-62bf15c4674a/1/saWdrzat9gNhwDjToVtk8WsFYgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/83dc2d-5311-45a6-a08a-62bf15c4674a/1/orYtO_awxSR-3fRJjCzOYMDR5Qg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d18::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:b0:ce:08:76:58:c4:65:01:67:f0:9f:4f:93:44:cc:d8:e5:
         cd:cb:bf:cc:c6:02:03:fb:72:9c:38:73:4a:16:b1:74:fa:d9:
         b2:f9:5b:f9:e0:4e:55:9b:af:42:05:b7:f9:cd:13:34:45:37:
         21:d9:5b:03:42:54:69:8e:0b:73:31:14:c0:7f:24:43:c9:ab:
         76:ec:a1:9f:d5:4b:d6:07:5c:d9:b7:e1:5c:23:9e:06:3c:74:
         13:2e:4e:92:b4:db:2b:d5:b1:1d:0e:48:1e:f0:71:3f:01:47:
         bc:95:80:31:e5:e4:31:d3:d4:c4:68:12:e2:da:93:7a:a2:81:
         76:e9:f4:3e:b5:94:02:44:11:00:76:ec:d1:66:aa:b0:61:01:
         77:95:7c:f3:bc:ff:a8:4d:aa:dc:01:f9:f9:a2:a4:fa:0c:ed:
         76:ba:4a:e8:be:61:a7:5b:26:37:81:ba:9f:a3:bc:7e:6e:78:
         82:85:3c:61:17:16:16:58:fc:79:67:4f:32:df:90:b4:a0:cb:
         15:2e:c1:1d:6a:60:78:a6:1b:30:77:bb:5a:7f:24:de:03:dd:
         65:91:55:9e:b6:d9:5d:e8:2e:f1:a0:60:a3:e9:82:d2:f4:d7:
         1a:1c:db:3a:9f:86:e6:88:fc:75:71:d7:80:3d:d4:9a:fb:ad:
         97:8c:cc:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZnAGq4QRLeGvWoG+opytcZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjYyZDNiZjZiMGM1MjQ3ZWRkZjQ0OThjMmNjZTYwYzBk
MWU1MDgwHhcNMjUxMDA3MTkxNjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWE1OWRhZjM2YWRmNjAzNjFjMDM4ZDNhMTViNjRmMTZiMDU2MjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSyxrsOKDDefkLgNissca2HwOw0G
13lopLamDGUN+vkWYLZGz60AVl9SLeFLmTWmu65W8+A66EGIfMPHfwE/c9TEFYgc
zuFeqyJjidXUUIhFyN2nLB4QQmhx4kWQXlucJXmUx6baa7PxAKIh0FXvcX5Tt4zk
FRaL8dRIOlz2xweUzGDbGPlhEfho9YyHafojdS9bIfRMgiSqqP0DDo5zRoisucb8
4YtY5WDZitFq8dD8IqvN2YMhw1xmAXIde885DfRvnNF2v+4LQXxJSLRxruQMoeGJ
d5/kJGjDGDKrmqbbeQ6fB2Gyp0gi3Nx1RMUL7j4rVHFtFYgB66TbX/mkFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLGlna82rfYDYcA406FbZPFrBWIMMB8GA1UdIwQY
MBaAFKK2LTv2sMUkft30SYwszmDA0eUIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JZdE9fYXd4U1ItM2ZSSmpDek9ZTURSNVFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS84M2RjMmQtNTMxMS00NWE2LWEwOGEt
NjJiZjE1YzQ2NzRhLzEvc2FXZHJ6YXQ5Z05od0RqVG9WdGs4V3NGWWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS84M2RjMmQtNTMxMS00NWE2LWEwOGEtNjJiZjE1YzQ2NzRh
LzEvb3JZdE9fYXd4U1ItM2ZSSmpDek9ZTURSNVFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA0Y
MA0GCSqGSIb3DQEBCwUAA4IBAQBwsM4IdljEZQFn8J9Pk0TM2OXNy7/MxgID+3Kc
OHNKFrF0+tmy+Vv54E5Vm69CBbf5zRM0RTch2VsDQlRpjgtzMRTAfyRDyat27KGf
1UvWB1zZt+FcI54GPHQTLk6StNsr1bEdDkge8HE/AUe8lYAx5eQx09TEaBLi2pN6
ooF26fQ+tZQCRBEAduzRZqqwYQF3lXzzvP+oTarcAfn5oqT6DO12ukrovmGnWyY3
gbqfo7x+bniChTxhFxYWWPx5Z08y35C0oMsVLsEdamB4phswd7tafyTeA91lkVWe
ttld6C7xoGCj6YLS9NcaHNs6n4bmiPx1cdeAPdSa+62XjMwL
-----END CERTIFICATE-----