Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/ecdc5a-ef52-4107-b3cb-3bda3539c6bc/1/HI7B1jr-szIvsbzfV6wrZqk3kpw.roa
File:                     HI7B1jr-szIvsbzfV6wrZqk3kpw.roa (raw, json)
Hash identifier:          nW/JeadW697758rAda0qBRczYN3xljyyCO9Qys1RCMU=
Subject key identifier:   1C:8E:C1:D6:3A:FE:B3:32:2F:B1:BC:DF:57:AC:2B:66:A9:37:92:9C
Certificate issuer:       /CN=e1682863e9987a9eb8668ba07c96c99a1b2dfe69
Certificate serial:       01995DDB17E3F45C67915F5EBAB4CEF40C34
Authority key identifier: E1:68:28:63:E9:98:7A:9E:B8:66:8B:A0:7C:96:C9:9A:1B:2D:FE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4WgoY-mYep64ZougfJbJmhst_mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/ecdc5a-ef52-4107-b3cb-3bda3539c6bc/1/HI7B1jr-szIvsbzfV6wrZqk3kpw.roa
Signing time:             Thu 18 Sep 2025 17:24:23 +0000
ROA not before:           Thu 18 Sep 2025 17:24:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8987
IP address blocks:        2a00:42e0:1000::/36 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/ecdc5a-ef52-4107-b3cb-3bda3539c6bc/1/4WgoY-mYep64ZougfJbJmhst_mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/ecdc5a-ef52-4107-b3cb-3bda3539c6bc/1/4WgoY-mYep64ZougfJbJmhst_mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4WgoY-mYep64ZougfJbJmhst_mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Sep 2025 02:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5d:db:17:e3:f4:5c:67:91:5f:5e:ba:b4:ce:f4:0c:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1682863e9987a9eb8668ba07c96c99a1b2dfe69
        Validity
            Not Before: Sep 18 17:24:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c8ec1d63afeb3322fb1bcdf57ac2b66a937929c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:45:66:0d:73:35:8f:1e:fc:34:be:cf:0e:b1:
                    3f:8e:60:87:72:a0:6f:1a:c6:6f:a5:ca:91:14:23:
                    81:1a:83:07:f4:a0:9d:44:18:ea:cb:43:33:07:6b:
                    b1:e2:c3:00:d0:a1:99:32:35:e7:1b:08:be:ab:24:
                    de:f5:87:40:b9:ee:b4:ef:7a:45:f2:77:7b:15:be:
                    29:e0:aa:7d:5c:1f:0a:8a:48:52:4d:4b:41:db:a6:
                    47:be:67:10:54:d7:ab:fc:09:1b:2f:30:66:ba:51:
                    1d:f1:5c:4c:c5:f7:c4:62:6c:02:b3:db:f5:55:68:
                    90:59:0f:e5:7c:43:19:ae:54:ec:da:16:7d:bd:9f:
                    0d:c8:ae:17:ba:3b:e2:31:04:5e:5d:b5:bb:a9:47:
                    ef:bf:12:08:6d:5f:48:01:ac:a2:c9:fb:a0:9e:e4:
                    7e:d9:db:25:7b:db:f6:d3:15:f4:ec:66:c7:7d:54:
                    e6:28:95:fc:87:b1:32:c3:e6:80:20:5c:eb:61:d0:
                    71:e4:01:7d:18:c9:1d:d6:f3:5d:33:d5:bb:d9:f9:
                    b7:dc:53:e5:6c:44:f1:ca:29:b9:eb:91:32:b5:10:
                    c4:62:0a:83:ff:30:46:27:32:d7:0d:67:a2:8f:31:
                    d4:80:5a:9d:70:21:82:b0:32:cd:50:5c:73:19:7b:
                    08:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:8E:C1:D6:3A:FE:B3:32:2F:B1:BC:DF:57:AC:2B:66:A9:37:92:9C
            X509v3 Authority Key Identifier:
                keyid:E1:68:28:63:E9:98:7A:9E:B8:66:8B:A0:7C:96:C9:9A:1B:2D:FE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4WgoY-mYep64ZougfJbJmhst_mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/ecdc5a-ef52-4107-b3cb-3bda3539c6bc/1/HI7B1jr-szIvsbzfV6wrZqk3kpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/ecdc5a-ef52-4107-b3cb-3bda3539c6bc/1/4WgoY-mYep64ZougfJbJmhst_mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:42e0:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3b:05:36:a1:05:e7:25:85:6b:0f:fd:82:5b:24:af:f7:24:46:
         f7:f1:bd:e9:90:1b:d1:e0:8e:b9:1d:c2:e8:08:00:fe:d2:32:
         a5:31:f5:7e:5f:af:0b:5e:5a:f5:9b:76:df:01:8b:3b:a9:0a:
         5f:62:f2:62:6b:16:2e:6c:c5:c0:60:69:64:0d:39:ca:da:da:
         05:93:a4:c0:56:2a:ba:07:68:32:38:90:4c:d3:af:e8:13:d4:
         77:9f:0b:e9:15:45:cd:99:65:38:40:10:dc:48:83:b0:0c:1a:
         75:4b:c9:38:3c:1d:9d:ea:fa:73:6c:b6:58:04:99:c6:94:f3:
         4d:16:2d:01:40:ab:56:42:60:64:c7:16:b8:b2:4b:5c:08:eb:
         70:85:cf:6b:cc:f4:e4:ef:c8:23:c0:09:d7:84:6b:95:0e:bf:
         ec:9a:a0:15:4f:e3:1b:d7:b6:20:fd:52:10:75:bb:9f:a9:88:
         a2:cb:f0:15:ea:1f:32:c5:f6:bf:0a:81:fd:11:e5:79:7e:01:
         0a:72:7c:56:95:a7:26:a7:79:97:c4:96:16:55:ee:6f:76:b7:
         27:f8:21:1d:3b:e0:c6:c0:ad:fb:da:a5:c0:a5:fe:58:90:88:
         ee:43:6f:04:5a:ed:c0:b9:d6:1c:9b:f2:61:32:e9:27:e1:bf:
         da:07:b1:e4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZld2xfj9FxnkV9eurTO9Aw0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNjgyODYzZTk5ODdhOWViODY2OGJhMDdjOTZjOTlhMWIy
ZGZlNjkwHhcNMjUwOTE4MTcyNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzhlYzFkNjNhZmViMzMyMmZiMWJjZGY1N2FjMmI2NmE5Mzc5MjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EVmDXM1jx78NL7PDrE/jmCHcqBv
GsZvpcqRFCOBGoMH9KCdRBjqy0MzB2ux4sMA0KGZMjXnGwi+qyTe9YdAue6073pF
8nd7Fb4p4Kp9XB8KikhSTUtB26ZHvmcQVNer/AkbLzBmulEd8VxMxffEYmwCs9v1
VWiQWQ/lfEMZrlTs2hZ9vZ8NyK4XujviMQReXbW7qUfvvxIIbV9IAayiyfugnuR+
2dsle9v20xX07GbHfVTmKJX8h7Eyw+aAIFzrYdBx5AF9GMkd1vNdM9W72fm33FPl
bETxyim565EytRDEYgqD/zBGJzLXDWeijzHUgFqdcCGCsDLNUFxzGXsIeQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFByOwdY6/rMyL7G831esK2apN5KcMB8GA1UdIwQY
MBaAFOFoKGPpmHqeuGaLoHyWyZobLf5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFdnb1ktbVllcDY0Wm91Z2ZKYkptaHN0X21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9lY2RjNWEtZWY1Mi00MTA3LWIzY2It
M2JkYTM1MzljNmJjLzEvSEk3QjFqci1zekl2c2J6ZlY2d3JacWsza3B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9lY2RjNWEtZWY1Mi00MTA3LWIzY2ItM2JkYTM1MzljNmJj
LzEvNFdnb1ktbVllcDY0Wm91Z2ZKYkptaHN0X21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgBC4BAw
DQYJKoZIhvcNAQELBQADggEBADsFNqEF5yWFaw/9glskr/ckRvfxvemQG9Hgjrkd
wugIAP7SMqUx9X5frwteWvWbdt8BizupCl9i8mJrFi5sxcBgaWQNOcra2gWTpMBW
KroHaDI4kEzTr+gT1HefC+kVRc2ZZThAENxIg7AMGnVLyTg8HZ3q+nNstlgEmcaU
800WLQFAq1ZCYGTHFriyS1wI63CFz2vM9OTvyCPACdeEa5UOv+yaoBVP4xvXtiD9
UhB1u5+piKLL8BXqHzLF9r8Kgf0R5Xl+AQpyfFaVpyaneZfElhZV7m92tyf4IR07
4MbArfvapcCl/liQiO5DbwRa7cC51hyb8mEy6Sfhv9oHseQ=
-----END CERTIFICATE-----