Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/394d07-05cc-4f72-bd46-289696cc99b9/1/X-QlQ7J2mkMQ7aCqISeZm-0GPp8.roa
File:                     X-QlQ7J2mkMQ7aCqISeZm-0GPp8.roa (raw, json)
Hash identifier:          tcckn5v078MeQtwYD02YyKajWXUMPOWsBI1IguOQcTI=
Subject key identifier:   5F:E4:25:43:B2:76:9A:43:10:ED:A0:AA:21:27:99:9B:ED:06:3E:9F
Certificate issuer:       /CN=a3cf9b646516928b5d06c2a819eb2dbc0fe9920a
Certificate serial:       0197AC0DEA33FDE6C9BBB03F6D0D9980B853
Authority key identifier: A3:CF:9B:64:65:16:92:8B:5D:06:C2:A8:19:EB:2D:BC:0F:E9:92:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o8-bZGUWkotdBsKoGestvA_pkgo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/394d07-05cc-4f72-bd46-289696cc99b9/1/X-QlQ7J2mkMQ7aCqISeZm-0GPp8.roa
Signing time:             Thu 26 Jun 2025 11:44:42 +0000
ROA not before:           Thu 26 Jun 2025 11:44:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29518
IP address blocks:        2001:67c:21dc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/394d07-05cc-4f72-bd46-289696cc99b9/1/o8-bZGUWkotdBsKoGestvA_pkgo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/394d07-05cc-4f72-bd46-289696cc99b9/1/o8-bZGUWkotdBsKoGestvA_pkgo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o8-bZGUWkotdBsKoGestvA_pkgo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ac:0d:ea:33:fd:e6:c9:bb:b0:3f:6d:0d:99:80:b8:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3cf9b646516928b5d06c2a819eb2dbc0fe9920a
        Validity
            Not Before: Jun 26 11:44:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fe42543b2769a4310eda0aa2127999bed063e9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f6:ca:54:f1:95:f5:b5:15:e8:71:64:48:6a:
                    5d:dc:00:b5:9f:ad:71:2b:63:54:2e:37:94:11:36:
                    21:2f:01:1d:1e:7a:3e:eb:1e:22:c1:3f:93:6d:fa:
                    92:c5:dd:d4:97:ba:dd:aa:32:0f:4a:90:48:0e:6b:
                    31:f0:ef:61:0a:34:74:49:46:1d:76:3d:13:21:74:
                    5c:ef:1a:4f:dd:2c:48:f6:9d:45:91:99:0d:f3:a7:
                    22:42:4a:da:c1:cc:1f:42:82:03:ea:6a:be:00:03:
                    50:df:cd:9f:3b:72:84:ef:b9:19:85:fa:05:e3:09:
                    df:e1:11:3b:8f:5a:af:80:00:6a:53:0d:c4:fb:de:
                    99:01:f4:f1:84:ce:fc:95:5f:13:10:ed:88:0e:8f:
                    55:d0:65:5e:e4:b6:ca:64:75:aa:83:95:fb:96:8b:
                    aa:9e:ab:54:d5:91:03:94:86:f2:d6:b1:76:78:cf:
                    1a:70:71:ca:b1:da:69:ac:7f:a2:ec:aa:8e:c7:04:
                    d1:fd:69:b8:26:3b:fc:00:6e:d6:28:56:8c:d7:41:
                    54:92:15:43:a7:a1:5c:2e:c4:d5:8c:e3:2b:ac:f4:
                    7b:29:5f:dd:ca:80:2c:49:e2:22:5b:e3:dc:a8:db:
                    1f:0d:f9:9e:68:75:7b:ef:33:bc:6a:06:9a:45:84:
                    cf:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:E4:25:43:B2:76:9A:43:10:ED:A0:AA:21:27:99:9B:ED:06:3E:9F
            X509v3 Authority Key Identifier:
                keyid:A3:CF:9B:64:65:16:92:8B:5D:06:C2:A8:19:EB:2D:BC:0F:E9:92:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o8-bZGUWkotdBsKoGestvA_pkgo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/394d07-05cc-4f72-bd46-289696cc99b9/1/X-QlQ7J2mkMQ7aCqISeZm-0GPp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/394d07-05cc-4f72-bd46-289696cc99b9/1/o8-bZGUWkotdBsKoGestvA_pkgo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:21dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:94:de:10:59:69:1b:ac:ed:84:31:ab:57:83:37:6e:a2:39:
         32:5e:a5:d8:11:2b:7a:f0:d6:76:1d:d7:4e:d2:54:cd:e3:1b:
         f5:1f:15:42:39:bf:3b:2a:37:48:7b:02:43:56:52:ec:0c:0d:
         d9:5a:bf:3f:f9:27:6d:33:57:8d:5e:89:df:5c:57:cf:8e:92:
         50:1c:f1:36:55:0d:36:5b:6f:5c:17:42:de:21:0b:12:8a:b4:
         d3:4a:4d:4a:f2:5d:ad:f2:fa:9d:6a:dc:b8:c6:cc:e6:d4:21:
         9f:28:32:5c:14:09:60:86:b6:61:f2:29:3a:c3:fb:0d:dd:e0:
         3a:f1:92:4a:41:fd:05:53:07:fc:09:e3:6a:7b:8e:21:fa:03:
         b2:25:af:80:2b:62:bc:af:65:56:6e:a5:8f:2a:20:e6:39:38:
         a0:71:3d:b9:1f:40:6a:bc:0e:a1:00:0d:a6:37:a3:e5:90:5a:
         a2:c8:9a:c8:ee:8b:4c:9f:5f:95:6d:d8:bc:2f:c6:69:41:98:
         d5:6f:da:11:45:90:fd:89:ee:7b:38:cc:dc:13:80:9c:e0:00:
         2f:a4:84:35:95:d7:fc:07:8f:8a:5d:e7:47:c6:55:c3:5a:7c:
         6f:5d:92:62:3c:7b:83:b0:70:9c:c7:5c:88:40:54:d5:04:58:
         ff:80:9b:8d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZesDeoz/ebJu7A/bQ2ZgLhTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzY2Y5YjY0NjUxNjkyOGI1ZDA2YzJhODE5ZWIyZGJjMGZl
OTkyMGEwHhcNMjUwNjI2MTE0NDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmU0MjU0M2IyNzY5YTQzMTBlZGEwYWEyMTI3OTk5YmVkMDYzZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfbKVPGV9bUV6HFkSGpd3AC1n61x
K2NULjeUETYhLwEdHno+6x4iwT+TbfqSxd3Ul7rdqjIPSpBIDmsx8O9hCjR0SUYd
dj0TIXRc7xpP3SxI9p1FkZkN86ciQkrawcwfQoID6mq+AANQ382fO3KE77kZhfoF
4wnf4RE7j1qvgABqUw3E+96ZAfTxhM78lV8TEO2IDo9V0GVe5LbKZHWqg5X7louq
nqtU1ZEDlIby1rF2eM8acHHKsdpprH+i7KqOxwTR/Wm4Jjv8AG7WKFaM10FUkhVD
p6FcLsTVjOMrrPR7KV/dyoAsSeIiW+PcqNsfDfmeaHV77zO8agaaRYTPVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF/kJUOydppDEO2gqiEnmZvtBj6fMB8GA1UdIwQY
MBaAFKPPm2RlFpKLXQbCqBnrLbwP6ZIKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzgtYlpHVVdrb3RkQnNLb0dlc3R2QV9wa2dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8zOTRkMDctMDVjYy00ZjcyLWJkNDYt
Mjg5Njk2Y2M5OWI5LzEvWC1RbFE3SjJta01RN2FDcUlTZVptLTBHUHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8zOTRkMDctMDVjYy00ZjcyLWJkNDYtMjg5Njk2Y2M5OWI5
LzEvbzgtYlpHVVdrb3RkQnNLb0dlc3R2QV9wa2dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCHc
MA0GCSqGSIb3DQEBCwUAA4IBAQABlN4QWWkbrO2EMatXgzduojkyXqXYESt68NZ2
HddO0lTN4xv1HxVCOb87KjdIewJDVlLsDA3ZWr8/+SdtM1eNXonfXFfPjpJQHPE2
VQ02W29cF0LeIQsSirTTSk1K8l2t8vqdaty4xszm1CGfKDJcFAlghrZh8ik6w/sN
3eA68ZJKQf0FUwf8CeNqe44h+gOyJa+AK2K8r2VWbqWPKiDmOTigcT25H0BqvA6h
AA2mN6PlkFqiyJrI7otMn1+Vbdi8L8ZpQZjVb9oRRZD9ie57OMzcE4Cc4AAvpIQ1
ldf8B4+KXedHxlXDWnxvXZJiPHuDsHCcx1yIQFTVBFj/gJuN
-----END CERTIFICATE-----