Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/SLOIh5OUxYldi6gPX-RsNuUwf4Y.roa
File:                     SLOIh5OUxYldi6gPX-RsNuUwf4Y.roa (raw, json)
Hash identifier:          d8MCdIFeIScvwL1M407btv3rREWFwd5yky+3ie4fgYY=
Subject key identifier:   48:B3:88:87:93:94:C5:89:5D:8B:A8:0F:5F:E4:6C:36:E5:30:7F:86
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       0197C70414973E129539CCFFB3360EF507DA
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/SLOIh5OUxYldi6gPX-RsNuUwf4Y.roa
Signing time:             Tue 01 Jul 2025 17:23:42 +0000
ROA not before:           Tue 01 Jul 2025 17:23:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215568
IP address blocks:        2a06:fe47::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:04:14:97:3e:12:95:39:cc:ff:b3:36:0e:f5:07:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jul  1 17:23:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48b388879394c5895d8ba80f5fe46c36e5307f86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6b:1f:27:c6:74:3a:13:75:09:99:02:ad:b0:
                    95:3c:44:e5:78:72:a3:e5:9b:57:60:72:5d:44:f1:
                    ad:2f:50:02:51:7f:ea:32:9d:63:42:9d:58:66:c6:
                    89:26:e4:9e:84:32:97:81:a0:03:ad:a1:84:15:e1:
                    05:a5:73:6e:e2:ae:bc:38:af:83:fc:55:3c:f7:58:
                    c8:2c:eb:3b:22:28:af:4e:b0:1b:30:32:01:01:e5:
                    e1:10:0c:2d:c1:ee:77:82:70:41:e4:4a:9e:96:f9:
                    5a:7c:0c:5a:3b:97:10:6c:2a:2a:1a:99:c3:65:81:
                    ba:e1:5b:2c:45:0c:71:df:e3:3f:f4:5f:37:ac:e0:
                    1a:fe:56:36:aa:36:d1:ae:22:58:07:4d:fb:ac:16:
                    4f:51:3a:2d:42:be:95:8c:62:be:27:5f:a6:f1:f7:
                    57:84:e7:0a:b3:5f:1d:05:67:55:f9:57:82:ad:ad:
                    12:3b:90:24:02:c7:2f:6d:02:f0:74:b7:7e:b9:80:
                    6d:aa:d4:dc:46:c4:28:db:62:0b:28:73:c0:1a:91:
                    35:b6:12:d4:82:73:af:9c:15:ff:8f:ec:12:16:48:
                    92:72:a3:d9:cd:1f:5f:74:5c:b7:1c:9c:fe:f8:69:
                    e6:01:b8:a4:7c:78:c9:fe:78:29:4c:f5:f2:d1:1e:
                    02:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:B3:88:87:93:94:C5:89:5D:8B:A8:0F:5F:E4:6C:36:E5:30:7F:86
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/SLOIh5OUxYldi6gPX-RsNuUwf4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:fe47::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:05:4b:c9:2e:b5:6d:f4:06:1e:e9:d2:bc:5c:7e:a1:85:a1:
         f8:ba:95:36:6c:68:de:a7:fb:dd:68:97:db:84:4b:bd:eb:de:
         58:16:dc:34:b1:50:25:7c:be:b7:61:44:d5:50:ca:ab:21:06:
         8f:c2:12:c5:d2:9c:11:bb:92:d5:c5:8a:0b:31:cc:a1:61:18:
         41:80:4a:0a:9f:b7:e2:9a:5b:ad:72:ae:78:4f:c4:b2:c9:f2:
         a0:70:d7:bb:9b:95:17:71:45:3e:83:37:32:80:29:e8:7a:3e:
         ad:11:6d:9f:de:e7:ef:80:d2:cb:0d:a7:c8:7c:cd:3e:94:6b:
         46:7c:cb:3b:38:e7:74:81:fe:3a:5a:9f:84:6e:1a:4d:1b:2b:
         48:bc:59:42:2d:4d:d6:0d:79:1f:50:87:ca:dc:06:8c:29:dd:
         5f:68:f9:96:9a:1e:49:04:09:79:53:b7:99:37:05:65:e9:00:
         0e:b1:ce:93:c4:da:4c:27:5a:5c:92:fe:e8:78:f2:59:be:92:
         d7:17:24:98:37:21:b0:3c:ac:8e:70:83:d2:65:99:23:75:38:
         54:86:9c:b6:c0:22:b9:c7:13:7c:79:50:a7:8d:13:dd:2c:b6:
         05:27:5a:6d:89:f6:8a:e4:82:43:36:df:26:28:18:3b:94:cc:
         65:86:cd:5f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfHBBSXPhKVOcz/szYO9QfaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwNzAxMTcyMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGIzODg4NzkzOTRjNTg5NWQ4YmE4MGY1ZmU0NmMzNmU1MzA3Zjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGsfJ8Z0OhN1CZkCrbCVPETleHKj
5ZtXYHJdRPGtL1ACUX/qMp1jQp1YZsaJJuSehDKXgaADraGEFeEFpXNu4q68OK+D
/FU891jILOs7IiivTrAbMDIBAeXhEAwtwe53gnBB5EqelvlafAxaO5cQbCoqGpnD
ZYG64VssRQxx3+M/9F83rOAa/lY2qjbRriJYB037rBZPUTotQr6VjGK+J1+m8fdX
hOcKs18dBWdV+VeCra0SO5AkAscvbQLwdLd+uYBtqtTcRsQo22ILKHPAGpE1thLU
gnOvnBX/j+wSFkiScqPZzR9fdFy3HJz++GnmAbikfHjJ/ngpTPXy0R4C/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEiziIeTlMWJXYuoD1/kbDblMH+GMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvU0xPSWg1T1V4WWxkaTZnUFgtUnNOdVV3ZjRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgb+RzAN
BgkqhkiG9w0BAQsFAAOCAQEAHQVLyS61bfQGHunSvFx+oYWh+LqVNmxo3qf73WiX
24RLveveWBbcNLFQJXy+t2FE1VDKqyEGj8ISxdKcEbuS1cWKCzHMoWEYQYBKCp+3
4ppbrXKueE/EssnyoHDXu5uVF3FFPoM3MoAp6Ho+rRFtn97n74DSyw2nyHzNPpRr
RnzLOzjndIH+OlqfhG4aTRsrSLxZQi1N1g15H1CHytwGjCndX2j5lpoeSQQJeVO3
mTcFZekADrHOk8TaTCdaXJL+6HjyWb6S1xckmDchsDysjnCD0mWZI3U4VIactsAi
uccTfHlQp40T3Sy2BSdabYn2iuSCQzbfJigYO5TMZYbNXw==
-----END CERTIFICATE-----