Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8ef6b9-d851-43a4-8977-df3545b44c0b/1/Zf-qZ2UMzAyGiL8cjRBDf8GsL_c.roa
File:                     Zf-qZ2UMzAyGiL8cjRBDf8GsL_c.roa (raw, json)
Hash identifier:          hcx1HTNC9tU6Msn2W64wHhUXk0lGhQiRmQqK9xZ6N7U=
Subject key identifier:   65:FF:AA:67:65:0C:CC:0C:86:88:BF:1C:8D:10:43:7F:C1:AC:2F:F7
Certificate issuer:       /CN=11c7eaf1bf50f141d5651d8909ac76c9d480a696
Certificate serial:       0199A00A703193AD196DDF7105B146CEC9F9
Authority key identifier: 11:C7:EA:F1:BF:50:F1:41:D5:65:1D:89:09:AC:76:C9:D4:80:A6:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ecfq8b9Q8UHVZR2JCax2ydSAppY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8ef6b9-d851-43a4-8977-df3545b44c0b/1/Zf-qZ2UMzAyGiL8cjRBDf8GsL_c.roa
Signing time:             Wed 01 Oct 2025 13:51:02 +0000
ROA not before:           Wed 01 Oct 2025 13:51:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25387
IP address blocks:        62.88.128.0/17 maxlen: 17
                          2a03:7080::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8ef6b9-d851-43a4-8977-df3545b44c0b/1/Ecfq8b9Q8UHVZR2JCax2ydSAppY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8ef6b9-d851-43a4-8977-df3545b44c0b/1/Ecfq8b9Q8UHVZR2JCax2ydSAppY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ecfq8b9Q8UHVZR2JCax2ydSAppY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a0:0a:70:31:93:ad:19:6d:df:71:05:b1:46:ce:c9:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11c7eaf1bf50f141d5651d8909ac76c9d480a696
        Validity
            Not Before: Oct  1 13:51:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65ffaa67650ccc0c8688bf1c8d10437fc1ac2ff7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:75:6d:4d:86:77:36:da:51:4f:9a:a9:a0:38:
                    c0:75:1d:78:a1:d0:f4:95:9b:4e:ab:2d:0c:d1:7f:
                    7d:d3:28:c0:a0:38:58:f0:62:f7:72:2e:34:e7:da:
                    05:6f:07:01:d8:50:29:11:52:e1:ff:f2:17:70:bf:
                    b4:1a:fa:ae:2a:33:dd:21:bf:84:c6:39:1f:eb:c1:
                    db:19:71:5e:e3:5f:f3:2f:2f:1b:91:80:05:be:4a:
                    36:de:cd:ca:47:6c:4d:5e:e4:6c:94:80:1c:85:eb:
                    dc:06:77:58:a4:8d:86:7b:42:66:79:71:7f:5a:a8:
                    9c:ec:f0:d8:52:3d:02:d3:1f:71:ba:42:8f:e1:17:
                    71:75:e8:d3:14:1d:8f:12:42:a0:07:40:88:5d:98:
                    e0:7c:3c:90:36:70:d2:37:9a:43:60:48:d0:d1:40:
                    f2:d1:32:ea:04:1d:a6:73:83:6e:be:41:2d:55:c1:
                    ab:e6:52:b3:fe:90:ac:48:0e:90:8a:d1:f7:08:16:
                    a3:d8:b6:96:1c:95:4b:f3:16:c8:07:c7:b4:96:71:
                    cb:86:1f:07:cb:97:e1:16:07:58:f9:a1:7d:be:0c:
                    af:27:7a:7b:4a:8f:35:b8:6c:b6:c2:a6:ca:de:ff:
                    a3:3a:af:f9:b1:6c:58:e5:71:35:1e:c2:30:1e:3b:
                    d2:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:FF:AA:67:65:0C:CC:0C:86:88:BF:1C:8D:10:43:7F:C1:AC:2F:F7
            X509v3 Authority Key Identifier:
