Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/V9BWXIygnOhJHYu8bdQZRzbbGqg.roa
File:                     V9BWXIygnOhJHYu8bdQZRzbbGqg.roa (raw, json)
Hash identifier:          re8sSZ6coeyXhQek/2jPbAPj3KlkVxVW/0zknsrcySY=
Subject key identifier:   57:D0:56:5C:8C:A0:9C:E8:49:1D:8B:BC:6D:D4:19:47:36:DB:1A:A8
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       0195DD61824956C8FC3BAE8C8C027193FF13
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/V9BWXIygnOhJHYu8bdQZRzbbGqg.roa
Signing time:             Fri 28 Mar 2025 15:31:49 +0000
ROA not before:           Fri 28 Mar 2025 15:31:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a02:11c0::/27 maxlen: 27
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:dd:61:82:49:56:c8:fc:3b:ae:8c:8c:02:71:93:ff:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Mar 28 15:31:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57d0565c8ca09ce8491d8bbc6dd4194736db1aa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:00:a3:23:1d:cb:02:30:71:07:37:cb:ed:64:
                    06:a9:be:8a:aa:39:91:78:61:06:22:da:4b:e2:31:
                    f4:8a:c7:45:f0:be:62:cc:6a:e8:1e:e8:a8:3e:7f:
                    a0:e9:15:12:80:66:32:23:39:73:ef:39:62:8e:cd:
                    17:f2:a1:8f:2e:46:61:b9:57:55:ed:2d:39:3b:bc:
                    c5:35:5f:e2:19:12:b1:cc:a3:17:26:ea:cf:68:47:
                    0f:3d:f6:60:70:c8:fd:ca:65:3f:de:b6:59:c9:d2:
                    04:df:f1:6e:29:7d:95:df:4c:f5:09:42:02:39:6b:
                    a7:39:17:9b:76:8b:4d:ef:88:87:b0:49:69:1f:8f:
                    d5:c1:e6:c0:1a:b1:80:98:e8:60:3d:33:56:c9:80:
                    07:ab:9b:96:7f:8e:5f:3c:54:b4:d0:e3:03:e7:62:
                    b3:97:1f:bd:df:49:f4:98:6d:33:92:ce:fa:7c:e4:
                    95:04:9c:ab:c2:74:8b:fa:7a:e9:36:1d:2f:e6:44:
                    ef:aa:5e:41:03:56:43:43:a4:4b:3b:cf:4b:15:20:
                    23:0b:39:50:bb:cd:c4:0c:be:3f:44:b7:45:f5:d2:
                    fa:4e:3f:08:d0:1b:85:43:c1:16:da:f5:51:74:48:
                    19:c1:11:c0:cb:2e:57:79:b1:0e:27:78:7f:5e:7d:
                    8b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:D0:56:5C:8C:A0:9C:E8:49:1D:8B:BC:6D:D4:19:47:36:DB:1A:A8
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/V9BWXIygnOhJHYu8bdQZRzbbGqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:11c0::/27

    Signature Algorithm: sha256WithRSAEncryption
         0f:63:23:64:be:a4:b1:c3:c1:1b:81:0f:1a:4a:76:61:22:52:
         cc:37:c1:c0:18:5b:69:20:af:3d:05:35:19:68:d8:8c:1b:07:
         7a:63:6d:33:31:90:c5:94:0b:50:33:5b:37:81:19:04:93:a3:
         3a:14:23:a5:06:d4:92:b1:0a:78:e0:0a:de:04:05:58:83:65:
         26:b6:5e:51:ff:8d:df:ca:c2:30:9c:73:38:9e:34:df:b5:7e:
         21:89:1c:5c:6a:3b:98:31:d4:e4:6e:2b:8e:8f:0f:9a:7b:95:
         84:3b:a2:fc:c6:b0:79:c4:5a:5b:a3:3d:ac:33:a3:c5:0d:96:
         7b:b2:7e:21:4c:f1:67:28:32:28:5a:ac:79:34:ec:76:79:82:
         87:f2:3e:88:26:77:cf:13:04:1d:82:6d:fd:77:1b:2d:48:7f:
         73:61:30:5b:57:34:46:c7:6d:76:31:0b:6c:c2:56:d5:29:8d:
         10:a7:a1:5a:da:30:8b:dc:c6:06:2c:54:98:0e:ca:f9:f5:0e:
         88:80:50:ce:3b:1a:0a:bb:15:74:2b:70:85:76:e9:e7:6a:50:
         de:ad:6f:9b:1f:6d:9f:86:a5:c7:ee:ae:e3:56:04:aa:dc:4e:
         75:d4:a0:31:af:c5:fc:63:ef:ea:57:d1:c2:70:47:b4:7e:53:
         7c:3c:5f:88
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZXdYYJJVsj8O66MjAJxk/8TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjUwMzI4MTUzMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2QwNTY1YzhjYTA5Y2U4NDkxZDhiYmM2ZGQ0MTk0NzM2ZGIxYWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQCjIx3LAjBxBzfL7WQGqb6KqjmR
eGEGItpL4jH0isdF8L5izGroHuioPn+g6RUSgGYyIzlz7zlijs0X8qGPLkZhuVdV
7S05O7zFNV/iGRKxzKMXJurPaEcPPfZgcMj9ymU/3rZZydIE3/FuKX2V30z1CUIC
OWunORebdotN74iHsElpH4/VwebAGrGAmOhgPTNWyYAHq5uWf45fPFS00OMD52Kz
lx+930n0mG0zks76fOSVBJyrwnSL+nrpNh0v5kTvql5BA1ZDQ6RLO89LFSAjCzlQ
u83EDL4/RLdF9dL6Tj8I0BuFQ8EW2vVRdEgZwRHAyy5XebEOJ3h/Xn2LfwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFfQVlyMoJzoSR2LvG3UGUc22xqoMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvVjlCV1hJeWduT2hKSFl1OGJkUVpSemJiR3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUFKgIRwDAN
BgkqhkiG9w0BAQsFAAOCAQEAD2MjZL6kscPBG4EPGkp2YSJSzDfBwBhbaSCvPQU1
GWjYjBsHemNtMzGQxZQLUDNbN4EZBJOjOhQjpQbUkrEKeOAK3gQFWINlJrZeUf+N
38rCMJxzOJ4037V+IYkcXGo7mDHU5G4rjo8PmnuVhDui/MawecRaW6M9rDOjxQ2W
e7J+IUzxZygyKFqseTTsdnmCh/I+iCZ3zxMEHYJt/XcbLUh/c2EwW1c0RsdtdjEL
bMJW1SmNEKehWtowi9zGBixUmA7K+fUOiIBQzjsaCrsVdCtwhXbp52pQ3q1vmx9t
n4alx+6u41YEqtxOddSgMa/F/GPv6lfRwnBHtH5TfDxfiA==
-----END CERTIFICATE-----