Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/71c590-246d-4aab-9dde-86304f5fe52a/1/JgS-n-wNqWZrJNFBUoK-xA0PR9k.roa
File:                     JgS-n-wNqWZrJNFBUoK-xA0PR9k.roa (raw, json)
Hash identifier:          /mEkB78+oSmFupgf2hrBJR3V+vJktDDVV7xA/T40FWQ=
Subject key identifier:   26:04:BE:9F:EC:0D:A9:66:6B:24:D1:41:52:82:BE:C4:0D:0F:47:D9
Certificate issuer:       /CN=2f82057bdf184fc43a1a3b05e3dd99ffe2a0be60
Certificate serial:       019933B32EAE8EAFE5D60B8480FE16B1AF54
Authority key identifier: 2F:82:05:7B:DF:18:4F:C4:3A:1A:3B:05:E3:DD:99:FF:E2:A0:BE:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L4IFe98YT8Q6GjsF492Z_-KgvmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/71c590-246d-4aab-9dde-86304f5fe52a/1/JgS-n-wNqWZrJNFBUoK-xA0PR9k.roa
Signing time:             Wed 10 Sep 2025 12:56:44 +0000
ROA not before:           Wed 10 Sep 2025 12:56:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29607
IP address blocks:        2001:67c:1ec::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/71c590-246d-4aab-9dde-86304f5fe52a/1/L4IFe98YT8Q6GjsF492Z_-KgvmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/71c590-246d-4aab-9dde-86304f5fe52a/1/L4IFe98YT8Q6GjsF492Z_-KgvmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L4IFe98YT8Q6GjsF492Z_-KgvmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:33:b3:2e:ae:8e:af:e5:d6:0b:84:80:fe:16:b1:af:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f82057bdf184fc43a1a3b05e3dd99ffe2a0be60
        Validity
            Not Before: Sep 10 12:56:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2604be9fec0da9666b24d1415282bec40d0f47d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:17:78:87:0e:32:25:2a:ec:f7:a9:9c:57:85:
                    b5:a6:85:4c:d6:28:14:8b:96:69:40:f3:87:2f:9e:
                    6f:1b:6e:69:d7:fa:cc:79:c9:21:1c:0c:5d:c7:d1:
                    ae:c2:b3:1f:fe:e2:d5:e4:87:e2:5a:7f:17:c3:51:
                    a9:46:7e:19:fd:e3:7f:d3:94:61:b2:86:c6:04:8b:
                    55:4a:36:9a:3f:42:ec:51:63:6f:74:e7:4e:9d:f4:
                    ee:08:8a:c5:10:f6:31:4a:e7:b7:77:99:d7:75:dd:
                    ec:a4:f4:d7:8b:48:26:56:16:79:ba:cf:91:fb:91:
                    fd:b7:88:a5:c9:f1:6a:31:2c:4c:4e:08:f3:55:36:
                    a2:71:15:89:a3:85:b6:cc:15:69:8d:6b:f0:47:c3:
                    7b:91:e9:04:ec:af:8a:08:24:a0:ec:af:61:eb:ee:
                    10:ae:39:1b:12:be:fd:a6:24:3e:7b:8a:4a:c2:9d:
                    36:6f:c6:66:b8:03:15:26:0c:72:e8:82:6f:27:68:
                    75:63:a1:9e:ce:74:51:e3:5c:90:7d:15:de:41:5e:
                    93:58:98:c6:99:63:ab:f8:48:16:7d:99:46:f4:ba:
                    db:29:7d:59:ed:eb:b0:ec:63:75:8a:fb:34:54:6b:
                    e4:a6:bc:d5:2b:80:80:96:e1:c9:15:f2:89:50:fc:
                    29:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:04:BE:9F:EC:0D:A9:66:6B:24:D1:41:52:82:BE:C4:0D:0F:47:D9
            X509v3 Authority Key Identifier:
