Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/0eBj-TNfE0NgkAODM9VoPKQnB0E.roa
File:                     0eBj-TNfE0NgkAODM9VoPKQnB0E.roa (raw, json)
Hash identifier:          O8GHZwLzkXmxkB1uIiy9qo5QY14RKmQf2i0WksTve7o=
Subject key identifier:   D1:E0:63:F9:33:5F:13:43:60:90:03:83:33:D5:68:3C:A4:27:07:41
Certificate issuer:       /CN=5fc90518df70b13d706bfe237aa5a76926a576d1
Certificate serial:       0198AD9CB165A0F07A3FC4C7EE650E7F763B
Authority key identifier: 5F:C9:05:18:DF:70:B1:3D:70:6B:FE:23:7A:A5:A7:69:26:A5:76:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X8kFGN9wsT1wa_4jeqWnaSaldtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/0eBj-TNfE0NgkAODM9VoPKQnB0E.roa
Signing time:             Fri 15 Aug 2025 12:03:04 +0000
ROA not before:           Fri 15 Aug 2025 12:03:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205563
IP address blocks:        2001:3786::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/X8kFGN9wsT1wa_4jeqWnaSaldtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/X8kFGN9wsT1wa_4jeqWnaSaldtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X8kFGN9wsT1wa_4jeqWnaSaldtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 09:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ad:9c:b1:65:a0:f0:7a:3f:c4:c7:ee:65:0e:7f:76:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fc90518df70b13d706bfe237aa5a76926a576d1
        Validity
            Not Before: Aug 15 12:03:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1e063f9335f13436090038333d5683ca4270741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b5:fd:c7:df:87:9d:f1:3d:e5:d4:ec:c3:1d:
                    5f:98:32:d8:8f:2f:52:62:ee:c5:5b:81:58:97:9e:
                    e1:4c:1e:9d:ea:30:31:19:69:7f:67:db:09:a5:75:
                    73:77:5b:f2:a5:9d:fe:c4:a1:0c:21:54:f4:cb:80:
                    77:2e:ac:d1:5e:3e:1c:c2:86:70:b1:64:84:27:35:
                    86:40:10:b9:89:9a:39:c8:2d:2f:ef:bf:9b:1f:7a:
                    2e:31:40:1e:14:ea:7b:fd:a9:0b:cc:28:7b:94:f9:
                    a0:e3:cf:72:a0:e0:c2:30:8b:fc:5d:e2:80:2d:d4:
                    94:22:04:c9:65:76:aa:71:95:f5:b7:ce:c7:4a:76:
                    73:d2:c6:d0:22:85:46:9e:a0:60:04:89:6a:23:86:
                    d6:09:d1:4b:9d:35:c2:cd:3e:be:65:7a:a5:be:9b:
                    3f:45:0d:b0:06:c0:b0:ca:5f:b6:c3:05:20:4a:d5:
                    85:38:21:76:97:0a:96:b0:4d:1e:be:67:48:97:90:
                    fa:8d:90:1f:e8:3e:23:e0:90:0d:76:75:af:85:11:
                    66:08:93:5b:95:35:a6:ae:59:61:92:5d:73:4d:16:
                    72:bc:f4:2f:b4:31:33:b5:59:d4:27:8f:f4:06:ab:
                    fb:86:29:91:10:22:98:af:b2:4b:d7:b7:02:3f:ca:
                    c8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:E0:63:F9:33:5F:13:43:60:90:03:83:33:D5:68:3C:A4:27:07:41
            X509v3 Authority Key Identifier:
