Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/3afc81-30e6-4b8e-8d3b-57f54ea43e16/1/syWGgITCZamVo-nCUcKih8Fhw7k.roa
File:                     syWGgITCZamVo-nCUcKih8Fhw7k.roa (raw, json)
Hash identifier:          Y9UTs9CcobIoVtNfLT2NYBFUloNQFN2szm6vlcjIvRY=
Subject key identifier:   B3:25:86:80:84:C2:65:A9:95:A3:E9:C2:51:C2:A2:87:C1:61:C3:B9
Certificate issuer:       /CN=e5a8865914deccdc9807241fd70b6bb083a444b3
Certificate serial:       01997AFA3CCF0A28CB76AE6101D7F6271CFF
Authority key identifier: E5:A8:86:59:14:DE:CC:DC:98:07:24:1F:D7:0B:6B:B0:83:A4:44:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5aiGWRTezNyYByQf1wtrsIOkRLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/3afc81-30e6-4b8e-8d3b-57f54ea43e16/1/syWGgITCZamVo-nCUcKih8Fhw7k.roa
Signing time:             Wed 24 Sep 2025 09:07:23 +0000
ROA not before:           Wed 24 Sep 2025 09:07:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24620
IP address blocks:        2001:67c:958::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/3afc81-30e6-4b8e-8d3b-57f54ea43e16/1/5aiGWRTezNyYByQf1wtrsIOkRLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/3afc81-30e6-4b8e-8d3b-57f54ea43e16/1/5aiGWRTezNyYByQf1wtrsIOkRLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5aiGWRTezNyYByQf1wtrsIOkRLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7a:fa:3c:cf:0a:28:cb:76:ae:61:01:d7:f6:27:1c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5a8865914deccdc9807241fd70b6bb083a444b3
        Validity
            Not Before: Sep 24 09:07:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b325868084c265a995a3e9c251c2a287c161c3b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:de:89:91:1f:eb:ba:2c:9f:fc:04:df:d0:72:
                    70:52:dc:a9:e6:55:4c:70:be:3b:02:9e:f4:7f:c2:
                    60:a7:0d:a9:b4:b5:94:00:1f:0a:8b:76:78:ac:51:
                    07:73:e4:90:0c:52:52:29:c0:bd:74:72:fa:47:87:
                    e0:b2:ba:2f:d8:7b:27:06:eb:5c:37:28:2a:76:9d:
                    a4:ef:a2:5c:d2:80:aa:ad:05:7a:5b:2c:f6:c3:a4:
                    62:fc:f4:09:79:53:0f:89:f7:f5:c9:77:fa:f0:4f:
                    ca:99:c2:18:79:02:0c:73:41:a6:ba:d6:05:29:6f:
                    11:08:1e:3e:fb:13:8b:bc:4b:18:94:fb:8c:13:7f:
                    08:02:73:f5:4d:a2:75:6a:59:9d:98:e1:31:6f:51:
                    93:ae:03:bc:ff:2e:b2:c7:ce:96:4a:bb:03:dd:0d:
                    1b:a3:fa:5e:84:25:ff:8a:91:b7:f0:cc:ac:ef:ad:
                    4e:16:69:32:e7:f6:4f:c1:5b:da:08:a4:9f:b6:f7:
                    a2:b6:fd:10:a5:ec:5d:f0:67:46:ca:8c:b9:67:2b:
                    1b:57:23:59:c2:e6:07:b2:a3:5c:a5:d9:2d:84:8b:
                    ea:ca:4f:09:84:07:77:11:f2:42:f0:74:5c:63:12:
                    ae:e3:6f:4f:57:38:58:b5:d6:57:dc:c1:5e:e5:47:
                    1e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:25:86:80:84:C2:65:A9:95:A3:E9:C2:51:C2:A2:87:C1:61:C3:B9
            X509v3 Authority Key Identifier:
                keyid:E5:A8:86:59:14:DE:CC:DC:98:07:24:1F:D7:0B:6B:B0:83:A4:44:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5aiGWRTezNyYByQf1wtrsIOkRLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/3afc81-30e6-4b8e-8d3b-57f54ea43e16/1/syWGgITCZamVo-nCUcKih8Fhw7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/3afc81-30e6-4b8e-8d3b-57f54ea43e16/1/5aiGWRTezNyYByQf1wtrsIOkRLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:958::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:ee:11:5e:d7:e4:e1:e7:70:8f:3c:c2:e6:56:6c:33:e7:71:
         61:b3:fd:b5:24:22:26:b2:3a:77:55:71:db:33:eb:c5:6a:7e:
         8c:24:63:61:62:5f:9d:9d:34:8d:51:82:5b:d6:96:d7:b5:de:
         5a:d1:44:f8:02:1b:0d:54:61:e8:d1:66:c9:10:3b:2c:fb:54:
         ca:78:cf:5a:ae:2c:2b:ba:55:52:77:dd:26:fa:75:c1:eb:51:
         03:9c:91:b1:2f:7a:6a:ba:5d:4d:1f:a9:4e:b3:4f:f3:98:66:
         0d:ee:ec:30:b1:2c:a9:55:01:bc:cc:85:1d:e6:cd:4f:c8:d6:
         e9:21:02:19:81:be:49:ba:b3:6c:b3:a1:9d:cb:b5:92:f6:0f:
         d8:98:a5:73:a9:e1:54:05:c8:eb:c1:54:67:11:35:af:b7:4d:
         3e:80:43:22:83:42:d5:d7:18:e5:58:29:1c:c8:a8:40:07:f0:
         38:f3:6b:d5:f9:d5:59:54:20:1b:86:b6:6b:10:a4:2a:17:49:
         d2:6a:52:c8:1a:37:e9:18:45:70:31:3d:59:6f:9a:5a:47:b8:
         c7:a6:10:96:b8:7a:74:b5:bf:71:e4:e9:25:12:9e:d6:2c:39:
         11:ac:5e:e0:8a:26:23:9d:7a:1c:26:75:89:9f:21:53:68:9a:
         7b:01:29:2e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZl6+jzPCijLdq5hAdf2Jxz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YTg4NjU5MTRkZWNjZGM5ODA3MjQxZmQ3MGI2YmIwODNh
NDQ0YjMwHhcNMjUwOTI0MDkwNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzI1ODY4MDg0YzI2NWE5OTVhM2U5YzI1MWMyYTI4N2MxNjFjM2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArd6JkR/ruiyf/ATf0HJwUtyp5lVM
cL47Ap70f8Jgpw2ptLWUAB8Ki3Z4rFEHc+SQDFJSKcC9dHL6R4fgsrov2HsnButc
Nygqdp2k76Jc0oCqrQV6Wyz2w6Ri/PQJeVMPiff1yXf68E/KmcIYeQIMc0GmutYF
KW8RCB4++xOLvEsYlPuME38IAnP1TaJ1almdmOExb1GTrgO8/y6yx86WSrsD3Q0b
o/pehCX/ipG38Mys761OFmky5/ZPwVvaCKSftveitv0Qpexd8GdGyoy5ZysbVyNZ
wuYHsqNcpdkthIvqyk8JhAd3EfJC8HRcYxKu429PVzhYtdZX3MFe5UcefwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLMlhoCEwmWplaPpwlHCoofBYcO5MB8GA1UdIwQY
MBaAFOWohlkU3szcmAckH9cLa7CDpESzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWFpR1dSVGV6TnlZQnlRZjF3dHJzSU9rUkxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8zYWZjODEtMzBlNi00YjhlLThkM2It
NTdmNTRlYTQzZTE2LzEvc3lXR2dJVENaYW1Wby1uQ1VjS2loOEZodzdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8zYWZjODEtMzBlNi00YjhlLThkM2ItNTdmNTRlYTQzZTE2
LzEvNWFpR1dSVGV6TnlZQnlRZjF3dHJzSU9rUkxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAlY
MA0GCSqGSIb3DQEBCwUAA4IBAQBH7hFe1+Th53CPPMLmVmwz53Fhs/21JCImsjp3
VXHbM+vFan6MJGNhYl+dnTSNUYJb1pbXtd5a0UT4AhsNVGHo0WbJEDss+1TKeM9a
riwrulVSd90m+nXB61EDnJGxL3pqul1NH6lOs0/zmGYN7uwwsSypVQG8zIUd5s1P
yNbpIQIZgb5JurNss6Gdy7WS9g/YmKVzqeFUBcjrwVRnETWvt00+gEMig0LV1xjl
WCkcyKhAB/A482vV+dVZVCAbhrZrEKQqF0nSalLIGjfpGEVwMT1Zb5paR7jHphCW
uHp0tb9x5OklEp7WLDkRrF7giiYjnXocJnWJnyFTaJp7ASku
-----END CERTIFICATE-----