Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/8f658c-3fac-498d-b95e-f4219beddb37/1/3aRtdaLoPOZF10CX_CZEh4-VCqI.roa
File:                     3aRtdaLoPOZF10CX_CZEh4-VCqI.roa (raw, json)
Hash identifier:          OscvtFvqL/u9a9yzvKDIzZQyXS+BuqyG+0F0KwScDL8=
Subject key identifier:   DD:A4:6D:75:A2:E8:3C:E6:45:D7:40:97:FC:26:44:87:8F:95:0A:A2
Certificate issuer:       /CN=9f1168b85717a14666001b5b2f6c90801997de06
Certificate serial:       0199B3217DA36B6FACCA26B01DECF0483CFF
Authority key identifier: 9F:11:68:B8:57:17:A1:46:66:00:1B:5B:2F:6C:90:80:19:97:DE:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nxFouFcXoUZmABtbL2yQgBmX3gY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/8f658c-3fac-498d-b95e-f4219beddb37/1/3aRtdaLoPOZF10CX_CZEh4-VCqI.roa
Signing time:             Sun 05 Oct 2025 06:49:00 +0000
ROA not before:           Sun 05 Oct 2025 06:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204619
IP address blocks:        2001:67c:360::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/8f658c-3fac-498d-b95e-f4219beddb37/1/nxFouFcXoUZmABtbL2yQgBmX3gY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/8f658c-3fac-498d-b95e-f4219beddb37/1/nxFouFcXoUZmABtbL2yQgBmX3gY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nxFouFcXoUZmABtbL2yQgBmX3gY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b3:21:7d:a3:6b:6f:ac:ca:26:b0:1d:ec:f0:48:3c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f1168b85717a14666001b5b2f6c90801997de06
        Validity
            Not Before: Oct  5 06:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dda46d75a2e83ce645d74097fc2644878f950aa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:26:7f:6f:6c:31:46:20:f3:ef:11:a6:e6:c0:
                    40:1e:6d:1b:14:53:b3:38:61:74:9f:2c:bd:5e:ac:
                    81:9e:11:8e:5b:3a:33:1c:ed:ec:a9:63:a8:95:97:
                    0b:66:00:3d:6b:35:be:eb:e9:11:12:c6:4c:a0:4e:
                    34:61:2e:17:0e:b8:a8:0c:af:69:13:46:7c:32:0d:
                    87:56:60:6f:f7:0c:71:08:16:12:0e:fb:6c:6a:ba:
                    61:8f:e8:a3:e1:e8:27:60:80:79:92:71:e5:3b:63:
                    d0:62:21:ad:34:4a:44:94:d9:0a:9e:2a:a4:0e:4a:
                    9a:42:e7:25:57:84:79:df:32:1a:e1:8a:4b:ed:55:
                    3d:70:ad:aa:e9:e1:90:0b:48:58:8c:d0:33:99:1d:
                    9b:f8:5d:cb:fe:77:bb:bd:c1:9e:5a:3c:fd:99:9a:
                    92:87:77:9e:85:2f:c5:b3:94:86:55:f8:78:0b:e7:
                    3d:a1:5a:db:9a:a8:e4:c3:d2:4d:af:bb:9b:57:9a:
                    f5:82:b3:20:89:a2:ca:dd:6d:dd:23:83:e1:02:95:
                    0b:e1:75:29:82:5d:4b:8c:73:6c:29:e1:2c:f7:34:
                    77:27:6f:72:74:b7:71:35:07:00:7d:88:35:7c:21:
                    b9:f7:53:95:b7:cb:9e:69:83:5c:0a:8d:dd:9a:b6:
                    de:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:A4:6D:75:A2:E8:3C:E6:45:D7:40:97:FC:26:44:87:8F:95:0A:A2
            X509v3 Authority Key Identifier:
