Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/TZlH8xzCt20zCEyeG6MLCYd2IPQ.roa
File:                     TZlH8xzCt20zCEyeG6MLCYd2IPQ.roa (raw, json)
Hash identifier:          EdbpzRHzj/EHNn1J0iAQt2Be6cT/lRMvLGGcvMYB4Rk=
Subject key identifier:   4D:99:47:F3:1C:C2:B7:6D:33:08:4C:9E:1B:A3:0B:09:87:76:20:F4
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       0198607F8F773F8F0705B598492FA663E912
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/TZlH8xzCt20zCEyeG6MLCYd2IPQ.roa
Signing time:             Thu 31 Jul 2025 12:40:29 +0000
ROA not before:           Thu 31 Jul 2025 12:40:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39107
IP address blocks:        2001:7f8:64::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 20:46:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:60:7f:8f:77:3f:8f:07:05:b5:98:49:2f:a6:63:e9:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jul 31 12:40:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d9947f31cc2b76d33084c9e1ba30b09877620f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:63:e7:75:ab:89:f2:16:26:75:18:01:19:8f:
                    6c:9b:c9:b2:c3:2c:07:8a:3c:48:95:4d:31:94:b1:
                    6d:92:70:16:a9:7d:26:7f:c2:f6:ca:ff:2d:0c:59:
                    e0:47:b6:05:ea:c7:97:94:2b:5c:a4:e3:3d:d1:78:
                    48:29:dd:24:59:bd:8b:db:c6:f5:50:ca:60:1d:64:
                    82:eb:1b:b3:e4:51:e8:42:d3:12:40:ad:1d:a1:9a:
                    3b:48:3e:85:0b:2a:f3:55:87:e2:a6:43:32:77:2e:
                    02:14:63:50:16:d2:ee:49:be:f7:99:9e:4b:9f:a8:
                    df:b0:ca:f2:1c:77:c0:38:e8:0f:a4:b8:32:60:c1:
                    7b:8d:3f:8c:95:93:26:1f:83:b0:e0:64:0c:d5:69:
                    35:eb:3d:04:d4:19:4a:3a:58:a7:e8:81:70:a4:e6:
                    88:55:00:6a:78:a8:5c:50:7d:33:2b:d1:da:c5:a2:
                    bb:32:3d:f3:73:4d:28:a6:78:f7:47:2d:ee:7b:a1:
                    67:4b:26:d9:9f:f7:e8:64:13:a1:a8:84:47:5f:72:
                    2a:e1:c2:59:af:de:4f:7a:27:16:49:ea:12:30:a3:
                    82:98:98:f0:a2:92:4e:32:73:0e:ba:b0:11:7c:d1:
                    01:9f:bb:f1:18:1a:e6:0c:ba:49:6d:59:f5:57:30:
                    42:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:99:47:F3:1C:C2:B7:6D:33:08:4C:9E:1B:A3:0B:09:87:76:20:F4
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/TZlH8xzCt20zCEyeG6MLCYd2IPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:7f8:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ca:36:a5:bc:3b:89:0a:e4:73:96:19:bd:66:e1:68:99:a3:c3:
         4e:14:b2:85:53:e8:41:d7:9a:b2:09:fc:2e:6e:71:d7:7a:f2:
         68:1f:d6:a3:e1:6c:1b:26:88:8f:3b:50:40:33:af:99:d9:88:
         00:c8:2c:24:fb:2a:ef:fa:bf:5d:47:e6:36:4a:c0:59:5b:3b:
         21:d0:80:a9:f1:c5:69:8d:a2:b6:b7:a8:9d:1d:40:5a:6a:5c:
         cd:6c:64:1d:a8:01:6c:eb:ec:61:db:5d:c6:47:9b:6f:f6:a6:
         2b:0a:5e:4b:0d:3d:a5:d1:64:e4:91:e1:f2:0b:2d:74:53:6f:
         4e:58:84:80:20:a5:05:a3:b5:7d:47:b9:41:12:f4:a3:16:38:
         ba:e6:00:d3:88:7f:15:c9:65:94:6b:fc:b0:1f:c8:b1:01:92:
         ad:25:5d:4f:09:67:54:ac:63:58:ea:9f:59:8b:2e:3d:dd:3a:
         b6:be:0f:6e:16:bb:9f:82:88:8b:1a:e4:f0:6f:b6:bd:07:c2:
         c3:c8:8d:60:7b:55:a8:03:bd:39:b0:e2:e4:49:53:6b:11:63:
         26:e6:c4:73:ab:de:da:7b:b7:e0:95:2b:a2:b7:8f:16:c2:62:
         0c:be:82:48:17:7b:d9:d4:8e:bb:29:64:0a:54:c1:a7:b2:07:
         19:ed:1f:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZhgf493P48HBbWYSS+mY+kSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjUwNzMxMTI0MDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDk5NDdmMzFjYzJiNzZkMzMwODRjOWUxYmEzMGIwOTg3NzYyMGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2PndauJ8hYmdRgBGY9sm8mywywH
ijxIlU0xlLFtknAWqX0mf8L2yv8tDFngR7YF6seXlCtcpOM90XhIKd0kWb2L28b1
UMpgHWSC6xuz5FHoQtMSQK0doZo7SD6FCyrzVYfipkMydy4CFGNQFtLuSb73mZ5L
n6jfsMryHHfAOOgPpLgyYMF7jT+MlZMmH4Ow4GQM1Wk16z0E1BlKOlin6IFwpOaI
VQBqeKhcUH0zK9HaxaK7Mj3zc00opnj3Ry3ue6FnSybZn/foZBOhqIRHX3Iq4cJZ
r95PeicWSeoSMKOCmJjwopJOMnMOurARfNEBn7vxGBrmDLpJbVn1VzBCDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE2ZR/McwrdtMwhMnhujCwmHdiD0MB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvVFpsSDh4ekN0MjB6Q0V5ZUc2TUxDWWQySVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEH+ABk
MA0GCSqGSIb3DQEBCwUAA4IBAQDKNqW8O4kK5HOWGb1m4WiZo8NOFLKFU+hB15qy
CfwubnHXevJoH9aj4WwbJoiPO1BAM6+Z2YgAyCwk+yrv+r9dR+Y2SsBZWzsh0ICp
8cVpjaK2t6idHUBaalzNbGQdqAFs6+xh213GR5tv9qYrCl5LDT2l0WTkkeHyCy10
U29OWISAIKUFo7V9R7lBEvSjFji65gDTiH8VyWWUa/ywH8ixAZKtJV1PCWdUrGNY
6p9Ziy493Tq2vg9uFrufgoiLGuTwb7a9B8LDyI1ge1WoA705sOLkSVNrEWMm5sRz
q97ae7fglSuit48WwmIMvoJIF3vZ1I67KWQKVMGnsgcZ7R+W
-----END CERTIFICATE-----