Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/gQgIF6hIvUfhurtQ198iONedcik.roa
File:                     gQgIF6hIvUfhurtQ198iONedcik.roa (raw, json)
Hash identifier:          mEQuGKFly8SftvXJQdCvoLlNzQ9krMcgDUnKbr3nnLo=
Subject key identifier:   81:08:08:17:A8:48:BD:47:E1:BA:BB:50:D7:DF:22:38:D7:9D:72:29
Certificate issuer:       /CN=bd60edf96266b7c0d43836c854ab472cb74db034
Certificate serial:       01985078B8CC4020B7C7A3139A2D7EDA902C
Authority key identifier: BD:60:ED:F9:62:66:B7:C0:D4:38:36:C8:54:AB:47:2C:B7:4D:B0:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vWDt-WJmt8DUODbIVKtHLLdNsDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/gQgIF6hIvUfhurtQ198iONedcik.roa
Signing time:             Mon 28 Jul 2025 09:59:05 +0000
ROA not before:           Mon 28 Jul 2025 09:59:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50375
IP address blocks:        2a01:d0:3a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/vWDt-WJmt8DUODbIVKtHLLdNsDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/vWDt-WJmt8DUODbIVKtHLLdNsDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vWDt-WJmt8DUODbIVKtHLLdNsDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 16:13:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:50:78:b8:cc:40:20:b7:c7:a3:13:9a:2d:7e:da:90:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd60edf96266b7c0d43836c854ab472cb74db034
        Validity
            Not Before: Jul 28 09:59:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81080817a848bd47e1babb50d7df2238d79d7229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:2f:c0:00:52:35:71:ff:c0:33:23:69:9d:4e:
                    72:35:b3:2d:1e:7f:40:0f:32:de:89:ec:79:8d:93:
                    bf:60:bb:15:9c:65:80:49:ac:f6:41:47:a1:9b:84:
                    23:0f:13:6b:a8:78:b5:e2:01:66:12:03:2f:aa:1c:
                    44:88:94:f9:1e:6a:f9:d4:e3:ec:29:b4:25:77:e4:
                    fb:4f:76:a9:da:c3:21:e4:55:c4:00:83:4d:4c:a8:
                    06:d5:f6:23:5b:e2:c7:b0:b8:10:86:3f:94:12:cf:
                    93:9b:5b:cf:48:52:2b:cc:91:65:5a:da:78:49:7d:
                    15:ce:44:54:55:c9:41:5a:c2:87:4f:0b:36:c3:cf:
                    46:12:c0:74:8c:91:2e:2f:2a:db:f8:77:26:ea:de:
                    28:09:5b:1a:4d:ff:5f:7c:12:72:09:19:8e:2e:a2:
                    a0:f8:04:f6:ff:f4:89:a2:75:f7:02:0b:20:d8:41:
                    b7:71:7c:6f:c3:de:3f:33:e4:75:4d:d5:77:f7:a0:
                    eb:ef:63:b6:41:02:06:de:2a:ae:d6:6c:1b:b5:62:
                    94:84:31:3d:a0:b0:8d:ec:d7:b4:f0:70:32:76:9a:
                    a4:de:00:2f:44:ef:d5:59:3a:16:a2:40:36:32:cc:
                    0a:c6:60:bc:0e:5e:01:c4:bf:54:21:be:f0:c2:a5:
                    77:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:08:08:17:A8:48:BD:47:E1:BA:BB:50:D7:DF:22:38:D7:9D:72:29
            X509v3 Authority Key Identifier:
