Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/vmBhk074FPjUixg2wHij8IULDn8.roa
File:                     vmBhk074FPjUixg2wHij8IULDn8.roa (raw, json)
Hash identifier:          QKJ7N3QwjDSWjVYRsqJoGPynarMt+3hf4AC28NAJHJQ=
Subject key identifier:   BE:60:61:93:4E:F8:14:F8:D4:8B:18:36:C0:78:A3:F0:85:0B:0E:7F
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01983A9B2F52AB7725F8C9EA15C17C20808F
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/vmBhk074FPjUixg2wHij8IULDn8.roa
Signing time:             Thu 24 Jul 2025 04:05:05 +0000
ROA not before:           Thu 24 Jul 2025 04:05:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212259
IP address blocks:        2a0f:7802:e200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 13:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3a:9b:2f:52:ab:77:25:f8:c9:ea:15:c1:7c:20:80:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jul 24 04:05:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be6061934ef814f8d48b1836c078a3f0850b0e7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f2:de:10:de:b7:c3:4c:83:ee:d1:52:81:1a:
                    aa:5c:26:cb:be:77:45:7a:dc:33:fd:4f:f1:9f:b4:
                    22:9e:7f:1d:e2:0a:35:d3:e6:ef:c1:f2:3e:c3:f0:
                    0d:ab:95:25:62:ce:d3:31:99:88:3f:6b:d0:41:4f:
                    ff:f3:2c:7e:03:88:4f:d5:f1:cd:f8:63:84:83:e4:
                    9d:7e:c1:9f:01:45:49:58:94:8b:68:25:a0:3e:1b:
                    8d:dd:51:5e:83:6c:9f:5d:32:50:c1:4c:67:33:e7:
                    20:c2:4a:b2:a1:a1:88:d0:8b:b1:31:21:ea:bd:cd:
                    dc:02:7d:72:c3:7e:65:3d:01:68:b3:6a:a6:fd:1a:
                    9f:54:e6:99:e8:16:65:5d:4a:47:b5:3f:4a:f6:a2:
                    76:9e:62:f6:a9:de:c2:5b:09:18:0d:99:3d:c2:54:
                    3e:d7:f4:84:68:d0:d9:e6:5b:cc:6e:86:6f:dc:8b:
                    ca:a9:3c:2c:eb:63:63:b4:d4:5e:eb:b0:1f:88:96:
                    40:f0:8a:fe:3d:33:98:40:5a:5d:ed:fd:dc:d7:ab:
                    e1:90:d9:ea:8a:61:1b:66:c5:91:3a:46:79:26:03:
                    ae:dc:88:3a:6c:98:3c:a2:04:16:fd:f0:71:59:d6:
                    bd:a0:58:36:15:53:81:82:8a:d0:2c:39:e3:93:ed:
                    8e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:60:61:93:4E:F8:14:F8:D4:8B:18:36:C0:78:A3:F0:85:0B:0E:7F
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/vmBhk074FPjUixg2wHij8IULDn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:e200::/40

    Signature Algorithm: sha256WithRSAEncryption
         88:96:4e:45:7b:41:d0:86:f8:83:c0:d5:fb:e4:c0:a8:b1:97:
         59:82:c6:30:5f:57:dd:5f:09:6c:86:36:58:87:2e:1e:62:0e:
         27:90:30:45:9f:22:f8:33:16:cc:12:f6:fc:e1:01:81:1a:34:
         f1:e9:db:21:72:67:ec:50:03:1d:f3:bf:7d:44:10:49:41:72:
         5c:86:b2:58:11:56:c0:8a:e4:4d:c8:68:56:fe:c4:0d:7b:d1:
         26:48:7f:b0:a0:73:b4:71:47:e7:38:ef:be:e7:b5:f2:2f:6f:
         14:73:e9:78:8a:1d:20:8e:39:69:24:a8:c2:ba:8c:91:8f:df:
         f7:46:5f:70:0d:80:27:57:ee:8b:59:b4:fb:cb:a5:27:7d:6a:
         ab:c4:70:fe:d3:ce:b6:66:a5:6f:63:f2:cf:fb:9e:80:7e:1c:
         a5:5a:a9:c7:9b:90:b1:55:bc:59:c1:92:a9:7c:0c:dd:59:dd:
         2c:ba:5a:01:46:05:97:28:26:08:18:0e:90:e0:f6:e7:77:11:
         12:d6:46:20:70:41:c4:56:51:bc:87:ac:0d:19:a6:ad:db:a1:
         e9:16:6f:2c:b9:2a:18:32:95:c7:a8:f4:ea:10:4c:84:5b:15:
         fd:16:48:e0:fe:44:e4:5b:3f:e2:6a:41:10:52:19:01:67:eb:
         45:b6:ac:85
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZg6my9Sq3cl+MnqFcF8IICPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwNzI0MDQwNTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTYwNjE5MzRlZjgxNGY4ZDQ4YjE4MzZjMDc4YTNmMDg1MGIwZTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vLeEN63w0yD7tFSgRqqXCbLvndF
etwz/U/xn7Qinn8d4go10+bvwfI+w/ANq5UlYs7TMZmIP2vQQU//8yx+A4hP1fHN
+GOEg+SdfsGfAUVJWJSLaCWgPhuN3VFeg2yfXTJQwUxnM+cgwkqyoaGI0IuxMSHq
vc3cAn1yw35lPQFos2qm/RqfVOaZ6BZlXUpHtT9K9qJ2nmL2qd7CWwkYDZk9wlQ+
1/SEaNDZ5lvMboZv3IvKqTws62NjtNRe67AfiJZA8Ir+PTOYQFpd7f3c16vhkNnq
imEbZsWROkZ5JgOu3Ig6bJg8ogQW/fBxWda9oFg2FVOBgorQLDnjk+2OnQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFL5gYZNO+BT41IsYNsB4o/CFCw5/MB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvdm1CaGswNzRGUGpVaXhnMndIaWo4SVVMRG44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg94AuIw
DQYJKoZIhvcNAQELBQADggEBAIiWTkV7QdCG+IPA1fvkwKixl1mCxjBfV91fCWyG
NliHLh5iDieQMEWfIvgzFswS9vzhAYEaNPHp2yFyZ+xQAx3zv31EEElBclyGslgR
VsCK5E3IaFb+xA170SZIf7Cgc7RxR+c4777ntfIvbxRz6XiKHSCOOWkkqMK6jJGP
3/dGX3ANgCdX7otZtPvLpSd9aqvEcP7TzrZmpW9j8s/7noB+HKVaqcebkLFVvFnB
kql8DN1Z3Sy6WgFGBZcoJggYDpDg9ud3ERLWRiBwQcRWUbyHrA0Zpq3boekWbyy5
Khgylceo9OoQTIRbFf0WSOD+RORbP+JqQRBSGQFn60W2rIU=
-----END CERTIFICATE-----