Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/KBjMi-d3zw2UfM6S4CVYgA3aGT4.roa
File:                     KBjMi-d3zw2UfM6S4CVYgA3aGT4.roa (raw, json)
Hash identifier:          o9USA/1X3Z33SCSiDEDjaQxT9/EAobfC+KyYrScH9hU=
Subject key identifier:   28:18:CC:8B:E7:77:CF:0D:94:7C:CE:92:E0:25:58:80:0D:DA:19:3E
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       0198ADB395CCB48C48FFAC425BBB7BA64D91
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/KBjMi-d3zw2UfM6S4CVYgA3aGT4.roa
Signing time:             Fri 15 Aug 2025 12:28:04 +0000
ROA not before:           Fri 15 Aug 2025 12:28:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150289
IP address blocks:        2a0f:7802:d100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 09:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ad:b3:95:cc:b4:8c:48:ff:ac:42:5b:bb:7b:a6:4d:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Aug 15 12:28:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2818cc8be777cf0d947cce92e02558800dda193e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:33:f1:a2:a6:13:b8:cf:39:5b:29:81:4a:b4:
                    bf:39:b0:62:0f:b0:4e:6b:19:f5:e0:fc:7a:95:7e:
                    6e:87:d6:17:9a:72:89:41:49:64:14:16:57:9e:c0:
                    75:4b:95:7e:62:40:9b:82:6c:9e:54:48:98:0e:34:
                    fa:19:35:6b:d9:7f:53:42:f7:6b:f8:ad:6c:58:77:
                    5a:d0:be:20:19:c2:07:dd:85:61:12:6d:4b:53:b0:
                    af:eb:5a:af:34:d6:72:88:12:84:5a:a4:a6:a4:40:
                    4d:3d:ef:8a:4c:f5:40:ce:80:30:7c:aa:b1:7b:c8:
                    3e:f4:5d:62:c6:c4:19:b0:c6:9b:4f:ed:ae:29:bd:
                    f4:55:2c:c6:07:bd:39:e3:07:ae:20:07:05:2a:f9:
                    2f:64:f0:9e:4b:bb:1d:94:93:dc:45:3c:27:9a:72:
                    12:02:cd:b8:33:b0:82:b7:dc:df:d6:94:e1:af:af:
                    0c:37:d6:5f:15:ff:92:08:82:63:77:db:a7:5b:a8:
                    3d:9d:d1:68:c4:e2:11:8f:43:2f:65:4d:5e:4a:51:
                    c9:01:31:2d:e9:1c:c2:b9:2a:b3:2a:e2:d4:ea:f6:
                    b4:4d:67:87:5e:d3:56:48:a5:b2:fc:e7:ab:f7:f0:
                    fe:c4:ed:9f:42:cb:8c:70:01:ae:d1:2c:d8:4a:90:
                    a4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:18:CC:8B:E7:77:CF:0D:94:7C:CE:92:E0:25:58:80:0D:DA:19:3E
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/KBjMi-d3zw2UfM6S4CVYgA3aGT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:d100::/40

    Signature Algorithm: sha256WithRSAEncryption
         39:5e:8c:2b:86:bf:a6:ff:e6:e0:7b:2b:85:99:60:7c:2b:f1:
         d3:27:32:2e:e2:5f:f7:00:41:fb:e0:88:b3:f0:7a:1f:58:be:
         fd:2d:03:8a:b5:a5:18:c1:c3:a1:77:a9:46:ee:17:74:0d:ee:
         22:9b:cf:2b:c6:b9:51:c2:27:e2:df:ec:50:34:27:53:43:6b:
         96:b8:3f:74:63:3d:ad:52:65:20:3c:eb:e9:cf:9b:c1:28:50:
         c5:72:ff:a8:9f:20:04:82:77:43:cf:61:f4:33:fc:72:49:13:
         63:21:30:8d:fa:23:52:bf:84:ff:96:c2:41:3d:88:a1:06:2a:
         98:51:1d:47:af:fc:34:9d:c5:09:7d:8e:1e:96:dc:04:01:b7:
         d3:5b:14:d3:f0:47:49:ae:55:ef:82:9d:c6:d6:19:36:64:b6:
         22:ff:10:97:89:0e:2b:c9:2a:8d:c6:6a:07:71:5f:17:b5:de:
         5d:1d:7b:11:0c:44:b9:03:64:78:86:0e:d2:5e:ea:2b:2e:08:
         7d:90:41:01:71:59:09:08:fb:70:24:f3:6f:c4:e6:2d:ae:5f:
         ba:ba:d8:e2:8f:b7:1a:71:50:2f:00:65:a3:8c:58:d9:8a:cf:
         90:2c:07:49:25:a6:68:c9:4a:a0:ed:1b:ea:5f:57:c4:2e:c8:
         64:1f:0c:0f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZits5XMtIxI/6xCW7t7pk2RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwODE1MTIyODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODE4Y2M4YmU3NzdjZjBkOTQ3Y2NlOTJlMDI1NTg4MDBkZGExOTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTPxoqYTuM85WymBSrS/ObBiD7BO
axn14Px6lX5uh9YXmnKJQUlkFBZXnsB1S5V+YkCbgmyeVEiYDjT6GTVr2X9TQvdr
+K1sWHda0L4gGcIH3YVhEm1LU7Cv61qvNNZyiBKEWqSmpEBNPe+KTPVAzoAwfKqx
e8g+9F1ixsQZsMabT+2uKb30VSzGB7054weuIAcFKvkvZPCeS7sdlJPcRTwnmnIS
As24M7CCt9zf1pThr68MN9ZfFf+SCIJjd9unW6g9ndFoxOIRj0MvZU1eSlHJATEt
6RzCuSqzKuLU6va0TWeHXtNWSKWy/Oer9/D+xO2fQsuMcAGu0SzYSpCk0wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCgYzIvnd88NlHzOkuAlWIAN2hk+MB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvS0JqTWktZDN6dzJVZk02UzRDVllnQTNhR1Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg94AtEw
DQYJKoZIhvcNAQELBQADggEBADlejCuGv6b/5uB7K4WZYHwr8dMnMi7iX/cAQfvg
iLPweh9Yvv0tA4q1pRjBw6F3qUbuF3QN7iKbzyvGuVHCJ+Lf7FA0J1NDa5a4P3Rj
Pa1SZSA86+nPm8EoUMVy/6ifIASCd0PPYfQz/HJJE2MhMI36I1K/hP+WwkE9iKEG
KphRHUev/DSdxQl9jh6W3AQBt9NbFNPwR0muVe+CncbWGTZktiL/EJeJDivJKo3G
agdxXxe13l0dexEMRLkDZHiGDtJe6isuCH2QQQFxWQkI+3Ak82/E5i2uX7q62OKP
txpxUC8AZaOMWNmKz5AsB0klpmjJSqDtG+pfV8QuyGQfDA8=
-----END CERTIFICATE-----