Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/zWuO-GBcqklRByFpP-KvyxqlmHA.roa
File:                     zWuO-GBcqklRByFpP-KvyxqlmHA.roa (raw, json)
Hash identifier:          mMGoMj1kmRHV71swlSc1+k5tBlzbfdxCQQL7QyHaoc8=
Subject key identifier:   CD:6B:8E:F8:60:5C:AA:49:51:07:21:69:3F:E2:AF:CB:1A:A5:98:70
Certificate issuer:       /CN=f4c0aa7b3e3cbff88262add92b339e35051ce1a0
Certificate serial:       0198174B9466A2DB51527223377426BEF696
Authority key identifier: F4:C0:AA:7B:3E:3C:BF:F8:82:62:AD:D9:2B:33:9E:35:05:1C:E1:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9MCqez48v_iCYq3ZKzOeNQUc4aA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/zWuO-GBcqklRByFpP-KvyxqlmHA.roa
Signing time:             Thu 17 Jul 2025 07:31:25 +0000
ROA not before:           Thu 17 Jul 2025 07:31:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a02:ed1:cc::/48 maxlen: 48
                          2a02:ed1:ee::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/9MCqez48v_iCYq3ZKzOeNQUc4aA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/9MCqez48v_iCYq3ZKzOeNQUc4aA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9MCqez48v_iCYq3ZKzOeNQUc4aA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 01:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:17:4b:94:66:a2:db:51:52:72:23:37:74:26:be:f6:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4c0aa7b3e3cbff88262add92b339e35051ce1a0
        Validity
            Not Before: Jul 17 07:31:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd6b8ef8605caa49510721693fe2afcb1aa59870
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:19:d9:5c:50:aa:1a:ca:95:9a:0c:34:06:6e:
                    f0:94:98:d1:48:ce:d0:ec:6b:2a:af:ed:a9:76:9f:
                    75:17:e9:cf:fc:c8:c6:a0:49:ca:41:46:2f:6b:34:
                    33:4f:29:ee:79:e5:76:5d:56:a8:8c:d2:e1:a0:82:
                    30:0f:bc:25:9b:a3:54:44:10:10:53:0e:23:35:b9:
                    ce:9c:ae:4c:07:e6:c0:77:0f:33:32:f6:53:34:62:
                    84:af:d5:2f:42:b9:99:27:23:9c:42:cd:1c:f4:18:
                    e6:37:45:54:50:2c:6c:10:a6:fb:e7:f3:61:95:fd:
                    ba:73:3b:c4:ea:6c:07:7e:c9:09:e7:14:02:19:60:
                    48:1d:69:f5:71:0a:6d:15:4a:2b:16:62:c0:bb:65:
                    64:fc:89:92:cc:6e:f2:82:2a:cd:b3:d1:ba:38:2e:
                    54:c6:d9:65:11:d6:98:99:84:a6:e2:1a:0c:fb:55:
                    80:5d:2e:03:d3:73:52:3b:1e:74:fa:45:3b:9e:b5:
                    aa:a6:72:61:1a:4b:75:f9:1f:78:3d:2d:ed:8f:ca:
                    fe:5e:54:e4:0c:e6:d5:c7:99:6f:ce:e4:a7:37:5a:
                    9d:96:bf:70:06:16:b6:bb:56:52:1e:92:9f:a1:1a:
                    14:38:fe:47:ed:e5:01:44:7a:09:99:80:7c:d1:43:
                    39:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:6B:8E:F8:60:5C:AA:49:51:07:21:69:3F:E2:AF:CB:1A:A5:98:70
            X509v3 Authority Key Identifier:
