Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/0f87e2-b805-4bf9-a366-0f2c334e5e05/1/TvEkbwZCtiDMDPynp6wy2daPG_8.roa
File:                     TvEkbwZCtiDMDPynp6wy2daPG_8.roa (raw, json)
Hash identifier:          6+0k1c0jemPs8iK4NO+2VO17+OLAQGxnnHN1+3jUmGw=
Subject key identifier:   4E:F1:24:6F:06:42:B6:20:CC:0C:FC:A7:A7:AC:32:D9:D6:8F:1B:FF
Certificate issuer:       /CN=63b147f67e8795d959ed3530396d1256055b126e
Certificate serial:       0198C6BA7190E2D0823EF8CF18CFA8A59C07
Authority key identifier: 63:B1:47:F6:7E:87:95:D9:59:ED:35:30:39:6D:12:56:05:5B:12:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y7FH9n6HldlZ7TUwOW0SVgVbEm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/0f87e2-b805-4bf9-a366-0f2c334e5e05/1/TvEkbwZCtiDMDPynp6wy2daPG_8.roa
Signing time:             Wed 20 Aug 2025 09:06:04 +0000
ROA not before:           Wed 20 Aug 2025 09:06:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208214
IP address blocks:        2a0f:8d00::/48 maxlen: 48
                          2a0f:8d00:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/0f87e2-b805-4bf9-a366-0f2c334e5e05/1/Y7FH9n6HldlZ7TUwOW0SVgVbEm4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/0f87e2-b805-4bf9-a366-0f2c334e5e05/1/Y7FH9n6HldlZ7TUwOW0SVgVbEm4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y7FH9n6HldlZ7TUwOW0SVgVbEm4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c6:ba:71:90:e2:d0:82:3e:f8:cf:18:cf:a8:a5:9c:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63b147f67e8795d959ed3530396d1256055b126e
        Validity
            Not Before: Aug 20 09:06:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ef1246f0642b620cc0cfca7a7ac32d9d68f1bff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:51:ac:5e:da:b3:43:69:2c:ce:5b:6b:44:f9:
                    f5:69:e5:08:db:05:29:88:62:49:2a:4e:90:e5:9b:
                    6d:88:85:e7:15:48:d4:f9:94:4a:19:1a:08:4a:b9:
                    97:31:1b:ac:24:66:73:a1:7b:05:4f:db:ac:cf:aa:
                    51:6e:a4:29:69:ae:39:01:c2:b4:95:48:97:2a:02:
                    12:b3:c0:0d:6c:14:e4:03:8a:b5:22:08:ca:49:47:
                    6d:94:5c:3a:d3:4f:31:08:3b:75:93:d9:46:63:5d:
                    c7:38:f3:e0:bd:47:f0:d4:7a:f8:e6:53:65:a4:83:
                    9b:12:11:19:f2:f8:24:43:4c:c1:3d:a7:d7:ca:83:
                    16:53:c9:b3:3f:56:08:c8:bf:23:9b:22:64:e4:4c:
                    f7:3f:8a:8c:54:b1:c2:86:4b:1e:19:5a:77:ab:32:
                    d1:63:af:62:b0:d7:cf:e0:e8:f4:5d:b0:49:d8:10:
                    aa:e5:a8:a1:6c:a9:a5:18:17:45:2d:4d:87:c3:45:
                    2f:8d:90:c7:ad:f9:8f:f9:34:ab:eb:fc:c2:85:3a:
                    a0:a5:1b:96:97:3e:32:a6:e0:89:04:3e:db:73:e2:
                    f8:63:57:0e:fd:4f:6b:f8:cc:b4:19:eb:9c:3a:70:
                    ad:b5:f3:55:ec:d4:63:25:11:58:db:8c:22:37:7f:
                    e2:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:F1:24:6F:06:42:B6:20:CC:0C:FC:A7:A7:AC:32:D9:D6:8F:1B:FF
            X509v3 Authority Key Identifier:
                keyid:63:B1:47:F6:7E:87:95:D9:59:ED:35:30:39:6D:12:56:05:5B:12:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y7FH9n6HldlZ7TUwOW0SVgVbEm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/0f87e2-b805-4bf9-a366-0f2c334e5e05/1/TvEkbwZCtiDMDPynp6wy2daPG_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/0f87e2-b805-4bf9-a366-0f2c334e5e05/1/Y7FH9n6HldlZ7TUwOW0SVgVbEm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:8d00::/47

    Signature Algorithm: sha256WithRSAEncryption
         8d:f8:10:98:72:84:23:ab:f7:47:81:6b:13:e5:6c:d2:14:d0:
         5a:e6:14:36:71:f3:e1:d9:ac:d3:bf:60:c6:a7:54:f6:24:ea:
         3c:89:29:28:27:bb:fe:13:f9:58:62:0a:90:53:09:ff:6b:bc:
         f9:73:ab:9f:cf:d2:0b:ac:e1:9f:78:60:96:71:0d:01:7f:1c:
         b1:b0:a3:30:01:1c:03:75:e5:71:c9:51:a3:90:d3:72:6a:d5:
         8e:c5:c7:c6:a5:21:8c:88:87:dd:d6:86:e3:55:75:dd:6f:9f:
         87:81:d0:86:ad:79:69:6b:a0:63:1b:78:87:9d:b2:55:19:73:
         1e:15:d2:dc:6c:fe:76:28:16:a8:4a:de:80:b0:04:43:f8:c0:
         65:84:84:4a:8a:3c:53:16:d2:2f:47:3c:3b:49:4a:24:a6:21:
         65:f2:6b:58:b9:df:a5:77:48:7a:83:df:a2:62:c2:fe:34:ec:
         1e:ef:4a:94:8e:62:22:26:93:dc:a4:35:42:df:3e:ac:f5:75:
         e8:37:49:ae:49:90:d8:3c:22:fd:67:28:f5:cc:f0:68:2a:1e:
         bd:51:79:de:95:49:71:b0:73:22:c8:ee:fc:a2:15:d7:43:b2:
         c3:91:96:30:e9:8e:b0:19:9f:40:4a:8e:18:52:df:3e:70:35:
         0b:cb:61:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZjGunGQ4tCCPvjPGM+opZwHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzYjE0N2Y2N2U4Nzk1ZDk1OWVkMzUzMDM5NmQxMjU2MDU1
YjEyNmUwHhcNMjUwODIwMDkwNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWYxMjQ2ZjA2NDJiNjIwY2MwY2ZjYTdhN2FjMzJkOWQ2OGYxYmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7FGsXtqzQ2kszltrRPn1aeUI2wUp
iGJJKk6Q5ZttiIXnFUjU+ZRKGRoISrmXMRusJGZzoXsFT9usz6pRbqQpaa45AcK0
lUiXKgISs8ANbBTkA4q1IgjKSUdtlFw6008xCDt1k9lGY13HOPPgvUfw1Hr45lNl
pIObEhEZ8vgkQ0zBPafXyoMWU8mzP1YIyL8jmyJk5Ez3P4qMVLHChkseGVp3qzLR
Y69isNfP4Oj0XbBJ2BCq5aihbKmlGBdFLU2Hw0UvjZDHrfmP+TSr6/zChTqgpRuW
lz4ypuCJBD7bc+L4Y1cO/U9r+My0GeucOnCttfNV7NRjJRFY24wiN3/i0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE7xJG8GQrYgzAz8p6esMtnWjxv/MB8GA1UdIwQY
MBaAFGOxR/Z+h5XZWe01MDltElYFWxJuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTdGSDluNkhsZGxaN1RVd09XMFNWZ1ZiRW00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8wZjg3ZTItYjgwNS00YmY5LWEzNjYt
MGYyYzMzNGU1ZTA1LzEvVHZFa2J3WkN0aURNRFB5bnA2d3kyZGFQR184LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8wZjg3ZTItYjgwNS00YmY5LWEzNjYtMGYyYzMzNGU1ZTA1
LzEvWTdGSDluNkhsZGxaN1RVd09XMFNWZ1ZiRW00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg+NAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCN+BCYcoQjq/dHgWsT5WzSFNBa5hQ2cfPh2azT
v2DGp1T2JOo8iSkoJ7v+E/lYYgqQUwn/a7z5c6ufz9ILrOGfeGCWcQ0BfxyxsKMw
ARwDdeVxyVGjkNNyatWOxcfGpSGMiIfd1objVXXdb5+HgdCGrXlpa6BjG3iHnbJV
GXMeFdLcbP52KBaoSt6AsARD+MBlhIRKijxTFtIvRzw7SUokpiFl8mtYud+ld0h6
g9+iYsL+NOwe70qUjmIiJpPcpDVC3z6s9XXoN0muSZDYPCL9Zyj1zPBoKh69UXne
lUlxsHMiyO78ohXXQ7LDkZYw6Y6wGZ9ASo4YUt8+cDULy2F/
-----END CERTIFICATE-----