Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/f623b6-a198-405c-8326-09f1524a5246/1/CwVKknNyyDgr3v_akSkNJXeCl5g.roa
File:                     CwVKknNyyDgr3v_akSkNJXeCl5g.roa (raw, json)
Hash identifier:          qbY0Sgh72+FRb460J2WnaLt9Z6SaHUYLTsclKcq8xqU=
Subject key identifier:   0B:05:4A:92:73:72:C8:38:2B:DE:FF:DA:91:29:0D:25:77:82:97:98
Certificate issuer:       /CN=1f12478b1ca4cba030991bd8cb44d9f24f59c0b8
Certificate serial:       019B7AC8FCF72A9A6327F6EC1C6C41FADBA3
Authority key identifier: 1F:12:47:8B:1C:A4:CB:A0:30:99:1B:D8:CB:44:D9:F2:4F:59:C0:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HxJHixyky6AwmRvYy0TZ8k9ZwLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/f623b6-a198-405c-8326-09f1524a5246/1/CwVKknNyyDgr3v_akSkNJXeCl5g.roa
Signing time:             Thu 01 Jan 2026 18:19:10 +0000
ROA not before:           Thu 01 Jan 2026 18:19:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202068
IP address blocks:        2001:67c:550::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/f623b6-a198-405c-8326-09f1524a5246/1/HxJHixyky6AwmRvYy0TZ8k9ZwLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/f623b6-a198-405c-8326-09f1524a5246/1/HxJHixyky6AwmRvYy0TZ8k9ZwLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HxJHixyky6AwmRvYy0TZ8k9ZwLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:fc:f7:2a:9a:63:27:f6:ec:1c:6c:41:fa:db:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f12478b1ca4cba030991bd8cb44d9f24f59c0b8
        Validity
            Not Before: Jan  1 18:19:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b054a927372c8382bdeffda91290d2577829798
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:47:ad:7e:08:9c:82:e9:e9:3f:f2:e7:1f:fd:
                    5d:bc:b2:1b:35:bb:9e:6f:38:3d:bb:fc:1a:71:2a:
                    ce:20:92:9c:a8:8f:e9:74:e4:61:f7:2d:95:8b:48:
                    42:6e:ac:74:78:0c:e1:0a:8c:b4:bf:7a:ee:31:f1:
                    0c:3a:c6:a1:04:07:0a:ba:16:9a:2f:58:03:b8:20:
                    45:3a:cd:51:3c:33:cc:9d:5c:f5:ad:6b:11:01:93:
                    7c:69:4d:f5:72:dc:ef:0c:5e:aa:e5:39:1c:88:d6:
                    71:9c:57:59:86:69:15:16:9e:83:72:1f:6d:a2:cf:
                    03:72:14:97:db:3b:db:c6:38:93:ec:49:84:6d:e9:
                    86:33:fd:2a:70:05:9e:35:e5:ca:2a:0e:0f:80:2c:
                    87:29:14:90:53:46:ba:cb:a0:ea:74:a8:f1:1d:bb:
                    3e:33:47:cc:a2:50:8e:87:89:3e:1d:59:06:33:2d:
                    41:e4:62:db:93:29:93:4f:96:b1:87:94:ae:ba:ba:
                    75:2f:37:b5:54:7c:fa:f6:a3:ae:22:7f:4a:48:4a:
                    f0:b0:d4:84:7d:9b:48:df:8f:19:52:b2:ec:ee:1b:
                    46:2c:71:d7:90:9e:a7:71:0b:19:dc:2f:4c:20:96:
                    a7:ac:fb:35:7f:7c:7d:bd:95:19:32:a9:e2:bd:53:
                    1a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:05:4A:92:73:72:C8:38:2B:DE:FF:DA:91:29:0D:25:77:82:97:98
            X509v3 Authority Key Identifier:
                keyid:1F:12:47:8B:1C:A4:CB:A0:30:99:1B:D8:CB:44:D9:F2:4F:59:C0:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HxJHixyky6AwmRvYy0TZ8k9ZwLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/f623b6-a198-405c-8326-09f1524a5246/1/CwVKknNyyDgr3v_akSkNJXeCl5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/f623b6-a198-405c-8326-09f1524a5246/1/HxJHixyky6AwmRvYy0TZ8k9ZwLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:550::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:9b:54:8b:be:ce:ee:22:29:55:e2:8d:ba:a7:9d:e5:1c:ec:
         9b:33:50:cf:c4:44:0c:52:12:20:3e:61:5e:aa:b5:66:6f:ad:
         90:72:a0:b1:4c:aa:04:09:9e:1f:70:9b:cc:1f:d8:32:2c:14:
         dd:f1:9e:20:43:fb:29:88:b8:38:ea:cf:7c:ee:c9:8f:bd:e0:
         76:45:35:95:a6:bd:ab:5b:9f:ff:b8:c1:4d:bd:ba:15:a8:0e:
         8f:66:e7:e7:ca:4c:54:b3:1d:c8:8f:19:02:be:92:cb:ab:0a:
         77:7d:56:49:2c:d5:98:f9:2c:4f:17:be:9f:19:0a:09:67:a1:
         04:c6:27:92:95:73:6b:9d:99:23:76:7b:e2:ee:9b:0e:a8:aa:
         e4:9c:52:d4:17:af:92:41:cd:57:5c:cc:b5:57:73:a0:0a:02:
         f8:dd:70:83:c5:64:ee:1a:eb:2b:26:00:dc:4a:47:e6:a4:9e:
         b3:7e:ca:a2:31:8d:e9:a2:19:32:e8:88:c0:25:e8:1e:36:9a:
         48:76:01:a6:e8:66:70:1f:c2:cc:28:e2:ab:70:bc:9b:9a:12:
         ed:44:56:08:c3:a4:aa:84:55:e8:35:74:75:5e:29:57:f8:cd:
         ec:a0:83:94:12:3d:b0:79:9c:bc:23:8d:af:3f:44:f1:61:4b:
         54:7c:9e:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6yPz3KppjJ/bsHGxB+tujMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMTI0NzhiMWNhNGNiYTAzMDk5MWJkOGNiNDRkOWYyNGY1
OWMwYjgwHhcNMjYwMTAxMTgxOTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjA1NGE5MjczNzJjODM4MmJkZWZmZGE5MTI5MGQyNTc3ODI5Nzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvketfgicgunpP/LnH/1dvLIbNbue
bzg9u/wacSrOIJKcqI/pdORh9y2Vi0hCbqx0eAzhCoy0v3ruMfEMOsahBAcKuhaa
L1gDuCBFOs1RPDPMnVz1rWsRAZN8aU31ctzvDF6q5TkciNZxnFdZhmkVFp6Dch9t
os8DchSX2zvbxjiT7EmEbemGM/0qcAWeNeXKKg4PgCyHKRSQU0a6y6DqdKjxHbs+
M0fMolCOh4k+HVkGMy1B5GLbkymTT5axh5Suurp1Lze1VHz69qOuIn9KSErwsNSE
fZtI348ZUrLs7htGLHHXkJ6ncQsZ3C9MIJanrPs1f3x9vZUZMqnivVMaWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAsFSpJzcsg4K97/2pEpDSV3gpeYMB8GA1UdIwQY
MBaAFB8SR4scpMugMJkb2MtE2fJPWcC4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHhKSGl4eWt5NkF3bVJ2WXkwVFo4azlad0xnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9mNjIzYjYtYTE5OC00MDVjLTgzMjYt
MDlmMTUyNGE1MjQ2LzEvQ3dWS2tuTnl5RGdyM3ZfYWtTa05KWGVDbDVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9mNjIzYjYtYTE5OC00MDVjLTgzMjYtMDlmMTUyNGE1MjQ2
LzEvSHhKSGl4eWt5NkF3bVJ2WXkwVFo4azlad0xnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAVQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBAm1SLvs7uIilV4o26p53lHOybM1DPxEQMUhIg
PmFeqrVmb62QcqCxTKoECZ4fcJvMH9gyLBTd8Z4gQ/spiLg46s987smPveB2RTWV
pr2rW5//uMFNvboVqA6PZufnykxUsx3IjxkCvpLLqwp3fVZJLNWY+SxPF76fGQoJ
Z6EExieSlXNrnZkjdnvi7psOqKrknFLUF6+SQc1XXMy1V3OgCgL43XCDxWTuGusr
JgDcSkfmpJ6zfsqiMY3pohky6IjAJegeNppIdgGm6GZwH8LMKOKrcLybmhLtRFYI
w6SqhFXoNXR1XilX+M3soIOUEj2weZy8I42vP0TxYUtUfJ68
-----END CERTIFICATE-----