Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/2c054e-cef0-4af6-980e-8babac8a465a/1/R0X5CGrlz-qNmdyzKn23WLaBWOU.roa
File:                     R0X5CGrlz-qNmdyzKn23WLaBWOU.roa (raw, json)
Hash identifier:          MjFGDxvVFvoovmBL50Thb1o1GoniTb6rSndKoBikSDk=
Subject key identifier:   47:45:F9:08:6A:E5:CF:EA:8D:99:DC:B3:2A:7D:B7:58:B6:81:58:E5
Certificate issuer:       /CN=2ce9553a9b2c7bca12b681bc0a6305e33fb640c8
Certificate serial:       019A019BDD001A788899599273E2DD691C42
Authority key identifier: 2C:E9:55:3A:9B:2C:7B:CA:12:B6:81:BC:0A:63:05:E3:3F:B6:40:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LOlVOpsse8oStoG8CmMF4z-2QMg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/2c054e-cef0-4af6-980e-8babac8a465a/1/R0X5CGrlz-qNmdyzKn23WLaBWOU.roa
Signing time:             Mon 20 Oct 2025 12:33:03 +0000
ROA not before:           Mon 20 Oct 2025 12:33:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1922
IP address blocks:        2001:67c:2700::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/2c054e-cef0-4af6-980e-8babac8a465a/1/LOlVOpsse8oStoG8CmMF4z-2QMg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/2c054e-cef0-4af6-980e-8babac8a465a/1/LOlVOpsse8oStoG8CmMF4z-2QMg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LOlVOpsse8oStoG8CmMF4z-2QMg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:9b:dd:00:1a:78:88:99:59:92:73:e2:dd:69:1c:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ce9553a9b2c7bca12b681bc0a6305e33fb640c8
        Validity
            Not Before: Oct 20 12:33:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4745f9086ae5cfea8d99dcb32a7db758b68158e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:15:0c:c8:2b:a0:c1:2b:9f:e9:20:7d:b2:32:
                    11:c8:31:94:a8:d2:a2:4d:c6:7b:57:68:8c:27:6d:
                    04:d3:e4:21:a9:74:ad:f4:ab:f9:4a:16:5d:05:b1:
                    95:85:a5:fd:6d:62:2b:e6:cf:4e:e6:bf:ca:02:57:
                    6c:d7:61:6b:15:c4:17:09:fd:72:e6:fa:a4:ca:75:
                    be:66:75:45:a9:4c:b0:76:24:0d:15:ae:d0:0c:d3:
                    47:5e:f5:e1:c1:14:98:d1:cf:0e:54:a8:bb:b8:aa:
                    45:bb:9f:21:55:1b:15:b4:45:97:2d:43:b3:d4:b1:
                    9b:29:51:3a:32:0a:1b:e9:7d:9b:65:56:24:90:0d:
                    ae:61:0b:5f:d4:ef:a5:8c:e8:00:0e:d9:7f:3f:60:
                    61:29:df:aa:6c:c9:e6:8e:42:1b:f9:4b:bd:32:6a:
                    96:14:c5:12:6a:7e:0a:ad:16:45:f2:0e:fb:ed:2b:
                    27:30:2f:02:29:43:f4:f1:4c:b7:07:62:24:4c:40:
                    05:5f:84:b2:eb:43:09:53:58:2d:57:8c:91:54:0e:
                    d5:c0:89:6b:fa:4f:25:30:11:df:08:6f:bf:15:57:
                    db:c8:c5:ce:33:07:8b:ef:e8:16:d5:4b:2e:f3:c7:
                    bd:2a:73:51:b5:d4:d3:8e:9c:c5:49:86:37:e0:aa:
                    0a:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:45:F9:08:6A:E5:CF:EA:8D:99:DC:B3:2A:7D:B7:58:B6:81:58:E5
            X509v3 Authority Key Identifier:
                keyid:2C:E9:55:3A:9B:2C:7B:CA:12:B6:81:BC:0A:63:05:E3:3F:B6:40:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LOlVOpsse8oStoG8CmMF4z-2QMg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/2c054e-cef0-4af6-980e-8babac8a465a/1/R0X5CGrlz-qNmdyzKn23WLaBWOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/2c054e-cef0-4af6-980e-8babac8a465a/1/LOlVOpsse8oStoG8CmMF4z-2QMg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2700::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:c1:d3:51:27:9f:2d:3f:82:ea:78:de:df:ed:ea:87:52:d3:
         98:8f:44:87:1c:44:70:84:16:85:52:70:a0:da:95:eb:31:38:
         b8:7e:6b:7d:6e:3f:32:e8:1b:46:db:85:72:ab:69:f8:92:33:
         ec:5c:c0:cd:d9:78:b4:b5:7d:63:e6:30:11:d6:b9:02:35:5d:
         0a:98:70:3a:c0:1e:88:c0:af:03:51:91:40:0b:29:f8:74:c8:
         2b:66:50:0d:82:91:84:1a:3d:20:51:33:6a:06:f7:26:5d:63:
         0b:d9:fd:4f:89:c2:81:b3:1a:73:c9:53:dd:f6:c8:f3:b8:bc:
         61:f1:f7:e5:db:51:3b:3f:e5:6d:da:a1:cb:43:e0:29:cc:bc:
         e9:bd:69:53:0b:c7:69:1d:58:1e:38:93:f6:3c:81:26:9e:6b:
         78:40:5a:06:2e:cf:d9:1d:bc:7a:b7:20:12:7f:56:9e:6e:26:
         49:49:98:58:07:ae:d7:e6:2d:fb:e2:a2:a7:d4:f2:70:a5:00:
         4e:36:12:a9:3f:6c:22:2c:91:26:37:e3:29:5e:b9:5b:1c:02:
         40:33:7f:88:73:d4:43:24:c2:fb:14:69:23:62:0d:8e:23:77:
         a3:e7:42:73:34:b4:ae:93:57:ea:ba:64:6a:a4:46:bc:7f:35:
         4e:b2:b6:70
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZoBm90AGniImVmSc+LdaRxCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjZTk1NTNhOWIyYzdiY2ExMmI2ODFiYzBhNjMwNWUzM2Zi
NjQwYzgwHhcNMjUxMDIwMTIzMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzQ1ZjkwODZhZTVjZmVhOGQ5OWRjYjMyYTdkYjc1OGI2ODE1OGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRUMyCugwSuf6SB9sjIRyDGUqNKi
TcZ7V2iMJ20E0+QhqXSt9Kv5ShZdBbGVhaX9bWIr5s9O5r/KAlds12FrFcQXCf1y
5vqkynW+ZnVFqUywdiQNFa7QDNNHXvXhwRSY0c8OVKi7uKpFu58hVRsVtEWXLUOz
1LGbKVE6Mgob6X2bZVYkkA2uYQtf1O+ljOgADtl/P2BhKd+qbMnmjkIb+Uu9MmqW
FMUSan4KrRZF8g777SsnMC8CKUP08Uy3B2IkTEAFX4Sy60MJU1gtV4yRVA7VwIlr
+k8lMBHfCG+/FVfbyMXOMweL7+gW1Usu88e9KnNRtdTTjpzFSYY34KoK3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEdF+Qhq5c/qjZncsyp9t1i2gVjlMB8GA1UdIwQY
MBaAFCzpVTqbLHvKEraBvApjBeM/tkDIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTE9sVk9wc3NlOG9TdG9HOENtTUY0ei0yUU1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi8yYzA1NGUtY2VmMC00YWY2LTk4MGUt
OGJhYmFjOGE0NjVhLzEvUjBYNUNHcmx6LXFObWR5ektuMjNXTGFCV09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi8yYzA1NGUtY2VmMC00YWY2LTk4MGUtOGJhYmFjOGE0NjVh
LzEvTE9sVk9wc3NlOG9TdG9HOENtTUY0ei0yUU1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCcA
MA0GCSqGSIb3DQEBCwUAA4IBAQCRwdNRJ58tP4LqeN7f7eqHUtOYj0SHHERwhBaF
UnCg2pXrMTi4fmt9bj8y6BtG24Vyq2n4kjPsXMDN2Xi0tX1j5jAR1rkCNV0KmHA6
wB6IwK8DUZFACyn4dMgrZlANgpGEGj0gUTNqBvcmXWML2f1PicKBsxpzyVPd9sjz
uLxh8ffl21E7P+Vt2qHLQ+ApzLzpvWlTC8dpHVgeOJP2PIEmnmt4QFoGLs/ZHbx6
tyASf1aebiZJSZhYB67X5i374qKn1PJwpQBONhKpP2wiLJEmN+MpXrlbHAJAM3+I
c9RDJML7FGkjYg2OI3ej50JzNLSuk1fqumRqpEa8fzVOsrZw
-----END CERTIFICATE-----