Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/590ed2-1487-4a3a-bdb6-671bc370aa65/1/qO0k87ULVQHqjyZI3z-AzfehUQA.roa
File:                     qO0k87ULVQHqjyZI3z-AzfehUQA.roa (raw, json)
Hash identifier:          bRSYStNZUlGTKFFQvDFiatgcJ/Z8Rwo+cSilPb5oWow=
Subject key identifier:   A8:ED:24:F3:B5:0B:55:01:EA:8F:26:48:DF:3F:80:CD:F7:A1:51:00
Certificate issuer:       /CN=eb24898306204f71afd87634cc6955bf42bb5244
Certificate serial:       0199969D1BDF5C98EE677F52B7314F555F60
Authority key identifier: EB:24:89:83:06:20:4F:71:AF:D8:76:34:CC:69:55:BF:42:BB:52:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6ySJgwYgT3Gv2HY0zGlVv0K7UkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/590ed2-1487-4a3a-bdb6-671bc370aa65/1/qO0k87ULVQHqjyZI3z-AzfehUQA.roa
Signing time:             Mon 29 Sep 2025 17:55:02 +0000
ROA not before:           Mon 29 Sep 2025 17:55:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215760
IP address blocks:        2001:67c:5c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/590ed2-1487-4a3a-bdb6-671bc370aa65/1/6ySJgwYgT3Gv2HY0zGlVv0K7UkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/590ed2-1487-4a3a-bdb6-671bc370aa65/1/6ySJgwYgT3Gv2HY0zGlVv0K7UkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6ySJgwYgT3Gv2HY0zGlVv0K7UkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:96:9d:1b:df:5c:98:ee:67:7f:52:b7:31:4f:55:5f:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb24898306204f71afd87634cc6955bf42bb5244
        Validity
            Not Before: Sep 29 17:55:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8ed24f3b50b5501ea8f2648df3f80cdf7a15100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:96:7e:8e:9f:4a:48:09:b6:da:6b:4c:ab:d9:
                    93:5f:ca:ef:d6:bc:53:b8:31:a6:f5:71:f7:34:6f:
                    5b:f2:8b:e6:d9:2c:86:09:a5:68:15:e9:9a:cd:77:
                    1c:4d:09:65:c9:e9:fe:bb:22:c6:d7:61:ce:c2:bd:
                    d3:bc:20:e6:c8:69:a3:3a:e7:c7:31:21:93:a1:02:
                    11:6e:9e:f1:27:58:a6:e0:fb:62:2b:5f:18:9e:3d:
                    8d:58:dc:5e:d5:fe:37:bf:61:89:81:be:3a:78:bc:
                    01:a1:e2:87:d0:a7:9c:af:13:6c:4c:57:4d:88:9a:
                    6c:a1:98:22:06:11:1a:67:29:e6:42:e0:8b:8d:ed:
                    6f:47:a2:dc:a5:9b:7c:61:59:80:e3:ba:62:08:ac:
                    dc:72:93:b3:ff:a7:8d:40:63:25:ad:24:e4:f3:9b:
                    20:39:9b:f1:d3:5b:48:c1:07:64:cb:f0:f8:5c:b7:
                    64:e3:33:28:06:4e:62:9e:e1:e1:42:86:8b:c1:11:
                    41:98:64:60:4d:57:a2:3c:95:c2:7f:9f:d0:85:b8:
                    d1:fc:d3:77:db:b8:13:fc:5b:a9:54:f8:3f:c1:2c:
                    05:2d:62:42:2d:4d:c6:3d:ca:5b:68:87:9b:08:42:
                    ea:26:c8:5a:58:77:f7:af:3f:31:33:1d:a0:19:80:
                    c8:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:ED:24:F3:B5:0B:55:01:EA:8F:26:48:DF:3F:80:CD:F7:A1:51:00
            X509v3 Authority Key Identifier:
