Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/111385-2eb6-4c6a-b9c4-34ae891a72cf/1/76ocqJPgX6Ynr5DcaOEnHSXqmw4.roa
File:                     76ocqJPgX6Ynr5DcaOEnHSXqmw4.roa (raw, json)
Hash identifier:          +5Ze0CwrMKNKQDrCGmzGrjc9+ScoGo4GhscKDcPvOBQ=
Subject key identifier:   EF:AA:1C:A8:93:E0:5F:A6:27:AF:90:DC:68:E1:27:1D:25:EA:9B:0E
Certificate issuer:       /CN=e91ef22adaa16d53dcf637c569f4131f26215b91
Certificate serial:       0197F97428AC6566F1C356DF3E531D53C839
Authority key identifier: E9:1E:F2:2A:DA:A1:6D:53:DC:F6:37:C5:69:F4:13:1F:26:21:5B:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6R7yKtqhbVPc9jfFafQTHyYhW5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/111385-2eb6-4c6a-b9c4-34ae891a72cf/1/76ocqJPgX6Ynr5DcaOEnHSXqmw4.roa
Signing time:             Fri 11 Jul 2025 12:27:08 +0000
ROA not before:           Fri 11 Jul 2025 12:27:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205007
IP address blocks:        2a09:31c0:babe::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/111385-2eb6-4c6a-b9c4-34ae891a72cf/1/6R7yKtqhbVPc9jfFafQTHyYhW5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/111385-2eb6-4c6a-b9c4-34ae891a72cf/1/6R7yKtqhbVPc9jfFafQTHyYhW5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6R7yKtqhbVPc9jfFafQTHyYhW5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f9:74:28:ac:65:66:f1:c3:56:df:3e:53:1d:53:c8:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e91ef22adaa16d53dcf637c569f4131f26215b91
        Validity
            Not Before: Jul 11 12:27:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efaa1ca893e05fa627af90dc68e1271d25ea9b0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5d:af:64:72:da:fc:fa:e5:75:58:c9:31:b7:
                    c6:46:ec:96:3e:54:4b:35:c2:42:4e:8d:cb:53:c1:
                    ea:5c:a6:a0:20:7a:c7:06:4b:03:3d:0f:a2:dd:85:
                    65:98:26:9c:d7:30:d2:5c:f7:99:e3:58:29:61:d1:
                    34:af:ac:7d:b6:b4:99:cf:e1:5c:9e:6f:1d:6f:d3:
                    90:4e:0b:32:58:ed:c0:24:03:79:5b:e1:40:bc:39:
                    f4:b6:b6:97:0c:5d:d6:51:f3:f1:34:d6:74:69:62:
                    ce:90:57:eb:19:b1:40:8a:da:b2:84:21:95:a5:df:
                    5a:be:81:3e:38:80:ce:5c:d0:5b:3c:53:49:3b:5d:
                    74:2b:88:41:20:99:5b:34:aa:72:9a:85:3b:25:ac:
                    4f:c2:b9:f5:c7:a5:81:75:50:37:4c:de:99:2a:d6:
                    6e:0b:e7:74:ad:4f:ca:3b:f0:5e:8b:f0:cc:29:c9:
                    f6:d8:11:cb:30:43:86:98:8e:78:eb:87:84:43:2e:
                    21:78:3e:28:f7:e3:ed:88:bf:43:de:51:13:48:23:
                    aa:44:1a:e5:a4:02:33:e8:5f:fc:6e:50:89:1b:8a:
                    cb:ea:95:34:2b:ff:2e:0d:78:1d:e6:c9:47:83:e5:
                    b9:a6:f7:52:a9:f4:88:a5:6e:4b:c0:1a:a8:65:78:
                    7b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:AA:1C:A8:93:E0:5F:A6:27:AF:90:DC:68:E1:27:1D:25:EA:9B:0E
            X509v3 Authority Key Identifier:
                keyid:E9:1E:F2:2A:DA:A1:6D:53:DC:F6:37:C5:69:F4:13:1F:26:21:5B:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6R7yKtqhbVPc9jfFafQTHyYhW5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/111385-2eb6-4c6a-b9c4-34ae891a72cf/1/76ocqJPgX6Ynr5DcaOEnHSXqmw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/111385-2eb6-4c6a-b9c4-34ae891a72cf/1/6R7yKtqhbVPc9jfFafQTHyYhW5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:31c0:babe::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:c0:ef:87:1c:26:3b:8e:a7:0f:5e:1d:e6:c5:2b:cd:ad:b5:
         49:c6:db:66:56:03:01:1e:34:cb:b2:0a:b8:87:dd:3d:0e:a9:
         aa:43:ac:ee:ce:ff:fb:25:82:87:25:12:e8:f9:a7:af:90:85:
         0d:07:fd:67:25:55:8f:95:e2:4f:12:20:82:82:86:50:1b:59:
         58:61:1f:91:81:b6:5d:e7:59:e2:6f:d0:6c:55:ae:87:82:8a:
         01:50:a0:41:ef:f3:ea:8d:dd:68:17:00:b8:66:0d:02:98:bf:
         59:5b:59:92:13:dc:7d:e1:bc:f7:98:e5:48:8d:51:c5:60:db:
         f1:70:df:fb:18:bb:2f:fe:3f:e7:91:34:74:6c:f2:3c:f4:a5:
         32:bc:20:11:97:cb:d0:53:38:b6:e4:fe:ce:2e:14:e8:d1:2c:
         b3:17:68:17:a7:ce:11:22:5c:51:f6:76:b5:f7:b5:50:52:76:
         8d:58:cf:00:ce:56:57:78:29:5a:33:34:21:84:b0:fc:46:ee:
         cf:49:ae:38:0a:d4:e3:f3:d3:4a:87:a9:ad:ee:4c:89:49:c2:
         69:37:20:ac:20:39:4f:3d:80:a6:3a:17:d3:a4:7c:49:e2:5d:
         d6:8d:fb:5e:af:13:2e:ab:e1:51:ba:5d:1c:59:47:58:62:b8:
         75:49:7e:10
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZf5dCisZWbxw1bfPlMdU8g5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MWVmMjJhZGFhMTZkNTNkY2Y2MzdjNTY5ZjQxMzFmMjYy
MTViOTEwHhcNMjUwNzExMTIyNzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmFhMWNhODkzZTA1ZmE2MjdhZjkwZGM2OGUxMjcxZDI1ZWE5YjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsl2vZHLa/PrldVjJMbfGRuyWPlRL
NcJCTo3LU8HqXKagIHrHBksDPQ+i3YVlmCac1zDSXPeZ41gpYdE0r6x9trSZz+Fc
nm8db9OQTgsyWO3AJAN5W+FAvDn0traXDF3WUfPxNNZ0aWLOkFfrGbFAitqyhCGV
pd9avoE+OIDOXNBbPFNJO110K4hBIJlbNKpymoU7JaxPwrn1x6WBdVA3TN6ZKtZu
C+d0rU/KO/Bei/DMKcn22BHLMEOGmI5464eEQy4heD4o9+PtiL9D3lETSCOqRBrl
pAIz6F/8blCJG4rL6pU0K/8uDXgd5slHg+W5pvdSqfSIpW5LwBqoZXh74wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO+qHKiT4F+mJ6+Q3GjhJx0l6psOMB8GA1UdIwQY
MBaAFOke8iraoW1T3PY3xWn0Ex8mIVuRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlI3eUt0cWhiVlBjOWpmRmFmUVRIeVloVzVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS8xMTEzODUtMmViNi00YzZhLWI5YzQt
MzRhZTg5MWE3MmNmLzEvNzZvY3FKUGdYNllucjVEY2FPRW5IU1hxbXc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS8xMTEzODUtMmViNi00YzZhLWI5YzQtMzRhZTg5MWE3MmNm
LzEvNlI3eUt0cWhiVlBjOWpmRmFmUVRIeVloVzVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgkxwLq+
MA0GCSqGSIb3DQEBCwUAA4IBAQCAwO+HHCY7jqcPXh3mxSvNrbVJxttmVgMBHjTL
sgq4h909DqmqQ6zuzv/7JYKHJRLo+aevkIUNB/1nJVWPleJPEiCCgoZQG1lYYR+R
gbZd51nib9BsVa6HgooBUKBB7/Pqjd1oFwC4Zg0CmL9ZW1mSE9x94bz3mOVIjVHF
YNvxcN/7GLsv/j/nkTR0bPI89KUyvCARl8vQUzi25P7OLhTo0SyzF2gXp84RIlxR
9na197VQUnaNWM8AzlZXeClaMzQhhLD8Ru7PSa44CtTj89NKh6mt7kyJScJpNyCs
IDlPPYCmOhfTpHxJ4l3WjfterxMuq+FRul0cWUdYYrh1SX4Q
-----END CERTIFICATE-----