Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/822221-77ff-42f4-b052-a431d7ad68dd/1/qoiIuGZpsZyjR8YLAPW0kfgioQM.roa
File:                     qoiIuGZpsZyjR8YLAPW0kfgioQM.roa (raw, json)
Hash identifier:          Bdnsy6A3scDmTAkeEHQfOrfRTQ0txD1RF6hmP7OF1Mw=
Subject key identifier:   AA:88:88:B8:66:69:B1:9C:A3:47:C6:0B:00:F5:B4:91:F8:22:A1:03
Certificate issuer:       /CN=fba7918bbf5aa80f144937ad1965ea03f025c22e
Certificate serial:       01988483147F4DEACDDBAA61FE964362BF52
Authority key identifier: FB:A7:91:8B:BF:5A:A8:0F:14:49:37:AD:19:65:EA:03:F0:25:C2:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-6eRi79aqA8USTetGWXqA_Alwi4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/822221-77ff-42f4-b052-a431d7ad68dd/1/qoiIuGZpsZyjR8YLAPW0kfgioQM.roa
Signing time:             Thu 07 Aug 2025 12:30:39 +0000
ROA not before:           Thu 07 Aug 2025 12:30:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212691
IP address blocks:        2001:678:114::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/822221-77ff-42f4-b052-a431d7ad68dd/1/1-6eRi79aqA8USTetGWXqA_Alwi4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/822221-77ff-42f4-b052-a431d7ad68dd/1/1-6eRi79aqA8USTetGWXqA_Alwi4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-6eRi79aqA8USTetGWXqA_Alwi4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 15:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:84:83:14:7f:4d:ea:cd:db:aa:61:fe:96:43:62:bf:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fba7918bbf5aa80f144937ad1965ea03f025c22e
        Validity
            Not Before: Aug  7 12:30:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa8888b86669b19ca347c60b00f5b491f822a103
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:01:11:b2:91:9c:8a:45:d1:8c:ce:67:e4:25:
                    f0:89:c0:2d:18:fc:58:b2:53:c2:87:e7:ff:ef:c3:
                    a1:ab:e7:0a:32:f7:70:1e:25:c3:d2:55:62:64:e3:
                    21:01:44:e7:52:15:20:ae:9f:3f:6b:c6:a7:57:5f:
                    23:6c:93:9b:96:93:27:fe:7b:b8:41:bc:a6:66:f9:
                    97:fb:85:38:b9:b0:19:57:48:21:98:5d:2f:2c:98:
                    57:af:62:f6:20:12:ce:e9:66:60:d1:a4:34:89:df:
                    5a:f5:df:41:cc:85:29:56:97:ed:c0:b8:57:23:ea:
                    39:fb:3d:99:c6:04:bd:c9:70:8e:29:87:bf:80:8e:
                    16:c0:6a:66:ff:c4:39:2e:32:4c:88:ca:5a:e6:e1:
                    01:1f:c8:1e:37:5c:12:6e:97:46:53:2e:7e:4f:78:
                    3c:e0:8e:5c:0e:f7:f8:19:d6:dd:87:f4:a6:b1:d1:
                    17:1c:35:df:b7:51:f8:d9:fa:72:a2:58:5f:bb:dc:
                    26:28:e8:af:b3:56:5b:e8:62:6c:ef:ad:d4:95:50:
                    fb:d4:eb:7b:85:99:65:1c:c5:b6:4b:f0:e9:3f:45:
                    49:47:8b:92:1d:6c:53:44:a6:14:65:c0:fb:e6:93:
                    bd:6a:07:e9:db:61:4b:4b:30:da:98:71:87:6f:d7:
                    08:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:88:88:B8:66:69:B1:9C:A3:47:C6:0B:00:F5:B4:91:F8:22:A1:03
            X509v3 Authority Key Identifier:
                keyid:FB:A7:91:8B:BF:5A:A8:0F:14:49:37:AD:19:65:EA:03:F0:25:C2:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-6eRi79aqA8USTetGWXqA_Alwi4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/822221-77ff-42f4-b052-a431d7ad68dd/1/qoiIuGZpsZyjR8YLAPW0kfgioQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/822221-77ff-42f4-b052-a431d7ad68dd/1/1-6eRi79aqA8USTetGWXqA_Alwi4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:114::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:ec:ec:be:b1:4b:16:28:dc:6f:7f:e4:6a:25:1c:42:4a:0a:
         52:68:4d:d1:25:ef:83:c0:7c:3e:c4:23:49:bc:42:9c:72:08:
         38:fc:ea:9d:5a:45:47:b7:a2:fd:35:73:4e:b7:46:75:ec:38:
         b7:46:02:6c:56:15:d6:05:75:38:5e:5e:10:8f:25:d1:18:9d:
         1a:34:10:e3:38:cb:7a:93:9c:78:24:5c:20:bd:71:13:d3:f3:
         25:f8:71:b8:04:ac:03:bf:0e:66:4b:4f:ee:bc:a4:03:de:07:
         15:61:90:35:d9:26:e4:8c:76:30:e7:a7:c8:0e:d3:59:00:db:
         37:9d:26:2e:d9:b4:25:5b:10:0d:27:92:ad:5b:a8:54:01:aa:
         13:ac:dd:e2:6e:35:dc:ff:a2:6e:c9:09:c5:1e:8e:22:7b:f1:
         90:35:d8:04:90:ec:8a:11:14:7c:e3:3b:60:a9:75:18:b6:9d:
         c2:7e:66:b3:59:1e:a1:97:e7:fd:12:38:51:50:4c:ba:0a:54:
         e9:6f:38:dc:d1:1c:8f:a6:86:22:70:03:2f:e0:bc:6d:ae:99:
         0c:76:0b:bc:79:05:36:bb:34:c4:1a:14:d8:fe:5c:30:49:d7:
         f0:c4:51:11:ae:44:a0:4e:6d:40:47:03:62:32:87:b3:84:12:
         89:0f:45:76
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZiEgxR/TerN26ph/pZDYr9SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYTc5MThiYmY1YWE4MGYxNDQ5MzdhZDE5NjVlYTAzZjAy
NWMyMmUwHhcNMjUwODA3MTIzMDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTg4ODhiODY2NjliMTljYTM0N2M2MGIwMGY1YjQ5MWY4MjJhMTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgERspGcikXRjM5n5CXwicAtGPxY
slPCh+f/78Ohq+cKMvdwHiXD0lViZOMhAUTnUhUgrp8/a8anV18jbJOblpMn/nu4
QbymZvmX+4U4ubAZV0ghmF0vLJhXr2L2IBLO6WZg0aQ0id9a9d9BzIUpVpftwLhX
I+o5+z2ZxgS9yXCOKYe/gI4WwGpm/8Q5LjJMiMpa5uEBH8geN1wSbpdGUy5+T3g8
4I5cDvf4Gdbdh/SmsdEXHDXft1H42fpyolhfu9wmKOivs1Zb6GJs763UlVD71Ot7
hZllHMW2S/DpP0VJR4uSHWxTRKYUZcD75pO9agfp22FLSzDamHGHb9cIcQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFKqIiLhmabGco0fGCwD1tJH4IqEDMB8GA1UdIwQY
MBaAFPunkYu/WqgPFEk3rRll6gPwJcIuMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS02ZVJpNzlhcUE4VVNUZXRHV1hxQV9BbHdpNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODgvODIyMjIxLTc3ZmYtNDJmNC1iMDUy
LWE0MzFkN2FkNjhkZC8xL3FvaUl1R1pwc1p5alI4WUxBUFcwa2ZnaW9RTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODgvODIyMjIxLTc3ZmYtNDJmNC1iMDUyLWE0MzFkN2FkNjhk
ZC8xLzEtNmVSaTc5YXFBOFVTVGV0R1dYcUFfQWx3aTQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ4
ARQwDQYJKoZIhvcNAQELBQADggEBAFjs7L6xSxYo3G9/5GolHEJKClJoTdEl74PA
fD7EI0m8QpxyCDj86p1aRUe3ov01c063RnXsOLdGAmxWFdYFdTheXhCPJdEYnRo0
EOM4y3qTnHgkXCC9cRPT8yX4cbgErAO/DmZLT+68pAPeBxVhkDXZJuSMdjDnp8gO
01kA2zedJi7ZtCVbEA0nkq1bqFQBqhOs3eJuNdz/om7JCcUejiJ78ZA12ASQ7IoR
FHzjO2CpdRi2ncJ+ZrNZHqGX5/0SOFFQTLoKVOlvONzRHI+mhiJwAy/gvG2umQx2
C7x5BTa7NMQaFNj+XDBJ1/DEURGuRKBObUBHA2Iyh7OEEokPRXY=
-----END CERTIFICATE-----