Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/3jJSLZil7c4-h_ZSqOZsfgSAUtU.roa
File:                     3jJSLZil7c4-h_ZSqOZsfgSAUtU.roa (raw, json)
Hash identifier:          3TvvWDxQE9XBNbKqDpg8EfBdd6K03ZrgbS3GP6ML5Rc=
Subject key identifier:   DE:32:52:2D:98:A5:ED:CE:3E:87:F6:52:A8:E6:6C:7E:04:80:52:D5
Certificate issuer:       /CN=afdb5c03998fc66b8f1827299403f1e5e8d999d7
Certificate serial:       01987A63FAD3ADE6083CD7BE3C62E05756B9
Authority key identifier: AF:DB:5C:03:99:8F:C6:6B:8F:18:27:29:94:03:F1:E5:E8:D9:99:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r9tcA5mPxmuPGCcplAPx5ejZmdc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/3jJSLZil7c4-h_ZSqOZsfgSAUtU.roa
Signing time:             Tue 05 Aug 2025 13:20:29 +0000
ROA not before:           Tue 05 Aug 2025 13:20:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213605
IP address blocks:        2001:678:120::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/r9tcA5mPxmuPGCcplAPx5ejZmdc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/r9tcA5mPxmuPGCcplAPx5ejZmdc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r9tcA5mPxmuPGCcplAPx5ejZmdc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7a:63:fa:d3:ad:e6:08:3c:d7:be:3c:62:e0:57:56:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afdb5c03998fc66b8f1827299403f1e5e8d999d7
        Validity
            Not Before: Aug  5 13:20:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de32522d98a5edce3e87f652a8e66c7e048052d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c5:f4:ec:11:f3:9b:b9:bf:8b:5e:b3:4e:03:
                    d4:a7:5c:1d:01:02:ab:3b:93:bb:70:b8:fc:aa:a4:
                    f8:ac:05:b7:b7:68:57:c8:00:89:6f:23:ad:36:a2:
                    3a:0b:d1:d7:a7:45:49:38:1d:95:e4:ea:7b:3c:fd:
                    45:c9:a4:c7:f1:7b:98:29:89:af:1c:d3:a7:e8:67:
                    b8:3a:e6:5b:2b:b7:bc:f7:a0:e8:06:3d:0f:e8:a2:
                    8e:4c:10:35:e0:c8:0d:21:1f:39:e6:f2:0b:d9:f6:
                    37:36:6f:9a:87:67:f2:a9:fc:dd:23:62:be:ea:30:
                    fc:86:f0:cf:42:e8:40:8f:55:44:77:d7:ef:11:84:
                    af:e4:07:01:d5:c1:53:ea:51:18:4b:f2:f9:b9:22:
                    b3:10:9d:3b:9d:7c:ae:4d:35:88:da:a0:ff:fe:17:
                    5d:25:f9:22:d3:e4:99:6d:0d:82:9f:31:a1:d5:4f:
                    3c:78:e8:31:a3:20:a4:93:1e:c8:59:97:dd:4e:2f:
                    61:ec:53:79:1c:9e:40:43:4c:41:c6:f0:03:e5:c3:
                    82:fa:e4:4c:63:03:21:59:1c:9d:e4:24:f3:0e:dd:
                    98:cb:10:ea:a1:6f:7d:18:55:d8:7c:69:c5:a9:a2:
                    24:b8:3e:33:dc:96:52:04:ec:d4:25:40:3a:15:7f:
                    b4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:32:52:2D:98:A5:ED:CE:3E:87:F6:52:A8:E6:6C:7E:04:80:52:D5
            X509v3 Authority Key Identifier:
                keyid:AF:DB:5C:03:99:8F:C6:6B:8F:18:27:29:94:03:F1:E5:E8:D9:99:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r9tcA5mPxmuPGCcplAPx5ejZmdc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/3jJSLZil7c4-h_ZSqOZsfgSAUtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/r9tcA5mPxmuPGCcplAPx5ejZmdc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:120::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:1c:77:ee:05:67:6d:ec:f1:30:9e:5e:af:fc:5e:6f:14:4d:
         79:38:ec:41:0a:d7:23:90:d7:1e:a2:7b:2c:26:20:f6:1a:9e:
         e9:4f:70:e1:78:1c:69:3f:2c:7d:20:bb:ad:10:bb:02:cd:3c:
         1c:15:a9:7a:34:5f:76:5d:a2:65:f9:88:9d:c4:ea:1a:0e:04:
         4f:5d:ce:d4:2b:33:cb:04:16:78:7d:32:3a:a8:84:70:ff:88:
         61:81:c2:10:10:3d:e7:1f:52:33:0a:b8:31:d5:7f:b0:04:34:
         99:6b:62:75:17:a9:13:ce:68:43:31:3d:28:2c:ee:f2:c5:75:
         1d:e8:e6:aa:e3:77:5d:45:50:8b:de:c0:dc:c1:56:98:e2:01:
         5a:25:d9:5d:7d:42:85:04:8f:1b:41:ec:6a:0a:35:59:c3:c1:
         f6:19:59:95:84:10:1a:3f:94:b5:07:32:07:6d:10:8d:db:5f:
         a3:ba:c3:0b:2c:01:c9:ad:df:c2:c3:be:bf:1a:71:fb:50:6e:
         54:ae:95:c0:6a:9a:89:0c:af:2b:ad:fd:75:d1:18:2b:e2:ef:
         fb:cc:fb:3d:4e:86:92:d6:02:1c:3a:4a:72:d4:a1:0b:f3:8f:
         19:c8:7b:fb:2c:65:3f:cb:4b:8a:69:30:5f:a0:19:18:52:d8:
         67:25:4f:10
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZh6Y/rTreYIPNe+PGLgV1a5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZGI1YzAzOTk4ZmM2NmI4ZjE4MjcyOTk0MDNmMWU1ZThk
OTk5ZDcwHhcNMjUwODA1MTMyMDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTMyNTIyZDk4YTVlZGNlM2U4N2Y2NTJhOGU2NmM3ZTA0ODA1MmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08X07BHzm7m/i16zTgPUp1wdAQKr
O5O7cLj8qqT4rAW3t2hXyACJbyOtNqI6C9HXp0VJOB2V5Op7PP1FyaTH8XuYKYmv
HNOn6Ge4OuZbK7e896DoBj0P6KKOTBA14MgNIR855vIL2fY3Nm+ah2fyqfzdI2K+
6jD8hvDPQuhAj1VEd9fvEYSv5AcB1cFT6lEYS/L5uSKzEJ07nXyuTTWI2qD//hdd
Jfki0+SZbQ2CnzGh1U88eOgxoyCkkx7IWZfdTi9h7FN5HJ5AQ0xBxvAD5cOC+uRM
YwMhWRyd5CTzDt2YyxDqoW99GFXYfGnFqaIkuD4z3JZSBOzUJUA6FX+0kwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN4yUi2Ype3OPof2UqjmbH4EgFLVMB8GA1UdIwQY
MBaAFK/bXAOZj8ZrjxgnKZQD8eXo2ZnXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjl0Y0E1bVB4bXVQR0NjcGxBUHg1ZWpabWRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85ZjU2MGItMDZjZi00NmViLTk2M2Mt
NjdhZDNhYzdmODNmLzEvM2pKU0xaaWw3YzQtaF9aU3FPWnNmZ1NBVXRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85ZjU2MGItMDZjZi00NmViLTk2M2MtNjdhZDNhYzdmODNm
LzEvcjl0Y0E1bVB4bXVQR0NjcGxBUHg1ZWpabWRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAEg
MA0GCSqGSIb3DQEBCwUAA4IBAQBdHHfuBWdt7PEwnl6v/F5vFE15OOxBCtcjkNce
onssJiD2Gp7pT3DheBxpPyx9ILutELsCzTwcFal6NF92XaJl+YidxOoaDgRPXc7U
KzPLBBZ4fTI6qIRw/4hhgcIQED3nH1IzCrgx1X+wBDSZa2J1F6kTzmhDMT0oLO7y
xXUd6Oaq43ddRVCL3sDcwVaY4gFaJdldfUKFBI8bQexqCjVZw8H2GVmVhBAaP5S1
BzIHbRCN21+jusMLLAHJrd/Cw76/GnH7UG5UrpXAapqJDK8rrf110Rgr4u/7zPs9
ToaS1gIcOkpy1KEL848ZyHv7LGU/y0uKaTBfoBkYUthnJU8Q
-----END CERTIFICATE-----