Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/ee3b84-27d7-4dc7-8f3d-699b234fc78c/1/rNfq-FdDmBkThN1vTMRNxR08DZE.roa
File:                     rNfq-FdDmBkThN1vTMRNxR08DZE.roa (raw, json)
Hash identifier:          W7X3TtRWNC36QWPCWtaayZ46NgLlqWMrgmB/Yk/phsc=
Subject key identifier:   AC:D7:EA:F8:57:43:98:19:13:84:DD:6F:4C:C4:4D:C5:1D:3C:0D:91
Certificate issuer:       /CN=f64ad45d22b5f3cf2e71ce0ac01074b7cd21ac57
Certificate serial:       01991421814AA0F4609106B4154143914BD5
Authority key identifier: F6:4A:D4:5D:22:B5:F3:CF:2E:71:CE:0A:C0:10:74:B7:CD:21:AC:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9krUXSK1888ucc4KwBB0t80hrFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/ee3b84-27d7-4dc7-8f3d-699b234fc78c/1/rNfq-FdDmBkThN1vTMRNxR08DZE.roa
Signing time:             Thu 04 Sep 2025 09:49:24 +0000
ROA not before:           Thu 04 Sep 2025 09:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42063
IP address blocks:        2001:67c:2fdc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/ee3b84-27d7-4dc7-8f3d-699b234fc78c/1/9krUXSK1888ucc4KwBB0t80hrFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/ee3b84-27d7-4dc7-8f3d-699b234fc78c/1/9krUXSK1888ucc4KwBB0t80hrFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9krUXSK1888ucc4KwBB0t80hrFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:14:21:81:4a:a0:f4:60:91:06:b4:15:41:43:91:4b:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f64ad45d22b5f3cf2e71ce0ac01074b7cd21ac57
        Validity
            Not Before: Sep  4 09:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acd7eaf8574398191384dd6f4cc44dc51d3c0d91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:5e:6b:8f:8a:35:79:b6:d9:f7:a7:57:2f:a6:
                    8c:2d:77:96:47:54:d7:87:42:b7:72:79:6d:ab:1b:
                    f2:64:5b:8f:39:a6:69:b8:1e:0f:5d:12:c9:c1:5d:
                    0c:a5:43:ea:c8:e4:c3:f7:e8:97:1d:6c:7c:e9:fd:
                    3b:25:e8:f1:16:f2:d2:80:f6:97:9a:4e:0e:9a:3b:
                    b9:b8:5e:26:6b:fb:dd:2d:0f:4b:d2:9f:16:a1:8a:
                    7c:d0:42:33:35:31:b2:15:7d:66:76:92:25:ca:77:
                    f8:61:41:10:c4:63:c4:97:30:e1:29:1d:3b:81:50:
                    37:5a:ce:d5:72:49:e2:f2:b8:66:aa:ea:b3:31:5f:
                    74:36:60:b9:34:45:6b:f5:71:f7:03:85:3c:28:02:
                    9c:67:31:51:0e:95:bb:ae:d9:24:39:92:f3:ae:f9:
                    22:42:03:db:ca:9c:a0:e2:04:d9:5e:e0:11:d8:1e:
                    e0:29:72:2c:c5:24:b6:de:91:1f:d1:e5:5e:56:95:
                    91:15:8b:62:a4:ac:78:27:b4:71:da:b8:90:62:dc:
                    9c:8a:65:12:c7:49:18:b3:e9:ca:18:8b:c1:15:d1:
                    86:a8:9b:58:74:5c:71:de:5d:5d:2f:c6:52:ec:48:
                    77:e6:50:f4:4a:70:3c:f7:c6:92:00:a2:25:95:36:
                    b0:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:D7:EA:F8:57:43:98:19:13:84:DD:6F:4C:C4:4D:C5:1D:3C:0D:91
            X509v3 Authority Key Identifier:
                keyid:F6:4A:D4:5D:22:B5:F3:CF:2E:71:CE:0A:C0:10:74:B7:CD:21:AC:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9krUXSK1888ucc4KwBB0t80hrFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/ee3b84-27d7-4dc7-8f3d-699b234fc78c/1/rNfq-FdDmBkThN1vTMRNxR08DZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/ee3b84-27d7-4dc7-8f3d-699b234fc78c/1/9krUXSK1888ucc4KwBB0t80hrFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2fdc::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:cd:f1:c2:c2:9f:f5:5e:79:ce:e8:cc:2c:68:0a:f1:f6:c0:
         2a:c0:7f:3d:5d:9a:31:fe:f9:d5:97:93:66:01:ca:80:07:32:
         77:2e:01:2c:6b:83:df:14:3b:0e:be:f6:55:bf:62:1d:ff:22:
         fd:34:7a:ac:9b:1c:eb:99:68:ae:5c:96:58:87:28:b2:2b:2c:
         4f:81:96:1a:a0:38:23:16:8c:11:ce:03:bd:20:8d:64:45:b7:
         73:9d:10:b1:6b:bd:a7:78:26:f3:08:a2:df:83:b4:00:aa:f3:
         a7:8e:ca:4d:1f:f1:fa:2d:98:76:3f:11:db:e1:d2:5f:f7:37:
         74:92:7b:09:24:e3:07:5e:2a:db:9f:3b:51:d4:a7:a5:05:b0:
         0b:53:64:ed:03:f9:68:0b:5d:66:6e:0f:1f:5b:a8:44:63:6b:
         d0:e6:b9:7a:bc:19:56:bd:cd:a0:f8:ac:9c:f6:4a:a1:86:a6:
         a9:aa:5e:28:54:1e:6a:5d:24:a9:53:0b:58:86:ff:67:57:5c:
         52:86:da:db:15:b9:7a:d9:f1:43:c0:d0:e3:ba:88:b6:72:1a:
         fd:3d:a7:05:61:55:2b:58:b7:45:64:8d:55:79:9c:71:0c:47:
         a4:4d:11:24:ec:6e:da:3e:45:7c:3e:f0:14:20:dc:52:a5:85:
         87:06:45:dd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZkUIYFKoPRgkQa0FUFDkUvVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2NGFkNDVkMjJiNWYzY2YyZTcxY2UwYWMwMTA3NGI3Y2Qy
MWFjNTcwHhcNMjUwOTA0MDk0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2Q3ZWFmODU3NDM5ODE5MTM4NGRkNmY0Y2M0NGRjNTFkM2MwZDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxF5rj4o1ebbZ96dXL6aMLXeWR1TX
h0K3cnltqxvyZFuPOaZpuB4PXRLJwV0MpUPqyOTD9+iXHWx86f07JejxFvLSgPaX
mk4Omju5uF4ma/vdLQ9L0p8WoYp80EIzNTGyFX1mdpIlynf4YUEQxGPElzDhKR07
gVA3Ws7Vckni8rhmquqzMV90NmC5NEVr9XH3A4U8KAKcZzFRDpW7rtkkOZLzrvki
QgPbypyg4gTZXuAR2B7gKXIsxSS23pEf0eVeVpWRFYtipKx4J7Rx2riQYtycimUS
x0kYs+nKGIvBFdGGqJtYdFxx3l1dL8ZS7Eh35lD0SnA898aSAKIllTawAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKzX6vhXQ5gZE4Tdb0zETcUdPA2RMB8GA1UdIwQY
MBaAFPZK1F0itfPPLnHOCsAQdLfNIaxXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWtyVVhTSzE4ODh1Y2M0S3dCQjB0ODBockZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9lZTNiODQtMjdkNy00ZGM3LThmM2Qt
Njk5YjIzNGZjNzhjLzEvck5mcS1GZERtQmtUaE4xdlRNUk54UjA4RFpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9lZTNiODQtMjdkNy00ZGM3LThmM2QtNjk5YjIzNGZjNzhj
LzEvOWtyVVhTSzE4ODh1Y2M0S3dCQjB0ODBockZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC/c
MA0GCSqGSIb3DQEBCwUAA4IBAQAqzfHCwp/1XnnO6MwsaArx9sAqwH89XZox/vnV
l5NmAcqABzJ3LgEsa4PfFDsOvvZVv2Id/yL9NHqsmxzrmWiuXJZYhyiyKyxPgZYa
oDgjFowRzgO9II1kRbdznRCxa72neCbzCKLfg7QAqvOnjspNH/H6LZh2PxHb4dJf
9zd0knsJJOMHXirbnztR1KelBbALU2TtA/loC11mbg8fW6hEY2vQ5rl6vBlWvc2g
+Kyc9kqhhqapql4oVB5qXSSpUwtYhv9nV1xShtrbFbl62fFDwNDjuoi2chr9PacF
YVUrWLdFZI1VeZxxDEekTREk7G7aPkV8PvAUINxSpYWHBkXd
-----END CERTIFICATE-----