Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/mzs5lFKEy4ZtL_t-Ol870PRlztM.roa
File:                     mzs5lFKEy4ZtL_t-Ol870PRlztM.roa (raw, json)
Hash identifier:          OwW8CUre3/5rikXiPneNNGHqjsl4FYJ2I/CWMA48GjE=
Subject key identifier:   9B:3B:39:94:52:84:CB:86:6D:2F:FB:7E:3A:5F:3B:D0:F4:65:CE:D3
Certificate issuer:       /CN=663a24480f04d1318bf1a70dabffa4b27ef32da2
Certificate serial:       0199CE5939E51D6E85425CFBEF4C47E14AF2
Authority key identifier: 66:3A:24:48:0F:04:D1:31:8B:F1:A7:0D:AB:FF:A4:B2:7E:F3:2D:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/mzs5lFKEy4ZtL_t-Ol870PRlztM.roa
Signing time:             Fri 10 Oct 2025 13:39:38 +0000
ROA not before:           Fri 10 Oct 2025 13:39:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20712
IP address blocks:        2001:678:c40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:59:39:e5:1d:6e:85:42:5c:fb:ef:4c:47:e1:4a:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=663a24480f04d1318bf1a70dabffa4b27ef32da2
        Validity
            Not Before: Oct 10 13:39:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b3b39945284cb866d2ffb7e3a5f3bd0f465ced3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:50:32:ec:c9:7a:78:a5:f0:85:0d:3e:1b:c1:
                    8c:84:7f:56:b4:81:34:bc:28:54:40:15:71:5d:ee:
                    b2:6d:b4:d3:db:8e:ec:a6:d5:39:ee:69:62:e9:1a:
                    c8:b4:1a:a0:6b:5b:e9:48:ba:71:5c:12:31:18:2f:
                    b5:4d:68:b3:1e:34:d7:8d:7a:fb:40:97:d2:20:11:
                    b9:00:2c:04:19:96:88:b0:80:cb:be:80:e0:85:8f:
                    c5:46:de:d9:7e:14:d7:37:8e:2f:64:81:ab:ac:6f:
                    e2:30:08:1b:49:c0:f3:8a:d8:0c:48:4c:6a:2d:b8:
                    fd:8d:8a:a0:ef:1a:f9:65:5c:cd:f2:ef:98:49:3e:
                    60:0d:88:e0:b2:cc:f4:3b:8d:f7:a3:60:db:7c:6f:
                    b7:f4:97:d7:36:0c:49:bb:1f:3d:2c:b3:4a:e3:f0:
                    4f:f1:1e:13:22:cc:a4:9d:74:a7:99:67:b5:7c:4f:
                    f8:77:a3:d3:2e:37:06:8d:98:90:6f:a9:12:1e:0d:
                    b8:d3:94:73:3e:e4:22:7a:2b:3a:7f:31:1e:42:38:
                    53:9b:28:dc:87:f3:5d:42:75:67:06:7f:fb:0a:61:
                    1e:2f:c1:a9:4c:cd:f1:85:64:3d:d5:4e:d2:3b:f7:
                    d0:42:e5:4a:41:ac:88:c5:2d:cd:ce:25:22:5e:3a:
                    e3:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:3B:39:94:52:84:CB:86:6D:2F:FB:7E:3A:5F:3B:D0:F4:65:CE:D3
            X509v3 Authority Key Identifier:
                keyid:66:3A:24:48:0F:04:D1:31:8B:F1:A7:0D:AB:FF:A4:B2:7E:F3:2D:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/mzs5lFKEy4ZtL_t-Ol870PRlztM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c40::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:0c:0d:36:7d:db:78:b5:92:54:05:b0:c4:87:4d:0e:d4:70:
         63:be:02:c0:43:ce:9e:7e:05:58:6b:2a:0f:eb:1c:40:46:26:
         99:43:ce:51:fd:53:1a:45:95:57:15:69:c1:e9:ef:b9:c4:a6:
         c0:8c:19:ee:91:ed:8a:71:8a:f4:2e:86:b9:25:35:43:7a:a9:
         86:cb:12:18:f8:1a:c5:bf:cb:0f:fc:5d:52:b0:01:b7:98:ce:
         44:c7:19:88:fc:8e:ab:f6:6f:af:bd:c7:8f:b5:3b:31:52:32:
         f4:1a:f0:c4:b8:e2:26:0d:8d:e0:21:8e:be:4c:e5:98:5c:88:
         cd:f0:c0:6b:4f:f8:c9:64:77:55:76:fc:3e:24:5b:aa:fd:0f:
         95:1a:3f:16:ec:93:d3:18:9d:a4:1a:9b:62:32:54:e1:aa:27:
         ff:e6:97:f7:37:f1:1c:8a:86:5b:11:f2:a5:9f:01:75:bf:9a:
         2a:31:aa:0d:f0:d0:b5:df:67:51:d0:0b:8a:5f:e9:59:55:ba:
         35:da:3b:ee:46:67:83:d3:6b:9d:64:9c:77:03:00:30:1c:f3:
         76:31:98:45:e9:04:45:43:cc:81:c9:cb:e1:44:fb:be:51:d5:
         c0:c8:e2:cb:53:e9:45:e8:37:04:a0:ac:8a:c5:04:ed:91:71:
         12:b3:b3:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZnOWTnlHW6FQlz770xH4UryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2M2EyNDQ4MGYwNGQxMzE4YmYxYTcwZGFiZmZhNGIyN2Vm
MzJkYTIwHhcNMjUxMDEwMTMzOTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjNiMzk5NDUyODRjYjg2NmQyZmZiN2UzYTVmM2JkMGY0NjVjZWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VAy7Ml6eKXwhQ0+G8GMhH9WtIE0
vChUQBVxXe6ybbTT247sptU57mli6RrItBqga1vpSLpxXBIxGC+1TWizHjTXjXr7
QJfSIBG5ACwEGZaIsIDLvoDghY/FRt7ZfhTXN44vZIGrrG/iMAgbScDzitgMSExq
Lbj9jYqg7xr5ZVzN8u+YST5gDYjgssz0O433o2DbfG+39JfXNgxJux89LLNK4/BP
8R4TIsyknXSnmWe1fE/4d6PTLjcGjZiQb6kSHg2405RzPuQieis6fzEeQjhTmyjc
h/NdQnVnBn/7CmEeL8GpTM3xhWQ91U7SO/fQQuVKQayIxS3NziUiXjrjEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJs7OZRShMuGbS/7fjpfO9D0Zc7TMB8GA1UdIwQY
MBaAFGY6JEgPBNExi/GnDav/pLJ+8y2iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmpva1NBOEUwVEdMOGFjTnFfLWtzbjd6TGFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi82ZjgwYTgtNmI2YS00ZDk2LWJmNDkt
Nzc1ZjVmNzRkNTgxLzEvbXpzNWxGS0V5NFp0TF90LU9sODcwUFJsenRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi82ZjgwYTgtNmI2YS00ZDk2LWJmNDktNzc1ZjVmNzRkNTgx
LzEvWmpva1NBOEUwVEdMOGFjTnFfLWtzbjd6TGFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAxA
MA0GCSqGSIb3DQEBCwUAA4IBAQBQDA02fdt4tZJUBbDEh00O1HBjvgLAQ86efgVY
ayoP6xxARiaZQ85R/VMaRZVXFWnB6e+5xKbAjBnuke2KcYr0Loa5JTVDeqmGyxIY
+BrFv8sP/F1SsAG3mM5ExxmI/I6r9m+vvcePtTsxUjL0GvDEuOImDY3gIY6+TOWY
XIjN8MBrT/jJZHdVdvw+JFuq/Q+VGj8W7JPTGJ2kGptiMlThqif/5pf3N/EcioZb
EfKlnwF1v5oqMaoN8NC132dR0AuKX+lZVbo12jvuRmeD02udZJx3AwAwHPN2MZhF
6QRFQ8yBycvhRPu+UdXAyOLLU+lF6DcEoKyKxQTtkXESs7OA
-----END CERTIFICATE-----