Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/1d5135-b712-431a-a28b-b57f50f00804/1/1725gUGQIpKhUhC6TOahnEdES40.roa
File:                     1725gUGQIpKhUhC6TOahnEdES40.roa (raw, json)
Hash identifier:          gz+cyjfpqWkO2//cF11n4nopLq+bPFaAXZONiWW+enE=
Subject key identifier:   D7:BD:B9:81:41:90:22:92:A1:52:10:BA:4C:E6:A1:9C:47:44:4B:8D
Certificate issuer:       /CN=f0594e7a31db7937fab52fcc389059d3451f2366
Certificate serial:       0199CDF76D988A8E00FCA49AF6FD1FBA0CD4
Authority key identifier: F0:59:4E:7A:31:DB:79:37:FA:B5:2F:CC:38:90:59:D3:45:1F:23:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8FlOejHbeTf6tS_MOJBZ00UfI2Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/1d5135-b712-431a-a28b-b57f50f00804/1/1725gUGQIpKhUhC6TOahnEdES40.roa
Signing time:             Fri 10 Oct 2025 11:52:48 +0000
ROA not before:           Fri 10 Oct 2025 11:52:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212043
IP address blocks:        2001:678:a6c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/1d5135-b712-431a-a28b-b57f50f00804/1/8FlOejHbeTf6tS_MOJBZ00UfI2Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/1d5135-b712-431a-a28b-b57f50f00804/1/8FlOejHbeTf6tS_MOJBZ00UfI2Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8FlOejHbeTf6tS_MOJBZ00UfI2Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cd:f7:6d:98:8a:8e:00:fc:a4:9a:f6:fd:1f:ba:0c:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0594e7a31db7937fab52fcc389059d3451f2366
        Validity
            Not Before: Oct 10 11:52:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7bdb98141902292a15210ba4ce6a19c47444b8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e6:eb:04:33:7c:19:85:12:af:b0:05:38:c3:
                    79:14:50:ef:04:e0:87:d9:cd:49:ad:02:9c:51:1b:
                    e2:68:43:e9:06:80:04:3a:04:f8:28:7d:1b:bc:ea:
                    05:08:be:01:e0:a8:a6:21:36:77:7a:32:55:90:41:
                    f0:a0:bd:24:9e:95:0e:3a:95:74:c7:f6:e6:29:cf:
                    1a:85:97:67:a1:fe:08:25:95:4b:89:6f:f4:d0:d9:
                    bc:2b:59:87:1c:16:cd:05:30:db:42:c1:ee:58:06:
                    c3:42:07:29:14:f8:ec:a7:68:f2:af:5a:ab:18:3b:
                    14:bb:ee:cd:6a:2d:04:69:72:21:26:53:db:94:c9:
                    c9:be:ba:b5:c8:4a:86:32:89:0c:ae:77:d0:f1:57:
                    b7:ab:1b:5b:8a:42:26:79:a8:af:d3:e6:bb:fa:89:
                    61:78:a0:34:aa:61:53:86:41:2a:f1:8d:b8:59:b0:
                    43:34:d7:67:83:52:0c:e3:88:b2:63:b4:c9:cd:19:
                    45:ad:3e:96:ae:d2:74:d4:0c:ad:7b:8e:15:15:ed:
                    42:22:ca:00:e2:af:7d:9c:50:8f:12:fc:ec:71:4d:
                    d2:c7:4b:d0:0a:39:1f:f9:d1:d7:fa:c5:cf:5e:7a:
                    8d:73:4b:80:5a:3b:54:3a:94:fd:63:6e:66:af:6f:
                    30:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:BD:B9:81:41:90:22:92:A1:52:10:BA:4C:E6:A1:9C:47:44:4B:8D
            X509v3 Authority Key Identifier:
