Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/Y4lRCxWqqWGfEk6C0jkwlCOXSD0.roa
File:                     Y4lRCxWqqWGfEk6C0jkwlCOXSD0.roa (raw, json)
Hash identifier:          9r+brMvqsw+YAYjvRc7DWtH7UFv+6TtKr5r8x/0sk6A=
Subject key identifier:   63:89:51:0B:15:AA:A9:61:9F:12:4E:82:D2:39:30:94:23:97:48:3D
Certificate issuer:       /CN=e7334ad9b3fc521030be99a5157211b663216c94
Certificate serial:       01961834C0A6A3895D76831C0C846089F02C
Authority key identifier: E7:33:4A:D9:B3:FC:52:10:30:BE:99:A5:15:72:11:B6:63:21:6C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/Y4lRCxWqqWGfEk6C0jkwlCOXSD0.roa
Signing time:             Wed 09 Apr 2025 01:40:32 +0000
ROA not before:           Wed 09 Apr 2025 01:40:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204576
IP address blocks:        2a0d:a640::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:18:34:c0:a6:a3:89:5d:76:83:1c:0c:84:60:89:f0:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7334ad9b3fc521030be99a5157211b663216c94
        Validity
            Not Before: Apr  9 01:40:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6389510b15aaa9619f124e82d23930942397483d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e9:6f:ec:3a:c1:1a:21:a9:fd:e8:df:ce:e9:
                    9b:6e:c7:27:d4:19:ae:b2:42:f6:59:a4:65:96:ec:
                    14:77:a0:5d:fd:74:7b:24:a4:9f:5b:17:07:24:c0:
                    1a:2e:d9:5f:96:99:b9:a3:8e:25:23:68:80:29:13:
                    79:74:ab:b8:7b:09:79:a4:28:9c:17:46:64:aa:a2:
                    35:c3:d2:cd:80:03:37:40:c2:84:3f:98:27:d3:c9:
                    20:5f:3b:7e:2b:fb:8b:2a:a2:f3:da:d5:03:d9:8b:
                    43:df:67:ba:fb:f3:78:bf:d0:6f:92:57:ad:f2:68:
                    9c:d2:5d:41:5b:24:bd:1a:a2:93:c6:dd:78:f2:27:
                    88:6c:05:de:5a:37:cf:90:af:45:d5:38:1f:1e:09:
                    61:c1:c4:57:64:39:b1:72:e8:c3:d0:7c:1f:16:68:
                    54:88:7a:1c:1a:06:8c:58:f2:32:99:0b:cc:43:a5:
                    5e:d0:84:f4:ac:fd:52:a8:59:e0:c0:9b:63:60:ce:
                    c8:38:d9:15:23:37:1d:f3:ae:cf:60:b6:10:45:93:
                    f8:8f:a6:d6:3e:b1:81:6c:43:b8:08:91:fa:21:ae:
                    90:ba:cb:81:5d:60:73:41:da:a3:d2:90:40:f8:dc:
                    44:3a:1b:93:02:c9:95:b4:44:2e:bc:94:9b:1a:47:
                    4a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:89:51:0B:15:AA:A9:61:9F:12:4E:82:D2:39:30:94:23:97:48:3D
            X509v3 Authority Key Identifier:
                keyid:E7:33:4A:D9:B3:FC:52:10:30:BE:99:A5:15:72:11:B6:63:21:6C:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/Y4lRCxWqqWGfEk6C0jkwlCOXSD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:a640::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:a1:dd:dc:11:b9:1a:9b:a3:8f:a2:03:16:3e:8e:73:59:0e:
         d6:bb:de:81:07:13:1c:89:79:42:d2:65:bf:86:28:50:4d:10:
         39:1b:a8:2b:e6:31:6c:20:cc:b0:c2:90:b9:bd:b4:f7:ea:9a:
         fc:71:92:bc:bc:c1:c6:c6:4b:0c:3d:4c:f3:e2:73:77:c4:55:
         6f:3a:f7:cb:d6:3f:2a:a2:50:7b:a6:0b:6c:8f:8f:3d:b7:b2:
         c3:a7:a2:b6:98:62:4a:82:bf:fb:f7:26:6d:bd:17:ca:33:be:
         d3:98:b2:52:5a:b5:f6:ea:a6:bc:2f:a7:ca:57:49:02:1d:85:
         6e:7c:2d:07:f6:b8:60:4b:e4:b0:d7:d8:f0:8a:a1:d8:5b:7f:
         59:f7:55:20:a9:a7:e8:83:a7:6c:f3:96:82:e6:04:79:48:74:
         49:a3:32:04:f0:9c:17:22:5c:c5:dd:2e:2e:76:3f:c0:f9:cb:
         32:71:40:b3:f5:ff:b5:42:04:4e:8d:ff:4f:b9:5b:24:a6:53:
         ff:3f:94:82:6e:a1:0a:7d:0b:ec:f9:79:6b:85:db:b2:8c:41:
         f8:3f:a5:21:41:94:3a:aa:c0:7a:18:66:e7:da:50:a4:2c:f6:
         35:88:27:20:21:e5:16:77:bf:e9:3b:6d:ba:ca:2b:32:2e:8d:
         fe:26:d8:7e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZYYNMCmo4lddoMcDIRgifAsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MzM0YWQ5YjNmYzUyMTAzMGJlOTlhNTE1NzIxMWI2NjMy
MTZjOTQwHhcNMjUwNDA5MDE0MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzg5NTEwYjE1YWFhOTYxOWYxMjRlODJkMjM5MzA5NDIzOTc0ODNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOlv7DrBGiGp/ejfzumbbscn1Bmu
skL2WaRlluwUd6Bd/XR7JKSfWxcHJMAaLtlflpm5o44lI2iAKRN5dKu4ewl5pCic
F0ZkqqI1w9LNgAM3QMKEP5gn08kgXzt+K/uLKqLz2tUD2YtD32e6+/N4v9Bvklet
8mic0l1BWyS9GqKTxt148ieIbAXeWjfPkK9F1TgfHglhwcRXZDmxcujD0HwfFmhU
iHocGgaMWPIymQvMQ6Ve0IT0rP1SqFngwJtjYM7IONkVIzcd867PYLYQRZP4j6bW
PrGBbEO4CJH6Ia6QusuBXWBzQdqj0pBA+NxEOhuTAsmVtEQuvJSbGkdK+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGOJUQsVqqlhnxJOgtI5MJQjl0g9MB8GA1UdIwQY
MBaAFOczStmz/FIQML6ZpRVyEbZjIWyUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXpOSzJiUDhVaEF3dnBtbEZYSVJ0bU1oYkpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iMDRiMmUtNzNlNi00ODg3LThkZjEt
MzcyMmRmMDczNjAzLzEvWTRsUkN4V3FxV0dmRWs2QzBqa3dsQ09YU0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iMDRiMmUtNzNlNi00ODg3LThkZjEtMzcyMmRmMDczNjAz
LzEvNXpOSzJiUDhVaEF3dnBtbEZYSVJ0bU1oYkpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg2mQDAN
BgkqhkiG9w0BAQsFAAOCAQEAUKHd3BG5Gpujj6IDFj6Oc1kO1rvegQcTHIl5QtJl
v4YoUE0QORuoK+YxbCDMsMKQub209+qa/HGSvLzBxsZLDD1M8+Jzd8RVbzr3y9Y/
KqJQe6YLbI+PPbeyw6eitphiSoK/+/cmbb0XyjO+05iyUlq19uqmvC+nyldJAh2F
bnwtB/a4YEvksNfY8Iqh2Ft/WfdVIKmn6IOnbPOWguYEeUh0SaMyBPCcFyJcxd0u
LnY/wPnLMnFAs/X/tUIETo3/T7lbJKZT/z+Ugm6hCn0L7Pl5a4XbsoxB+D+lIUGU
OqrAehhm59pQpCz2NYgnICHlFne/6TttusorMi6N/ibYfg==
-----END CERTIFICATE-----