Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/hhUqbw5Zqirh7PVhDA1RAgE32vQ.roa
File:                     hhUqbw5Zqirh7PVhDA1RAgE32vQ.roa (raw, json)
Hash identifier:          V0QoFOMcwCf6j92PxuLYgumnElzPozBOUfPvo6n7Ll8=
Subject key identifier:   86:15:2A:6F:0E:59:AA:2A:E1:EC:F5:61:0C:0D:51:02:01:37:DA:F4
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       0197C7023EEB84808893E26D488F976B0C37
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/hhUqbw5Zqirh7PVhDA1RAgE32vQ.roa
Signing time:             Tue 01 Jul 2025 17:21:42 +0000
ROA not before:           Tue 01 Jul 2025 17:21:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     149428
IP address blocks:        2a06:fe42::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:02:3e:eb:84:80:88:93:e2:6d:48:8f:97:6b:0c:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jul  1 17:21:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86152a6f0e59aa2ae1ecf5610c0d51020137daf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f1:28:c3:0a:a7:54:eb:02:40:81:ad:54:a2:
                    ad:40:8f:07:b3:88:58:7f:00:ee:55:d1:d6:b8:ff:
                    e3:ed:f6:b6:be:b6:ea:77:20:c3:01:67:a5:db:87:
                    f4:26:c9:7c:a8:63:5d:09:3e:9f:f5:ca:81:6f:40:
                    a8:c2:27:17:6d:49:75:42:a1:df:c8:06:73:bc:b2:
                    ec:c1:c5:f2:11:7c:a1:d3:dc:92:d4:7d:12:83:55:
                    f7:1d:e4:39:0a:a0:12:01:5b:94:48:2a:d8:a3:93:
                    fd:2d:42:43:3a:74:9e:6f:17:89:12:e0:9b:6c:f3:
                    34:60:43:07:de:84:44:a9:48:2b:27:08:87:81:34:
                    05:be:49:3c:eb:0c:8c:6c:3a:0a:cc:45:c4:df:51:
                    91:db:6a:fc:a7:b3:b0:9d:61:d2:b8:db:f1:e0:ba:
                    af:19:ca:2e:d5:eb:16:33:5a:ef:2c:1b:d7:38:ff:
                    6f:63:fc:e2:27:e8:02:71:71:c9:3d:29:35:6b:74:
                    5f:72:ce:28:95:b2:cd:75:22:5b:d3:1d:ac:6a:c0:
                    e0:d9:24:cf:87:f7:5c:51:7b:e6:35:9a:9a:17:53:
                    c5:ad:b6:42:c0:91:9d:f9:fe:9d:e0:94:98:b4:9d:
                    71:35:83:18:01:59:13:61:ed:0c:ff:b7:c7:d1:36:
                    bc:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:15:2A:6F:0E:59:AA:2A:E1:EC:F5:61:0C:0D:51:02:01:37:DA:F4
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/hhUqbw5Zqirh7PVhDA1RAgE32vQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:fe42::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:e3:f6:e8:02:11:30:b8:7e:e2:85:ff:c3:6f:f8:4b:fe:8e:
         2a:b6:ce:b5:8a:13:5b:fe:1f:a3:4f:b9:ba:f2:a6:75:de:b2:
         95:d3:62:98:f1:9f:e9:03:80:32:6f:47:42:a0:b3:a7:74:83:
         01:8d:b9:c5:bc:9f:24:b1:1a:96:89:c7:15:35:05:f5:17:92:
         e2:c6:6c:ea:21:c2:aa:e8:be:7a:a8:f8:0c:db:30:5d:81:04:
         c7:ed:1c:4b:52:ed:ac:f8:fd:27:60:f0:db:17:53:ac:20:5c:
         fc:3f:0a:25:d9:c3:97:14:49:54:2f:35:9a:72:04:4d:5c:1a:
         89:3f:e3:40:e2:e3:ef:96:1f:24:f9:80:26:94:39:6c:f5:e5:
         79:8a:a8:11:5d:c8:81:fb:29:78:f2:7d:35:ca:e8:d6:40:d8:
         f6:5a:00:f3:44:ab:33:0c:a7:cb:3a:ab:10:e8:9f:72:7b:2a:
         a1:18:68:88:a8:ee:17:98:36:e2:84:92:3d:1f:12:9e:79:f0:
         20:ee:30:72:ed:7b:bd:e3:02:27:a9:30:24:95:3b:41:f5:b0:
         b1:c8:21:05:80:90:25:75:9e:8d:a1:ea:72:16:42:c8:dd:3a:
         9e:1c:e2:f2:ad:59:45:b9:5a:cc:b3:33:8e:b9:d9:cf:93:1f:
         05:5b:5f:1a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfHAj7rhICIk+JtSI+Xaww3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwNzAxMTcyMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjE1MmE2ZjBlNTlhYTJhZTFlY2Y1NjEwYzBkNTEwMjAxMzdkYWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvEowwqnVOsCQIGtVKKtQI8Hs4hY
fwDuVdHWuP/j7fa2vrbqdyDDAWel24f0Jsl8qGNdCT6f9cqBb0CowicXbUl1QqHf
yAZzvLLswcXyEXyh09yS1H0Sg1X3HeQ5CqASAVuUSCrYo5P9LUJDOnSebxeJEuCb
bPM0YEMH3oREqUgrJwiHgTQFvkk86wyMbDoKzEXE31GR22r8p7OwnWHSuNvx4Lqv
Gcou1esWM1rvLBvXOP9vY/ziJ+gCcXHJPSk1a3Rfcs4olbLNdSJb0x2sasDg2STP
h/dcUXvmNZqaF1PFrbZCwJGd+f6d4JSYtJ1xNYMYAVkTYe0M/7fH0Ta8BQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIYVKm8OWaoq4ez1YQwNUQIBN9r0MB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvaGhVcWJ3NVpxaXJoN1BWaERBMVJBZ0UzMnZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgb+QjAN
BgkqhkiG9w0BAQsFAAOCAQEAC+P26AIRMLh+4oX/w2/4S/6OKrbOtYoTW/4fo0+5
uvKmdd6yldNimPGf6QOAMm9HQqCzp3SDAY25xbyfJLEalonHFTUF9ReS4sZs6iHC
qui+eqj4DNswXYEEx+0cS1LtrPj9J2Dw2xdTrCBc/D8KJdnDlxRJVC81mnIETVwa
iT/jQOLj75YfJPmAJpQ5bPXleYqoEV3IgfspePJ9Ncro1kDY9loA80SrMwynyzqr
EOifcnsqoRhoiKjuF5g24oSSPR8SnnnwIO4wcu17veMCJ6kwJJU7QfWwscghBYCQ
JXWejaHqchZCyN06nhzi8q1ZRblazLMzjrnZz5MfBVtfGg==
-----END CERTIFICATE-----