Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/hgObzkM_wwvc0dyGvrLNFkHuJic.roa
File:                     hgObzkM_wwvc0dyGvrLNFkHuJic.roa (raw, json)
Hash identifier:          2fUnYf8lmzD0ArkCZKXV0YmZoW0CZyUldL0enIXGOPQ=
Subject key identifier:   86:03:9B:CE:43:3F:C3:0B:DC:D1:DC:86:BE:B2:CD:16:41:EE:26:27
Certificate issuer:       /CN=53129d048deb2e0bf62271399a090b9010160b39
Certificate serial:       0197D6C14F6CD1C5E3D716E91B0148357ED5
Authority key identifier: 53:12:9D:04:8D:EB:2E:0B:F6:22:71:39:9A:09:0B:90:10:16:0B:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UxKdBI3rLgv2InE5mgkLkBAWCzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/hgObzkM_wwvc0dyGvrLNFkHuJic.roa
Signing time:             Fri 04 Jul 2025 18:44:42 +0000
ROA not before:           Fri 04 Jul 2025 18:44:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2001:3580::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/UxKdBI3rLgv2InE5mgkLkBAWCzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/UxKdBI3rLgv2InE5mgkLkBAWCzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UxKdBI3rLgv2InE5mgkLkBAWCzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d6:c1:4f:6c:d1:c5:e3:d7:16:e9:1b:01:48:35:7e:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53129d048deb2e0bf62271399a090b9010160b39
        Validity
            Not Before: Jul  4 18:44:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86039bce433fc30bdcd1dc86beb2cd1641ee2627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:a1:7b:a3:58:1e:0f:94:ae:af:81:2b:02:4b:
                    31:06:38:0a:e7:09:eb:b3:4a:92:ca:03:16:7f:20:
                    bd:f3:1f:fb:1f:0b:61:a0:7c:6c:45:bf:e9:a6:57:
                    4b:10:d3:21:47:60:03:13:f2:cb:77:94:b8:81:c2:
                    13:1a:78:a3:7b:e3:88:6d:11:62:c2:c9:28:94:c2:
                    a2:b1:d7:43:13:66:4c:5c:7a:69:2f:42:96:97:5e:
                    d4:af:1f:ae:3f:c7:2d:05:02:fd:ce:08:47:d3:07:
                    7a:21:1d:0f:f6:d7:15:b4:73:a7:49:69:c9:90:a3:
                    59:4d:36:2c:87:2d:04:51:d7:ac:20:15:3a:71:1b:
                    0b:5a:92:fc:95:10:c9:00:2b:d0:6b:16:34:69:d4:
                    78:be:fe:2a:bd:12:01:4d:f9:17:3d:ef:5c:ba:44:
                    dc:e4:d4:f4:d7:ff:13:f1:0f:be:3c:e9:29:72:08:
                    b4:52:a0:58:19:53:86:9b:7a:ff:f2:61:9a:a8:a4:
                    80:23:f4:3b:2a:14:36:cf:bd:f5:0c:f7:30:c1:e9:
                    16:ab:ed:49:f3:23:78:9c:54:ac:a1:de:75:f3:c5:
                    5a:1e:2c:f6:1a:20:6f:cb:88:0f:7d:f0:66:04:3b:
                    cb:18:38:da:d7:e5:44:0e:a8:ae:2e:dc:6f:1d:49:
                    af:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:03:9B:CE:43:3F:C3:0B:DC:D1:DC:86:BE:B2:CD:16:41:EE:26:27
            X509v3 Authority Key Identifier:
