Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/fae1c1-aa18-46aa-83a7-8d1c9d1192b0/1/O42Gic4dc360gIgddLeLvJAb0gg.roa
File:                     O42Gic4dc360gIgddLeLvJAb0gg.roa (raw, json)
Hash identifier:          cQ+n7ZgZ26eThRiniwC6AUO7/0CEDaEl6tna9PIT/9w=
Subject key identifier:   3B:8D:86:89:CE:1D:73:7E:B4:80:88:1D:74:B7:8B:BC:90:1B:D2:08
Certificate issuer:       /CN=0df6e633067c066ae9bef1d3771cc300e4b4d1a7
Certificate serial:       019B77C6CD0A80DA62FDE39054F0A87E8854
Authority key identifier: 0D:F6:E6:33:06:7C:06:6A:E9:BE:F1:D3:77:1C:C3:00:E4:B4:D1:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DfbmMwZ8BmrpvvHTdxzDAOS00ac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/fae1c1-aa18-46aa-83a7-8d1c9d1192b0/1/O42Gic4dc360gIgddLeLvJAb0gg.roa
Signing time:             Thu 01 Jan 2026 04:17:55 +0000
ROA not before:           Thu 01 Jan 2026 04:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30887
IP address blocks:        2001:67c:4d4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/fae1c1-aa18-46aa-83a7-8d1c9d1192b0/1/DfbmMwZ8BmrpvvHTdxzDAOS00ac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/fae1c1-aa18-46aa-83a7-8d1c9d1192b0/1/DfbmMwZ8BmrpvvHTdxzDAOS00ac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DfbmMwZ8BmrpvvHTdxzDAOS00ac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 19:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:cd:0a:80:da:62:fd:e3:90:54:f0:a8:7e:88:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0df6e633067c066ae9bef1d3771cc300e4b4d1a7
        Validity
            Not Before: Jan  1 04:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b8d8689ce1d737eb480881d74b78bbc901bd208
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e1:0b:2b:db:a5:e8:19:26:3c:eb:59:2e:d3:
                    26:3a:81:5d:37:62:e6:d4:b7:3c:f3:fd:61:0a:36:
                    a7:ff:ab:03:a3:21:34:bd:c1:bb:f5:ed:3a:3d:03:
                    17:b4:15:9f:c5:ff:79:f4:60:38:60:9e:ee:a7:7d:
                    48:5a:38:8b:3c:76:e7:57:f3:5b:73:30:e1:b8:55:
                    b0:2b:bc:c6:fc:9d:1d:98:84:fc:c5:00:e5:b4:b9:
                    30:77:c3:fd:30:59:d2:cb:b8:25:46:70:67:fd:1a:
                    1f:ab:cc:4b:6f:36:9a:67:a1:f5:a3:b2:16:d2:af:
                    89:19:a9:26:3a:88:5f:da:1f:92:58:79:f2:d6:b5:
                    5d:57:08:33:dc:3b:44:12:f4:fb:9d:3b:45:29:1f:
                    dc:b7:e3:ff:28:a6:23:0b:65:aa:cc:0a:fe:46:a8:
                    82:f1:17:8e:bf:e7:27:a8:e3:f9:bd:ed:04:f2:a8:
                    65:bc:7b:94:7c:62:c9:0f:43:71:de:79:12:86:6e:
                    c8:cc:05:a2:aa:bc:95:ba:52:31:fc:ed:52:5c:c9:
                    31:2f:af:36:ec:47:55:94:1e:c0:17:51:07:73:df:
                    88:2e:10:f7:aa:c2:04:6c:b2:d4:1a:9a:e7:c8:3f:
                    10:d3:40:1c:4c:58:aa:a3:af:df:d0:52:f3:c1:e5:
                    d1:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:8D:86:89:CE:1D:73:7E:B4:80:88:1D:74:B7:8B:BC:90:1B:D2:08
            X509v3 Authority Key Identifier:
                keyid:0D:F6:E6:33:06:7C:06:6A:E9:BE:F1:D3:77:1C:C3:00:E4:B4:D1:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DfbmMwZ8BmrpvvHTdxzDAOS00ac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/fae1c1-aa18-46aa-83a7-8d1c9d1192b0/1/O42Gic4dc360gIgddLeLvJAb0gg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/fae1c1-aa18-46aa-83a7-8d1c9d1192b0/1/DfbmMwZ8BmrpvvHTdxzDAOS00ac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:4d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:5d:e9:e2:9f:fe:5d:39:f9:70:e7:c4:a5:2c:22:30:42:ea:
         ac:16:74:f4:66:d6:78:b9:e3:aa:ac:ce:ec:e2:d5:38:e3:03:
         c6:b1:0c:cf:ee:ce:ea:cb:7b:44:1a:27:61:17:a7:c0:00:90:
         07:a4:46:bf:16:dc:63:6b:4a:2d:ec:15:24:ca:c9:49:ad:82:
         f1:bb:09:7e:95:c6:73:d4:8f:de:1a:46:a6:98:61:c9:b4:fb:
         ff:13:dc:3b:d5:c4:60:37:b6:b4:99:8f:50:34:4e:37:02:fd:
         8d:fa:8f:13:f0:1d:de:50:23:af:15:e5:69:56:de:fc:5a:c6:
         c9:69:f4:f0:6a:6d:e5:15:0d:bd:91:40:f9:9d:8e:c7:aa:fd:
         22:80:9d:30:83:bb:f2:61:dd:87:12:d5:3d:8d:13:10:1f:bd:
         82:87:90:4c:cf:f0:93:c5:e7:66:66:cb:06:be:08:50:ee:0c:
         e2:4a:81:d1:da:b4:75:91:92:84:01:d2:90:db:4c:2b:e9:52:
         57:77:4f:50:30:8b:df:20:10:97:bf:01:46:43:c9:b9:4e:96:
         3b:78:fe:37:ee:77:fa:ad:47:0b:0a:44:15:85:f8:2c:5e:d7:
         51:85:af:0b:06:86:29:0b:39:97:b0:3b:0c:a2:6b:a1:47:0b:
         6d:64:54:9a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3xs0KgNpi/eOQVPCofohUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZjZlNjMzMDY3YzA2NmFlOWJlZjFkMzc3MWNjMzAwZTRi
NGQxYTcwHhcNMjYwMTAxMDQxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjhkODY4OWNlMWQ3MzdlYjQ4MDg4MWQ3NGI3OGJiYzkwMWJkMjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+ELK9ul6BkmPOtZLtMmOoFdN2Lm
1Lc88/1hCjan/6sDoyE0vcG79e06PQMXtBWfxf959GA4YJ7up31IWjiLPHbnV/Nb
czDhuFWwK7zG/J0dmIT8xQDltLkwd8P9MFnSy7glRnBn/Rofq8xLbzaaZ6H1o7IW
0q+JGakmOohf2h+SWHny1rVdVwgz3DtEEvT7nTtFKR/ct+P/KKYjC2WqzAr+RqiC
8ReOv+cnqOP5ve0E8qhlvHuUfGLJD0Nx3nkShm7IzAWiqryVulIx/O1SXMkxL682
7EdVlB7AF1EHc9+ILhD3qsIEbLLUGprnyD8Q00AcTFiqo6/f0FLzweXRvwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDuNhonOHXN+tICIHXS3i7yQG9IIMB8GA1UdIwQY
MBaAFA325jMGfAZq6b7x03ccwwDktNGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGZibU13WjhCbXJwdnZIVGR4ekRBT1MwMGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9mYWUxYzEtYWExOC00NmFhLTgzYTct
OGQxYzlkMTE5MmIwLzEvTzQyR2ljNGRjMzYwZ0lnZGRMZUx2SkFiMGdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9mYWUxYzEtYWExOC00NmFhLTgzYTctOGQxYzlkMTE5MmIw
LzEvRGZibU13WjhCbXJwdnZIVGR4ekRBT1MwMGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfATU
MA0GCSqGSIb3DQEBCwUAA4IBAQBQXenin/5dOflw58SlLCIwQuqsFnT0ZtZ4ueOq
rM7s4tU44wPGsQzP7s7qy3tEGidhF6fAAJAHpEa/Ftxja0ot7BUkyslJrYLxuwl+
lcZz1I/eGkammGHJtPv/E9w71cRgN7a0mY9QNE43Av2N+o8T8B3eUCOvFeVpVt78
WsbJafTwam3lFQ29kUD5nY7Hqv0igJ0wg7vyYd2HEtU9jRMQH72Ch5BMz/CTxedm
ZssGvghQ7gziSoHR2rR1kZKEAdKQ20wr6VJXd09QMIvfIBCXvwFGQ8m5TpY7eP43
7nf6rUcLCkQVhfgsXtdRha8LBoYpCzmXsDsMomuhRwttZFSa
-----END CERTIFICATE-----