                keyid:11:C7:EA:F1:BF:50:F1:41:D5:65:1D:89:09:AC:76:C9:D4:80:A6:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ecfq8b9Q8UHVZR2JCax2ydSAppY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8ef6b9-d851-43a4-8977-df3545b44c0b/1/Zf-qZ2UMzAyGiL8cjRBDf8GsL_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8ef6b9-d851-43a4-8977-df3545b44c0b/1/Ecfq8b9Q8UHVZR2JCax2ydSAppY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.88.128.0/17
                IPv6:
                  2a03:7080::/32

    Signature Algorithm: sha256WithRSAEncryption
         71:fb:82:8c:28:fd:7e:6a:8e:50:79:e9:77:7c:7b:c7:9f:49:
         1a:6e:7c:e5:1d:35:82:0b:17:76:11:10:57:64:65:e0:ae:a2:
         c1:41:29:0e:3d:fc:9d:fc:74:e5:ea:5b:c8:4d:f1:26:d1:de:
         82:74:40:52:6e:af:8a:c4:57:e8:23:f7:8e:8f:49:cd:34:cb:
         f6:75:b4:36:89:37:13:24:e4:ac:0e:6d:48:ee:30:bb:18:ac:
         a5:e9:93:8e:85:85:fa:e1:f3:b7:ac:62:94:02:02:d3:43:0b:
         b3:fe:be:e1:65:de:3a:ca:1c:59:0f:a6:da:41:61:7b:99:38:
         70:97:fe:dc:14:05:5a:c7:31:04:5f:b0:ab:37:30:dd:c1:67:
         79:fc:e4:53:05:d3:94:c1:8f:f4:12:3a:7b:f8:05:f4:4c:43:
         38:9f:e0:7e:12:14:96:49:ff:ad:82:0b:be:f0:4a:65:8c:5e:
         ac:90:38:92:8e:ad:39:e1:bc:90:d3:51:8a:e3:f9:a1:b1:61:
         10:78:ee:4a:9f:77:31:e2:79:39:4e:1c:a6:2f:4f:31:03:be:
         b3:6a:f4:b6:e4:f1:4e:7c:90:b9:0b:42:42:96:a0:6d:7b:9f:
         96:c6:37:c0:5a:45:ce:5a:b1:3a:e2:e7:d0:88:71:b0:4b:5d:
         d9:d2:00:3d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZmgCnAxk60Zbd9xBbFGzsn5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYzdlYWYxYmY1MGYxNDFkNTY1MWQ4OTA5YWM3NmM5ZDQ4
MGE2OTYwHhcNMjUxMDAxMTM1MTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWZmYWE2NzY1MGNjYzBjODY4OGJmMWM4ZDEwNDM3ZmMxYWMyZmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8XVtTYZ3NtpRT5qpoDjAdR14odD0
lZtOqy0M0X990yjAoDhY8GL3ci4059oFbwcB2FApEVLh//IXcL+0GvquKjPdIb+E
xjkf68HbGXFe41/zLy8bkYAFvko23s3KR2xNXuRslIAchevcBndYpI2Ge0JmeXF/
Wqic7PDYUj0C0x9xukKP4RdxdejTFB2PEkKgB0CIXZjgfDyQNnDSN5pDYEjQ0UDy
0TLqBB2mc4NuvkEtVcGr5lKz/pCsSA6QitH3CBaj2LaWHJVL8xbIB8e0lnHLhh8H
y5fhFgdY+aF9vgyvJ3p7So81uGy2wqbK3v+jOq/5sWxY5XE1HsIwHjvS7QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGX/qmdlDMwMhoi/HI0QQ3/BrC/3MB8GA1UdIwQY
MBaAFBHH6vG/UPFB1WUdiQmsdsnUgKaWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWNmcThiOVE4VUhWWlIySkNheDJ5ZFNBcHBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84ZWY2YjktZDg1MS00M2E0LTg5Nzct
ZGYzNTQ1YjQ0YzBiLzEvWmYtcVoyVU16QXlHaUw4Y2pSQkRmOEdzTF9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84ZWY2YjktZDg1MS00M2E0LTg5NzctZGYzNTQ1YjQ0YzBi
LzEvRWNmcThiOVE4VUhWWlIySkNheDJ5ZFNBcHBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQHPliAMA0E
AgACMAcDBQAqA3CAMA0GCSqGSIb3DQEBCwUAA4IBAQBx+4KMKP1+ao5Qeel3fHvH
n0kabnzlHTWCCxd2ERBXZGXgrqLBQSkOPfyd/HTl6lvITfEm0d6CdEBSbq+KxFfo
I/eOj0nNNMv2dbQ2iTcTJOSsDm1I7jC7GKyl6ZOOhYX64fO3rGKUAgLTQwuz/r7h
Zd46yhxZD6baQWF7mThwl/7cFAVaxzEEX7CrNzDdwWd5/ORTBdOUwY/0Ejp7+AX0
TEM4n+B+EhSWSf+tggu+8EpljF6skDiSjq054byQ01GK4/mhsWEQeO5Kn3cx4nk5
ThymL08xA76zavS25PFOfJC5C0JClqBte5+WxjfAWkXOWrE64ufQiHGwS13Z0gA9
-----END CERTIFICATE-----