                keyid:F0:59:4E:7A:31:DB:79:37:FA:B5:2F:CC:38:90:59:D3:45:1F:23:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8FlOejHbeTf6tS_MOJBZ00UfI2Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/1d5135-b712-431a-a28b-b57f50f00804/1/1725gUGQIpKhUhC6TOahnEdES40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/1d5135-b712-431a-a28b-b57f50f00804/1/8FlOejHbeTf6tS_MOJBZ00UfI2Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a6c::/48

    Signature Algorithm: sha256WithRSAEncryption
         b9:a2:d9:df:8b:61:7b:97:67:a7:0f:3f:be:76:99:d6:98:0c:
         ed:bb:a6:a7:7c:25:36:10:04:26:78:ed:98:7a:97:2b:93:30:
         14:a2:06:13:fe:76:ee:39:49:b9:61:db:98:ae:38:e6:be:d9:
         3f:65:77:3c:32:98:af:83:14:1b:2e:17:e9:58:30:49:ba:28:
         4a:93:a2:65:ee:3e:29:37:56:de:31:42:fe:b1:06:37:b5:fc:
         0d:d9:ec:af:8d:03:66:5c:20:89:a1:e3:3e:82:5a:df:19:c1:
         2b:81:e1:84:d6:49:c1:ff:0e:fb:62:d8:73:c7:ef:cb:be:de:
         f6:a0:e2:cf:31:df:cc:23:ec:eb:ae:93:9f:6e:72:f2:a3:d8:
         81:b0:9a:ae:16:32:7f:e6:65:c9:dd:a9:63:4f:80:0c:fd:4d:
         75:20:fe:41:a3:aa:75:1e:9c:19:95:ec:8b:4f:aa:6f:be:87:
         6b:22:6c:1a:a7:a4:81:a0:01:36:45:c8:48:10:bd:d0:af:da:
         83:4f:0f:95:f1:51:4f:35:43:52:41:94:53:65:ac:b8:17:3d:
         65:ff:3e:fa:3a:64:a5:34:c0:34:b5:d7:ed:04:4d:82:d3:ee:
         f3:af:71:b8:6a:d0:11:f8:0a:a5:c3:1b:d7:50:9a:04:71:1c:
         bd:18:91:e6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZnN922Yio4A/KSa9v0fugzUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNTk0ZTdhMzFkYjc5MzdmYWI1MmZjYzM4OTA1OWQzNDUx
ZjIzNjYwHhcNMjUxMDEwMTE1MjQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2JkYjk4MTQxOTAyMjkyYTE1MjEwYmE0Y2U2YTE5YzQ3NDQ0YjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtebrBDN8GYUSr7AFOMN5FFDvBOCH
2c1JrQKcURviaEPpBoAEOgT4KH0bvOoFCL4B4KimITZ3ejJVkEHwoL0knpUOOpV0
x/bmKc8ahZdnof4IJZVLiW/00Nm8K1mHHBbNBTDbQsHuWAbDQgcpFPjsp2jyr1qr
GDsUu+7Nai0EaXIhJlPblMnJvrq1yEqGMokMrnfQ8Ve3qxtbikImeaiv0+a7+olh
eKA0qmFThkEq8Y24WbBDNNdng1IM44iyY7TJzRlFrT6WrtJ01Ayte44VFe1CIsoA
4q99nFCPEvzscU3Sx0vQCjkf+dHX+sXPXnqNc0uAWjtUOpT9Y25mr28w6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNe9uYFBkCKSoVIQukzmoZxHREuNMB8GA1UdIwQY
MBaAFPBZTnox23k3+rUvzDiQWdNFHyNmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEZsT2VqSGJlVGY2dFNfTU9KQlowMFVmSTJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8xZDUxMzUtYjcxMi00MzFhLWEyOGIt
YjU3ZjUwZjAwODA0LzEvMTcyNWdVR1FJcEtoVWhDNlRPYWhuRWRFUzQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8xZDUxMzUtYjcxMi00MzFhLWEyOGItYjU3ZjUwZjAwODA0
LzEvOEZsT2VqSGJlVGY2dFNfTU9KQlowMFVmSTJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAps
MA0GCSqGSIb3DQEBCwUAA4IBAQC5otnfi2F7l2enDz++dpnWmAztu6anfCU2EAQm
eO2YepcrkzAUogYT/nbuOUm5YduYrjjmvtk/ZXc8MpivgxQbLhfpWDBJuihKk6Jl
7j4pN1beMUL+sQY3tfwN2eyvjQNmXCCJoeM+glrfGcErgeGE1knB/w77Ythzx+/L
vt72oOLPMd/MI+zrrpOfbnLyo9iBsJquFjJ/5mXJ3aljT4AM/U11IP5Bo6p1HpwZ
leyLT6pvvodrImwap6SBoAE2RchIEL3Qr9qDTw+V8VFPNUNSQZRTZay4Fz1l/z76
OmSlNMA0tdftBE2C0+7zr3G4atAR+AqlwxvXUJoEcRy9GJHm
-----END CERTIFICATE-----