Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/390e80-3214-4ac5-bb50-a26cb6429486/1/_ih0IDGdtVSv2B7pineBzs1nKB4.roa
File:                     _ih0IDGdtVSv2B7pineBzs1nKB4.roa (raw, json)
Hash identifier:          fb9kU4b5LG0UVoJvGOy+jPoLLrOl+4P8QNYdunyPUFs=
Subject key identifier:   FE:28:74:20:31:9D:B5:54:AF:D8:1E:E9:8A:77:81:CE:CD:67:28:1E
Certificate issuer:       /CN=68455a3939bacbaa5918c7edd5464e11ba1c8cdd
Certificate serial:       01995C79B3B4CF0F030AE11D09654B8DD540
Authority key identifier: 68:45:5A:39:39:BA:CB:AA:59:18:C7:ED:D5:46:4E:11:BA:1C:8C:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aEVaOTm6y6pZGMft1UZOEbocjN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/390e80-3214-4ac5-bb50-a26cb6429486/1/_ih0IDGdtVSv2B7pineBzs1nKB4.roa
Signing time:             Thu 18 Sep 2025 10:58:23 +0000
ROA not before:           Thu 18 Sep 2025 10:58:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12695
IP address blocks:        2001:67c:b18::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/390e80-3214-4ac5-bb50-a26cb6429486/1/aEVaOTm6y6pZGMft1UZOEbocjN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/390e80-3214-4ac5-bb50-a26cb6429486/1/aEVaOTm6y6pZGMft1UZOEbocjN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aEVaOTm6y6pZGMft1UZOEbocjN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:79:b3:b4:cf:0f:03:0a:e1:1d:09:65:4b:8d:d5:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68455a3939bacbaa5918c7edd5464e11ba1c8cdd
        Validity
            Not Before: Sep 18 10:58:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe287420319db554afd81ee98a7781cecd67281e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e4:c3:18:ec:3e:a2:9a:a7:2e:8f:c0:5c:1e:
                    1e:39:79:1a:ae:6a:dd:87:a7:4d:83:0e:de:1b:b8:
                    b5:8b:d2:45:f6:1a:7d:a4:be:3e:22:b1:fd:5e:81:
                    39:48:6a:81:8d:8b:af:61:ef:08:17:61:80:8e:b7:
                    59:8a:5a:46:4a:e0:da:eb:07:52:cc:52:f7:c3:79:
                    62:54:6f:8b:cf:48:e1:b3:2a:f0:5d:68:f1:f0:7a:
                    08:27:f2:d0:8b:1d:78:e8:f6:6c:a9:44:52:c6:0d:
                    00:a2:1b:d5:b3:20:28:c5:bb:a6:57:d7:7e:00:1c:
                    e0:39:ab:30:be:10:47:f0:e5:43:3d:3f:46:e5:ba:
                    ee:ba:01:fb:e2:5a:79:c0:2e:e6:52:46:f2:7d:8c:
                    b7:86:dc:db:39:37:f8:da:b2:ec:eb:e8:e3:60:2d:
                    c6:3e:24:36:dc:91:39:c5:75:bb:f4:c8:64:f4:a6:
                    d0:5e:ab:c2:f9:79:a6:4a:aa:95:ab:c5:e6:d5:d6:
                    63:a1:f1:6c:fc:7d:c8:62:b4:fa:88:9e:12:14:65:
                    f2:15:70:d6:8e:30:82:c0:3d:45:f5:59:5f:4e:8e:
                    3f:14:7a:c0:56:2e:a6:f4:69:d0:a2:b4:5c:ad:c9:
                    74:bd:d5:77:95:06:6d:98:14:4e:7d:3d:de:21:19:
                    de:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:28:74:20:31:9D:B5:54:AF:D8:1E:E9:8A:77:81:CE:CD:67:28:1E
            X509v3 Authority Key Identifier:
                keyid:68:45:5A:39:39:BA:CB:AA:59:18:C7:ED:D5:46:4E:11:BA:1C:8C:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aEVaOTm6y6pZGMft1UZOEbocjN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/390e80-3214-4ac5-bb50-a26cb6429486/1/_ih0IDGdtVSv2B7pineBzs1nKB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/390e80-3214-4ac5-bb50-a26cb6429486/1/aEVaOTm6y6pZGMft1UZOEbocjN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b18::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:76:dc:c1:57:f9:0d:48:9e:dc:48:5b:26:6a:53:b8:6e:2d:
         52:1d:fb:84:8f:fe:b7:e5:58:d0:41:da:79:b2:2c:1f:91:82:
         ee:39:a4:c2:54:ff:62:cd:51:51:1f:41:e6:ac:49:ef:1f:e5:
         b5:0f:ce:26:4c:1f:9f:c6:8b:35:a4:a9:6d:97:9f:32:bd:97:
         86:63:dc:4a:49:6c:e1:8d:39:23:96:3c:fd:2e:c0:57:96:78:
         c3:9f:94:dc:14:28:b3:64:4a:5e:ad:ab:f5:e5:a4:4d:39:5b:
         a2:14:98:42:a8:dc:43:e8:52:28:45:e9:06:4f:b3:78:fe:83:
         48:33:c8:09:c6:8b:52:93:5a:88:1a:e4:9c:8b:c9:f6:4b:90:
         0a:2f:a5:0e:ad:ac:38:7a:30:f4:4d:c9:6f:36:1a:81:57:df:
         42:87:d2:2e:b5:cd:2d:af:99:35:80:ae:85:33:83:b5:e0:bd:
         b8:41:bb:95:4c:c8:2a:32:5e:19:c3:10:4c:8d:d8:7c:a1:1b:
         73:0f:28:ef:a0:9c:06:12:55:95:5c:19:49:0d:7e:8e:58:1e:
         85:c4:06:9d:80:df:f8:77:70:01:e7:69:ac:92:23:04:fc:8a:
         fa:e3:ba:f0:f0:14:65:12:53:a7:7b:84:67:95:2b:72:07:0c:
         8e:49:58:9c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZlcebO0zw8DCuEdCWVLjdVAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NDU1YTM5MzliYWNiYWE1OTE4YzdlZGQ1NDY0ZTExYmEx
YzhjZGQwHhcNMjUwOTE4MTA1ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTI4NzQyMDMxOWRiNTU0YWZkODFlZTk4YTc3ODFjZWNkNjcyODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeTDGOw+opqnLo/AXB4eOXkarmrd
h6dNgw7eG7i1i9JF9hp9pL4+IrH9XoE5SGqBjYuvYe8IF2GAjrdZilpGSuDa6wdS
zFL3w3liVG+Lz0jhsyrwXWjx8HoIJ/LQix146PZsqURSxg0AohvVsyAoxbumV9d+
ABzgOaswvhBH8OVDPT9G5bruugH74lp5wC7mUkbyfYy3htzbOTf42rLs6+jjYC3G
PiQ23JE5xXW79Mhk9KbQXqvC+XmmSqqVq8Xm1dZjofFs/H3IYrT6iJ4SFGXyFXDW
jjCCwD1F9VlfTo4/FHrAVi6m9GnQorRcrcl0vdV3lQZtmBROfT3eIRnekwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP4odCAxnbVUr9ge6Yp3gc7NZygeMB8GA1UdIwQY
MBaAFGhFWjk5usuqWRjH7dVGThG6HIzdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUVWYU9UbTZ5NnBaR01mdDFVWk9FYm9jak4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8zOTBlODAtMzIxNC00YWM1LWJiNTAt
YTI2Y2I2NDI5NDg2LzEvX2loMElER2R0VlN2MkI3cGluZUJ6czFuS0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8zOTBlODAtMzIxNC00YWM1LWJiNTAtYTI2Y2I2NDI5NDg2
LzEvYUVWYU9UbTZ5NnBaR01mdDFVWk9FYm9jak4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAsY
MA0GCSqGSIb3DQEBCwUAA4IBAQACdtzBV/kNSJ7cSFsmalO4bi1SHfuEj/635VjQ
Qdp5siwfkYLuOaTCVP9izVFRH0HmrEnvH+W1D84mTB+fxos1pKltl58yvZeGY9xK
SWzhjTkjljz9LsBXlnjDn5TcFCizZEperav15aRNOVuiFJhCqNxD6FIoRekGT7N4
/oNIM8gJxotSk1qIGuSci8n2S5AKL6UOraw4ejD0TclvNhqBV99Ch9Iutc0tr5k1
gK6FM4O14L24QbuVTMgqMl4ZwxBMjdh8oRtzDyjvoJwGElWVXBlJDX6OWB6FxAad
gN/4d3AB52mskiME/Ir647rw8BRlElOne4RnlStyBwyOSVic
-----END CERTIFICATE-----