Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/lD9Yt3K5edMuIrkwhsj6JO7STGA.roa
File:                     lD9Yt3K5edMuIrkwhsj6JO7STGA.roa (raw, json)
Hash identifier:          mqDWHmYYbsebShUxyPzNtJVFDL4DMjGewscyC8zs8vM=
Subject key identifier:   94:3F:58:B7:72:B9:79:D3:2E:22:B9:30:86:C8:FA:24:EE:D2:4C:60
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0197D5B6A0AFACAB64483BF6F1566A1D9B9F
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/lD9Yt3K5edMuIrkwhsj6JO7STGA.roa
Signing time:             Fri 04 Jul 2025 13:53:25 +0000
ROA not before:           Fri 04 Jul 2025 13:53:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210899
IP address blocks:        2a0e:d601:7220::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d5:b6:a0:af:ac:ab:64:48:3b:f6:f1:56:6a:1d:9b:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul  4 13:53:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=943f58b772b979d32e22b93086c8fa24eed24c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a5:91:96:88:9a:af:7f:3b:9c:f5:60:2c:2c:
                    f4:a5:53:92:dd:c0:ee:10:f8:07:37:ba:b1:b7:04:
                    21:44:80:e5:58:a3:7c:b2:24:62:3d:3b:49:c4:fc:
                    53:79:a8:78:9c:72:a3:21:2e:54:25:44:81:3b:be:
                    c1:eb:67:98:f6:e3:8e:33:6c:e7:b8:3d:7e:f8:c5:
                    be:a6:12:8e:63:15:59:01:d8:b6:6c:f7:d7:7b:13:
                    e3:87:b7:54:77:23:7d:2d:f3:d2:de:0a:4e:6a:a3:
                    b6:17:1e:91:40:23:20:b4:56:a0:dc:8a:d8:41:66:
                    05:a0:cb:ea:be:3b:25:30:ec:aa:f7:dc:17:52:2a:
                    9c:5b:c3:44:bc:b4:12:02:5b:eb:c9:f3:32:56:fa:
                    23:06:a5:1b:6c:fa:30:3d:24:fb:42:c2:38:37:bf:
                    4f:d8:c4:e1:4b:92:dc:93:c9:bb:cd:59:8d:13:ea:
                    6a:5c:c9:9c:1a:cb:31:2c:a3:77:4d:6e:b1:fa:d9:
                    5a:d1:81:40:98:d2:45:21:57:f4:16:20:2c:7d:8c:
                    d6:7b:21:66:03:b3:fa:7c:44:9f:db:51:c2:09:68:
                    59:0b:f1:d8:a1:67:e7:84:16:77:1d:0a:76:b4:80:
                    53:fd:9e:a5:b9:5d:58:83:0d:67:a7:54:57:56:96:
                    d6:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:3F:58:B7:72:B9:79:D3:2E:22:B9:30:86:C8:FA:24:EE:D2:4C:60
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/lD9Yt3K5edMuIrkwhsj6JO7STGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:d601:7220::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:01:56:d6:9f:8a:af:36:76:ef:34:d3:9f:0f:2a:26:d1:4d:
         94:cd:30:d7:a8:99:2a:b6:00:4e:ae:16:8f:59:b3:38:3d:ba:
         b1:0e:51:87:48:df:ba:8c:b9:3e:4a:9d:84:37:22:e0:ef:67:
         ec:f9:db:7f:ea:2b:0c:8d:68:10:4e:b0:1e:2e:1b:92:01:2d:
         53:a7:7c:eb:53:c0:ca:f5:d2:a4:28:0e:fc:57:f9:ff:7f:38:
         70:d0:ad:d3:9d:40:00:af:c0:d6:ad:46:bf:ca:41:fa:1d:37:
         20:f6:d7:e3:02:49:b9:e7:6f:7c:03:36:c9:9e:70:1e:6f:bb:
         e2:c8:1c:ab:4e:86:12:6f:f2:f8:1e:71:97:d4:20:f0:1c:de:
         8f:3b:c7:1f:d2:d1:1b:18:95:89:38:ff:7d:27:0e:52:e4:d1:
         3a:57:fa:a7:b3:f9:7b:0c:83:b0:c2:27:58:01:a2:98:3f:ac:
         1a:d2:29:65:01:81:f1:64:14:f4:c1:83:ec:38:83:f1:95:3f:
         70:5d:09:0e:4b:c1:97:f4:0d:3b:27:1c:58:da:ca:b8:8a:bb:
         da:4b:a3:c6:35:1b:ef:84:f7:ea:5a:df:b3:c9:1e:c6:fe:ff:
         c3:0b:5c:ec:dc:75:07:8f:0c:a6:32:b4:78:79:ab:7d:f1:15:
         18:ab:28:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZfVtqCvrKtkSDv28VZqHZufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwNzA0MTM1MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDNmNThiNzcyYjk3OWQzMmUyMmI5MzA4NmM4ZmEyNGVlZDI0YzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqWRloiar387nPVgLCz0pVOS3cDu
EPgHN7qxtwQhRIDlWKN8siRiPTtJxPxTeah4nHKjIS5UJUSBO77B62eY9uOOM2zn
uD1++MW+phKOYxVZAdi2bPfXexPjh7dUdyN9LfPS3gpOaqO2Fx6RQCMgtFag3IrY
QWYFoMvqvjslMOyq99wXUiqcW8NEvLQSAlvryfMyVvojBqUbbPowPST7QsI4N79P
2MThS5Lck8m7zVmNE+pqXMmcGssxLKN3TW6x+tla0YFAmNJFIVf0FiAsfYzWeyFm
A7P6fESf21HCCWhZC/HYoWfnhBZ3HQp2tIBT/Z6luV1Ygw1np1RXVpbWkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJQ/WLdyuXnTLiK5MIbI+iTu0kxgMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvbEQ5WXQzSzVlZE11SXJrd2hzajZKTzdTVEdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg7WAXIg
MA0GCSqGSIb3DQEBCwUAA4IBAQCCAVbWn4qvNnbvNNOfDyom0U2UzTDXqJkqtgBO
rhaPWbM4PbqxDlGHSN+6jLk+Sp2ENyLg72fs+dt/6isMjWgQTrAeLhuSAS1Tp3zr
U8DK9dKkKA78V/n/fzhw0K3TnUAAr8DWrUa/ykH6HTcg9tfjAkm55298AzbJnnAe
b7viyByrToYSb/L4HnGX1CDwHN6PO8cf0tEbGJWJOP99Jw5S5NE6V/qns/l7DIOw
widYAaKYP6wa0illAYHxZBT0wYPsOIPxlT9wXQkOS8GX9A07JxxY2sq4irvaS6PG
NRvvhPfqWt+zyR7G/v/DC1zs3HUHjwymMrR4eat98RUYqyi6
-----END CERTIFICATE-----