Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/JPk8qHaA0VqJJwM_cRiEk2hiNN4.roa
File:                     JPk8qHaA0VqJJwM_cRiEk2hiNN4.roa (raw, json)
Hash identifier:          UcrJOHgb+5M2bbcwOpZ1qAySq77AEN4vifocol3LdDU=
Subject key identifier:   24:F9:3C:A8:76:80:D1:5A:89:27:03:3F:71:18:84:93:68:62:34:DE
Certificate issuer:       /CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
Certificate serial:       01998578FD3A8EF58D8A163463C5F058B955
Authority key identifier: FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/JPk8qHaA0VqJJwM_cRiEk2hiNN4.roa
Signing time:             Fri 26 Sep 2025 10:02:02 +0000
ROA not before:           Fri 26 Sep 2025 10:02:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205964
IP address blocks:        2a13:6cc1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:85:78:fd:3a:8e:f5:8d:8a:16:34:63:c5:f0:58:b9:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
        Validity
            Not Before: Sep 26 10:02:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24f93ca87680d15a8927033f71188493686234de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:30:25:c8:70:6f:10:b9:e2:17:7f:9e:8e:a7:
                    ee:99:8e:97:89:64:0b:b5:7b:3e:90:5b:60:d3:c8:
                    48:4d:d0:b0:84:3e:23:ab:c6:8e:a9:21:2c:b6:02:
                    bf:4a:74:2f:6c:dc:6f:64:79:39:c1:8e:99:c9:0d:
                    ce:bf:fe:d3:ae:c2:ee:bb:05:c1:5a:49:05:50:c8:
                    02:97:91:82:91:60:d4:26:28:07:96:a8:12:07:b1:
                    6d:27:b2:d1:2d:ea:6a:f1:6b:18:a7:5e:eb:72:ed:
                    b2:be:0a:9b:3c:7a:66:41:ff:06:aa:4f:8d:66:fa:
                    5e:34:f2:cb:1b:c4:71:80:9c:a4:81:f4:fa:68:c0:
                    1e:d5:9f:2c:40:37:db:96:ac:82:a5:25:75:06:0f:
                    f5:7f:c7:de:f1:3a:b4:5b:be:15:6b:db:86:84:fd:
                    c3:6c:f7:be:0b:e5:1b:ce:b9:f0:1b:26:ae:e9:aa:
                    42:44:0b:58:8e:f6:67:48:0e:08:df:04:a4:cd:32:
                    b6:fc:4e:6e:10:da:8e:de:f6:c9:56:73:98:cc:10:
                    c0:d2:e0:7c:be:69:40:66:40:f5:b7:6b:c1:bd:80:
                    c4:67:60:98:f5:fc:79:d7:9c:e6:59:51:63:1f:b1:
                    da:cd:2b:a8:22:e5:84:f5:fb:16:ae:da:e9:20:33:
                    71:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:F9:3C:A8:76:80:D1:5A:89:27:03:3F:71:18:84:93:68:62:34:DE
            X509v3 Authority Key Identifier:
                keyid:FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/JPk8qHaA0VqJJwM_cRiEk2hiNN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:6cc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:95:5b:8d:f3:10:32:29:73:77:1e:cb:dc:13:eb:81:37:c6:
         d4:e9:77:51:f8:1a:99:cb:65:bb:7d:51:81:a7:58:e4:63:b9:
         ad:8d:5f:7d:ef:87:23:1e:7f:61:71:8a:54:11:3a:43:9d:a3:
         03:92:8e:d9:10:2f:ac:d1:f9:34:82:14:59:1c:2e:9e:c1:ac:
         03:34:f9:77:c5:55:01:ac:5c:67:9a:2f:fd:dd:af:73:ab:bc:
         ed:15:94:28:92:75:f4:08:3b:14:f9:1c:a8:88:03:8d:d8:dc:
         33:93:5e:f2:33:98:b6:17:87:d1:9a:7a:76:22:1e:c0:93:67:
         0c:f7:20:58:4a:95:17:5b:06:f3:1d:62:d5:ac:c3:23:4c:33:
         46:aa:27:89:81:f1:10:d1:9f:b6:2d:ef:ff:6f:49:7a:86:1a:
         38:27:fd:40:80:05:5b:8b:3d:eb:32:3d:54:eb:34:31:e4:be:
         fe:4c:54:77:a8:a0:2e:ca:41:23:52:7b:71:b3:33:d9:0b:57:
         9d:d7:49:2c:50:e9:54:8f:31:59:11:5c:bc:6b:2a:98:00:8d:
         e6:42:1a:e4:b9:76:89:2b:8d:e4:a3:7a:78:45:74:2d:9e:f1:
         db:d9:4b:5a:46:fd:29:fd:40:b9:3a:b7:fb:0d:62:9f:40:59:
         a5:94:a3:9e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZmFeP06jvWNihY0Y8XwWLlVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGJmYmRiNmU5NzVkZGNhOGY2ZGQ5NjhjMzdhN2Q1NTYw
ZTY5MWQwHhcNMjUwOTI2MTAwMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGY5M2NhODc2ODBkMTVhODkyNzAzM2Y3MTE4ODQ5MzY4NjIzNGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4zAlyHBvELniF3+ejqfumY6XiWQL
tXs+kFtg08hITdCwhD4jq8aOqSEstgK/SnQvbNxvZHk5wY6ZyQ3Ov/7TrsLuuwXB
WkkFUMgCl5GCkWDUJigHlqgSB7FtJ7LRLepq8WsYp17rcu2yvgqbPHpmQf8Gqk+N
ZvpeNPLLG8RxgJykgfT6aMAe1Z8sQDfblqyCpSV1Bg/1f8fe8Tq0W74Va9uGhP3D
bPe+C+UbzrnwGyau6apCRAtYjvZnSA4I3wSkzTK2/E5uENqO3vbJVnOYzBDA0uB8
vmlAZkD1t2vBvYDEZ2CY9fx515zmWVFjH7HazSuoIuWE9fsWrtrpIDNxGQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCT5PKh2gNFaiScDP3EYhJNoYjTeMB8GA1UdIwQY
MBaAFP/b+9tul13cqPbdlow3p9VWDmkdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUt
MTk3NjlmNTc4ZWZkLzEvSlBrOHFIYUEwVnFKSndNX2NSaUVrMmhpTk40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUtMTk3NjlmNTc4ZWZk
LzEvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhNswTAN
BgkqhkiG9w0BAQsFAAOCAQEAfZVbjfMQMilzdx7L3BPrgTfG1Ol3Ufgamctlu31R
gadY5GO5rY1ffe+HIx5/YXGKVBE6Q52jA5KO2RAvrNH5NIIUWRwunsGsAzT5d8VV
AaxcZ5ov/d2vc6u87RWUKJJ19Ag7FPkcqIgDjdjcM5Ne8jOYtheH0Zp6diIewJNn
DPcgWEqVF1sG8x1i1azDI0wzRqoniYHxENGfti3v/29JeoYaOCf9QIAFW4s96zI9
VOs0MeS+/kxUd6igLspBI1J7cbMz2QtXnddJLFDpVI8xWRFcvGsqmACN5kIa5Ll2
iSuN5KN6eEV0LZ7x29lLWkb9Kf1AuTq3+w1in0BZpZSjng==
-----END CERTIFICATE-----