                keyid:EB:24:89:83:06:20:4F:71:AF:D8:76:34:CC:69:55:BF:42:BB:52:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6ySJgwYgT3Gv2HY0zGlVv0K7UkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/590ed2-1487-4a3a-bdb6-671bc370aa65/1/qO0k87ULVQHqjyZI3z-AzfehUQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/590ed2-1487-4a3a-bdb6-671bc370aa65/1/6ySJgwYgT3Gv2HY0zGlVv0K7UkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:5c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:26:cd:fb:75:ce:00:05:93:fc:fe:b4:15:60:3a:63:51:60:
         50:84:a4:46:d9:58:cd:1c:83:16:4a:54:95:f4:78:1a:b7:59:
         24:75:78:02:92:61:55:c8:f8:97:3b:bf:bf:79:e1:84:ab:5f:
         46:c3:d7:ca:df:b2:4d:d3:e0:6c:cb:fe:60:f1:c0:8a:83:03:
         7b:71:a0:99:d6:ac:48:cd:32:e4:86:e4:19:d4:98:23:d7:30:
         73:fe:ab:a2:fa:52:7f:76:f2:f4:cd:bc:9c:95:6b:a8:5f:e4:
         99:70:e6:4e:2d:51:f0:9a:31:89:8c:02:5a:f0:3b:9e:ff:5b:
         0b:84:89:84:31:8b:c7:1b:1e:31:4c:59:55:18:af:3a:bf:ce:
         75:a6:1a:cd:b8:b3:32:ca:b9:32:c4:0d:0c:f4:6d:b9:30:76:
         90:07:9b:85:20:a9:f0:69:3a:a1:58:65:0f:0f:2d:8c:5f:0d:
         ea:ca:0e:87:bf:8a:ac:48:03:a8:1d:f8:ba:80:8f:a7:b1:a5:
         65:35:72:24:d7:10:8f:28:ed:7c:0a:e4:f2:8b:e6:e6:34:a8:
         20:f6:21:49:6b:36:04:1c:f9:db:3c:9a:39:40:ae:54:ae:04:
         36:b3:7c:d2:f8:c2:4a:f1:c4:86:cd:a1:a7:dd:a9:24:68:25:
         c1:32:a3:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZmWnRvfXJjuZ39StzFPVV9gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMjQ4OTgzMDYyMDRmNzFhZmQ4NzYzNGNjNjk1NWJmNDJi
YjUyNDQwHhcNMjUwOTI5MTc1NTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGVkMjRmM2I1MGI1NTAxZWE4ZjI2NDhkZjNmODBjZGY3YTE1MTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5Z+jp9KSAm22mtMq9mTX8rv1rxT
uDGm9XH3NG9b8ovm2SyGCaVoFemazXccTQllyen+uyLG12HOwr3TvCDmyGmjOufH
MSGToQIRbp7xJ1im4PtiK18Ynj2NWNxe1f43v2GJgb46eLwBoeKH0KecrxNsTFdN
iJpsoZgiBhEaZynmQuCLje1vR6LcpZt8YVmA47piCKzccpOz/6eNQGMlrSTk85sg
OZvx01tIwQdky/D4XLdk4zMoBk5inuHhQoaLwRFBmGRgTVeiPJXCf5/QhbjR/NN3
27gT/FupVPg/wSwFLWJCLU3GPcpbaIebCELqJshaWHf3rz8xMx2gGYDIXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKjtJPO1C1UB6o8mSN8/gM33oVEAMB8GA1UdIwQY
MBaAFOskiYMGIE9xr9h2NMxpVb9Cu1JEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnlTSmd3WWdUM0d2MkhZMHpHbFZ2MEs3VWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy81OTBlZDItMTQ4Ny00YTNhLWJkYjYt
NjcxYmMzNzBhYTY1LzEvcU8wazg3VUxWUUhxanlaSTN6LUF6ZmVoVVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy81OTBlZDItMTQ4Ny00YTNhLWJkYjYtNjcxYmMzNzBhYTY1
LzEvNnlTSmd3WWdUM0d2MkhZMHpHbFZ2MEs3VWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAXA
MA0GCSqGSIb3DQEBCwUAA4IBAQBOJs37dc4ABZP8/rQVYDpjUWBQhKRG2VjNHIMW
SlSV9Hgat1kkdXgCkmFVyPiXO7+/eeGEq19Gw9fK37JN0+Bsy/5g8cCKgwN7caCZ
1qxIzTLkhuQZ1Jgj1zBz/qui+lJ/dvL0zbyclWuoX+SZcOZOLVHwmjGJjAJa8Due
/1sLhImEMYvHGx4xTFlVGK86v851phrNuLMyyrkyxA0M9G25MHaQB5uFIKnwaTqh
WGUPDy2MXw3qyg6Hv4qsSAOoHfi6gI+nsaVlNXIk1xCPKO18CuTyi+bmNKgg9iFJ
azYEHPnbPJo5QK5UrgQ2s3zS+MJK8cSGzaGn3akkaCXBMqM0
-----END CERTIFICATE-----