Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/70E293ezHq5A344NVC-HbuwfZfY.roa
File:                     70E293ezHq5A344NVC-HbuwfZfY.roa (raw, json)
Hash identifier:          FyPic2fRtYYZotEXMxkyOQGHc+HIA43W3i6Pc89OZZQ=
Subject key identifier:   EF:41:36:F7:77:B3:1E:AE:40:DF:8E:0D:54:2F:87:6E:EC:1F:65:F6
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       0197133736F9929A49A113F626B302E95F31
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/70E293ezHq5A344NVC-HbuwfZfY.roa
Signing time:             Tue 27 May 2025 19:27:55 +0000
ROA not before:           Tue 27 May 2025 19:27:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208487
IP address blocks:        2a0c:9a46:c00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:13:37:36:f9:92:9a:49:a1:13:f6:26:b3:02:e9:5f:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: May 27 19:27:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef4136f777b31eae40df8e0d542f876eec1f65f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:7e:95:52:a8:65:98:6f:4d:ad:ca:4d:45:d2:
                    92:a8:e6:c9:9c:b1:00:0e:a7:07:e6:48:af:d0:12:
                    09:8e:5f:ef:19:42:8c:9f:a8:6d:f0:ba:61:9d:d6:
                    ee:20:b7:ff:6e:5c:4e:c6:21:89:e9:7f:1c:11:7e:
                    a1:a7:48:8e:f8:60:bd:c0:0b:04:f0:7a:5e:04:7a:
                    ea:10:16:9d:86:de:0f:c9:a0:ea:f7:8b:7a:ad:4c:
                    e5:9a:aa:b7:be:d8:70:7f:78:b2:5a:4f:0e:9a:3d:
                    9c:18:a2:e5:08:2f:34:cf:37:92:b2:75:80:f7:f6:
                    ff:90:3b:cd:72:db:97:06:34:64:c3:36:81:88:c8:
                    3a:2a:ff:a6:4b:f4:f7:59:a3:c3:be:f9:02:e5:8e:
                    fe:cd:b1:60:fc:c2:32:e9:bc:bf:13:5f:c7:6a:5f:
                    20:03:f7:ee:ac:9a:6d:78:27:36:b3:00:f0:b8:a6:
                    2f:9c:a9:f0:6d:ee:bb:1e:69:b1:02:b0:91:55:a2:
                    96:1e:e8:e6:9e:44:f7:97:7f:ef:e2:13:67:6b:d3:
                    43:f0:9d:1e:0f:a1:3c:04:bf:91:ed:ef:36:22:72:
                    8d:47:56:e4:d2:c6:6d:75:ef:30:a9:78:62:68:0a:
                    58:ec:1b:d2:25:56:3f:4e:b3:81:57:3e:8d:f1:cb:
                    ee:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:41:36:F7:77:B3:1E:AE:40:DF:8E:0D:54:2F:87:6E:EC:1F:65:F6
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/70E293ezHq5A344NVC-HbuwfZfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a46:c00::/40

    Signature Algorithm: sha256WithRSAEncryption
         99:5f:4f:05:c8:a7:b0:25:82:6e:ab:85:ba:fd:4e:44:2b:fc:
         03:3c:48:b3:a3:bf:2a:61:8a:0e:69:e7:04:fd:a6:a6:f3:63:
         6f:02:95:13:1d:f0:4f:e3:e5:75:4f:69:cf:ee:69:92:67:23:
         88:b5:8b:f6:4f:1b:d5:24:18:72:a7:94:82:84:10:2b:a3:92:
         ec:f9:b2:76:26:de:4a:e7:8d:54:83:e1:25:9e:04:06:2d:80:
         71:e4:07:10:8d:65:ef:a2:bb:62:5c:da:59:da:cc:fe:16:3f:
         9f:e1:c0:0e:ea:ec:ee:1e:64:be:3c:74:70:95:a4:b4:b3:0f:
         e5:4a:e9:54:46:0f:7f:f5:31:a1:d2:a0:2f:38:29:cd:2a:be:
         63:3b:af:b5:3f:9c:95:cc:2f:98:7a:d6:ec:7f:91:45:46:1e:
         e0:19:2c:12:23:14:20:31:ac:03:13:96:76:1c:b8:10:52:06:
         71:8c:e9:3b:1e:84:6a:0c:0c:da:ef:ce:a8:76:1a:bd:76:00:
         5f:62:84:98:db:33:e8:91:ce:08:ed:e1:12:60:35:1f:43:08:
         c3:fa:fd:65:34:a2:fe:34:70:5d:44:9b:81:ba:21:5a:90:7e:
         f0:d0:da:30:41:e3:57:fb:02:33:57:05:58:3c:3a:9d:be:6b:
         3f:be:c7:4e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZcTNzb5kppJoRP2JrMC6V8xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwNTI3MTkyNzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjQxMzZmNzc3YjMxZWFlNDBkZjhlMGQ1NDJmODc2ZWVjMWY2NWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArn6VUqhlmG9NrcpNRdKSqObJnLEA
DqcH5kiv0BIJjl/vGUKMn6ht8LphndbuILf/blxOxiGJ6X8cEX6hp0iO+GC9wAsE
8HpeBHrqEBadht4PyaDq94t6rUzlmqq3vthwf3iyWk8Omj2cGKLlCC80zzeSsnWA
9/b/kDvNctuXBjRkwzaBiMg6Kv+mS/T3WaPDvvkC5Y7+zbFg/MIy6by/E1/Hal8g
A/furJpteCc2swDwuKYvnKnwbe67HmmxArCRVaKWHujmnkT3l3/v4hNna9ND8J0e
D6E8BL+R7e82InKNR1bk0sZtde8wqXhiaApY7BvSJVY/TrOBVz6N8cvuLQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFO9BNvd3sx6uQN+ODVQvh27sH2X2MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvNzBFMjkzZXpIcTVBMzQ0TlZDLUhidXdmWmZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgyaRgww
DQYJKoZIhvcNAQELBQADggEBAJlfTwXIp7Algm6rhbr9TkQr/AM8SLOjvyphig5p
5wT9pqbzY28ClRMd8E/j5XVPac/uaZJnI4i1i/ZPG9UkGHKnlIKEECujkuz5snYm
3krnjVSD4SWeBAYtgHHkBxCNZe+iu2Jc2lnazP4WP5/hwA7q7O4eZL48dHCVpLSz
D+VK6VRGD3/1MaHSoC84Kc0qvmM7r7U/nJXML5h61ux/kUVGHuAZLBIjFCAxrAMT
lnYcuBBSBnGM6TsehGoMDNrvzqh2Gr12AF9ihJjbM+iRzgjt4RJgNR9DCMP6/WU0
ov40cF1Em4G6IVqQfvDQ2jBB41f7AjNXBVg8Op2+az++x04=
-----END CERTIFICATE-----