                keyid:53:12:9D:04:8D:EB:2E:0B:F6:22:71:39:9A:09:0B:90:10:16:0B:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UxKdBI3rLgv2InE5mgkLkBAWCzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/hgObzkM_wwvc0dyGvrLNFkHuJic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/UxKdBI3rLgv2InE5mgkLkBAWCzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3580::/29

    Signature Algorithm: sha256WithRSAEncryption
         a9:4a:26:f1:8d:aa:dc:cf:0c:25:f8:4d:66:ef:37:cf:66:4e:
         83:eb:6b:e7:40:dc:ee:fe:f8:ca:bc:c5:a0:ba:76:bc:67:b6:
         b2:70:af:c7:d1:72:93:b5:d8:31:9e:9f:c2:92:30:fc:b8:f1:
         8a:6b:a6:93:15:a2:2f:08:48:cd:0a:94:92:85:10:24:4c:25:
         84:23:e5:42:75:80:92:d1:9b:e8:fc:2e:34:be:bb:ae:db:88:
         ce:f9:9c:0a:cb:91:8f:6e:6b:7f:f8:42:7d:f6:aa:84:14:81:
         fb:07:22:d7:7c:c7:17:cc:22:7c:17:5c:cc:ef:7a:d5:cf:dd:
         d9:05:d3:97:dd:8c:f5:bc:e9:37:4c:72:fe:d2:7b:c9:50:05:
         b7:64:a8:79:45:7c:d9:ca:02:04:52:a8:25:77:81:36:1e:75:
         bd:2b:5a:6d:d3:ba:97:b4:5d:d6:91:bb:ee:bd:68:34:bc:22:
         16:88:b1:bc:b9:58:a0:9b:31:23:57:af:c2:c3:c8:82:d4:1d:
         5b:86:d0:0b:a9:92:aa:c2:5e:a0:b4:d7:d4:29:5b:ad:95:6f:
         ab:73:ea:0f:54:68:7c:49:ef:fd:91:1c:73:eb:6c:6f:e6:09:
         d5:7e:33:ba:df:4b:b9:cc:0c:95:e2:02:ba:c8:c8:cd:65:83:
         b2:50:6c:ae
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfWwU9s0cXj1xbpGwFINX7VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMTI5ZDA0OGRlYjJlMGJmNjIyNzEzOTlhMDkwYjkwMTAx
NjBiMzkwHhcNMjUwNzA0MTg0NDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjAzOWJjZTQzM2ZjMzBiZGNkMWRjODZiZWIyY2QxNjQxZWUyNjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0aF7o1geD5Sur4ErAksxBjgK5wnr
s0qSygMWfyC98x/7HwthoHxsRb/ppldLENMhR2ADE/LLd5S4gcITGnije+OIbRFi
wskolMKisddDE2ZMXHppL0KWl17Urx+uP8ctBQL9zghH0wd6IR0P9tcVtHOnSWnJ
kKNZTTYshy0EUdesIBU6cRsLWpL8lRDJACvQaxY0adR4vv4qvRIBTfkXPe9cukTc
5NT01/8T8Q++POkpcgi0UqBYGVOGm3r/8mGaqKSAI/Q7KhQ2z731DPcwwekWq+1J
8yN4nFSsod5188VaHiz2GiBvy4gPffBmBDvLGDja1+VEDqiuLtxvHUmvpwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIYDm85DP8ML3NHchr6yzRZB7iYnMB8GA1UdIwQY
MBaAFFMSnQSN6y4L9iJxOZoJC5AQFgs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXhLZEJJM3JMZ3YySW5FNW1na0xrQkFXQ3prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS84ZDU4ZTQtODhmNi00YWVkLWJhNDMt
N2FlNjM1OWQzMTEwLzEvaGdPYnprTV93d3ZjMGR5R3ZyTE5Ga0h1SmljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS84ZDU4ZTQtODhmNi00YWVkLWJhNDMtN2FlNjM1OWQzMTEw
LzEvVXhLZEJJM3JMZ3YySW5FNW1na0xrQkFXQ3prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDIAE1gDAN
BgkqhkiG9w0BAQsFAAOCAQEAqUom8Y2q3M8MJfhNZu83z2ZOg+tr50Dc7v74yrzF
oLp2vGe2snCvx9Fyk7XYMZ6fwpIw/LjximumkxWiLwhIzQqUkoUQJEwlhCPlQnWA
ktGb6PwuNL67rtuIzvmcCsuRj25rf/hCffaqhBSB+wci13zHF8wifBdczO961c/d
2QXTl92M9bzpN0xy/tJ7yVAFt2SoeUV82coCBFKoJXeBNh51vStabdO6l7Rd1pG7
7r1oNLwiFoixvLlYoJsxI1evwsPIgtQdW4bQC6mSqsJeoLTX1ClbrZVvq3PqD1Ro
fEnv/ZEcc+tsb+YJ1X4zut9LucwMleICusjIzWWDslBsrg==
-----END CERTIFICATE-----