Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/j8okqCAv-bm5TM6KaEHR7C-_b7I.roa
File:                     j8okqCAv-bm5TM6KaEHR7C-_b7I.roa (raw, json)
Hash identifier:          Zbr8YUxVFxjKVegr6g8BaKH6zOh/4KrcP5xs+WRZJuA=
Subject key identifier:   8F:CA:24:A8:20:2F:F9:B9:B9:4C:CE:8A:68:41:D1:EC:2F:BF:6F:B2
Certificate issuer:       /CN=b3398b5b1d9a96e4115b7bcf6fca63fbaf639ca7
Certificate serial:       019B76EB9FFFD8F807E7815B768F574E8C0D
Authority key identifier: B3:39:8B:5B:1D:9A:96:E4:11:5B:7B:CF:6F:CA:63:FB:AF:63:9C:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/szmLWx2aluQRW3vPb8pj-69jnKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/j8okqCAv-bm5TM6KaEHR7C-_b7I.roa
Signing time:             Thu 01 Jan 2026 00:18:31 +0000
ROA not before:           Thu 01 Jan 2026 00:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52192
IP address blocks:        2001:678:f40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/szmLWx2aluQRW3vPb8pj-69jnKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/szmLWx2aluQRW3vPb8pj-69jnKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/szmLWx2aluQRW3vPb8pj-69jnKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 18:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:9f:ff:d8:f8:07:e7:81:5b:76:8f:57:4e:8c:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3398b5b1d9a96e4115b7bcf6fca63fbaf639ca7
        Validity
            Not Before: Jan  1 00:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8fca24a8202ff9b9b94cce8a6841d1ec2fbf6fb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:a4:4a:a7:28:0d:d1:b9:4e:b1:10:ea:e9:9f:
                    82:c7:a6:88:43:8e:27:86:cd:94:ae:18:bc:cc:8e:
                    83:e1:ff:04:0a:1f:b9:4b:cc:ad:28:3c:c0:cb:40:
                    66:cf:39:50:c1:8e:db:6d:76:53:c0:ff:d5:9c:86:
                    35:c7:95:fd:95:be:f8:1e:ce:cd:fb:f3:ce:1c:a2:
                    03:88:e0:85:7e:ca:52:3e:12:d3:a4:39:02:d2:39:
                    8d:67:8d:e2:36:94:5f:94:ab:5f:b6:16:76:0f:13:
                    d8:37:cc:d9:2c:02:ea:0b:94:27:ce:d3:66:75:83:
                    87:fc:64:55:3e:8b:f9:ef:8b:91:01:b4:d4:59:09:
                    40:bc:19:8d:66:b2:b3:ff:ee:3b:bd:70:45:cf:82:
                    32:02:ba:63:ca:bf:2e:e8:91:4a:70:ff:e3:8e:fc:
                    5a:d0:8e:40:93:c1:fe:6d:ed:12:4f:6f:52:ff:00:
                    ed:bd:44:a5:e6:7e:98:c0:e6:a0:94:55:f0:e8:d9:
                    a3:d7:77:8b:3c:3f:e4:82:41:80:11:25:b2:3c:e9:
                    00:78:98:93:f2:09:2f:f1:dd:27:b3:34:df:1e:c2:
                    f4:62:b7:f2:9d:e2:17:e1:98:5c:3c:a7:3b:4c:af:
                    0d:9b:c9:e1:f5:f2:c6:62:52:98:a3:fe:5b:12:13:
                    a4:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:CA:24:A8:20:2F:F9:B9:B9:4C:CE:8A:68:41:D1:EC:2F:BF:6F:B2
            X509v3 Authority Key Identifier:
