Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/96282f-5a29-4fdd-adf9-d210838a46e6/1/zQtGsgzqOK-0hoW-F87Yx5VVUg0.roa
File:                     zQtGsgzqOK-0hoW-F87Yx5VVUg0.roa (raw, json)
Hash identifier:          PEtW7YagTcXDXA2f9YO+bwyb8k/56XuZ1pNjFIGkhUk=
Subject key identifier:   CD:0B:46:B2:0C:EA:38:AF:B4:86:85:BE:17:CE:D8:C7:95:55:52:0D
Certificate issuer:       /CN=0d25cfd526aad72a4c8f4733faca0f4db7f9f767
Certificate serial:       0198D2127F8C214F875AF4F04209AA83D644
Authority key identifier: 0D:25:CF:D5:26:AA:D7:2A:4C:8F:47:33:FA:CA:0F:4D:B7:F9:F7:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSXP1Saq1ypMj0cz-soPTbf592c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/96282f-5a29-4fdd-adf9-d210838a46e6/1/zQtGsgzqOK-0hoW-F87Yx5VVUg0.roa
Signing time:             Fri 22 Aug 2025 13:58:04 +0000
ROA not before:           Fri 22 Aug 2025 13:58:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205079
IP address blocks:        2001:678:10ec::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/96282f-5a29-4fdd-adf9-d210838a46e6/1/DSXP1Saq1ypMj0cz-soPTbf592c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/96282f-5a29-4fdd-adf9-d210838a46e6/1/DSXP1Saq1ypMj0cz-soPTbf592c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSXP1Saq1ypMj0cz-soPTbf592c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d2:12:7f:8c:21:4f:87:5a:f4:f0:42:09:aa:83:d6:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d25cfd526aad72a4c8f4733faca0f4db7f9f767
        Validity
            Not Before: Aug 22 13:58:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd0b46b20cea38afb48685be17ced8c79555520d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:a0:10:8d:8c:8b:9e:a5:61:04:bc:6b:b0:46:
                    83:38:d7:3c:a6:94:a4:15:63:cb:44:43:a5:a0:f6:
                    23:8b:06:ba:f2:f1:fc:d6:78:87:77:e0:77:f6:91:
                    2a:37:d3:99:11:df:76:54:7e:73:d9:7e:f1:58:13:
                    43:45:58:d4:af:b9:fe:02:57:e9:7b:4a:b9:34:11:
                    0d:a4:7e:27:14:af:a2:97:54:40:4e:3e:28:49:03:
                    39:68:97:80:9f:07:4e:20:09:a8:ef:98:6a:97:94:
                    7b:75:af:06:c7:9a:76:b0:29:9d:83:67:6c:79:ac:
                    e3:36:cb:f6:64:78:de:37:c0:a2:a2:c4:77:c1:c1:
                    10:d0:d5:74:67:1c:11:56:37:4b:43:22:d9:d4:5b:
                    4e:ad:65:a3:ba:ef:9d:a0:6d:2c:13:2b:76:73:d0:
                    f9:a6:d4:59:d3:f2:6b:66:6b:1b:06:b0:9c:f7:b7:
                    0b:27:40:76:66:de:0b:6a:4d:95:c0:3e:02:f5:55:
                    75:02:da:5d:52:c9:ac:82:d0:cd:3b:45:0a:2b:c3:
                    e0:b2:a7:c0:81:b7:19:dd:69:3b:ce:0e:09:10:6a:
                    2a:b6:c3:ba:0f:51:32:54:b6:8c:f7:36:85:ab:75:
                    73:0c:47:04:be:d4:52:b5:ae:d6:e6:3d:a0:7b:8d:
                    f7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:0B:46:B2:0C:EA:38:AF:B4:86:85:BE:17:CE:D8:C7:95:55:52:0D
            X509v3 Authority Key Identifier:
                keyid:0D:25:CF:D5:26:AA:D7:2A:4C:8F:47:33:FA:CA:0F:4D:B7:F9:F7:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSXP1Saq1ypMj0cz-soPTbf592c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/96282f-5a29-4fdd-adf9-d210838a46e6/1/zQtGsgzqOK-0hoW-F87Yx5VVUg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/96282f-5a29-4fdd-adf9-d210838a46e6/1/DSXP1Saq1ypMj0cz-soPTbf592c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:10ec::/48

    Signature Algorithm: sha256WithRSAEncryption
         c0:1b:26:7f:d0:9a:22:dc:7d:f6:41:ea:6f:99:a1:27:a6:24:
         5e:0d:9f:05:5b:34:8b:48:6e:47:70:3d:7d:be:71:83:f6:f4:
         4a:ba:94:e5:ac:a1:0c:35:e4:dc:42:11:85:2d:77:c2:52:42:
         a8:79:0f:da:ed:e7:48:af:55:cc:67:3d:22:05:a0:e6:40:8c:
         b5:6b:66:6f:7e:9d:ba:9d:e2:d0:52:ef:3d:e1:18:03:a8:4b:
         69:cf:a9:7b:77:1d:4a:42:31:3b:56:93:af:4e:8a:9a:8f:aa:
         4f:70:79:bb:06:5c:0b:5d:9c:65:80:e2:ef:69:50:3f:97:d9:
         e0:75:5e:8b:ce:af:ba:b3:b4:7d:f4:0e:8e:01:57:ab:3f:cf:
         94:7c:62:58:99:07:5e:10:8c:93:aa:4e:20:14:5f:75:60:a8:
         bc:b1:19:be:c4:ea:af:e7:5f:17:99:c0:f7:22:d0:f7:44:23:
         9e:2c:9b:5c:60:d3:12:35:b7:78:91:f5:c7:34:72:41:6a:75:
         c5:ca:a1:1d:95:df:7c:1b:93:13:db:79:d8:d1:9f:81:c0:ef:
         1c:80:4a:a3:c7:8a:06:18:0d:02:d9:1b:c5:1d:22:f2:b7:95:
         c1:59:37:a3:00:65:77:b1:e0:e2:0a:81:9d:31:b8:58:43:2b:
         7a:40:0a:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZjSEn+MIU+HWvTwQgmqg9ZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjVjZmQ1MjZhYWQ3MmE0YzhmNDczM2ZhY2EwZjRkYjdm
OWY3NjcwHhcNMjUwODIyMTM1ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDBiNDZiMjBjZWEzOGFmYjQ4Njg1YmUxN2NlZDhjNzk1NTU1MjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26AQjYyLnqVhBLxrsEaDONc8ppSk
FWPLREOloPYjiwa68vH81niHd+B39pEqN9OZEd92VH5z2X7xWBNDRVjUr7n+Alfp
e0q5NBENpH4nFK+il1RATj4oSQM5aJeAnwdOIAmo75hql5R7da8Gx5p2sCmdg2ds
eazjNsv2ZHjeN8CiosR3wcEQ0NV0ZxwRVjdLQyLZ1FtOrWWjuu+doG0sEyt2c9D5
ptRZ0/JrZmsbBrCc97cLJ0B2Zt4Lak2VwD4C9VV1AtpdUsmsgtDNO0UKK8PgsqfA
gbcZ3Wk7zg4JEGoqtsO6D1EyVLaM9zaFq3VzDEcEvtRSta7W5j2ge433ZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM0LRrIM6jivtIaFvhfO2MeVVVINMB8GA1UdIwQY
MBaAFA0lz9UmqtcqTI9HM/rKD023+fdnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNYUDFTYXExeXBNajBjei1zb1BUYmY1OTJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS85NjI4MmYtNWEyOS00ZmRkLWFkZjkt
ZDIxMDgzOGE0NmU2LzEvelF0R3NnenFPSy0waG9XLUY4N1l4NVZWVWcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS85NjI4MmYtNWEyOS00ZmRkLWFkZjktZDIxMDgzOGE0NmU2
LzEvRFNYUDFTYXExeXBNajBjei1zb1BUYmY1OTJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBDs
MA0GCSqGSIb3DQEBCwUAA4IBAQDAGyZ/0Joi3H32QepvmaEnpiReDZ8FWzSLSG5H
cD19vnGD9vRKupTlrKEMNeTcQhGFLXfCUkKoeQ/a7edIr1XMZz0iBaDmQIy1a2Zv
fp26neLQUu894RgDqEtpz6l7dx1KQjE7VpOvToqaj6pPcHm7BlwLXZxlgOLvaVA/
l9ngdV6Lzq+6s7R99A6OAVerP8+UfGJYmQdeEIyTqk4gFF91YKi8sRm+xOqv518X
mcD3ItD3RCOeLJtcYNMSNbd4kfXHNHJBanXFyqEdld98G5MT23nY0Z+BwO8cgEqj
x4oGGA0C2RvFHSLyt5XBWTejAGV3seDiCoGdMbhYQyt6QApN
-----END CERTIFICATE-----