Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/shW6-eM_4RR1u1h-XtV4yM-sFlY.roa
File:                     shW6-eM_4RR1u1h-XtV4yM-sFlY.roa (raw, json)
Hash identifier:          SgZz/Ze76+apghJaTfx1bZ3uQRC8nJoT5jUO58hu0rc=
Subject key identifier:   B2:15:BA:F9:E3:3F:E1:14:75:BB:58:7E:5E:D5:78:C8:CF:AC:16:56
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       0198D91406FB41B801662E96B1A7E90BBAB1
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/shW6-eM_4RR1u1h-XtV4yM-sFlY.roa
Signing time:             Sat 23 Aug 2025 22:37:05 +0000
ROA not before:           Sat 23 Aug 2025 22:37:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31898
IP address blocks:        2a0c:9a40:8711::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 22:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d9:14:06:fb:41:b8:01:66:2e:96:b1:a7:e9:0b:ba:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Aug 23 22:37:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b215baf9e33fe11475bb587e5ed578c8cfac1656
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:33:74:37:a2:ff:45:79:53:b3:30:20:55:9e:
                    80:bc:f6:05:dd:02:62:69:6f:3b:3e:e8:52:bb:91:
                    50:17:7d:af:dc:9b:ab:79:89:75:50:d7:ed:28:c8:
                    d6:bb:fa:1f:bd:21:73:76:77:3f:95:29:4c:88:8b:
                    2b:44:87:98:71:06:7e:44:95:7c:67:f8:14:75:b0:
                    a4:95:e7:b9:e9:68:08:43:e7:33:bf:bf:24:65:36:
                    db:ee:87:5e:00:32:4d:40:64:f9:2d:e6:29:dd:ac:
                    67:7a:47:1c:44:8a:ba:d8:db:4e:53:78:05:81:a3:
                    5c:6e:9f:35:b9:75:1e:d8:52:10:b5:d8:41:6a:4d:
                    53:23:b9:d0:1f:39:86:ac:3f:d2:e4:6b:de:ca:e8:
                    c1:68:94:f1:24:fb:6a:ea:0e:11:58:39:cd:b9:2c:
                    6f:79:bc:27:3b:23:d2:ad:8d:8c:ed:fd:e4:26:8d:
                    8b:95:c8:28:ab:5f:5a:c7:e8:3c:19:71:c8:42:fa:
                    32:e1:10:81:63:cf:5e:90:14:44:b0:75:01:ef:7d:
                    d4:64:77:e4:86:81:0f:af:ad:bf:39:df:a3:f4:2f:
                    58:e7:9d:58:4e:52:d2:5a:8a:42:77:5d:72:14:49:
                    da:21:10:1c:2b:b7:82:27:c7:8b:4c:c9:f0:cb:e0:
                    df:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:15:BA:F9:E3:3F:E1:14:75:BB:58:7E:5E:D5:78:C8:CF:AC:16:56
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/shW6-eM_4RR1u1h-XtV4yM-sFlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8711::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:c5:5a:1f:86:fe:66:71:e3:6c:71:11:52:a7:c2:c0:12:a7:
         15:1a:42:6a:b8:f4:10:f3:b8:53:51:b2:bc:76:4a:4e:a0:da:
         c0:d8:c4:0f:35:53:bd:e8:b1:02:f6:8c:c0:dd:a4:4c:ad:6b:
         a5:d0:82:ae:b7:c7:f5:60:1b:10:80:1d:da:ef:74:95:28:2c:
         be:4b:30:77:6c:ac:6f:03:87:5a:67:c1:c9:e7:d8:21:3f:80:
         c0:6b:b7:af:28:d2:09:72:99:89:8e:4a:c2:43:2f:38:81:ee:
         12:ff:44:cf:b0:55:f2:8c:a1:67:87:5f:71:36:45:0d:d9:78:
         bf:ba:62:ef:a3:1c:48:e4:13:bc:0f:b1:cf:c6:18:36:b3:67:
         ca:28:5e:50:94:f3:42:a5:51:ed:41:52:c9:72:a0:69:6f:60:
         6f:e0:76:2e:29:01:00:38:9b:97:c8:7c:33:9b:6a:ce:fe:0c:
         dc:7a:d9:a8:d6:54:3a:00:92:97:b3:fd:08:a7:af:a9:d6:78:
         fc:46:71:52:6b:7a:d8:d0:0e:0e:07:14:91:ea:15:85:1c:f5:
         d5:18:08:84:d4:47:e0:43:70:e3:44:37:d3:42:0e:d2:72:a9:
         d3:dd:bd:83:29:2c:2c:5d:48:ca:6a:88:a7:98:62:5d:1a:c2:
         e0:4c:54:3a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZjZFAb7QbgBZi6WsafpC7qxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwODIzMjIzNzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjE1YmFmOWUzM2ZlMTE0NzViYjU4N2U1ZWQ1NzhjOGNmYWMxNjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTN0N6L/RXlTszAgVZ6AvPYF3QJi
aW87PuhSu5FQF32v3JureYl1UNftKMjWu/ofvSFzdnc/lSlMiIsrRIeYcQZ+RJV8
Z/gUdbCklee56WgIQ+czv78kZTbb7odeADJNQGT5LeYp3axnekccRIq62NtOU3gF
gaNcbp81uXUe2FIQtdhBak1TI7nQHzmGrD/S5GveyujBaJTxJPtq6g4RWDnNuSxv
ebwnOyPSrY2M7f3kJo2Llcgoq19ax+g8GXHIQvoy4RCBY89ekBREsHUB733UZHfk
hoEPr62/Od+j9C9Y551YTlLSWopCd11yFEnaIRAcK7eCJ8eLTMnwy+DfCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLIVuvnjP+EUdbtYfl7VeMjPrBZWMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvc2hXNi1lTV80UlIxdTFoLVh0VjR5TS1zRmxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIcR
MA0GCSqGSIb3DQEBCwUAA4IBAQAkxVofhv5mceNscRFSp8LAEqcVGkJquPQQ87hT
UbK8dkpOoNrA2MQPNVO96LEC9ozA3aRMrWul0IKut8f1YBsQgB3a73SVKCy+SzB3
bKxvA4daZ8HJ59ghP4DAa7evKNIJcpmJjkrCQy84ge4S/0TPsFXyjKFnh19xNkUN
2Xi/umLvoxxI5BO8D7HPxhg2s2fKKF5QlPNCpVHtQVLJcqBpb2Bv4HYuKQEAOJuX
yHwzm2rO/gzcetmo1lQ6AJKXs/0Ip6+p1nj8RnFSa3rY0A4OBxSR6hWFHPXVGAiE
1EfgQ3DjRDfTQg7ScqnT3b2DKSwsXUjKaoinmGJdGsLgTFQ6
-----END CERTIFICATE-----