Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/2a656a-9323-4424-8fb5-179792768dae/1/TbZ9-J7RJ19MnUwHQhG72h3QmmA.roa
File:                     TbZ9-J7RJ19MnUwHQhG72h3QmmA.roa (raw, json)
Hash identifier:          1KAnW0BNGRWt07l0J8xmwG1lZvzCRjTvOjNa6gA0ebQ=
Subject key identifier:   4D:B6:7D:F8:9E:D1:27:5F:4C:9D:4C:07:42:11:BB:DA:1D:D0:9A:60
Certificate issuer:       /CN=c60f3246fdd61ba1b5792fe1aec4adca98d75a5c
Certificate serial:       01997AE52DCA68EB321BC6547B2A25982AA0
Authority key identifier: C6:0F:32:46:FD:D6:1B:A1:B5:79:2F:E1:AE:C4:AD:CA:98:D7:5A:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xg8yRv3WG6G1eS_hrsStypjXWlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/2a656a-9323-4424-8fb5-179792768dae/1/TbZ9-J7RJ19MnUwHQhG72h3QmmA.roa
Signing time:             Wed 24 Sep 2025 08:44:23 +0000
ROA not before:           Wed 24 Sep 2025 08:44:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214913
IP address blocks:        2001:67c:c0c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/2a656a-9323-4424-8fb5-179792768dae/1/xg8yRv3WG6G1eS_hrsStypjXWlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/2a656a-9323-4424-8fb5-179792768dae/1/xg8yRv3WG6G1eS_hrsStypjXWlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xg8yRv3WG6G1eS_hrsStypjXWlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 05:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7a:e5:2d:ca:68:eb:32:1b:c6:54:7b:2a:25:98:2a:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c60f3246fdd61ba1b5792fe1aec4adca98d75a5c
        Validity
            Not Before: Sep 24 08:44:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4db67df89ed1275f4c9d4c074211bbda1dd09a60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c8:9e:e4:ba:1d:29:c2:d3:ce:05:6c:dd:15:
                    b3:8d:b5:a8:68:ac:f3:28:bd:51:e7:7b:6e:4c:c6:
                    93:bc:7a:82:5a:cc:bc:72:df:da:63:fe:34:62:dd:
                    ce:ad:38:56:45:84:9a:dd:c8:4e:b8:c5:69:cd:b0:
                    5e:b0:4a:54:29:2c:a1:3e:bf:a9:94:5d:ad:47:23:
                    29:f4:e2:38:d5:f8:08:fa:36:d1:c1:75:5f:76:71:
                    d8:b2:82:02:95:f7:aa:b4:7c:dd:bd:60:aa:c5:eb:
                    a5:08:a3:a7:c1:af:9f:f5:04:52:d1:99:74:06:d7:
                    40:e8:7e:01:43:32:a4:2f:08:0a:12:00:60:2a:f0:
                    72:7b:98:8c:7a:59:50:c1:e2:01:13:36:0c:c5:aa:
                    09:8c:50:d4:25:e5:23:0a:9c:3d:b6:53:32:79:20:
                    f9:64:c6:8b:98:cc:15:f6:23:06:98:29:41:8f:76:
                    ee:3c:c2:ae:00:8f:3e:64:62:a9:17:e6:d8:f1:43:
                    71:22:5d:1d:f3:a2:61:bd:ba:63:3f:ec:c4:af:01:
                    46:5f:a9:e8:44:ef:04:e9:2e:6d:02:cb:ec:d3:96:
                    33:87:b7:46:49:48:98:95:d9:95:45:4f:1e:79:fc:
                    23:bb:cd:59:67:4e:5d:09:d7:5d:77:ea:4e:57:24:
                    e4:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:B6:7D:F8:9E:D1:27:5F:4C:9D:4C:07:42:11:BB:DA:1D:D0:9A:60
            X509v3 Authority Key Identifier:
                keyid:C6:0F:32:46:FD:D6:1B:A1:B5:79:2F:E1:AE:C4:AD:CA:98:D7:5A:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xg8yRv3WG6G1eS_hrsStypjXWlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/2a656a-9323-4424-8fb5-179792768dae/1/TbZ9-J7RJ19MnUwHQhG72h3QmmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/2a656a-9323-4424-8fb5-179792768dae/1/xg8yRv3WG6G1eS_hrsStypjXWlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:81:d7:22:9c:ed:7e:57:fd:e8:72:a9:6e:d7:02:24:7e:45:
         fa:97:a9:0e:91:3f:9c:00:78:6c:9a:6f:30:13:8f:be:6e:2d:
         36:3c:5b:7a:95:11:28:a5:50:34:11:97:d2:b7:97:9f:d1:ae:
         e2:b6:de:5e:c5:cb:bb:17:ab:d8:b0:02:74:9a:8c:e1:77:9b:
         3c:05:33:8e:83:d8:cb:7f:9e:0c:1e:27:c4:ef:86:4c:62:69:
         e9:65:83:9a:d8:5e:3e:71:d9:93:b8:75:36:b9:95:81:0d:9c:
         fc:a1:ae:f7:fe:38:84:34:f9:fd:f3:f7:de:44:31:69:7f:6b:
         55:66:e1:7d:8a:cf:82:bc:ea:29:56:61:cb:1b:9f:bc:2a:7d:
         90:c5:2d:65:f9:16:0c:d7:9b:10:50:8c:1b:63:1e:29:f5:61:
         13:77:45:aa:a8:90:e1:0b:50:7a:63:89:19:59:18:f7:b9:9c:
         13:ca:90:42:29:8c:58:73:36:d9:4e:b7:f2:1f:79:96:41:db:
         f3:93:74:31:b4:e7:1a:29:0b:fe:29:5c:8f:b6:eb:14:2b:ab:
         b8:5c:ea:d7:a6:0d:87:eb:ec:10:a1:71:b9:78:b7:bc:0b:3b:
         98:69:03:3c:47:9d:44:0b:4a:a8:d3:a0:2f:7f:c6:fb:b4:42:
         39:6e:a1:6c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZl65S3KaOsyG8ZUeyolmCqgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MGYzMjQ2ZmRkNjFiYTFiNTc5MmZlMWFlYzRhZGNhOThk
NzVhNWMwHhcNMjUwOTI0MDg0NDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGI2N2RmODllZDEyNzVmNGM5ZDRjMDc0MjExYmJkYTFkZDA5YTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcie5LodKcLTzgVs3RWzjbWoaKzz
KL1R53tuTMaTvHqCWsy8ct/aY/40Yt3OrThWRYSa3chOuMVpzbBesEpUKSyhPr+p
lF2tRyMp9OI41fgI+jbRwXVfdnHYsoIClfeqtHzdvWCqxeulCKOnwa+f9QRS0Zl0
BtdA6H4BQzKkLwgKEgBgKvBye5iMellQweIBEzYMxaoJjFDUJeUjCpw9tlMyeSD5
ZMaLmMwV9iMGmClBj3buPMKuAI8+ZGKpF+bY8UNxIl0d86JhvbpjP+zErwFGX6no
RO8E6S5tAsvs05Yzh7dGSUiYldmVRU8eefwju81ZZ05dCdddd+pOVyTkjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE22ffie0SdfTJ1MB0IRu9od0JpgMB8GA1UdIwQY
MBaAFMYPMkb91huhtXkv4a7ErcqY11pcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGc4eVJ2M1dHNkcxZVNfaHJzU3R5cGpYV2x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8yYTY1NmEtOTMyMy00NDI0LThmYjUt
MTc5NzkyNzY4ZGFlLzEvVGJaOS1KN1JKMTlNblV3SFFoRzcyaDNRbW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8yYTY1NmEtOTMyMy00NDI0LThmYjUtMTc5NzkyNzY4ZGFl
LzEveGc4eVJ2M1dHNkcxZVNfaHJzU3R5cGpYV2x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAwM
MA0GCSqGSIb3DQEBCwUAA4IBAQCCgdcinO1+V/3ocqlu1wIkfkX6l6kOkT+cAHhs
mm8wE4++bi02PFt6lREopVA0EZfSt5ef0a7itt5excu7F6vYsAJ0mozhd5s8BTOO
g9jLf54MHifE74ZMYmnpZYOa2F4+cdmTuHU2uZWBDZz8oa73/jiENPn98/feRDFp
f2tVZuF9is+CvOopVmHLG5+8Kn2QxS1l+RYM15sQUIwbYx4p9WETd0WqqJDhC1B6
Y4kZWRj3uZwTypBCKYxYczbZTrfyH3mWQdvzk3QxtOcaKQv+KVyPtusUK6u4XOrX
pg2H6+wQoXG5eLe8CzuYaQM8R51EC0qo06Avf8b7tEI5bqFs
-----END CERTIFICATE-----