Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/iguIRlVDMinuteQb9V_MrZyB-y4.roa
File:                     iguIRlVDMinuteQb9V_MrZyB-y4.roa (raw, json)
Hash identifier:          yoBgsuPIaiGbiLB+SMhNAbeQaKcNfnPf/imKj4Oz6dc=
Subject key identifier:   8A:0B:88:46:55:43:32:29:EE:B5:E4:1B:F5:5F:CC:AD:9C:81:FB:2E
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       0196D0BE8B3C214B49B29CEE19F4985ED0C3
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/iguIRlVDMinuteQb9V_MrZyB-y4.roa
Signing time:             Wed 14 May 2025 21:41:10 +0000
ROA not before:           Wed 14 May 2025 21:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208690
IP address blocks:        2a0c:9a40:8f40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 09:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d0:be:8b:3c:21:4b:49:b2:9c:ee:19:f4:98:5e:d0:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: May 14 21:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a0b884655433229eeb5e41bf55fccad9c81fb2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:67:c8:89:53:42:38:32:3d:37:a7:e6:43:fd:
                    06:f4:b0:b4:41:8b:f8:ed:15:0e:1a:07:4a:12:1d:
                    2a:5f:32:3e:74:34:5d:78:6b:7b:01:43:96:b8:ca:
                    19:20:42:14:d8:7e:23:0f:99:ea:3e:df:47:92:4a:
                    e9:48:b6:74:a1:3e:16:07:e6:49:77:c7:d1:6f:bb:
                    3c:ab:72:81:4b:78:86:a9:2e:92:42:23:dd:34:21:
                    80:5f:15:63:8f:d5:f1:71:3f:02:00:b1:97:60:59:
                    03:c7:61:60:dd:b6:2a:c8:53:fe:05:5f:87:5c:e5:
                    2c:88:7f:1b:88:5c:24:12:ef:8f:3a:e4:23:0d:23:
                    8b:5e:b3:e1:c3:2b:c5:a9:84:3d:c5:14:56:52:56:
                    f6:52:49:1c:6d:62:8d:83:90:0f:62:b5:57:c5:9a:
                    77:ea:21:8e:b5:fd:3d:a2:1f:4e:6f:ce:ee:2c:ef:
                    cb:11:0b:cd:bb:28:af:57:04:5f:a0:1a:88:04:f9:
                    42:97:fe:35:24:7c:45:6a:4e:2b:f0:18:4d:f6:e3:
                    b6:b2:18:59:e6:ee:35:ef:da:11:65:bb:95:09:19:
                    ab:42:01:f4:8b:cd:d7:7c:ce:22:cb:6b:4e:3b:d1:
                    45:98:63:7b:0a:e8:08:f4:c0:f7:3b:40:6e:4b:e7:
                    4b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:0B:88:46:55:43:32:29:EE:B5:E4:1B:F5:5F:CC:AD:9C:81:FB:2E
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/iguIRlVDMinuteQb9V_MrZyB-y4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8f40::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:cc:e1:55:a9:49:b2:88:e5:0d:98:7b:62:14:39:84:b1:eb:
         34:31:f1:19:92:be:73:cf:29:15:20:c1:f2:6b:3a:10:fc:b5:
         5a:31:14:97:55:69:44:77:d0:81:a6:21:a7:14:85:45:35:d1:
         db:c5:e6:e4:71:c4:60:36:93:9f:4e:17:2e:80:f0:18:36:28:
         00:dd:93:f9:da:4e:b4:be:c3:5b:5f:38:6a:d5:d8:f1:ba:81:
         1c:54:0a:49:ba:2c:df:1a:30:3d:24:4f:32:78:2f:73:de:92:
         63:29:aa:88:5d:07:23:66:d1:0e:7b:0e:c4:dc:c6:33:41:6b:
         87:82:16:3b:63:10:d2:b7:51:60:c0:a8:fc:b1:91:d9:b1:00:
         db:c5:11:4d:93:02:53:c7:b8:dc:01:f3:39:b0:0a:1d:b0:4f:
         eb:b8:24:49:0c:50:23:6a:e0:d0:a7:73:71:bd:2f:bf:d5:13:
         49:8f:60:3e:9f:17:0a:45:ef:fc:63:4a:55:61:91:76:b6:3a:
         0a:d2:1b:36:17:ac:f3:5a:0f:8a:9d:39:d0:a5:70:45:3e:46:
         6c:ec:4a:e5:66:8c:9d:be:34:84:9a:9a:b7:5a:29:99:ac:dd:
         a8:9f:cc:8a:90:5a:da:65:1e:ac:37:f3:25:20:83:ff:55:72:
         3e:62:d6:36
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZbQvos8IUtJspzuGfSYXtDDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwNTE0MjE0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTBiODg0NjU1NDMzMjI5ZWViNWU0MWJmNTVmY2NhZDljODFmYjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmfIiVNCODI9N6fmQ/0G9LC0QYv4
7RUOGgdKEh0qXzI+dDRdeGt7AUOWuMoZIEIU2H4jD5nqPt9HkkrpSLZ0oT4WB+ZJ
d8fRb7s8q3KBS3iGqS6SQiPdNCGAXxVjj9XxcT8CALGXYFkDx2Fg3bYqyFP+BV+H
XOUsiH8biFwkEu+POuQjDSOLXrPhwyvFqYQ9xRRWUlb2UkkcbWKNg5APYrVXxZp3
6iGOtf09oh9Ob87uLO/LEQvNuyivVwRfoBqIBPlCl/41JHxFak4r8BhN9uO2shhZ
5u4179oRZbuVCRmrQgH0i83XfM4iy2tOO9FFmGN7CugI9MD3O0BuS+dLCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIoLiEZVQzIp7rXkG/VfzK2cgfsuMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvaWd1SVJsVkRNaW51dGVRYjlWX01yWnlCLXk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQI9A
MA0GCSqGSIb3DQEBCwUAA4IBAQBVzOFVqUmyiOUNmHtiFDmEses0MfEZkr5zzykV
IMHyazoQ/LVaMRSXVWlEd9CBpiGnFIVFNdHbxebkccRgNpOfThcugPAYNigA3ZP5
2k60vsNbXzhq1djxuoEcVApJuizfGjA9JE8yeC9z3pJjKaqIXQcjZtEOew7E3MYz
QWuHghY7YxDSt1FgwKj8sZHZsQDbxRFNkwJTx7jcAfM5sAodsE/ruCRJDFAjauDQ
p3NxvS+/1RNJj2A+nxcKRe/8Y0pVYZF2tjoK0hs2F6zzWg+KnTnQpXBFPkZs7Erl
ZoydvjSEmpq3WimZrN2on8yKkFraZR6sN/MlIIP/VXI+YtY2
-----END CERTIFICATE-----