Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/EnHB7RdDIStIkkUXr_OZY6Oc7Jw.roa
File:                     EnHB7RdDIStIkkUXr_OZY6Oc7Jw.roa (raw, json)
Hash identifier:          jGtTHvjgF6kxQha0AP9T4eZB873r7eooZ9zJwBePfgk=
Subject key identifier:   12:71:C1:ED:17:43:21:2B:48:92:45:17:AF:F3:99:63:A3:9C:EC:9C
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       0197EF23C7411CD3D267081039050CB05CBF
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/EnHB7RdDIStIkkUXr_OZY6Oc7Jw.roa
Signing time:             Wed 09 Jul 2025 12:23:08 +0000
ROA not before:           Wed 09 Jul 2025 12:23:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212057
IP address blocks:        2a0c:9a40:8860::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ef:23:c7:41:1c:d3:d2:67:08:10:39:05:0c:b0:5c:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jul  9 12:23:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1271c1ed1743212b48924517aff39963a39cec9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:95:37:84:fd:d4:32:73:53:da:de:a0:5d:e1:
                    bc:1b:a0:7f:7f:b3:03:e9:bd:5c:84:36:14:99:3c:
                    c3:de:7a:71:05:5a:22:08:99:cc:af:b5:22:6b:3d:
                    b8:60:b0:6c:22:a7:56:05:e4:d4:77:e4:d8:8f:5c:
                    7b:de:62:31:1d:37:f7:5d:e3:c8:95:3e:52:a3:41:
                    69:ec:a7:b0:2d:33:7b:4b:da:a6:00:8f:8c:51:63:
                    ef:40:75:ce:33:2a:07:68:79:31:f5:b9:79:05:e4:
                    4c:81:b7:26:b3:98:cc:d1:2c:82:d7:e0:1e:e3:06:
                    16:b3:70:90:5e:ea:a1:46:30:a4:4a:d1:3a:db:1c:
                    c5:c9:6e:02:be:2a:59:31:b9:f7:db:6b:87:8e:80:
                    c5:ca:c9:d8:72:a3:90:92:df:f8:c6:ae:e1:1f:9b:
                    c2:7c:6b:66:b1:bc:d5:26:4e:c6:5c:9f:02:24:e2:
                    25:f4:98:35:ce:f0:cf:0e:43:3e:28:0f:fe:bc:ba:
                    88:c6:98:1b:31:e6:0b:74:25:e0:3e:95:78:3c:72:
                    76:82:5a:04:cc:e4:74:08:be:7d:04:75:c2:5c:e8:
                    2d:e9:00:92:46:f2:51:f0:9d:e7:14:89:28:b7:a8:
                    ba:a4:70:d6:8c:e5:17:bc:7a:54:92:7c:a3:44:9d:
                    55:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:71:C1:ED:17:43:21:2B:48:92:45:17:AF:F3:99:63:A3:9C:EC:9C
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/EnHB7RdDIStIkkUXr_OZY6Oc7Jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8860::/44

    Signature Algorithm: sha256WithRSAEncryption
         03:13:77:84:2a:2c:e7:60:37:30:0f:3a:71:f8:dd:01:56:65:
         a3:82:0b:38:b9:da:64:2e:63:dc:cb:05:1a:e3:ef:da:02:83:
         99:40:8f:72:ae:0b:24:3a:9d:cc:3e:e1:e3:3b:eb:08:a6:a5:
         e2:82:c2:39:5e:c5:52:92:72:81:18:18:51:09:49:09:80:4f:
         3d:b5:5f:2e:3c:e2:30:af:0e:bd:b5:5f:e2:bb:80:6b:66:d8:
         40:7d:1a:20:a7:17:d3:28:14:57:b3:e4:73:d0:bc:05:28:be:
         ca:7b:9b:c7:b3:0c:d8:df:0a:6a:0f:89:b0:bc:55:49:d8:8f:
         83:f9:16:41:15:64:9d:03:98:13:d8:ba:f6:27:e1:78:48:30:
         37:b9:ee:58:28:7f:3b:70:b5:5f:14:37:72:0b:47:ae:83:d5:
         51:5d:5e:b1:a8:88:ef:e6:cd:d4:02:19:36:e1:61:4d:1b:d4:
         03:3b:01:b3:c2:5d:74:ce:49:bd:b2:e4:aa:f8:2b:5b:b6:b7:
         d7:56:62:9d:3e:7b:81:88:86:c8:ed:67:c2:59:26:f0:00:3f:
         5e:ae:b8:e7:85:fc:59:91:fa:81:5d:58:23:1e:de:ca:71:29:
         9a:8e:b4:58:f1:ed:51:37:03:73:f8:44:0a:8e:2d:60:8e:14:
         ed:20:c4:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZfvI8dBHNPSZwgQOQUMsFy/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwNzA5MTIyMzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjcxYzFlZDE3NDMyMTJiNDg5MjQ1MTdhZmYzOTk2M2EzOWNlYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypU3hP3UMnNT2t6gXeG8G6B/f7MD
6b1chDYUmTzD3npxBVoiCJnMr7Uiaz24YLBsIqdWBeTUd+TYj1x73mIxHTf3XePI
lT5So0Fp7KewLTN7S9qmAI+MUWPvQHXOMyoHaHkx9bl5BeRMgbcms5jM0SyC1+Ae
4wYWs3CQXuqhRjCkStE62xzFyW4CvipZMbn322uHjoDFysnYcqOQkt/4xq7hH5vC
fGtmsbzVJk7GXJ8CJOIl9Jg1zvDPDkM+KA/+vLqIxpgbMeYLdCXgPpV4PHJ2gloE
zOR0CL59BHXCXOgt6QCSRvJR8J3nFIkot6i6pHDWjOUXvHpUknyjRJ1VEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBJxwe0XQyErSJJFF6/zmWOjnOycMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvRW5IQjdSZERJU3RJa2tVWHJfT1pZNk9jN0p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIhg
MA0GCSqGSIb3DQEBCwUAA4IBAQADE3eEKiznYDcwDzpx+N0BVmWjggs4udpkLmPc
ywUa4+/aAoOZQI9yrgskOp3MPuHjO+sIpqXigsI5XsVSknKBGBhRCUkJgE89tV8u
POIwrw69tV/iu4BrZthAfRogpxfTKBRXs+Rz0LwFKL7Ke5vHswzY3wpqD4mwvFVJ
2I+D+RZBFWSdA5gT2Lr2J+F4SDA3ue5YKH87cLVfFDdyC0eug9VRXV6xqIjv5s3U
Ahk24WFNG9QDOwGzwl10zkm9suSq+CtbtrfXVmKdPnuBiIbI7WfCWSbwAD9errjn
hfxZkfqBXVgjHt7KcSmajrRY8e1RNwNz+EQKji1gjhTtIMRe
-----END CERTIFICATE-----