                keyid:9F:11:68:B8:57:17:A1:46:66:00:1B:5B:2F:6C:90:80:19:97:DE:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nxFouFcXoUZmABtbL2yQgBmX3gY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/8f658c-3fac-498d-b95e-f4219beddb37/1/3aRtdaLoPOZF10CX_CZEh4-VCqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/8f658c-3fac-498d-b95e-f4219beddb37/1/nxFouFcXoUZmABtbL2yQgBmX3gY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:360::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:57:2c:d5:b7:a3:e6:ac:b9:ce:d3:14:ef:a7:6d:f3:55:68:
         21:9a:2e:2f:9c:93:a8:5d:59:b0:6c:7d:45:2a:5d:ec:ec:53:
         65:9a:c9:08:f4:66:72:53:fa:e4:06:fd:66:a9:5e:66:a5:96:
         a4:bc:1a:04:af:20:51:6f:b2:72:f0:1c:90:71:70:98:e1:34:
         72:72:e7:3a:35:7f:5e:23:e6:cd:50:a6:11:d8:ce:f1:d9:ae:
         8e:81:90:02:83:5a:92:3a:b6:66:dd:27:ef:a1:d0:04:74:76:
         66:74:b0:28:05:8f:cf:38:6b:07:7b:64:85:07:85:bf:0a:7b:
         07:14:40:e4:41:3b:37:cd:88:45:57:56:71:a2:27:78:11:9e:
         62:82:45:fb:5c:35:e9:6d:7d:ab:62:7c:51:95:99:c4:af:bd:
         47:c4:0f:6c:79:1d:f4:ca:83:35:4d:bc:08:f5:78:75:fa:8f:
         79:64:96:17:8b:1c:eb:9e:57:40:87:49:30:86:58:9f:9f:c8:
         12:91:79:26:b1:be:eb:76:e9:b3:35:61:10:da:a2:e0:fa:91:
         bb:66:d3:2f:4d:90:c8:4a:bf:25:72:0c:9d:de:9b:f4:6e:a8:
         95:fc:bd:fa:ff:0b:e8:8f:61:e9:9e:c3:36:26:4f:c7:77:d1:
         2a:d2:6f:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZmzIX2ja2+syiawHezwSDz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMTE2OGI4NTcxN2ExNDY2NjAwMWI1YjJmNmM5MDgwMTk5
N2RlMDYwHhcNMjUxMDA1MDY0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGE0NmQ3NWEyZTgzY2U2NDVkNzQwOTdmYzI2NDQ4NzhmOTUwYWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CZ/b2wxRiDz7xGm5sBAHm0bFFOz
OGF0nyy9XqyBnhGOWzozHO3sqWOolZcLZgA9azW+6+kREsZMoE40YS4XDrioDK9p
E0Z8Mg2HVmBv9wxxCBYSDvtsarphj+ij4egnYIB5knHlO2PQYiGtNEpElNkKniqk
DkqaQuclV4R53zIa4YpL7VU9cK2q6eGQC0hYjNAzmR2b+F3L/ne7vcGeWjz9mZqS
h3eehS/Fs5SGVfh4C+c9oVrbmqjkw9JNr7ubV5r1grMgiaLK3W3dI4PhApUL4XUp
gl1LjHNsKeEs9zR3J29ydLdxNQcAfYg1fCG591OVt8ueaYNcCo3dmrbepwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN2kbXWi6DzmRddAl/wmRIePlQqiMB8GA1UdIwQY
MBaAFJ8RaLhXF6FGZgAbWy9skIAZl94GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnhGb3VGY1hvVVptQUJ0YkwyeVFnQm1YM2dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC84ZjY1OGMtM2ZhYy00OThkLWI5NWUt
ZjQyMTliZWRkYjM3LzEvM2FSdGRhTG9QT1pGMTBDWF9DWkVoNC1WQ3FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC84ZjY1OGMtM2ZhYy00OThkLWI5NWUtZjQyMTliZWRkYjM3
LzEvbnhGb3VGY1hvVVptQUJ0YkwyeVFnQm1YM2dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfANg
MA0GCSqGSIb3DQEBCwUAA4IBAQCXVyzVt6PmrLnO0xTvp23zVWghmi4vnJOoXVmw
bH1FKl3s7FNlmskI9GZyU/rkBv1mqV5mpZakvBoEryBRb7Jy8ByQcXCY4TRycuc6
NX9eI+bNUKYR2M7x2a6OgZACg1qSOrZm3SfvodAEdHZmdLAoBY/POGsHe2SFB4W/
CnsHFEDkQTs3zYhFV1Zxoid4EZ5igkX7XDXpbX2rYnxRlZnEr71HxA9seR30yoM1
TbwI9Xh1+o95ZJYXixzrnldAh0kwhlifn8gSkXkmsb7rdumzNWEQ2qLg+pG7ZtMv
TZDISr8lcgyd3pv0bqiV/L36/wvoj2HpnsM2Jk/Hd9Eq0m9p
-----END CERTIFICATE-----