Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/0dc489-e028-4f37-a972-509f44e92022/1/ptFjcgajS63JCcLXGOq-ydjfdTY.roa
File:                     ptFjcgajS63JCcLXGOq-ydjfdTY.roa (raw, json)
Hash identifier:          PYlnAX532RPi2NIssqwdJJhvieut4a5rLSlCnoPYE14=
Subject key identifier:   A6:D1:63:72:06:A3:4B:AD:C9:09:C2:D7:18:EA:BE:C9:D8:DF:75:36
Certificate issuer:       /CN=fb480c73354305cc40f8faba9e5402ef37de2eaa
Certificate serial:       01979D9E3F87A790C7128F95A35FAC84010B
Authority key identifier: FB:48:0C:73:35:43:05:CC:40:F8:FA:BA:9E:54:02:EF:37:DE:2E:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-0gMczVDBcxA-Pq6nlQC7zfeLqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/0dc489-e028-4f37-a972-509f44e92022/1/ptFjcgajS63JCcLXGOq-ydjfdTY.roa
Signing time:             Mon 23 Jun 2025 16:28:03 +0000
ROA not before:           Mon 23 Jun 2025 16:28:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208391
IP address blocks:        2001:678:aec::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/0dc489-e028-4f37-a972-509f44e92022/1/1-0gMczVDBcxA-Pq6nlQC7zfeLqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/0dc489-e028-4f37-a972-509f44e92022/1/1-0gMczVDBcxA-Pq6nlQC7zfeLqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-0gMczVDBcxA-Pq6nlQC7zfeLqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 10:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9d:9e:3f:87:a7:90:c7:12:8f:95:a3:5f:ac:84:01:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb480c73354305cc40f8faba9e5402ef37de2eaa
        Validity
            Not Before: Jun 23 16:28:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6d1637206a34badc909c2d718eabec9d8df7536
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:27:34:17:8e:c8:51:4f:51:38:e4:cc:f4:0a:
                    8e:f3:e1:4a:65:2a:b1:67:03:ec:6c:bb:fb:1d:76:
                    1d:b2:f0:5a:a0:e7:34:61:d6:e3:77:6c:ee:9d:fc:
                    b2:97:0f:66:b4:9b:b9:f5:30:fb:64:2f:e4:59:c0:
                    7e:90:2a:14:49:4e:62:e0:6d:49:68:35:51:f1:ee:
                    9b:84:aa:33:be:bd:f9:b5:b8:e9:dd:9d:53:49:71:
                    48:3a:50:e3:a8:5b:29:aa:42:c4:81:e9:4c:29:82:
                    76:30:b3:45:50:fd:4f:3e:f5:4a:52:56:55:9b:ab:
                    98:b0:76:48:c1:bf:5d:2c:6c:c5:36:f2:d7:4d:29:
                    fa:b4:50:04:68:ed:1c:1e:32:c5:7a:33:15:d3:f7:
                    df:28:7e:3b:17:08:5b:c4:e8:b4:a6:77:80:fb:b4:
                    54:05:74:ed:f2:03:50:7b:f6:a5:7d:a2:fa:3a:df:
                    a2:48:db:38:75:e9:60:57:e0:10:06:09:d1:da:7c:
                    f6:e1:56:6d:d6:d6:a4:f9:95:34:0f:85:ac:16:db:
                    84:53:ec:06:85:57:61:d6:5a:dd:cf:b7:ee:54:f1:
                    9f:52:6b:19:2b:7c:0a:ac:aa:67:1f:35:cc:50:36:
                    28:21:f6:37:c8:4c:d5:cb:68:a4:b3:b7:12:0e:56:
                    dc:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:D1:63:72:06:A3:4B:AD:C9:09:C2:D7:18:EA:BE:C9:D8:DF:75:36
            X509v3 Authority Key Identifier:
                keyid:FB:48:0C:73:35:43:05:CC:40:F8:FA:BA:9E:54:02:EF:37:DE:2E:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-0gMczVDBcxA-Pq6nlQC7zfeLqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0dc489-e028-4f37-a972-509f44e92022/1/ptFjcgajS63JCcLXGOq-ydjfdTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0dc489-e028-4f37-a972-509f44e92022/1/1-0gMczVDBcxA-Pq6nlQC7zfeLqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:aec::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:77:18:7b:b1:8d:1b:69:4a:83:0f:1a:f2:e9:19:42:a7:1e:
         91:ec:0c:05:23:30:a7:ec:68:f4:0c:9b:d7:99:1e:ab:5f:7c:
         18:67:cf:23:57:a8:85:8b:b2:3c:5d:d2:65:5c:5b:3c:da:4c:
         4d:18:57:53:7c:70:12:f2:60:f5:01:65:4d:c1:2a:99:2e:ce:
         cd:34:fd:b3:35:2d:06:bd:1a:8c:a0:7c:bf:7e:a5:8d:71:62:
         2e:2f:39:92:4f:77:7e:19:1c:31:d6:0f:c4:fb:04:9c:45:92:
         4a:74:93:71:d4:e5:b7:e1:88:05:fe:86:35:60:fe:13:ca:a4:
         51:14:a3:2f:1d:d1:8a:08:85:1d:52:0e:c8:8b:3f:aa:db:22:
         2b:80:67:ab:82:ae:aa:44:ea:c4:ec:6a:9a:fe:c8:01:9a:30:
         a5:0e:73:d0:f0:e8:64:aa:2e:8b:ec:5e:da:9a:f8:ba:40:32:
         78:e3:35:0e:20:ff:7f:73:1f:d4:8f:86:08:79:ae:33:a6:20:
         63:26:75:a3:be:e3:21:04:1a:24:a1:b5:61:92:86:c7:a2:45:
         b4:e4:8d:f3:f6:14:c5:8a:e1:22:83:d2:d2:87:2c:92:ab:f4:
         57:4c:be:7f:ab:35:f6:2f:b7:aa:dc:b9:b9:16:56:e2:a1:cc:
         8e:b1:3a:a0
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZednj+Hp5DHEo+Vo1+shAELMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNDgwYzczMzU0MzA1Y2M0MGY4ZmFiYTllNTQwMmVmMzdk
ZTJlYWEwHhcNMjUwNjIzMTYyODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmQxNjM3MjA2YTM0YmFkYzkwOWMyZDcxOGVhYmVjOWQ4ZGY3NTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSc0F47IUU9ROOTM9AqO8+FKZSqx
ZwPsbLv7HXYdsvBaoOc0Ydbjd2zunfyylw9mtJu59TD7ZC/kWcB+kCoUSU5i4G1J
aDVR8e6bhKozvr35tbjp3Z1TSXFIOlDjqFspqkLEgelMKYJ2MLNFUP1PPvVKUlZV
m6uYsHZIwb9dLGzFNvLXTSn6tFAEaO0cHjLFejMV0/ffKH47FwhbxOi0pneA+7RU
BXTt8gNQe/alfaL6Ot+iSNs4delgV+AQBgnR2nz24VZt1tak+ZU0D4WsFtuEU+wG
hVdh1lrdz7fuVPGfUmsZK3wKrKpnHzXMUDYoIfY3yEzVy2iks7cSDlbcwQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFKbRY3IGo0utyQnC1xjqvsnY33U2MB8GA1UdIwQY
MBaAFPtIDHM1QwXMQPj6up5UAu833i6qMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0wZ01jelZEQmN4QS1QcTZubFFDN3pmZUxxby5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUvMGRjNDg5LWUwMjgtNGYzNy1hOTcy
LTUwOWY0NGU5MjAyMi8xL3B0RmpjZ2FqUzYzSkNjTFhHT3EteWRqZmRUWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzUvMGRjNDg5LWUwMjgtNGYzNy1hOTcyLTUwOWY0NGU5MjAy
Mi8xLzEtMGdNY3pWREJjeEEtUHE2bmxRQzd6ZmVMcW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ4
CuwwDQYJKoZIhvcNAQELBQADggEBAEZ3GHuxjRtpSoMPGvLpGUKnHpHsDAUjMKfs
aPQMm9eZHqtffBhnzyNXqIWLsjxd0mVcWzzaTE0YV1N8cBLyYPUBZU3BKpkuzs00
/bM1LQa9GoygfL9+pY1xYi4vOZJPd34ZHDHWD8T7BJxFkkp0k3HU5bfhiAX+hjVg
/hPKpFEUoy8d0YoIhR1SDsiLP6rbIiuAZ6uCrqpE6sTsapr+yAGaMKUOc9Dw6GSq
LovsXtqa+LpAMnjjNQ4g/39zH9SPhgh5rjOmIGMmdaO+4yEEGiShtWGShseiRbTk
jfP2FMWK4SKD0tKHLJKr9FdMvn+rNfYvt6rcubkWVuKhzI6xOqA=
-----END CERTIFICATE-----