Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/347d71-ff78-4b3a-a5db-4de9345c83bf/1/r0UegqSm-Osf5dt7xIToVoSc8i8.roa
File:                     r0UegqSm-Osf5dt7xIToVoSc8i8.roa (raw, json)
Hash identifier:          iiKp30ve0a7AciqqMBvmQPAjij1PEXVHVGDlOgok+18=
Subject key identifier:   AF:45:1E:82:A4:A6:F8:EB:1F:E5:DB:7B:C4:84:E8:56:84:9C:F2:2F
Certificate issuer:       /CN=dd8ae4d9ad863dda1401b490c28cff82d998e3b5
Certificate serial:       0199A9DB8F947081975F146FEC016E80B054
Authority key identifier: DD:8A:E4:D9:AD:86:3D:DA:14:01:B4:90:C2:8C:FF:82:D9:98:E3:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Yrk2a2GPdoUAbSQwoz_gtmY47U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/347d71-ff78-4b3a-a5db-4de9345c83bf/1/r0UegqSm-Osf5dt7xIToVoSc8i8.roa
Signing time:             Fri 03 Oct 2025 11:36:02 +0000
ROA not before:           Fri 03 Oct 2025 11:36:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215230
IP address blocks:        2001:678:a30::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/347d71-ff78-4b3a-a5db-4de9345c83bf/1/3Yrk2a2GPdoUAbSQwoz_gtmY47U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/347d71-ff78-4b3a-a5db-4de9345c83bf/1/3Yrk2a2GPdoUAbSQwoz_gtmY47U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Yrk2a2GPdoUAbSQwoz_gtmY47U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 08:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a9:db:8f:94:70:81:97:5f:14:6f:ec:01:6e:80:b0:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd8ae4d9ad863dda1401b490c28cff82d998e3b5
        Validity
            Not Before: Oct  3 11:36:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af451e82a4a6f8eb1fe5db7bc484e856849cf22f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:fb:60:88:8d:46:3b:5a:78:26:09:2c:e6:d4:
                    ad:bf:19:50:93:d5:ea:84:06:48:98:ac:6d:5d:3b:
                    6e:eb:34:37:9c:85:4f:8c:49:0a:ed:2c:77:ed:ef:
                    84:e6:fe:db:bc:de:b6:de:8b:57:4c:1b:64:2e:0b:
                    ab:75:5d:08:4f:a6:63:03:12:f8:82:ba:39:e3:3a:
                    b1:6c:ac:73:43:77:2f:8b:4b:08:38:69:ba:c4:7b:
                    0e:69:77:2d:c6:f8:20:17:23:b2:48:32:a4:c7:67:
                    66:1b:6c:91:c5:25:5c:65:71:b1:1b:15:aa:ae:fa:
                    fa:90:5a:38:a8:80:60:77:07:cf:44:ef:53:b9:20:
                    4a:01:b3:3a:11:76:c6:ea:eb:2f:cf:86:ff:3d:c8:
                    da:e8:e5:a9:e6:59:d5:cb:b9:65:1b:40:1d:8b:15:
                    08:fc:53:f6:85:58:96:39:84:b4:95:6f:dc:1e:80:
                    70:98:17:5b:69:b5:56:0e:3e:2c:82:f1:48:48:54:
                    b0:38:c1:67:f0:02:ad:ab:88:d5:6d:07:52:64:f7:
                    83:65:0f:a4:03:00:b4:4d:05:c7:6a:af:d0:9e:4e:
                    9a:ab:a9:e2:c1:ef:e5:ea:38:d5:3e:11:c8:af:a2:
                    c8:10:98:5d:5f:36:a3:53:15:dc:3a:18:7d:85:35:
                    49:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:45:1E:82:A4:A6:F8:EB:1F:E5:DB:7B:C4:84:E8:56:84:9C:F2:2F
            X509v3 Authority Key Identifier:
