Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/0196f1-4339-4bdc-8034-2eb2f2ed3029/1/0BpZrCwCrh0nhCnBWsTx8npHw5Y.roa
File:                     0BpZrCwCrh0nhCnBWsTx8npHw5Y.roa (raw, json)
Hash identifier:          dghoAHC17Ez/jlFwmLW4wwi4h/yLfo/iz9cDa/mgf8U=
Subject key identifier:   D0:1A:59:AC:2C:02:AE:1D:27:84:29:C1:5A:C4:F1:F2:7A:47:C3:96
Certificate issuer:       /CN=fd34b13fbd9381df84c687f06bcd074e4a755803
Certificate serial:       0198F1777CF3DFDA1B078DAB4C51C8168CEF
Authority key identifier: FD:34:B1:3F:BD:93:81:DF:84:C6:87:F0:6B:CD:07:4E:4A:75:58:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_TSxP72Tgd-Exofwa80HTkp1WAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/0196f1-4339-4bdc-8034-2eb2f2ed3029/1/0BpZrCwCrh0nhCnBWsTx8npHw5Y.roa
Signing time:             Thu 28 Aug 2025 16:16:36 +0000
ROA not before:           Thu 28 Aug 2025 16:16:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199217
IP address blocks:        2001:67c:168c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/0196f1-4339-4bdc-8034-2eb2f2ed3029/1/_TSxP72Tgd-Exofwa80HTkp1WAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/0196f1-4339-4bdc-8034-2eb2f2ed3029/1/_TSxP72Tgd-Exofwa80HTkp1WAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_TSxP72Tgd-Exofwa80HTkp1WAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f1:77:7c:f3:df:da:1b:07:8d:ab:4c:51:c8:16:8c:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd34b13fbd9381df84c687f06bcd074e4a755803
        Validity
            Not Before: Aug 28 16:16:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d01a59ac2c02ae1d278429c15ac4f1f27a47c396
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:4b:1b:4d:48:7e:00:58:22:6a:ad:e1:27:b4:
                    3f:95:fd:a9:f3:b1:71:38:bb:70:63:7b:0a:1d:c3:
                    55:29:ac:50:a9:32:8d:03:91:af:62:80:70:53:d7:
                    b8:05:ca:95:92:02:03:88:ff:62:98:30:c9:76:8f:
                    42:3f:b0:08:69:b5:79:64:9f:12:ed:f3:41:52:3f:
                    73:01:78:28:c0:02:b9:1b:d4:cc:4d:9c:df:e6:27:
                    19:74:56:64:39:44:2b:21:71:e6:61:6a:93:27:c0:
                    b8:03:6a:12:e8:43:ed:e9:da:87:12:d0:78:c3:06:
                    90:6c:62:ea:08:ca:bc:80:8e:11:3e:e7:8b:83:96:
                    31:45:26:e8:81:27:9c:9b:7b:8f:25:59:50:0f:3d:
                    07:d6:16:67:36:ac:aa:6f:d1:66:f3:9e:97:ed:c4:
                    e2:62:65:40:d7:e0:e2:90:64:8f:77:3e:23:5d:26:
                    5a:28:66:c8:b9:b7:21:7d:3a:99:da:2c:30:bb:35:
                    99:1b:f6:78:ac:c1:54:80:32:b8:82:29:55:46:51:
                    a8:f6:4d:da:e0:01:9a:4c:76:a8:11:3e:ac:3d:e3:
                    99:da:e1:c0:46:12:9d:13:83:76:8c:9e:07:e2:e9:
                    18:f7:cb:e8:e4:24:56:4d:cb:dd:b8:8d:78:ba:cd:
                    bd:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:1A:59:AC:2C:02:AE:1D:27:84:29:C1:5A:C4:F1:F2:7A:47:C3:96
            X509v3 Authority Key Identifier:
                keyid:FD:34:B1:3F:BD:93:81:DF:84:C6:87:F0:6B:CD:07:4E:4A:75:58:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_TSxP72Tgd-Exofwa80HTkp1WAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/0196f1-4339-4bdc-8034-2eb2f2ed3029/1/0BpZrCwCrh0nhCnBWsTx8npHw5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/0196f1-4339-4bdc-8034-2eb2f2ed3029/1/_TSxP72Tgd-Exofwa80HTkp1WAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:168c::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:d3:e5:26:6c:c7:37:6c:53:9b:3f:70:bd:34:6c:ea:ca:a2:
         53:d3:a0:92:50:bc:8d:4d:5d:22:91:e3:89:18:32:53:46:c2:
         99:df:ee:62:55:0b:c5:9d:73:7f:b3:40:21:c6:85:0d:1e:94:
         e3:13:23:ed:d7:1c:2a:b1:39:83:5a:0e:a9:30:00:40:f7:07:
         11:60:1b:51:83:b5:46:9c:f2:21:36:cf:d6:33:b5:1f:bc:9a:
         05:11:32:3c:f1:91:8d:7d:2e:a8:6d:d6:96:48:ac:93:e0:fc:
         45:42:3a:a0:aa:e2:c2:6d:61:10:cf:02:1c:f8:49:55:98:1e:
         fc:30:1f:73:f4:b3:3f:46:b4:34:bf:60:fb:2f:da:c1:a9:ff:
         78:40:ed:a8:a0:1d:eb:cc:c7:e8:33:b9:7c:6d:99:3d:da:3d:
         b1:cf:c3:1c:26:9e:c8:46:e5:54:3c:7b:6c:0a:bd:a6:60:51:
         fb:c3:61:75:dd:02:7e:39:b2:a4:85:9e:d4:58:a8:cd:45:5f:
         47:d5:29:4f:4e:7a:9c:d0:3f:6b:69:2b:7b:2e:03:cc:b1:32:
         e0:7f:37:60:c7:81:22:5a:58:a4:5a:31:74:5b:b9:89:23:94:
         3b:be:62:ca:0b:95:73:ee:f7:e3:b3:1f:36:4c:cd:80:4b:94:
         7b:2b:99:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZjxd3zz39obB42rTFHIFozvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMzRiMTNmYmQ5MzgxZGY4NGM2ODdmMDZiY2QwNzRlNGE3
NTU4MDMwHhcNMjUwODI4MTYxNjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDFhNTlhYzJjMDJhZTFkMjc4NDI5YzE1YWM0ZjFmMjdhNDdjMzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUsbTUh+AFgiaq3hJ7Q/lf2p87Fx
OLtwY3sKHcNVKaxQqTKNA5GvYoBwU9e4BcqVkgIDiP9imDDJdo9CP7AIabV5ZJ8S
7fNBUj9zAXgowAK5G9TMTZzf5icZdFZkOUQrIXHmYWqTJ8C4A2oS6EPt6dqHEtB4
wwaQbGLqCMq8gI4RPueLg5YxRSbogSecm3uPJVlQDz0H1hZnNqyqb9Fm856X7cTi
YmVA1+DikGSPdz4jXSZaKGbIubchfTqZ2iwwuzWZG/Z4rMFUgDK4gilVRlGo9k3a
4AGaTHaoET6sPeOZ2uHARhKdE4N2jJ4H4ukY98vo5CRWTcvduI14us298wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNAaWawsAq4dJ4QpwVrE8fJ6R8OWMB8GA1UdIwQY
MBaAFP00sT+9k4HfhMaH8GvNB05KdVgDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RTeFA3MlRnZC1FeG9md2E4MEhUa3AxV0FNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8wMTk2ZjEtNDMzOS00YmRjLTgwMzQt
MmViMmYyZWQzMDI5LzEvMEJwWnJDd0NyaDBuaENuQldzVHg4bnBIdzVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8wMTk2ZjEtNDMzOS00YmRjLTgwMzQtMmViMmYyZWQzMDI5
LzEvX1RTeFA3MlRnZC1FeG9md2E4MEhUa3AxV0FNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBaM
MA0GCSqGSIb3DQEBCwUAA4IBAQAY0+UmbMc3bFObP3C9NGzqyqJT06CSULyNTV0i
keOJGDJTRsKZ3+5iVQvFnXN/s0AhxoUNHpTjEyPt1xwqsTmDWg6pMABA9wcRYBtR
g7VGnPIhNs/WM7UfvJoFETI88ZGNfS6obdaWSKyT4PxFQjqgquLCbWEQzwIc+ElV
mB78MB9z9LM/RrQ0v2D7L9rBqf94QO2ooB3rzMfoM7l8bZk92j2xz8McJp7IRuVU
PHtsCr2mYFH7w2F13QJ+ObKkhZ7UWKjNRV9H1SlPTnqc0D9raSt7LgPMsTLgfzdg
x4EiWlikWjF0W7mJI5Q7vmLKC5Vz7vfjsx82TM2AS5R7K5kb
-----END CERTIFICATE-----