                keyid:BD:60:ED:F9:62:66:B7:C0:D4:38:36:C8:54:AB:47:2C:B7:4D:B0:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vWDt-WJmt8DUODbIVKtHLLdNsDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/gQgIF6hIvUfhurtQ198iONedcik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/vWDt-WJmt8DUODbIVKtHLLdNsDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:d0:3a::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:5b:2b:1d:75:4d:75:f0:4d:9b:a7:bc:4a:de:7b:b6:bc:4c:
         72:4c:9a:f9:45:aa:aa:2f:c9:31:25:6a:57:4c:2b:74:69:38:
         64:30:65:7e:da:9a:9d:55:6a:a7:ee:79:7f:0d:bf:0c:2b:8b:
         4d:c1:aa:1b:09:51:de:92:60:7d:66:9b:b8:cf:8a:cb:83:98:
         72:8f:d1:b1:4f:7f:67:62:37:54:96:e0:25:71:1a:92:c2:31:
         6d:4b:9c:98:cb:23:b7:2d:28:32:7b:12:3d:96:48:c2:b7:5a:
         52:65:2d:cc:20:c2:35:fa:1f:fc:bc:7b:d8:de:58:4d:58:39:
         4b:d1:90:00:ec:f8:d1:4a:19:3d:58:9c:59:bf:b1:04:89:d9:
         61:d7:95:69:89:c6:de:f1:3d:f1:7d:15:22:50:74:cc:81:bf:
         10:11:69:33:66:4b:87:ff:e6:db:12:a4:60:7e:2b:62:de:72:
         ff:ed:31:82:f5:58:88:01:c4:35:3a:d7:f8:88:36:3b:ee:5d:
         ae:7f:dc:cc:1d:09:db:ba:bc:26:9f:33:4e:87:a8:dd:a0:58:
         6d:55:c7:a5:31:8e:71:54:c4:3b:2d:1e:a4:50:eb:93:4a:cb:
         d8:b7:f6:ea:6f:96:d3:9e:0d:4c:2b:5b:2c:b4:55:85:f6:ee:
         fa:15:17:e7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZhQeLjMQCC3x6MTmi1+2pAsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNjBlZGY5NjI2NmI3YzBkNDM4MzZjODU0YWI0NzJjYjc0
ZGIwMzQwHhcNMjUwNzI4MDk1OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTA4MDgxN2E4NDhiZDQ3ZTFiYWJiNTBkN2RmMjIzOGQ3OWQ3MjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6C/AAFI1cf/AMyNpnU5yNbMtHn9A
DzLeiex5jZO/YLsVnGWASaz2QUehm4QjDxNrqHi14gFmEgMvqhxEiJT5Hmr51OPs
KbQld+T7T3ap2sMh5FXEAINNTKgG1fYjW+LHsLgQhj+UEs+Tm1vPSFIrzJFlWtp4
SX0VzkRUVclBWsKHTws2w89GEsB0jJEuLyrb+Hcm6t4oCVsaTf9ffBJyCRmOLqKg
+AT2//SJonX3Agsg2EG3cXxvw94/M+R1TdV396Dr72O2QQIG3iqu1mwbtWKUhDE9
oLCN7Ne08HAydpqk3gAvRO/VWToWokA2MswKxmC8Dl4BxL9UIb7wwqV3tQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIEICBeoSL1H4bq7UNffIjjXnXIpMB8GA1UdIwQY
MBaAFL1g7fliZrfA1Dg2yFSrRyy3TbA0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdldEdC1XSm10OERVT0RiSVZLdEhMTGROc0RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9iNWQ1YmItMjNjNi00YjNkLTk0Yzgt
NDJiYmYxYTZhNjViLzEvZ1FnSUY2aEl2VWZodXJ0UTE5OGlPTmVkY2lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9iNWQ1YmItMjNjNi00YjNkLTk0YzgtNDJiYmYxYTZhNjVi
LzEvdldEdC1XSm10OERVT0RiSVZLdEhMTGROc0RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEA0AA6
MA0GCSqGSIb3DQEBCwUAA4IBAQBFWysddU118E2bp7xK3nu2vExyTJr5RaqqL8kx
JWpXTCt0aThkMGV+2pqdVWqn7nl/Db8MK4tNwaobCVHekmB9Zpu4z4rLg5hyj9Gx
T39nYjdUluAlcRqSwjFtS5yYyyO3LSgyexI9lkjCt1pSZS3MIMI1+h/8vHvY3lhN
WDlL0ZAA7PjRShk9WJxZv7EEidlh15Vpicbe8T3xfRUiUHTMgb8QEWkzZkuH/+bb
EqRgfiti3nL/7TGC9ViIAcQ1Otf4iDY77l2uf9zMHQnburwmnzNOh6jdoFhtVcel
MY5xVMQ7LR6kUOuTSsvYt/bqb5bTng1MK1sstFWF9u76FRfn
-----END CERTIFICATE-----