Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be692b-7932-4554-8c15-94c2fda39ead/1/IBYohiSfrdp01nVXXkVdPVwTXu8.roa
File:                     IBYohiSfrdp01nVXXkVdPVwTXu8.roa (raw, json)
Hash identifier:          xHDIvb8rjLO6em8S12Zcvhamk/oay8uBCC+89yrhRMg=
Subject key identifier:   20:16:28:86:24:9F:AD:DA:74:D6:75:57:5E:45:5D:3D:5C:13:5E:EF
Certificate issuer:       /CN=e84df52af460ca6fa8c923a49f5cb795ea6707f7
Certificate serial:       01986E9EFA34CC1F5E1DF073D117C9984D22
Authority key identifier: E8:4D:F5:2A:F4:60:CA:6F:A8:C9:23:A4:9F:5C:B7:95:EA:67:07:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6E31KvRgym-oySOkn1y3lepnB_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be692b-7932-4554-8c15-94c2fda39ead/1/IBYohiSfrdp01nVXXkVdPVwTXu8.roa
Signing time:             Sun 03 Aug 2025 06:29:29 +0000
ROA not before:           Sun 03 Aug 2025 06:29:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8893
IP address blocks:        2001:1490:101::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be692b-7932-4554-8c15-94c2fda39ead/1/6E31KvRgym-oySOkn1y3lepnB_c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be692b-7932-4554-8c15-94c2fda39ead/1/6E31KvRgym-oySOkn1y3lepnB_c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6E31KvRgym-oySOkn1y3lepnB_c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 23:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:6e:9e:fa:34:cc:1f:5e:1d:f0:73:d1:17:c9:98:4d:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e84df52af460ca6fa8c923a49f5cb795ea6707f7
        Validity
            Not Before: Aug  3 06:29:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20162886249fadda74d675575e455d3d5c135eef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d9:d4:c3:e1:fd:3d:14:e7:84:3d:d8:2c:bb:
                    b5:f7:41:13:47:7f:dd:27:46:78:20:70:7f:f4:4c:
                    b8:c4:0a:00:d5:80:3f:fb:44:a6:7d:30:fd:de:b8:
                    2a:7e:e1:8e:63:4a:13:a2:b9:90:1a:cb:c0:b4:d1:
                    10:0d:03:34:95:bd:7b:3b:da:7e:fa:31:58:02:b9:
                    d7:81:b6:8b:fc:20:19:1c:5d:51:03:96:87:6f:e8:
                    02:24:19:98:c3:5b:8f:20:e6:c6:dd:b1:89:b4:b1:
                    8c:2b:e9:fd:ae:86:e5:78:53:b8:f7:f1:fb:83:9f:
                    9b:06:ee:05:13:d7:c3:e9:7c:da:02:6a:d4:5f:fb:
                    a2:d4:48:e3:ad:f1:fe:3e:2d:20:bb:c4:a5:39:e9:
                    52:b6:f1:65:46:89:d8:5a:35:c8:c2:37:dd:bb:93:
                    03:ab:f4:a2:07:e2:5b:80:e2:74:e1:3c:16:5d:3a:
                    2b:ab:8d:57:b8:87:b2:a8:e1:a4:50:71:81:66:c7:
                    c6:04:50:09:05:7e:0e:9d:fa:12:c8:35:34:4d:c7:
                    e5:40:60:fa:a9:87:db:ec:38:a5:a5:76:71:e0:07:
                    2b:7e:17:d6:74:42:2a:3b:6b:c1:21:01:c6:1e:c4:
                    3c:a5:af:85:2b:cf:1c:8d:81:3e:ec:77:a3:42:82:
                    95:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:16:28:86:24:9F:AD:DA:74:D6:75:57:5E:45:5D:3D:5C:13:5E:EF
            X509v3 Authority Key Identifier:
                keyid:E8:4D:F5:2A:F4:60:CA:6F:A8:C9:23:A4:9F:5C:B7:95:EA:67:07:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6E31KvRgym-oySOkn1y3lepnB_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be692b-7932-4554-8c15-94c2fda39ead/1/IBYohiSfrdp01nVXXkVdPVwTXu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be692b-7932-4554-8c15-94c2fda39ead/1/6E31KvRgym-oySOkn1y3lepnB_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1490:101::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:3b:06:13:60:c8:c3:5f:b5:6e:48:2d:aa:b3:97:39:93:b3:
         50:c7:8f:cb:6c:5b:5e:17:ee:17:4a:3b:a6:f8:de:36:2a:4e:
         90:f0:88:5b:69:71:71:63:d4:c6:17:da:4e:64:fb:de:f1:99:
         4d:b1:8c:f0:2b:f1:07:22:a0:b6:aa:38:79:df:7f:51:56:11:
         b5:73:99:ee:82:d0:7e:33:54:b1:90:73:0b:cd:23:de:26:77:
         03:b2:2e:41:9d:4e:5c:66:59:f5:74:05:dd:2c:51:c7:7e:dc:
         86:48:b6:57:c3:e8:02:99:f7:a2:53:7a:f9:a2:c1:ba:b9:d9:
         46:d6:14:79:d2:06:5c:c7:be:2d:0d:0a:cf:6d:c2:1f:e0:18:
         e4:db:15:e5:ba:f6:0a:c7:ae:9c:40:ab:b6:73:04:6b:c7:e3:
         62:c4:5c:20:72:67:12:58:83:4e:b6:0c:69:1c:6f:2d:2e:1c:
         61:f3:ef:4b:cf:1c:0b:30:cb:cb:e5:ed:e6:db:91:89:0e:1f:
         c8:76:46:b2:23:80:6e:b7:f9:8e:d5:b2:9a:40:fb:bd:0a:75:
         8b:37:0e:e6:d9:36:6e:74:45:ff:a3:c0:dd:f0:8b:9e:9c:5b:
         32:46:2d:68:02:1d:c0:a2:fa:af:e3:cc:bd:17:05:8e:9a:34:
         42:c8:bb:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZhunvo0zB9eHfBz0RfJmE0iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NGRmNTJhZjQ2MGNhNmZhOGM5MjNhNDlmNWNiNzk1ZWE2
NzA3ZjcwHhcNMjUwODAzMDYyOTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDE2Mjg4NjI0OWZhZGRhNzRkNjc1NTc1ZTQ1NWQzZDVjMTM1ZWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNnUw+H9PRTnhD3YLLu190ETR3/d
J0Z4IHB/9Ey4xAoA1YA/+0SmfTD93rgqfuGOY0oTormQGsvAtNEQDQM0lb17O9p+
+jFYArnXgbaL/CAZHF1RA5aHb+gCJBmYw1uPIObG3bGJtLGMK+n9robleFO49/H7
g5+bBu4FE9fD6XzaAmrUX/ui1EjjrfH+Pi0gu8SlOelStvFlRonYWjXIwjfdu5MD
q/SiB+JbgOJ04TwWXTorq41XuIeyqOGkUHGBZsfGBFAJBX4OnfoSyDU0TcflQGD6
qYfb7DilpXZx4AcrfhfWdEIqO2vBIQHGHsQ8pa+FK88cjYE+7HejQoKVyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCAWKIYkn63adNZ1V15FXT1cE17vMB8GA1UdIwQY
MBaAFOhN9Sr0YMpvqMkjpJ9ct5XqZwf3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkUzMUt2Umd5bS1veVNPa24xeTNsZXBuQl9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY5MmItNzkzMi00NTU0LThjMTUt
OTRjMmZkYTM5ZWFkLzEvSUJZb2hpU2ZyZHAwMW5WWFhrVmRQVndUWHU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY5MmItNzkzMi00NTU0LThjMTUtOTRjMmZkYTM5ZWFk
LzEvNkUzMUt2Umd5bS1veVNPa24xeTNsZXBuQl9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEUkAEB
MA0GCSqGSIb3DQEBCwUAA4IBAQBlOwYTYMjDX7VuSC2qs5c5k7NQx4/LbFteF+4X
Sjum+N42Kk6Q8IhbaXFxY9TGF9pOZPve8ZlNsYzwK/EHIqC2qjh5339RVhG1c5nu
gtB+M1SxkHMLzSPeJncDsi5BnU5cZln1dAXdLFHHftyGSLZXw+gCmfeiU3r5osG6
udlG1hR50gZcx74tDQrPbcIf4Bjk2xXluvYKx66cQKu2cwRrx+NixFwgcmcSWINO
tgxpHG8tLhxh8+9LzxwLMMvL5e3m25GJDh/IdkayI4But/mO1bKaQPu9CnWLNw7m
2TZudEX/o8Dd8IuenFsyRi1oAh3Aovqv48y9FwWOmjRCyLu6
-----END CERTIFICATE-----