Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/y2RMSlV1cWcAGWUudxEMzT2jdW4.roa
File:                     y2RMSlV1cWcAGWUudxEMzT2jdW4.roa (raw, json)
Hash identifier:          sjlvnaAYWvZTwLwgeKOi3r5vujxbclUfON0T+YkJq0A=
Subject key identifier:   CB:64:4C:4A:55:75:71:67:00:19:65:2E:77:11:0C:CD:3D:A3:75:6E
Certificate issuer:       /CN=afdb5c03998fc66b8f1827299403f1e5e8d999d7
Certificate serial:       01987A63FA337885DDD332853EFD93973CE5
Authority key identifier: AF:DB:5C:03:99:8F:C6:6B:8F:18:27:29:94:03:F1:E5:E8:D9:99:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r9tcA5mPxmuPGCcplAPx5ejZmdc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/y2RMSlV1cWcAGWUudxEMzT2jdW4.roa
Signing time:             Tue 05 Aug 2025 13:20:29 +0000
ROA not before:           Tue 05 Aug 2025 13:20:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210440
IP address blocks:        2001:678:120::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/r9tcA5mPxmuPGCcplAPx5ejZmdc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/r9tcA5mPxmuPGCcplAPx5ejZmdc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r9tcA5mPxmuPGCcplAPx5ejZmdc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 07:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7a:63:fa:33:78:85:dd:d3:32:85:3e:fd:93:97:3c:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afdb5c03998fc66b8f1827299403f1e5e8d999d7
        Validity
            Not Before: Aug  5 13:20:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb644c4a557571670019652e77110ccd3da3756e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c0:8e:9c:fe:a6:51:e2:16:27:a6:6d:66:b5:
                    1f:0c:de:79:6c:97:ba:df:b2:9f:80:43:d2:69:44:
                    09:23:ad:98:76:51:a8:ed:25:7a:62:b1:c8:e6:7e:
                    e4:7d:98:66:67:35:70:7e:e4:8a:77:0c:b4:58:17:
                    d8:e6:a1:fb:d3:cb:50:ca:55:40:7b:27:26:d5:64:
                    57:2c:7c:b8:ec:e0:53:6d:9b:fd:58:c9:d9:f9:22:
                    f2:63:28:b7:e6:88:71:83:77:a8:f4:1c:ea:c1:8e:
                    f5:9f:3b:31:84:32:36:fd:99:cd:4e:44:3d:c1:46:
                    f2:62:c4:38:96:2e:2f:0e:b6:37:06:d2:6d:e1:5d:
                    fd:53:b0:23:ee:6e:d1:4a:57:ff:5d:83:dd:5f:0f:
                    0b:71:4a:05:e4:f5:6c:9d:d8:a2:ec:c9:4c:79:b8:
                    97:5e:a4:f6:ed:b5:55:57:52:55:a9:91:cb:6f:3f:
                    ed:a6:85:d3:9a:03:73:da:d4:f1:d8:78:ab:1f:df:
                    b2:84:50:79:f8:ab:60:f9:ab:17:18:88:97:12:5a:
                    28:1f:8f:29:65:67:89:29:4f:af:f3:51:c1:58:5d:
                    f4:ae:f2:de:1a:7b:6f:4a:d0:8c:c4:cd:c9:d5:ee:
                    cd:bb:86:3a:a6:e2:62:ed:87:67:57:4a:3f:bf:9b:
                    fc:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:64:4C:4A:55:75:71:67:00:19:65:2E:77:11:0C:CD:3D:A3:75:6E
            X509v3 Authority Key Identifier:
