Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/fa8f78-76e5-48a9-abb0-60ae76646dd4/1/jC-Q6ZUmfg331ebhgya9xds7Pis.roa
File:                     jC-Q6ZUmfg331ebhgya9xds7Pis.roa (raw, json)
Hash identifier:          kNQyj294qYsc9TLOzDaCHE1k96M030WeGgkAk10rnao=
Subject key identifier:   8C:2F:90:E9:95:26:7E:0D:F7:D5:E6:E1:83:26:BD:C5:DB:3B:3E:2B
Certificate issuer:       /CN=1dab365ecc350458ada2b0949ee67ef9d8c6f4dc
Certificate serial:       019A2B04C0BEBDCB17DB5EEDB4DC7016BC46
Authority key identifier: 1D:AB:36:5E:CC:35:04:58:AD:A2:B0:94:9E:E6:7E:F9:D8:C6:F4:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Has2Xsw1BFitorCUnuZ--djG9Nw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/fa8f78-76e5-48a9-abb0-60ae76646dd4/1/jC-Q6ZUmfg331ebhgya9xds7Pis.roa
Signing time:             Tue 28 Oct 2025 13:32:03 +0000
ROA not before:           Tue 28 Oct 2025 13:32:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34927
IP address blocks:        2001:678:1110::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/fa8f78-76e5-48a9-abb0-60ae76646dd4/1/Has2Xsw1BFitorCUnuZ--djG9Nw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/fa8f78-76e5-48a9-abb0-60ae76646dd4/1/Has2Xsw1BFitorCUnuZ--djG9Nw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Has2Xsw1BFitorCUnuZ--djG9Nw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2b:04:c0:be:bd:cb:17:db:5e:ed:b4:dc:70:16:bc:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1dab365ecc350458ada2b0949ee67ef9d8c6f4dc
        Validity
            Not Before: Oct 28 13:32:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c2f90e995267e0df7d5e6e18326bdc5db3b3e2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f1:9c:0f:65:bb:95:0f:24:9e:b1:32:50:72:
                    c5:70:0a:f7:ba:23:af:f9:dd:6a:07:2d:6e:cd:80:
                    89:bf:ea:5f:a2:06:4a:72:71:08:ea:a6:e7:1d:11:
                    19:70:75:ff:28:27:39:5d:75:db:9e:ce:da:64:ca:
                    a9:fe:79:cd:5a:9b:5f:19:f2:c4:63:d0:f2:dd:59:
                    bc:35:e7:00:e8:7c:9d:72:c8:de:5c:e3:b0:3e:77:
                    3d:fd:94:b6:59:b0:6d:eb:12:07:5b:59:e2:0e:5e:
                    06:6e:4c:74:a4:fe:e5:e7:c1:23:cf:bb:2c:f8:9e:
                    62:fa:e0:d9:01:4c:dd:c5:bc:25:82:63:2f:fc:17:
                    29:83:36:fb:09:4a:4f:79:91:56:15:f0:e5:29:f3:
                    df:0e:30:48:ce:0f:ee:fe:45:f4:a6:05:ba:fb:cb:
                    62:6c:5f:cc:23:1b:86:96:84:5d:8b:b1:46:50:2d:
                    ea:3c:03:62:1b:98:7c:7a:7e:9b:de:e9:dc:0b:37:
                    0b:df:43:ec:be:f2:33:0a:98:88:83:26:60:5f:de:
                    a2:6a:8a:db:e9:d0:d8:f9:83:49:0c:aa:4d:c5:de:
                    06:87:07:4c:2a:b5:0e:9c:0a:cc:68:cc:96:36:bb:
                    eb:74:49:cb:6f:7a:8c:51:04:bd:9b:ba:d0:20:ee:
                    24:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:2F:90:E9:95:26:7E:0D:F7:D5:E6:E1:83:26:BD:C5:DB:3B:3E:2B
            X509v3 Authority Key Identifier:
                keyid:1D:AB:36:5E:CC:35:04:58:AD:A2:B0:94:9E:E6:7E:F9:D8:C6:F4:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Has2Xsw1BFitorCUnuZ--djG9Nw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/fa8f78-76e5-48a9-abb0-60ae76646dd4/1/jC-Q6ZUmfg331ebhgya9xds7Pis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/fa8f78-76e5-48a9-abb0-60ae76646dd4/1/Has2Xsw1BFitorCUnuZ--djG9Nw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1110::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:d7:7c:26:be:c3:e5:cc:cb:5f:b7:9b:18:8e:33:7a:db:4e:
         a2:00:40:8b:0e:66:52:9e:3d:8c:9d:a7:bf:d3:64:26:93:a9:
         f0:fd:a1:db:85:71:99:fe:5f:b6:d2:aa:03:9a:49:27:2e:35:
         f9:18:eb:bf:f4:76:68:a0:71:01:f8:bf:e5:20:3c:0e:33:db:
         2b:20:cf:e8:9a:ce:e7:21:34:c4:e3:90:21:64:1e:47:4f:7d:
         96:39:d4:24:44:ea:c5:b2:cf:17:37:ba:04:12:b0:08:8e:4d:
         d5:7d:34:31:85:ad:88:b7:3a:5e:81:85:e2:53:2f:74:c7:5e:
         92:6b:2b:d8:ce:af:0f:cc:7b:9f:b3:74:0a:7b:d4:b2:f0:86:
         5f:25:56:d9:a8:4f:21:ae:7c:6b:51:c4:ff:0f:cf:f2:98:9a:
         2c:89:2c:c4:7b:b3:fd:94:51:c4:61:ea:b5:df:3c:e8:bb:f4:
         02:4b:3e:f8:95:a7:d1:20:29:bb:8b:5a:3e:5b:3b:64:d3:53:
         71:60:bd:b5:7b:15:a3:ba:d4:b4:23:b8:fb:65:51:8c:50:e6:
         0a:72:d4:52:80:5e:8e:eb:7b:e4:dc:a7:64:6f:3d:08:66:34:
         84:67:2f:62:3d:f6:81:2b:ad:90:f2:3b:8e:f8:bc:95:e6:c0:
         4b:4c:25:7c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZorBMC+vcsX217ttNxwFrxGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYWIzNjVlY2MzNTA0NThhZGEyYjA5NDllZTY3ZWY5ZDhj
NmY0ZGMwHhcNMjUxMDI4MTMzMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzJmOTBlOTk1MjY3ZTBkZjdkNWU2ZTE4MzI2YmRjNWRiM2IzZTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/GcD2W7lQ8knrEyUHLFcAr3uiOv
+d1qBy1uzYCJv+pfogZKcnEI6qbnHREZcHX/KCc5XXXbns7aZMqp/nnNWptfGfLE
Y9Dy3Vm8NecA6HydcsjeXOOwPnc9/ZS2WbBt6xIHW1niDl4Gbkx0pP7l58Ejz7ss
+J5i+uDZAUzdxbwlgmMv/Bcpgzb7CUpPeZFWFfDlKfPfDjBIzg/u/kX0pgW6+8ti
bF/MIxuGloRdi7FGUC3qPANiG5h8en6b3uncCzcL30PsvvIzCpiIgyZgX96iaorb
6dDY+YNJDKpNxd4GhwdMKrUOnArMaMyWNrvrdEnLb3qMUQS9m7rQIO4kfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIwvkOmVJn4N99Xm4YMmvcXbOz4rMB8GA1UdIwQY
MBaAFB2rNl7MNQRYraKwlJ7mfvnYxvTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGFzMlhzdzFCRml0b3JDVW51Wi0tZGpHOU53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9mYThmNzgtNzZlNS00OGE5LWFiYjAt
NjBhZTc2NjQ2ZGQ0LzEvakMtUTZaVW1mZzMzMWViaGd5YTl4ZHM3UGlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9mYThmNzgtNzZlNS00OGE5LWFiYjAtNjBhZTc2NjQ2ZGQ0
LzEvSGFzMlhzdzFCRml0b3JDVW51Wi0tZGpHOU53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBW13wmvsPlzMtft5sYjjN6206iAECLDmZSnj2M
nae/02Qmk6nw/aHbhXGZ/l+20qoDmkknLjX5GOu/9HZooHEB+L/lIDwOM9srIM/o
ms7nITTE45AhZB5HT32WOdQkROrFss8XN7oEErAIjk3VfTQxha2ItzpegYXiUy90
x16SayvYzq8PzHufs3QKe9Sy8IZfJVbZqE8hrnxrUcT/D8/ymJosiSzEe7P9lFHE
Yeq13zzou/QCSz74lafRICm7i1o+Wztk01NxYL21exWjutS0I7j7ZVGMUOYKctRS
gF6O63vk3Kdkbz0IZjSEZy9iPfaBK62Q8juO+LyV5sBLTCV8
-----END CERTIFICATE-----