                keyid:F4:C0:AA:7B:3E:3C:BF:F8:82:62:AD:D9:2B:33:9E:35:05:1C:E1:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9MCqez48v_iCYq3ZKzOeNQUc4aA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/zWuO-GBcqklRByFpP-KvyxqlmHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/9MCqez48v_iCYq3ZKzOeNQUc4aA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:ed1:cc::/48
                  2a02:ed1:ee::/48

    Signature Algorithm: sha256WithRSAEncryption
         cc:f0:23:19:3f:ce:80:c2:eb:b6:7c:02:d1:a4:7b:19:95:e8:
         d2:5f:d5:c2:fb:b2:7c:09:5e:71:8a:36:8b:17:b3:6e:3f:d6:
         c3:58:d3:50:85:dd:58:57:40:82:ab:61:f7:7b:cb:aa:df:df:
         4f:c8:a1:16:45:a6:59:dc:e8:3d:1e:40:e6:bd:c0:83:4d:cf:
         37:a9:83:ab:8e:5d:bc:4f:51:53:18:27:28:40:15:9c:64:24:
         0f:2a:a6:77:18:c2:27:6c:b5:23:64:fd:06:cb:84:ae:f6:a4:
         37:b1:d2:13:07:18:44:4d:bc:bb:e9:73:68:88:47:c6:e0:2f:
         f6:6e:a4:a1:6a:e2:2a:65:7e:ad:f5:95:2c:17:80:20:f6:67:
         8a:3b:1a:d3:39:32:59:7b:6a:8b:8c:06:4d:98:26:fb:45:c9:
         75:0e:bd:e6:69:ef:cb:bb:8e:d6:c8:d2:44:80:9e:7f:c1:1e:
         ee:0c:6a:12:7b:38:f8:a5:5c:71:53:c0:38:3f:7f:d1:8a:48:
         fc:25:18:0e:9b:4a:32:ff:8c:72:b4:4b:8a:d3:62:42:dd:fb:
         21:46:72:2a:9b:bd:bf:42:f5:98:52:78:c2:aa:c1:8b:e1:00:
         7c:bd:dd:52:15:f3:f3:3b:44:7f:e3:19:f8:4d:23:54:90:18:
         83:37:bb:f7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZgXS5RmottRUnIjN3QmvvaWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YzBhYTdiM2UzY2JmZjg4MjYyYWRkOTJiMzM5ZTM1MDUx
Y2UxYTAwHhcNMjUwNzE3MDczMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDZiOGVmODYwNWNhYTQ5NTEwNzIxNjkzZmUyYWZjYjFhYTU5ODcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBnZXFCqGsqVmgw0Bm7wlJjRSM7Q
7Gsqr+2pdp91F+nP/MjGoEnKQUYvazQzTynueeV2XVaojNLhoIIwD7wlm6NURBAQ
Uw4jNbnOnK5MB+bAdw8zMvZTNGKEr9UvQrmZJyOcQs0c9BjmN0VUUCxsEKb75/Nh
lf26czvE6mwHfskJ5xQCGWBIHWn1cQptFUorFmLAu2Vk/ImSzG7ygirNs9G6OC5U
xtllEdaYmYSm4hoM+1WAXS4D03NSOx50+kU7nrWqpnJhGkt1+R94PS3tj8r+XlTk
DObVx5lvzuSnN1qdlr9wBha2u1ZSHpKfoRoUOP5H7eUBRHoJmYB80UM5iQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM1rjvhgXKpJUQchaT/ir8sapZhwMB8GA1UdIwQY
MBaAFPTAqns+PL/4gmKt2SsznjUFHOGgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU1DcWV6NDh2X2lDWXEzWkt6T2VOUVVjNGFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS85ZTJiMWEtMTYzYi00ODU0LTk2MWEt
ZWE3NWRkZjQ3YjRhLzEveld1Ty1HQmNxa2xSQnlGcFAtS3Z5eHFsbUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS85ZTJiMWEtMTYzYi00ODU0LTk2MWEtZWE3NWRkZjQ3YjRh
LzEvOU1DcWV6NDh2X2lDWXEzWkt6T2VOUVVjNGFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgIO0QDM
AwcAKgIO0QDuMA0GCSqGSIb3DQEBCwUAA4IBAQDM8CMZP86Awuu2fALRpHsZlejS
X9XC+7J8CV5xijaLF7NuP9bDWNNQhd1YV0CCq2H3e8uq399PyKEWRaZZ3Og9HkDm
vcCDTc83qYOrjl28T1FTGCcoQBWcZCQPKqZ3GMInbLUjZP0Gy4Su9qQ3sdITBxhE
Tby76XNoiEfG4C/2bqShauIqZX6t9ZUsF4Ag9meKOxrTOTJZe2qLjAZNmCb7Rcl1
Dr3mae/Lu47WyNJEgJ5/wR7uDGoSezj4pVxxU8A4P3/Rikj8JRgOm0oy/4xytEuK
02JC3fshRnIqm72/QvWYUnjCqsGL4QB8vd1SFfPzO0R/4xn4TSNUkBiDN7v3
-----END CERTIFICATE-----