Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/9d4ee9-a29c-4859-819a-8cceeed62cd5/1/KO1fsPW5WsiblhObCxnGWsbz8RY.roa
File:                     KO1fsPW5WsiblhObCxnGWsbz8RY.roa (raw, json)
Hash identifier:          YNVGCapIIz5fFc5b4tML70CA2D7xNVMhrzbQveusosk=
Subject key identifier:   28:ED:5F:B0:F5:B9:5A:C8:9B:96:13:9B:0B:19:C6:5A:C6:F3:F1:16
Certificate issuer:       /CN=842e1583c6d2b94878c5a9839ef67f56144b8565
Certificate serial:       0199DEA6345BD882622A141548771E733F23
Authority key identifier: 84:2E:15:83:C6:D2:B9:48:78:C5:A9:83:9E:F6:7F:56:14:4B:85:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hC4Vg8bSuUh4xamDnvZ_VhRLhWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/9d4ee9-a29c-4859-819a-8cceeed62cd5/1/KO1fsPW5WsiblhObCxnGWsbz8RY.roa
Signing time:             Mon 13 Oct 2025 17:37:38 +0000
ROA not before:           Mon 13 Oct 2025 17:37:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206218
IP address blocks:        2001:678:bc4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/9d4ee9-a29c-4859-819a-8cceeed62cd5/1/hC4Vg8bSuUh4xamDnvZ_VhRLhWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/9d4ee9-a29c-4859-819a-8cceeed62cd5/1/hC4Vg8bSuUh4xamDnvZ_VhRLhWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hC4Vg8bSuUh4xamDnvZ_VhRLhWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:de:a6:34:5b:d8:82:62:2a:14:15:48:77:1e:73:3f:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=842e1583c6d2b94878c5a9839ef67f56144b8565
        Validity
            Not Before: Oct 13 17:37:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28ed5fb0f5b95ac89b96139b0b19c65ac6f3f116
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:19:c3:df:fa:44:fa:be:5a:e8:a1:75:04:be:
                    5a:52:a1:de:1b:a0:c0:90:33:e3:13:05:fb:36:ef:
                    9e:a7:e3:f6:6d:58:04:54:cb:db:1f:c5:2c:63:72:
                    ff:2e:53:b6:2c:42:2b:8d:35:75:03:9e:73:59:f9:
                    1f:35:2f:8c:3a:07:b8:aa:b2:f2:70:88:60:b5:ee:
                    ee:5b:61:36:e0:ce:53:c1:a3:3c:f7:de:83:4c:75:
                    4e:d8:be:5e:a2:da:42:2c:08:d1:2f:a5:16:fd:26:
                    45:e4:1a:70:10:9a:3b:f2:a0:5d:01:4f:e7:d3:ab:
                    b8:76:6e:fa:37:a4:fc:ea:b4:ee:dd:f9:a0:65:f4:
                    b4:2c:0f:0c:53:f4:30:1c:3d:fc:31:bc:86:14:c7:
                    76:19:e0:a1:98:af:44:4c:ec:3f:c2:0e:0c:19:29:
                    c3:d6:80:ca:37:dc:af:b2:60:93:05:3f:ca:fe:4d:
                    b3:42:63:fb:37:68:23:a5:4c:00:fe:fd:0b:bb:25:
                    b6:13:34:cc:92:88:9e:ed:20:0c:9e:5e:97:a6:fa:
                    3e:a5:44:f6:aa:16:cd:82:e0:32:3b:f8:86:c1:ed:
                    06:1a:6c:0e:e0:49:6f:e6:2d:1f:fd:57:88:a3:71:
                    46:0c:5e:5b:e0:20:a6:2d:a9:ca:cd:f6:75:2a:8e:
                    ff:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:ED:5F:B0:F5:B9:5A:C8:9B:96:13:9B:0B:19:C6:5A:C6:F3:F1:16
            X509v3 Authority Key Identifier:
                keyid:84:2E:15:83:C6:D2:B9:48:78:C5:A9:83:9E:F6:7F:56:14:4B:85:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hC4Vg8bSuUh4xamDnvZ_VhRLhWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/9d4ee9-a29c-4859-819a-8cceeed62cd5/1/KO1fsPW5WsiblhObCxnGWsbz8RY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/9d4ee9-a29c-4859-819a-8cceeed62cd5/1/hC4Vg8bSuUh4xamDnvZ_VhRLhWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:bc4::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:ab:cf:0e:07:1b:4e:5c:00:2c:f8:27:34:90:25:a5:61:a6:
         30:9a:78:30:74:46:e5:a2:7b:47:8a:89:45:1f:c2:d5:9d:ce:
         2f:c4:53:a2:4c:95:02:31:d8:bb:ee:ce:cd:16:f5:ab:72:ae:
         c6:ee:60:f1:e1:bd:82:7f:64:6c:de:bc:6b:65:27:ad:13:3b:
         d7:fb:99:88:55:e5:c0:dc:2a:a8:94:a7:31:9a:48:aa:4d:ed:
         79:ae:25:aa:2f:b3:b1:66:55:99:ff:36:f0:69:48:42:57:94:
         a0:97:98:6a:db:c2:0d:22:bb:a5:cf:f2:b1:85:37:c4:c3:7e:
         43:7e:13:1b:93:4c:33:60:f1:12:40:07:7a:bc:53:78:da:65:
         86:e7:c8:2b:0e:d2:78:91:d2:08:03:2c:e9:81:2b:78:4d:8f:
         4a:6a:c3:59:1a:f9:1c:d7:f1:2e:06:50:bc:c9:94:36:7d:b0:
         3c:3c:db:f8:9e:15:1c:2e:13:62:00:2d:53:3f:98:76:1a:c0:
         22:bf:5d:29:34:8f:62:a3:aa:cb:f3:59:6a:17:8a:3b:2f:a6:
         db:da:20:f1:48:1d:4e:b3:f3:7b:b4:00:1b:1b:c7:20:6c:e0:
         73:c0:fe:44:1d:9b:80:b2:05:22:a1:33:cb:d8:c7:ac:48:b4:
         58:79:cc:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZnepjRb2IJiKhQVSHcecz8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MmUxNTgzYzZkMmI5NDg3OGM1YTk4MzllZjY3ZjU2MTQ0
Yjg1NjUwHhcNMjUxMDEzMTczNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGVkNWZiMGY1Yjk1YWM4OWI5NjEzOWIwYjE5YzY1YWM2ZjNmMTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxnD3/pE+r5a6KF1BL5aUqHeG6DA
kDPjEwX7Nu+ep+P2bVgEVMvbH8UsY3L/LlO2LEIrjTV1A55zWfkfNS+MOge4qrLy
cIhgte7uW2E24M5TwaM8996DTHVO2L5eotpCLAjRL6UW/SZF5BpwEJo78qBdAU/n
06u4dm76N6T86rTu3fmgZfS0LA8MU/QwHD38MbyGFMd2GeChmK9ETOw/wg4MGSnD
1oDKN9yvsmCTBT/K/k2zQmP7N2gjpUwA/v0LuyW2EzTMkoie7SAMnl6Xpvo+pUT2
qhbNguAyO/iGwe0GGmwO4Elv5i0f/VeIo3FGDF5b4CCmLanKzfZ1Ko7/hQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCjtX7D1uVrIm5YTmwsZxlrG8/EWMB8GA1UdIwQY
MBaAFIQuFYPG0rlIeMWpg572f1YUS4VlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEM0Vmc4YlN1VWg0eGFtRG52Wl9WaFJMaFdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85ZDRlZTktYTI5Yy00ODU5LTgxOWEt
OGNjZWVlZDYyY2Q1LzEvS08xZnNQVzVXc2libGhPYkN4bkdXc2J6OFJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85ZDRlZTktYTI5Yy00ODU5LTgxOWEtOGNjZWVlZDYyY2Q1
LzEvaEM0Vmc4YlN1VWg0eGFtRG52Wl9WaFJMaFdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAvE
MA0GCSqGSIb3DQEBCwUAA4IBAQArq88OBxtOXAAs+Cc0kCWlYaYwmngwdEblontH
iolFH8LVnc4vxFOiTJUCMdi77s7NFvWrcq7G7mDx4b2Cf2Rs3rxrZSetEzvX+5mI
VeXA3CqolKcxmkiqTe15riWqL7OxZlWZ/zbwaUhCV5Sgl5hq28INIrulz/KxhTfE
w35DfhMbk0wzYPESQAd6vFN42mWG58grDtJ4kdIIAyzpgSt4TY9KasNZGvkc1/Eu
BlC8yZQ2fbA8PNv4nhUcLhNiAC1TP5h2GsAiv10pNI9io6rL81lqF4o7L6bb2iDx
SB1Os/N7tAAbG8cgbOBzwP5EHZuAsgUioTPL2MesSLRYecw5
-----END CERTIFICATE-----