                keyid:B3:39:8B:5B:1D:9A:96:E4:11:5B:7B:CF:6F:CA:63:FB:AF:63:9C:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/szmLWx2aluQRW3vPb8pj-69jnKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/j8okqCAv-bm5TM6KaEHR7C-_b7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/szmLWx2aluQRW3vPb8pj-69jnKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f40::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:5d:de:e8:83:96:79:ea:ba:23:44:2d:e7:41:16:2b:40:ee:
         22:44:54:d6:f6:16:3f:3a:e0:86:c2:57:4d:cb:79:80:24:c6:
         d9:3f:ca:c7:37:c9:31:7b:14:30:61:68:10:0e:8c:b8:b5:70:
         31:b7:71:2e:8a:33:dd:3d:23:8a:ab:d2:52:69:a0:6b:c1:0e:
         9c:89:1a:9a:cb:96:1c:8e:99:1e:b7:66:6e:25:6f:3f:d6:d7:
         f1:b1:cf:e3:f6:93:a3:86:eb:fb:2a:d2:73:1d:a7:f2:c8:0e:
         20:79:f2:d6:f6:1d:dd:4b:b0:6e:2a:0b:d6:a0:25:05:35:5c:
         4b:02:4b:9b:e2:cc:0c:6b:3d:c8:f0:3f:8a:58:90:45:2c:47:
         43:d3:88:f6:24:a8:1f:fa:f1:e6:2e:0b:31:17:0d:58:54:2e:
         4c:f8:1e:e1:df:8a:79:86:40:0a:15:02:45:9c:0c:69:d7:cc:
         1d:5b:6f:e5:5b:43:00:cb:ce:97:d8:07:3f:b8:7e:a4:ba:ad:
         f7:75:2a:3f:4d:1e:be:e8:2e:c1:17:97:1e:9b:2a:9b:8b:86:
         2a:2b:e1:20:b8:82:62:a1:41:e8:9d:9b:10:9e:4b:be:61:15:
         1e:61:35:b7:b4:3d:d9:b9:91:0d:44:29:34:8d:27:ef:e5:4e:
         4a:be:74:e7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt265//2PgH54Fbdo9XTowNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMzk4YjViMWQ5YTk2ZTQxMTViN2JjZjZmY2E2M2ZiYWY2
MzljYTcwHhcNMjYwMTAxMDAxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmNhMjRhODIwMmZmOWI5Yjk0Y2NlOGE2ODQxZDFlYzJmYmY2ZmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3qRKpygN0blOsRDq6Z+Cx6aIQ44n
hs2Urhi8zI6D4f8ECh+5S8ytKDzAy0BmzzlQwY7bbXZTwP/VnIY1x5X9lb74Hs7N
+/POHKIDiOCFfspSPhLTpDkC0jmNZ43iNpRflKtfthZ2DxPYN8zZLALqC5QnztNm
dYOH/GRVPov574uRAbTUWQlAvBmNZrKz/+47vXBFz4IyArpjyr8u6JFKcP/jjvxa
0I5Ak8H+be0ST29S/wDtvUSl5n6YwOaglFXw6Nmj13eLPD/kgkGAESWyPOkAeJiT
8gkv8d0nszTfHsL0YrfyneIX4ZhcPKc7TK8Nm8nh9fLGYlKYo/5bEhOkQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI/KJKggL/m5uUzOimhB0ewvv2+yMB8GA1UdIwQY
MBaAFLM5i1sdmpbkEVt7z2/KY/uvY5ynMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3ptTFd4MmFsdVFSVzN2UGI4cGotNjlqbktjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80NDQ0MzctNjg0My00YWQ0LWI3NjQt
NzljYzUyYzA2ZDRmLzEvajhva3FDQXYtYm01VE02S2FFSFI3Qy1fYjdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80NDQ0MzctNjg0My00YWQ0LWI3NjQtNzljYzUyYzA2ZDRm
LzEvc3ptTFd4MmFsdVFSVzN2UGI4cGotNjlqbktjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA9A
MA0GCSqGSIb3DQEBCwUAA4IBAQADXd7og5Z56rojRC3nQRYrQO4iRFTW9hY/OuCG
wldNy3mAJMbZP8rHN8kxexQwYWgQDoy4tXAxt3EuijPdPSOKq9JSaaBrwQ6ciRqa
y5Ycjpket2ZuJW8/1tfxsc/j9pOjhuv7KtJzHafyyA4gefLW9h3dS7BuKgvWoCUF
NVxLAkub4swMaz3I8D+KWJBFLEdD04j2JKgf+vHmLgsxFw1YVC5M+B7h34p5hkAK
FQJFnAxp18wdW2/lW0MAy86X2Ac/uH6kuq33dSo/TR6+6C7BF5cemyqbi4YqK+Eg
uIJioUHonZsQnku+YRUeYTW3tD3ZuZENRCk0jSfv5U5KvnTn
-----END CERTIFICATE-----