Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/b4df4d-8a84-4be3-8e79-e2abc63100bb/1/RstBPFjM6RZLydCSF_gstYqTNio.roa
File:                     RstBPFjM6RZLydCSF_gstYqTNio.roa (raw, json)
Hash identifier:          AQIsrapA+jjaaRR0kQmSSklLBZ57sqiJJ2/Lw3zxZ3g=
Subject key identifier:   46:CB:41:3C:58:CC:E9:16:4B:C9:D0:92:17:F8:2C:B5:8A:93:36:2A
Certificate issuer:       /CN=da5f25e8950f69e2d75b93b92f5404199e044762
Certificate serial:       019B7CEDF36004DAD68AB1095EF9241C3119
Authority key identifier: DA:5F:25:E8:95:0F:69:E2:D7:5B:93:B9:2F:54:04:19:9E:04:47:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2l8l6JUPaeLXW5O5L1QEGZ4ER2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/b4df4d-8a84-4be3-8e79-e2abc63100bb/1/RstBPFjM6RZLydCSF_gstYqTNio.roa
Signing time:             Fri 02 Jan 2026 04:18:47 +0000
ROA not before:           Fri 02 Jan 2026 04:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215125
IP address blocks:        2001:67c:e60::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/b4df4d-8a84-4be3-8e79-e2abc63100bb/1/2l8l6JUPaeLXW5O5L1QEGZ4ER2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/b4df4d-8a84-4be3-8e79-e2abc63100bb/1/2l8l6JUPaeLXW5O5L1QEGZ4ER2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2l8l6JUPaeLXW5O5L1QEGZ4ER2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:f3:60:04:da:d6:8a:b1:09:5e:f9:24:1c:31:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da5f25e8950f69e2d75b93b92f5404199e044762
        Validity
            Not Before: Jan  2 04:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=46cb413c58cce9164bc9d09217f82cb58a93362a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9a:16:70:1e:aa:3b:40:1b:d4:d3:d3:2c:2d:
                    91:2f:d8:46:14:77:4b:38:19:d0:05:7c:7b:ef:52:
                    ad:d3:b9:16:5a:e4:a1:61:c8:d0:36:01:79:bb:68:
                    58:c6:21:d3:10:12:94:62:f3:9f:0f:01:da:18:1e:
                    0a:c6:3e:4c:5a:2d:0b:a4:e3:28:69:ea:0e:8b:33:
                    b4:e5:13:89:3b:34:af:e0:77:72:b2:ab:95:9f:fe:
                    54:6a:0e:12:c7:aa:21:ad:97:c2:7d:33:37:99:14:
                    9f:ec:9e:9a:20:0c:89:dc:32:07:fb:89:ba:ba:19:
                    13:e1:a6:69:d2:79:77:bc:5d:20:6b:f2:32:24:2b:
                    22:8b:45:e0:da:cc:a8:50:45:d2:f8:8a:a1:09:f8:
                    86:52:e1:fe:c3:95:8b:18:fc:6b:1d:9c:e1:fa:bb:
                    62:ce:84:4b:8c:3f:39:b7:07:2e:50:36:e6:3b:6f:
                    c9:9a:5c:9c:80:bd:d0:51:c9:fc:b8:ec:44:c4:ff:
                    01:ae:ee:b4:38:9b:07:30:e3:ea:96:15:de:7c:9a:
                    33:ab:36:66:f6:5d:f8:0a:de:91:6e:d7:6d:1b:69:
                    db:ad:c8:ec:34:05:ad:6f:60:b3:24:d2:fb:e1:00:
                    7c:da:51:9a:9d:40:19:be:8c:00:ee:30:08:44:2e:
                    9b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:CB:41:3C:58:CC:E9:16:4B:C9:D0:92:17:F8:2C:B5:8A:93:36:2A
            X509v3 Authority Key Identifier:
                keyid:DA:5F:25:E8:95:0F:69:E2:D7:5B:93:B9:2F:54:04:19:9E:04:47:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2l8l6JUPaeLXW5O5L1QEGZ4ER2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b4df4d-8a84-4be3-8e79-e2abc63100bb/1/RstBPFjM6RZLydCSF_gstYqTNio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b4df4d-8a84-4be3-8e79-e2abc63100bb/1/2l8l6JUPaeLXW5O5L1QEGZ4ER2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e60::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:40:24:ad:b8:8e:13:80:c5:3d:e0:74:90:ec:12:d8:72:f9:
         9f:6b:74:1e:33:da:96:d4:60:a3:5f:73:d3:44:4c:ad:fe:03:
         3d:62:54:96:bc:bb:20:98:b2:b0:26:63:eb:66:95:8d:5b:35:
         2a:94:49:8c:5c:60:fd:47:1b:7f:d3:0f:16:db:d4:4c:d0:91:
         c0:a3:10:87:cf:df:e4:ec:4b:41:33:62:86:57:87:4e:e4:a4:
         4c:7c:22:18:2a:13:cc:37:59:27:75:e6:51:ba:3b:4c:3b:f6:
         74:e6:1c:d7:28:0b:cc:6c:7e:b1:0e:17:aa:2d:ac:c9:9b:9c:
         f9:8e:dd:f3:2e:08:43:87:43:2d:26:12:21:1c:68:e5:30:7c:
         89:db:4c:11:81:5a:ff:ac:f5:5a:07:4d:f9:80:09:ef:b9:59:
         df:98:82:97:51:f1:a9:1f:51:f4:a4:08:60:88:df:af:9c:f6:
         ae:ab:cc:26:31:95:b1:98:99:dc:ee:e8:a4:2d:27:df:bc:40:
         74:73:e5:e3:78:5a:eb:ee:65:93:97:d4:92:7d:76:e6:51:c5:
         70:d6:1b:a7:a1:bb:68:85:1c:a3:69:88:5a:95:b3:ba:f2:cb:
         d1:f0:54:b5:8f:03:06:61:2c:1b:2b:24:fe:12:9b:9d:f9:52:
         e4:c1:8b:28
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt87fNgBNrWirEJXvkkHDEZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNWYyNWU4OTUwZjY5ZTJkNzViOTNiOTJmNTQwNDE5OWUw
NDQ3NjIwHhcNMjYwMTAyMDQxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmNiNDEzYzU4Y2NlOTE2NGJjOWQwOTIxN2Y4MmNiNThhOTMzNjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJoWcB6qO0Ab1NPTLC2RL9hGFHdL
OBnQBXx771Kt07kWWuShYcjQNgF5u2hYxiHTEBKUYvOfDwHaGB4Kxj5MWi0LpOMo
aeoOizO05ROJOzSv4HdysquVn/5Uag4Sx6ohrZfCfTM3mRSf7J6aIAyJ3DIH+4m6
uhkT4aZp0nl3vF0ga/IyJCsii0Xg2syoUEXS+IqhCfiGUuH+w5WLGPxrHZzh+rti
zoRLjD85twcuUDbmO2/JmlycgL3QUcn8uOxExP8Bru60OJsHMOPqlhXefJozqzZm
9l34Ct6RbtdtG2nbrcjsNAWtb2CzJNL74QB82lGanUAZvowA7jAIRC6bjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEbLQTxYzOkWS8nQkhf4LLWKkzYqMB8GA1UdIwQY
MBaAFNpfJeiVD2ni11uTuS9UBBmeBEdiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmw4bDZKVVBhZUxYVzVPNUwxUUVHWjRFUjJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9iNGRmNGQtOGE4NC00YmUzLThlNzkt
ZTJhYmM2MzEwMGJiLzEvUnN0QlBGak02UlpMeWRDU0ZfZ3N0WXFUTmlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9iNGRmNGQtOGE4NC00YmUzLThlNzktZTJhYmM2MzEwMGJi
LzEvMmw4bDZKVVBhZUxYVzVPNUwxUUVHWjRFUjJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA5g
MA0GCSqGSIb3DQEBCwUAA4IBAQA+QCStuI4TgMU94HSQ7BLYcvmfa3QeM9qW1GCj
X3PTREyt/gM9YlSWvLsgmLKwJmPrZpWNWzUqlEmMXGD9Rxt/0w8W29RM0JHAoxCH
z9/k7EtBM2KGV4dO5KRMfCIYKhPMN1kndeZRujtMO/Z05hzXKAvMbH6xDheqLazJ
m5z5jt3zLghDh0MtJhIhHGjlMHyJ20wRgVr/rPVaB035gAnvuVnfmIKXUfGpH1H0
pAhgiN+vnPauq8wmMZWxmJnc7uikLSffvEB0c+XjeFrr7mWTl9SSfXbmUcVw1hun
obtohRyjaYhalbO68svR8FS1jwMGYSwbKyT+Epud+VLkwYso
-----END CERTIFICATE-----