Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/cjGryE_s_bP_-fPP8XsHpS4h06o.roa
File:                     cjGryE_s_bP_-fPP8XsHpS4h06o.roa (raw, json)
Hash identifier:          /e1BDe/xI3+9Q1LA3T0efig1cgO6y9UWbT6u9gmcBjY=
Subject key identifier:   72:31:AB:C8:4F:EC:FD:B3:FF:F9:F3:CF:F1:7B:07:A5:2E:21:D3:AA
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       0196F2F610351986E61EE8D5F16FBDBCBEE2
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/cjGryE_s_bP_-fPP8XsHpS4h06o.roa
Signing time:             Wed 21 May 2025 13:08:54 +0000
ROA not before:           Wed 21 May 2025 13:08:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210215
IP address blocks:        2a0c:9a40:8f50::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f2:f6:10:35:19:86:e6:1e:e8:d5:f1:6f:bd:bc:be:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: May 21 13:08:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7231abc84fecfdb3fff9f3cff17b07a52e21d3aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:3a:9c:16:3a:4b:1a:d4:7f:9f:b4:f2:49:ef:
                    c9:e5:70:c1:f8:08:83:5f:38:8d:29:a2:de:5d:c9:
                    4e:25:26:11:b5:d6:28:47:0e:e2:f5:78:53:58:df:
                    05:e5:9f:f9:0e:33:c0:f5:55:6b:84:23:76:b2:d1:
                    71:c1:f1:c2:82:55:11:7c:ba:72:01:6a:00:c6:d9:
                    1d:ab:77:1f:56:ac:e5:db:42:37:cf:59:c9:b9:7e:
                    82:1c:c0:b9:dd:a7:ec:db:a2:81:af:7b:a8:aa:6d:
                    4a:4f:04:5e:9e:a4:16:b8:7e:8a:4c:79:ee:7d:cd:
                    aa:04:cb:37:ca:fb:30:94:d2:29:c0:3b:35:69:e9:
                    e3:67:c6:9c:ab:aa:76:b1:9b:e6:99:bf:1b:c4:8d:
                    52:f4:1e:6a:99:c8:29:50:c7:da:f5:e8:5c:46:92:
                    88:b4:a5:fa:2e:7a:86:7a:b6:c6:2e:63:47:c1:67:
                    de:ae:96:5d:17:1b:fa:03:c5:65:27:bd:b2:40:f0:
                    44:23:d3:53:0c:9e:75:6c:c9:2c:ba:46:e6:ff:30:
                    bb:85:1e:41:49:53:2f:05:e0:d3:06:38:d1:0e:1a:
                    2c:2a:2b:e6:86:90:e6:95:b1:5b:fc:01:f5:1c:29:
                    ec:d4:98:0d:ae:39:01:27:52:a8:1d:81:88:09:d6:
                    de:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:31:AB:C8:4F:EC:FD:B3:FF:F9:F3:CF:F1:7B:07:A5:2E:21:D3:AA
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/cjGryE_s_bP_-fPP8XsHpS4h06o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8f50::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:6c:9a:33:2f:ef:be:45:49:95:ea:a9:f0:7f:02:77:e3:2e:
         e0:68:bf:29:01:d0:11:f3:6e:a8:0c:9f:21:bf:ee:f8:e3:35:
         52:09:0f:a2:93:50:33:ad:8d:74:57:55:4d:bc:35:b8:3b:89:
         33:06:27:32:d7:4f:c6:23:d4:2c:e2:35:87:82:8c:dc:14:47:
         95:3b:4f:73:bb:80:f0:0e:3b:03:0e:82:85:4b:a8:4e:e7:de:
         b1:1c:a0:f1:23:05:29:1c:6c:09:99:f2:da:ba:79:9b:42:49:
         bb:0c:b4:bb:35:7c:ff:22:b3:a8:49:ab:57:65:63:4a:9d:c1:
         2b:88:d7:b3:f6:3b:bd:d9:f3:47:a6:15:7e:d4:37:68:b6:d5:
         8f:76:6f:5a:b4:f7:56:a3:63:03:6d:d0:23:a8:74:5a:34:bf:
         de:f6:6c:97:a8:3d:15:23:06:62:6f:fe:f9:63:d8:f0:7b:67:
         0d:68:0d:ff:21:ef:07:d6:22:a5:5e:11:43:d2:8c:e7:0c:0e:
         fc:3a:9a:41:32:0b:08:8e:32:d8:d8:d2:56:ff:70:3c:70:26:
         b1:50:b9:cc:37:f1:b3:98:d2:bc:92:d6:b4:07:f8:bd:56:4a:
         2a:84:3e:3d:da:35:1d:c2:1a:18:92:8d:31:61:5e:d1:17:25:
         9a:3c:a4:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZby9hA1GYbmHujV8W+9vL7iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwNTIxMTMwODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjMxYWJjODRmZWNmZGIzZmZmOWYzY2ZmMTdiMDdhNTJlMjFkM2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTqcFjpLGtR/n7TySe/J5XDB+AiD
XziNKaLeXclOJSYRtdYoRw7i9XhTWN8F5Z/5DjPA9VVrhCN2stFxwfHCglURfLpy
AWoAxtkdq3cfVqzl20I3z1nJuX6CHMC53afs26KBr3uoqm1KTwRenqQWuH6KTHnu
fc2qBMs3yvswlNIpwDs1aenjZ8acq6p2sZvmmb8bxI1S9B5qmcgpUMfa9ehcRpKI
tKX6LnqGerbGLmNHwWferpZdFxv6A8VlJ72yQPBEI9NTDJ51bMksukbm/zC7hR5B
SVMvBeDTBjjRDhosKivmhpDmlbFb/AH1HCns1JgNrjkBJ1KoHYGICdbemwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHIxq8hP7P2z//nzz/F7B6UuIdOqMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvY2pHcnlFX3NfYlBfLWZQUDhYc0hwUzRoMDZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQI9Q
MA0GCSqGSIb3DQEBCwUAA4IBAQCSbJozL+++RUmV6qnwfwJ34y7gaL8pAdAR826o
DJ8hv+744zVSCQ+ik1AzrY10V1VNvDW4O4kzBicy10/GI9Qs4jWHgozcFEeVO09z
u4DwDjsDDoKFS6hO596xHKDxIwUpHGwJmfLaunmbQkm7DLS7NXz/IrOoSatXZWNK
ncEriNez9ju92fNHphV+1DdottWPdm9atPdWo2MDbdAjqHRaNL/e9myXqD0VIwZi
b/75Y9jwe2cNaA3/Ie8H1iKlXhFD0oznDA78OppBMgsIjjLY2NJW/3A8cCaxULnM
N/GzmNK8kta0B/i9VkoqhD492jUdwhoYko0xYV7RFyWaPKSF
-----END CERTIFICATE-----