                keyid:AF:DB:5C:03:99:8F:C6:6B:8F:18:27:29:94:03:F1:E5:E8:D9:99:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r9tcA5mPxmuPGCcplAPx5ejZmdc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/y2RMSlV1cWcAGWUudxEMzT2jdW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/r9tcA5mPxmuPGCcplAPx5ejZmdc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:120::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:06:96:d0:b4:75:6b:4a:b3:5e:1d:f2:74:34:5a:e5:b9:f3:
         40:5c:d5:d1:b2:2f:e0:89:2a:b2:d4:a6:a4:b0:89:d0:e1:84:
         84:05:95:7c:af:bc:49:61:aa:74:c9:80:b5:d1:bc:fe:c9:9e:
         e6:67:4e:73:65:63:3f:f8:91:a1:6b:ed:4a:43:bd:ed:32:0a:
         31:1d:f3:70:ec:fb:2e:7c:53:b2:27:e7:4d:0f:e4:b4:07:c8:
         4f:e3:8d:52:be:42:cc:0f:fe:38:9a:d7:f3:d4:52:16:74:71:
         0b:51:c3:ee:50:2b:07:ab:5b:23:62:d6:d6:28:01:04:6c:d8:
         29:18:26:b5:1a:82:23:c5:15:57:1c:dd:3d:ec:8e:57:c8:01:
         0d:03:e5:f6:af:22:12:5e:3d:0b:c7:08:12:31:ef:17:80:96:
         d9:44:71:6d:b1:93:5b:80:2d:b4:a5:cf:1d:48:95:24:25:5c:
         30:f3:60:90:f4:11:47:f9:94:51:8c:57:50:ee:99:46:bf:0f:
         5d:ea:7d:7f:6e:b4:4c:aa:87:e1:80:7e:86:20:b8:92:9c:c9:
         6e:87:c3:17:21:ff:60:84:48:de:a0:74:bd:9d:06:89:a5:03:
         22:d7:27:b8:73:f0:4a:72:74:6b:90:10:9e:1f:ec:d3:d3:1f:
         70:13:9e:5c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZh6Y/ozeIXd0zKFPv2TlzzlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZGI1YzAzOTk4ZmM2NmI4ZjE4MjcyOTk0MDNmMWU1ZThk
OTk5ZDcwHhcNMjUwODA1MTMyMDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjY0NGM0YTU1NzU3MTY3MDAxOTY1MmU3NzExMGNjZDNkYTM3NTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsCOnP6mUeIWJ6ZtZrUfDN55bJe6
37KfgEPSaUQJI62YdlGo7SV6YrHI5n7kfZhmZzVwfuSKdwy0WBfY5qH708tQylVA
eycm1WRXLHy47OBTbZv9WMnZ+SLyYyi35ohxg3eo9BzqwY71nzsxhDI2/ZnNTkQ9
wUbyYsQ4li4vDrY3BtJt4V39U7Aj7m7RSlf/XYPdXw8LcUoF5PVsndii7MlMebiX
XqT27bVVV1JVqZHLbz/tpoXTmgNz2tTx2HirH9+yhFB5+Ktg+asXGIiXElooH48p
ZWeJKU+v81HBWF30rvLeGntvStCMxM3J1e7Nu4Y6puJi7YdnV0o/v5v8fQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMtkTEpVdXFnABllLncRDM09o3VuMB8GA1UdIwQY
MBaAFK/bXAOZj8ZrjxgnKZQD8eXo2ZnXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjl0Y0E1bVB4bXVQR0NjcGxBUHg1ZWpabWRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85ZjU2MGItMDZjZi00NmViLTk2M2Mt
NjdhZDNhYzdmODNmLzEveTJSTVNsVjFjV2NBR1dVdWR4RU16VDJqZFc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85ZjU2MGItMDZjZi00NmViLTk2M2MtNjdhZDNhYzdmODNm
LzEvcjl0Y0E1bVB4bXVQR0NjcGxBUHg1ZWpabWRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAEg
MA0GCSqGSIb3DQEBCwUAA4IBAQAsBpbQtHVrSrNeHfJ0NFrlufNAXNXRsi/giSqy
1KaksInQ4YSEBZV8r7xJYap0yYC10bz+yZ7mZ05zZWM/+JGha+1KQ73tMgoxHfNw
7PsufFOyJ+dND+S0B8hP441SvkLMD/44mtfz1FIWdHELUcPuUCsHq1sjYtbWKAEE
bNgpGCa1GoIjxRVXHN097I5XyAENA+X2ryISXj0LxwgSMe8XgJbZRHFtsZNbgC20
pc8dSJUkJVww82CQ9BFH+ZRRjFdQ7plGvw9d6n1/brRMqofhgH6GILiSnMluh8MX
If9ghEjeoHS9nQaJpQMi1ye4c/BKcnRrkBCeH+zT0x9wE55c
-----END CERTIFICATE-----