                keyid:5F:C9:05:18:DF:70:B1:3D:70:6B:FE:23:7A:A5:A7:69:26:A5:76:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X8kFGN9wsT1wa_4jeqWnaSaldtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/0eBj-TNfE0NgkAODM9VoPKQnB0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/X8kFGN9wsT1wa_4jeqWnaSaldtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3786::/32

    Signature Algorithm: sha256WithRSAEncryption
         cd:6c:30:ed:15:2d:4f:a3:cf:8e:ca:3b:7d:19:49:f3:fb:26:
         3c:c5:e1:a5:0f:49:13:97:32:a2:1c:36:7d:e0:81:2d:81:5f:
         fd:b0:bb:47:73:16:04:1e:4e:ba:89:bf:f6:29:4a:79:78:22:
         6e:7e:72:c4:20:cc:8b:50:94:9e:af:e9:0b:6b:b0:23:f7:7b:
         43:16:51:02:22:d1:39:aa:23:b5:50:9a:79:07:f5:84:a3:71:
         23:9e:bd:d4:4e:ce:38:13:0a:ff:47:e0:cd:5f:58:2a:0e:d1:
         fa:b2:a2:62:4e:5a:fa:ed:ae:6e:b9:a1:92:c1:c0:23:ef:a6:
         cc:c9:50:62:80:d2:e6:77:34:3e:63:18:fa:ab:9d:e8:53:70:
         13:5d:b2:4c:47:6a:dc:ca:ac:41:b4:5d:d5:cf:5b:9c:fc:fe:
         54:94:96:e7:2f:40:c6:fb:ec:ee:18:9a:03:a4:1d:32:4f:b2:
         43:d4:79:cf:a5:ef:e8:ad:f0:bc:3d:21:ec:a9:be:a5:1a:b8:
         7b:5f:1d:61:be:1e:14:db:7c:57:18:8f:b3:a1:f5:ec:1a:50:
         da:43:0f:bc:9d:3f:a0:eb:ba:11:c2:ab:e0:4c:83:3c:45:22:
         55:b6:d8:d9:4c:95:a7:1e:32:e0:d1:e2:e3:bb:b6:38:9e:67:
         0c:8c:b9:3f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZitnLFloPB6P8TH7mUOf3Y7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYzkwNTE4ZGY3MGIxM2Q3MDZiZmUyMzdhYTVhNzY5MjZh
NTc2ZDEwHhcNMjUwODE1MTIwMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWUwNjNmOTMzNWYxMzQzNjA5MDAzODMzM2Q1NjgzY2E0MjcwNzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobX9x9+HnfE95dTswx1fmDLYjy9S
Yu7FW4FYl57hTB6d6jAxGWl/Z9sJpXVzd1vypZ3+xKEMIVT0y4B3LqzRXj4cwoZw
sWSEJzWGQBC5iZo5yC0v77+bH3ouMUAeFOp7/akLzCh7lPmg489yoODCMIv8XeKA
LdSUIgTJZXaqcZX1t87HSnZz0sbQIoVGnqBgBIlqI4bWCdFLnTXCzT6+ZXqlvps/
RQ2wBsCwyl+2wwUgStWFOCF2lwqWsE0evmdIl5D6jZAf6D4j4JANdnWvhRFmCJNb
lTWmrllhkl1zTRZyvPQvtDEztVnUJ4/0Bqv7himRECKYr7JL17cCP8rIoQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNHgY/kzXxNDYJADgzPVaDykJwdBMB8GA1UdIwQY
MBaAFF/JBRjfcLE9cGv+I3qlp2kmpXbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDhrRkdOOXdzVDF3YV80amVxV25hU2FsZHRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82NWNjMjAtMGRmYi00MTgwLTlhYzEt
YzgzMDJlODJlYTIyLzEvMGVCai1UTmZFME5na0FPRE05Vm9QS1FuQjBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82NWNjMjAtMGRmYi00MTgwLTlhYzEtYzgzMDJlODJlYTIy
LzEvWDhrRkdOOXdzVDF3YV80amVxV25hU2FsZHRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAIAE3hjAN
BgkqhkiG9w0BAQsFAAOCAQEAzWww7RUtT6PPjso7fRlJ8/smPMXhpQ9JE5cyohw2
feCBLYFf/bC7R3MWBB5Ouom/9ilKeXgibn5yxCDMi1CUnq/pC2uwI/d7QxZRAiLR
OaojtVCaeQf1hKNxI5691E7OOBMK/0fgzV9YKg7R+rKiYk5a+u2ubrmhksHAI++m
zMlQYoDS5nc0PmMY+qud6FNwE12yTEdq3MqsQbRd1c9bnPz+VJSW5y9Axvvs7hia
A6QdMk+yQ9R5z6Xv6K3wvD0h7Km+pRq4e18dYb4eFNt8VxiPs6H17BpQ2kMPvJ0/
oOu6EcKr4EyDPEUiVbbY2UyVpx4y4NHi47u2OJ5nDIy5Pw==
-----END CERTIFICATE-----