                keyid:DD:8A:E4:D9:AD:86:3D:DA:14:01:B4:90:C2:8C:FF:82:D9:98:E3:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Yrk2a2GPdoUAbSQwoz_gtmY47U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/347d71-ff78-4b3a-a5db-4de9345c83bf/1/r0UegqSm-Osf5dt7xIToVoSc8i8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/347d71-ff78-4b3a-a5db-4de9345c83bf/1/3Yrk2a2GPdoUAbSQwoz_gtmY47U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a30::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:a0:8e:26:e8:bb:2d:f1:8c:63:0e:03:fa:37:c2:8d:ba:24:
         7d:cb:da:53:84:1c:0a:1e:c8:12:e8:bd:45:5b:5b:6c:66:f6:
         6e:70:44:29:dd:24:64:ef:51:fa:e9:ad:f1:28:36:ff:0c:a4:
         96:51:d4:47:9f:ee:4b:1a:e9:6d:60:24:f4:03:1e:30:62:80:
         1f:f8:6d:a8:89:ed:98:cb:45:b3:20:0e:e2:52:85:4a:6d:80:
         cc:50:a2:80:2f:1a:5a:2f:64:f4:af:2f:43:24:f1:91:29:7b:
         e6:d5:24:02:65:c2:06:a5:04:0b:92:6d:9e:b0:0a:c4:88:bc:
         ac:18:cb:32:d7:97:63:1a:63:5d:78:20:59:46:ce:73:f1:94:
         96:d5:fe:ea:88:c6:10:6c:a1:7e:33:fa:e2:c1:98:d8:89:c0:
         95:99:5b:6c:6d:aa:c3:f0:f4:52:6b:46:d0:bd:f0:32:5a:21:
         14:1a:76:8d:4d:69:a7:80:ad:8e:84:9a:a2:0a:20:7d:1c:be:
         4b:33:c4:73:4b:f1:44:9d:7d:33:37:67:f0:93:7c:be:c0:19:
         d4:f8:4d:11:3a:11:31:2b:f1:f5:31:ca:a3:01:83:be:c1:13:
         1e:3e:f6:62:7b:59:c8:6a:47:fc:09:71:7b:d6:4a:d0:93:68:
         d8:a7:9c:c5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZmp24+UcIGXXxRv7AFugLBUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkOGFlNGQ5YWQ4NjNkZGExNDAxYjQ5MGMyOGNmZjgyZDk5
OGUzYjUwHhcNMjUxMDAzMTEzNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjQ1MWU4MmE0YTZmOGViMWZlNWRiN2JjNDg0ZTg1Njg0OWNmMjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvtgiI1GO1p4Jgks5tStvxlQk9Xq
hAZImKxtXTtu6zQ3nIVPjEkK7Sx37e+E5v7bvN623otXTBtkLgurdV0IT6ZjAxL4
gro54zqxbKxzQ3cvi0sIOGm6xHsOaXctxvggFyOySDKkx2dmG2yRxSVcZXGxGxWq
rvr6kFo4qIBgdwfPRO9TuSBKAbM6EXbG6usvz4b/Pcja6OWp5lnVy7llG0AdixUI
/FP2hViWOYS0lW/cHoBwmBdbabVWDj4sgvFISFSwOMFn8AKtq4jVbQdSZPeDZQ+k
AwC0TQXHaq/Qnk6aq6niwe/l6jjVPhHIr6LIEJhdXzajUxXcOhh9hTVJTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK9FHoKkpvjrH+Xbe8SE6FaEnPIvMB8GA1UdIwQY
MBaAFN2K5Nmthj3aFAG0kMKM/4LZmOO1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1lyazJhMkdQZG9VQWJTUXdvel9ndG1ZNDdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8zNDdkNzEtZmY3OC00YjNhLWE1ZGIt
NGRlOTM0NWM4M2JmLzEvcjBVZWdxU20tT3NmNWR0N3hJVG9Wb1NjOGk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8zNDdkNzEtZmY3OC00YjNhLWE1ZGItNGRlOTM0NWM4M2Jm
LzEvM1lyazJhMkdQZG9VQWJTUXdvel9ndG1ZNDdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAow
MA0GCSqGSIb3DQEBCwUAA4IBAQAPoI4m6Lst8YxjDgP6N8KNuiR9y9pThBwKHsgS
6L1FW1tsZvZucEQp3SRk71H66a3xKDb/DKSWUdRHn+5LGultYCT0Ax4wYoAf+G2o
ie2Yy0WzIA7iUoVKbYDMUKKALxpaL2T0ry9DJPGRKXvm1SQCZcIGpQQLkm2esArE
iLysGMsy15djGmNdeCBZRs5z8ZSW1f7qiMYQbKF+M/riwZjYicCVmVtsbarD8PRS
a0bQvfAyWiEUGnaNTWmngK2OhJqiCiB9HL5LM8RzS/FEnX0zN2fwk3y+wBnU+E0R
OhExK/H1McqjAYO+wRMePvZie1nIakf8CXF71krQk2jYp5zF
-----END CERTIFICATE-----