Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/7619ec-5438-4552-abab-480df8f41e44/1/ef5i4gFsUjQtA9jIFWXZmLBsI5w.roa
File:                     ef5i4gFsUjQtA9jIFWXZmLBsI5w.roa (raw, json)
Hash identifier:          nHPFZXhPCy6Yr/I1NdWh8sLmeUGTngr7MiMVHJxQNuE=
Subject key identifier:   79:FE:62:E2:01:6C:52:34:2D:03:D8:C8:15:65:D9:98:B0:6C:23:9C
Certificate issuer:       /CN=6187169e030e3725d6eb478a327e6bdf36be8d2f
Certificate serial:       019862A135DE42C1B8B81A31D5C9B70469BB
Authority key identifier: 61:87:16:9E:03:0E:37:25:D6:EB:47:8A:32:7E:6B:DF:36:BE:8D:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYcWngMONyXW60eKMn5r3za-jS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/7619ec-5438-4552-abab-480df8f41e44/1/ef5i4gFsUjQtA9jIFWXZmLBsI5w.roa
Signing time:             Thu 31 Jul 2025 22:36:28 +0000
ROA not before:           Thu 31 Jul 2025 22:36:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207911
IP address blocks:        2001:678:10d8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/7619ec-5438-4552-abab-480df8f41e44/1/YYcWngMONyXW60eKMn5r3za-jS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/7619ec-5438-4552-abab-480df8f41e44/1/YYcWngMONyXW60eKMn5r3za-jS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYcWngMONyXW60eKMn5r3za-jS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 16:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:62:a1:35:de:42:c1:b8:b8:1a:31:d5:c9:b7:04:69:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6187169e030e3725d6eb478a327e6bdf36be8d2f
        Validity
            Not Before: Jul 31 22:36:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79fe62e2016c52342d03d8c81565d998b06c239c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:1a:87:f9:78:9e:5d:3b:72:c3:8f:d8:3a:9d:
                    3c:76:4d:39:df:a0:76:8e:34:78:bc:64:ef:53:66:
                    72:5d:b4:9e:2c:1c:ea:94:17:25:8e:7a:e4:90:f2:
                    92:b2:8f:bd:31:b6:86:86:f9:be:82:6f:d3:9a:28:
                    94:d3:1f:e1:3c:fe:9d:07:84:d6:c2:59:63:ed:30:
                    a0:d3:c1:4a:92:eb:88:70:10:db:2d:87:c7:e9:df:
                    12:38:17:12:df:27:6b:f3:0f:ad:a8:8c:13:18:0c:
                    e8:fe:af:e1:a1:c7:5b:a2:fc:e9:94:6e:54:b8:68:
                    b3:42:2e:3b:cc:ad:37:bd:39:91:ba:51:47:59:22:
                    1c:55:a0:4d:64:85:47:03:4b:e9:94:da:9e:92:b6:
                    cb:81:72:dc:7e:f0:de:71:58:3c:61:16:71:ef:eb:
                    d7:f8:8a:65:34:40:a2:58:88:59:8f:f0:e8:17:8c:
                    aa:1e:04:93:ab:49:2c:5d:61:42:16:2c:aa:0a:91:
                    86:2c:c4:79:00:a3:6e:66:89:7e:44:f6:46:01:28:
                    c9:47:60:39:2c:c6:da:cf:be:a0:b1:85:96:9e:1c:
                    ba:6e:3e:cd:ba:e0:8c:91:0a:43:7a:45:d7:d1:05:
                    0b:f5:f2:ca:de:12:61:61:9d:63:fc:10:4b:11:cd:
                    16:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:FE:62:E2:01:6C:52:34:2D:03:D8:C8:15:65:D9:98:B0:6C:23:9C
            X509v3 Authority Key Identifier:
                keyid:61:87:16:9E:03:0E:37:25:D6:EB:47:8A:32:7E:6B:DF:36:BE:8D:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYcWngMONyXW60eKMn5r3za-jS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/7619ec-5438-4552-abab-480df8f41e44/1/ef5i4gFsUjQtA9jIFWXZmLBsI5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/7619ec-5438-4552-abab-480df8f41e44/1/YYcWngMONyXW60eKMn5r3za-jS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:10d8::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:f4:45:49:6f:f4:bf:2a:13:e4:b8:70:00:bd:05:8b:0d:4a:
         bd:a6:63:1e:f5:73:f1:39:fd:10:6f:20:a7:c8:01:fd:99:8d:
         9f:97:4d:e0:85:c4:22:85:9e:94:0a:35:77:4d:6b:0d:45:5f:
         d7:c6:ac:32:b2:eb:48:f2:2f:72:9f:99:23:52:a0:be:e1:2d:
         3b:f3:f2:24:64:63:4e:e6:d8:fa:ac:99:2f:37:af:60:dc:83:
         88:8e:51:a1:9b:bf:e9:7f:e3:b7:e0:37:c3:18:86:6f:6d:e7:
         c4:ce:9e:06:71:06:35:97:9d:21:f4:f7:2d:b4:7a:98:bb:bb:
         b9:c3:db:a6:2c:0c:cf:5f:c0:9b:9d:1a:8d:ed:4c:75:11:6a:
         f0:9f:04:00:51:14:27:a7:e6:3a:17:cf:5f:cd:53:50:80:f4:
         54:32:15:8a:d2:da:7f:73:d0:83:ff:b1:10:d3:83:24:3b:97:
         69:c1:98:c6:9f:cc:88:15:ec:8e:85:0b:18:c5:c2:09:7e:d8:
         fc:96:a3:1f:c7:60:0c:be:0e:f6:83:5c:6d:92:ee:e4:a7:9d:
         4d:22:d8:db:15:12:97:9c:23:8b:11:f8:67:57:1d:77:19:80:
         29:f2:40:a5:26:c9:b3:d9:01:e8:63:63:43:0f:cc:db:d8:8c:
         8b:6b:a9:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZhioTXeQsG4uBox1cm3BGm7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODcxNjllMDMwZTM3MjVkNmViNDc4YTMyN2U2YmRmMzZi
ZThkMmYwHhcNMjUwNzMxMjIzNjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWZlNjJlMjAxNmM1MjM0MmQwM2Q4YzgxNTY1ZDk5OGIwNmMyMzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RqH+XieXTtyw4/YOp08dk0536B2
jjR4vGTvU2ZyXbSeLBzqlBcljnrkkPKSso+9MbaGhvm+gm/TmiiU0x/hPP6dB4TW
wllj7TCg08FKkuuIcBDbLYfH6d8SOBcS3ydr8w+tqIwTGAzo/q/hocdbovzplG5U
uGizQi47zK03vTmRulFHWSIcVaBNZIVHA0vplNqekrbLgXLcfvDecVg8YRZx7+vX
+IplNECiWIhZj/DoF4yqHgSTq0ksXWFCFiyqCpGGLMR5AKNuZol+RPZGASjJR2A5
LMbaz76gsYWWnhy6bj7NuuCMkQpDekXX0QUL9fLK3hJhYZ1j/BBLEc0WPQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHn+YuIBbFI0LQPYyBVl2ZiwbCOcMB8GA1UdIwQY
MBaAFGGHFp4DDjcl1utHijJ+a982vo0vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVljV25nTU9OeVhXNjBlS01uNXIzemEtalM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS83NjE5ZWMtNTQzOC00NTUyLWFiYWIt
NDgwZGY4ZjQxZTQ0LzEvZWY1aTRnRnNValF0QTlqSUZXWFptTEJzSTV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS83NjE5ZWMtNTQzOC00NTUyLWFiYWItNDgwZGY4ZjQxZTQ0
LzEvWVljV25nTU9OeVhXNjBlS01uNXIzemEtalM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBDY
MA0GCSqGSIb3DQEBCwUAA4IBAQAh9EVJb/S/KhPkuHAAvQWLDUq9pmMe9XPxOf0Q
byCnyAH9mY2fl03ghcQihZ6UCjV3TWsNRV/XxqwysutI8i9yn5kjUqC+4S078/Ik
ZGNO5tj6rJkvN69g3IOIjlGhm7/pf+O34DfDGIZvbefEzp4GcQY1l50h9PcttHqY
u7u5w9umLAzPX8CbnRqN7Ux1EWrwnwQAURQnp+Y6F89fzVNQgPRUMhWK0tp/c9CD
/7EQ04MkO5dpwZjGn8yIFeyOhQsYxcIJftj8lqMfx2AMvg72g1xtku7kp51NItjb
FRKXnCOLEfhnVx13GYAp8kClJsmz2QHoY2NDD8zb2IyLa6m3
-----END CERTIFICATE-----