Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/bhjib73n0V9gJH90qjfOOqiTS6o.roa
File:                     bhjib73n0V9gJH90qjfOOqiTS6o.roa (raw, json)
Hash identifier:          NrX3wU4HqqgIK2uoNzSnSU4RAHSnUevtrK1ADZq0SxQ=
Subject key identifier:   6E:18:E2:6F:BD:E7:D1:5F:60:24:7F:74:AA:37:CE:3A:A8:93:4B:AA
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       019977287333D31F1E50F31C5EECE03C2268
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/bhjib73n0V9gJH90qjfOOqiTS6o.roa
Signing time:             Tue 23 Sep 2025 15:19:23 +0000
ROA not before:           Tue 23 Sep 2025 15:19:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215304
IP address blocks:        2a0f:7802:e200::/40 maxlen: 48
                          2a0f:7803:fb40::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:77:28:73:33:d3:1f:1e:50:f3:1c:5e:ec:e0:3c:22:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Sep 23 15:19:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e18e26fbde7d15f60247f74aa37ce3aa8934baa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:26:a4:f6:d6:f7:44:d8:fe:38:26:dc:35:2b:
                    b1:3d:ec:c7:1c:09:93:3b:12:05:56:19:13:f7:7d:
                    32:b4:73:6a:e7:db:a1:60:db:f7:bb:4e:e9:a5:04:
                    16:30:01:00:d6:2f:41:a9:aa:ff:f7:de:4f:f9:e3:
                    bc:e0:f8:84:8e:18:70:54:f9:b7:58:7f:06:bb:aa:
                    b9:32:ce:3b:7c:af:95:42:ef:23:75:98:be:fc:91:
                    40:4e:1b:d1:c5:42:e4:1b:f1:10:7d:ba:89:da:de:
                    00:64:5d:3e:77:c3:2d:ea:02:62:99:f2:46:92:e1:
                    35:36:b2:eb:ca:2c:db:8e:9d:d3:55:fa:10:90:26:
                    90:79:5a:25:93:11:b2:c4:1a:cc:36:54:68:78:2d:
                    de:3f:58:19:ea:ce:df:2c:92:ee:f0:ae:01:4b:06:
                    10:09:61:f7:74:94:63:0f:ec:3a:8c:4d:28:0d:2d:
                    d8:6b:67:8e:22:dd:79:94:dc:ad:f3:e6:7f:ff:38:
                    8b:b9:3c:cd:b9:64:b9:fe:16:b4:4b:f6:4f:6f:4d:
                    ed:d0:09:bd:fb:42:e9:77:bb:da:19:03:0b:d3:10:
                    82:aa:20:a2:3e:51:15:69:82:f8:0d:de:b2:ea:f1:
                    9d:9b:14:46:db:d5:24:ef:41:89:65:ac:9e:67:34:
                    e0:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:18:E2:6F:BD:E7:D1:5F:60:24:7F:74:AA:37:CE:3A:A8:93:4B:AA
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/bhjib73n0V9gJH90qjfOOqiTS6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:e200::/40
                  2a0f:7803:fb40::/44

    Signature Algorithm: sha256WithRSAEncryption
         3e:e4:1a:fa:23:18:bd:c0:5e:e3:42:29:b0:34:3c:e4:f2:ef:
         5e:e1:f6:c1:6c:dd:75:dc:b2:52:c1:34:b8:7b:fe:11:75:7b:
         05:76:0c:a3:ec:6c:0c:ab:2d:97:8e:ec:bd:b5:02:e0:c4:67:
         d6:7f:c1:1d:95:ff:39:4b:49:96:2a:9a:d7:de:a1:8d:6f:a2:
         47:a2:23:f9:51:7e:c2:61:5f:1f:2b:3f:6f:e1:2c:b3:ca:50:
         3b:aa:32:26:d2:0b:db:a5:ef:7c:bf:9f:f4:87:2a:72:7c:c5:
         8d:33:a9:f7:4c:c2:38:0c:7d:6b:14:bd:76:fc:dd:07:25:4b:
         a7:1c:da:12:6d:e4:a0:39:46:1c:c0:e0:b0:75:7f:e6:0c:45:
         d1:9d:10:a5:5c:b2:b2:40:b5:c4:c5:27:6e:ac:00:6f:1b:e1:
         3b:5e:e0:17:1b:c6:04:44:7f:e2:6d:8d:0b:d1:03:0c:c3:ee:
         c5:67:47:1a:65:f8:14:4d:43:79:95:75:b0:cc:5f:0b:5d:07:
         9d:97:1b:4c:af:06:f6:02:3b:44:e1:48:7e:67:ed:9a:c1:b2:
         22:da:5f:fb:1a:9a:98:f6:f9:73:bd:2e:76:ae:83:2b:a3:1a:
         7e:01:13:68:01:49:b5:04:4c:33:d4:4d:e0:40:a1:07:47:fa:
         d8:ca:56:f6
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZl3KHMz0x8eUPMcXuzgPCJoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwOTIzMTUxOTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTE4ZTI2ZmJkZTdkMTVmNjAyNDdmNzRhYTM3Y2UzYWE4OTM0YmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCak9tb3RNj+OCbcNSuxPezHHAmT
OxIFVhkT930ytHNq59uhYNv3u07ppQQWMAEA1i9Bqar/995P+eO84PiEjhhwVPm3
WH8Gu6q5Ms47fK+VQu8jdZi+/JFAThvRxULkG/EQfbqJ2t4AZF0+d8Mt6gJimfJG
kuE1NrLryizbjp3TVfoQkCaQeVolkxGyxBrMNlRoeC3eP1gZ6s7fLJLu8K4BSwYQ
CWH3dJRjD+w6jE0oDS3Ya2eOIt15lNyt8+Z//ziLuTzNuWS5/ha0S/ZPb03t0Am9
+0Lpd7vaGQML0xCCqiCiPlEVaYL4Dd6y6vGdmxRG29Uk70GJZayeZzTgswIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFG4Y4m+959FfYCR/dKo3zjqok0uqMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvYmhqaWI3M24wVjlnSkg5MHFqZk9PcWlUUzZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKg94AuID
BwQqD3gD+0AwDQYJKoZIhvcNAQELBQADggEBAD7kGvojGL3AXuNCKbA0POTy717h
9sFs3XXcslLBNLh7/hF1ewV2DKPsbAyrLZeO7L21AuDEZ9Z/wR2V/zlLSZYqmtfe
oY1vokeiI/lRfsJhXx8rP2/hLLPKUDuqMibSC9ul73y/n/SHKnJ8xY0zqfdMwjgM
fWsUvXb83QclS6cc2hJt5KA5RhzA4LB1f+YMRdGdEKVcsrJAtcTFJ26sAG8b4Tte
4BcbxgREf+JtjQvRAwzD7sVnRxpl+BRNQ3mVdbDMXwtdB52XG0yvBvYCO0ThSH5n
7ZrBsiLaX/sampj2+XO9LnaugyujGn4BE2gBSbUETDPUTeBAoQdH+tjKVvY=
-----END CERTIFICATE-----