                keyid:2F:82:05:7B:DF:18:4F:C4:3A:1A:3B:05:E3:DD:99:FF:E2:A0:BE:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L4IFe98YT8Q6GjsF492Z_-KgvmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/71c590-246d-4aab-9dde-86304f5fe52a/1/JgS-n-wNqWZrJNFBUoK-xA0PR9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/71c590-246d-4aab-9dde-86304f5fe52a/1/L4IFe98YT8Q6GjsF492Z_-KgvmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1ec::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:fc:9a:c7:2c:55:94:66:eb:e4:7c:8d:d0:9d:3d:42:ee:9a:
         cd:d6:84:e2:b3:81:0e:73:a7:51:8c:15:66:a0:b7:ed:c0:d5:
         01:50:d2:d2:c4:e0:8d:cd:d3:41:26:dc:b6:a7:69:94:21:f8:
         cd:70:0e:f2:25:4b:b3:15:af:e9:b3:72:0b:8d:32:8b:f9:db:
         f3:9f:71:ed:f8:c0:7d:23:ed:26:17:c3:b3:cf:64:ab:22:4b:
         b7:00:c9:29:09:62:fe:41:df:ca:0a:ae:6f:42:1c:1a:df:91:
         2c:77:7b:f0:46:d4:70:e8:cb:a3:e3:e6:6f:6e:a1:a0:41:cc:
         28:f0:e4:04:d9:dc:d6:4c:d6:2f:c7:da:6f:a8:da:9f:83:3c:
         3e:0c:b7:94:b8:a6:fc:d3:58:06:68:4d:f5:75:55:61:c0:a2:
         19:60:5c:2c:34:f5:3f:39:b7:b5:68:c1:ad:eb:01:64:3c:a0:
         41:a8:5e:5a:49:b9:f2:c9:26:4b:a1:95:2a:70:b1:8e:ac:0e:
         de:79:a2:81:ac:3b:c8:81:57:0f:bf:26:88:50:c0:7e:1c:cc:
         85:37:f7:9a:de:87:5c:c9:4b:49:43:d2:ce:05:3b:ec:73:85:
         70:19:77:10:a2:18:76:9f:84:e8:87:10:36:ec:b8:d8:16:19:
         1b:de:c8:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZkzsy6ujq/l1guEgP4Wsa9UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmODIwNTdiZGYxODRmYzQzYTFhM2IwNWUzZGQ5OWZmZTJh
MGJlNjAwHhcNMjUwOTEwMTI1NjQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjA0YmU5ZmVjMGRhOTY2NmIyNGQxNDE1MjgyYmVjNDBkMGY0N2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Rd4hw4yJSrs96mcV4W1poVM1igU
i5ZpQPOHL55vG25p1/rMeckhHAxdx9GuwrMf/uLV5IfiWn8Xw1GpRn4Z/eN/05Rh
sobGBItVSjaaP0LsUWNvdOdOnfTuCIrFEPYxSue3d5nXdd3spPTXi0gmVhZ5us+R
+5H9t4ilyfFqMSxMTgjzVTaicRWJo4W2zBVpjWvwR8N7kekE7K+KCCSg7K9h6+4Q
rjkbEr79piQ+e4pKwp02b8ZmuAMVJgxy6IJvJ2h1Y6GeznRR41yQfRXeQV6TWJjG
mWOr+EgWfZlG9LrbKX1Z7euw7GN1ivs0VGvkprzVK4CAluHJFfKJUPwpQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCYEvp/sDalmayTRQVKCvsQND0fZMB8GA1UdIwQY
MBaAFC+CBXvfGE/EOho7BePdmf/ioL5gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDRJRmU5OFlUOFE2R2pzRjQ5MlpfLUtndm1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC83MWM1OTAtMjQ2ZC00YWFiLTlkZGUt
ODYzMDRmNWZlNTJhLzEvSmdTLW4td05xV1pySk5GQlVvSy14QTBQUjlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC83MWM1OTAtMjQ2ZC00YWFiLTlkZGUtODYzMDRmNWZlNTJh
LzEvTDRJRmU5OFlUOFE2R2pzRjQ5MlpfLUtndm1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAHs
MA0GCSqGSIb3DQEBCwUAA4IBAQA7/JrHLFWUZuvkfI3QnT1C7prN1oTis4EOc6dR
jBVmoLftwNUBUNLSxOCNzdNBJty2p2mUIfjNcA7yJUuzFa/ps3ILjTKL+dvzn3Ht
+MB9I+0mF8Ozz2SrIku3AMkpCWL+Qd/KCq5vQhwa35Esd3vwRtRw6Muj4+ZvbqGg
Qcwo8OQE2dzWTNYvx9pvqNqfgzw+DLeUuKb801gGaE31dVVhwKIZYFwsNPU/Obe1
aMGt6wFkPKBBqF5aSbnyySZLoZUqcLGOrA7eeaKBrDvIgVcPvyaIUMB+HMyFN/ea
3odcyUtJQ9LOBTvsc4VwGXcQohh2n4TohxA27LjYFhkb3siI
-----END CERTIFICATE-----