Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/4niuyi7-ICOAYQFkOMzLIwJVFW4.roa
File:                     4niuyi7-ICOAYQFkOMzLIwJVFW4.roa (raw, json)
Hash identifier:          yXrXWUE3fqCXrqNFMNWbK/8Sp21gO2ePZSEmS9ZwOv0=
Subject key identifier:   E2:78:AE:CA:2E:FE:20:23:80:61:01:64:38:CC:CB:23:02:55:15:6E
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0197C20B7E9AC6683078319379EE2C6A6245
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/4niuyi7-ICOAYQFkOMzLIwJVFW4.roa
Signing time:             Mon 30 Jun 2025 18:13:42 +0000
ROA not before:           Mon 30 Jun 2025 18:13:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53356
IP address blocks:        2a07:9200::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Jul 2025 22:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c2:0b:7e:9a:c6:68:30:78:31:93:79:ee:2c:6a:62:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jun 30 18:13:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e278aeca2efe20238061016438cccb230255156e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5c:be:bc:12:c6:f7:c4:1c:49:f5:92:72:7a:
                    be:8a:4f:fa:a5:2d:79:9b:f8:6f:d1:c8:a2:58:19:
                    4d:3f:0f:29:fb:d4:aa:57:3a:bc:ab:39:9d:1b:13:
                    b1:bb:34:0a:1b:7e:45:93:fc:d4:cc:8f:0e:7f:04:
                    a3:c9:f9:72:b4:aa:f2:c8:1d:cb:34:45:a2:25:0f:
                    bb:04:ba:c8:f5:0b:50:f8:4a:d0:a7:ed:2a:ef:61:
                    c8:1d:e5:6e:58:16:ff:44:a1:1e:96:fc:33:9c:88:
                    05:50:02:2a:e4:82:d3:db:86:3a:a7:1e:c3:1b:4f:
                    f3:31:c9:d6:24:03:f8:7f:d5:c2:06:da:ca:75:d3:
                    4e:d7:d7:a0:56:44:48:54:d5:19:b2:d1:a2:ab:50:
                    a1:bd:ce:4b:ec:d9:70:45:35:35:e1:b8:45:97:12:
                    6b:9a:5f:c2:a8:16:97:1f:ea:bf:31:b7:37:b9:a0:
                    ce:57:a7:ef:ea:05:4a:e1:62:3f:7e:1a:2e:ed:b4:
                    6e:20:c8:a6:82:e8:53:fb:ac:bb:57:9f:6b:a6:07:
                    f7:8e:28:58:91:8f:91:f1:f5:49:f2:c1:8d:e3:68:
                    d4:5f:6f:6b:d1:fa:40:11:fd:08:59:3c:14:be:04:
                    9b:81:b6:74:4b:e7:23:d8:31:60:2a:ad:ab:10:c3:
                    84:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:78:AE:CA:2E:FE:20:23:80:61:01:64:38:CC:CB:23:02:55:15:6E
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/4niuyi7-ICOAYQFkOMzLIwJVFW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:9200::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:22:f2:2f:15:a2:5d:65:ef:e6:17:cb:79:35:95:97:78:68:
         13:3a:15:44:59:d7:ab:5b:76:b1:de:07:12:ee:21:d6:ad:44:
         61:04:c6:79:ec:40:84:8d:cb:8b:cb:55:86:36:71:39:61:7a:
         4e:49:62:7a:4f:1a:a6:17:e6:25:c3:3e:5d:5c:8b:68:9d:7c:
         03:7c:5d:34:f6:98:8b:7a:3b:04:e2:cd:50:eb:ab:a0:72:0a:
         8d:07:b9:1c:d2:e1:b7:91:a8:47:0a:57:6c:d2:4d:e3:29:60:
         b0:28:a2:8b:98:32:ad:9e:8f:7e:79:12:81:ed:b3:a8:93:5f:
         68:d5:01:ac:9a:dd:a8:31:28:6d:33:8e:52:04:7a:f6:12:70:
         e5:03:b5:8c:42:6e:c5:13:14:02:cd:25:22:37:29:28:0f:ad:
         d3:ea:96:fa:55:b6:c5:93:4b:17:68:ca:22:40:60:3f:5e:ad:
         98:91:0b:9b:0d:5a:53:8c:42:97:22:e7:cc:81:e3:52:29:2c:
         e8:96:b7:9d:f2:2e:58:5d:85:4c:6d:71:7b:ea:03:4b:fe:7b:
         a1:c4:f6:0a:6a:74:c1:fa:29:c7:3a:0b:17:f4:59:40:de:a8:
         1b:dc:93:fb:cb:ee:1f:91:8b:8b:d7:69:a0:a0:5d:f1:f2:c9:
         b3:3e:53:58
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfCC36axmgweDGTee4samJFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwNjMwMTgxMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjc4YWVjYTJlZmUyMDIzODA2MTAxNjQzOGNjY2IyMzAyNTUxNTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArly+vBLG98QcSfWScnq+ik/6pS15
m/hv0ciiWBlNPw8p+9SqVzq8qzmdGxOxuzQKG35Fk/zUzI8OfwSjyflytKryyB3L
NEWiJQ+7BLrI9QtQ+ErQp+0q72HIHeVuWBb/RKEelvwznIgFUAIq5ILT24Y6px7D
G0/zMcnWJAP4f9XCBtrKddNO19egVkRIVNUZstGiq1Chvc5L7NlwRTU14bhFlxJr
ml/CqBaXH+q/Mbc3uaDOV6fv6gVK4WI/fhou7bRuIMimguhT+6y7V59rpgf3jihY
kY+R8fVJ8sGN42jUX29r0fpAEf0IWTwUvgSbgbZ0S+cj2DFgKq2rEMOErwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOJ4rsou/iAjgGEBZDjMyyMCVRVuMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvNG5pdXlpNy1JQ09BWVFGa09NekxJd0pWRlc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgeSADAN
BgkqhkiG9w0BAQsFAAOCAQEAjSLyLxWiXWXv5hfLeTWVl3hoEzoVRFnXq1t2sd4H
Eu4h1q1EYQTGeexAhI3Li8tVhjZxOWF6Tkliek8aphfmJcM+XVyLaJ18A3xdNPaY
i3o7BOLNUOuroHIKjQe5HNLht5GoRwpXbNJN4ylgsCiii5gyrZ6PfnkSge2zqJNf
aNUBrJrdqDEobTOOUgR69hJw5QO1jEJuxRMUAs0lIjcpKA+t0+qW+lW2xZNLF2jK
IkBgP16tmJELmw1aU4xClyLnzIHjUiks6Ja3nfIuWF2FTG1xe+oDS/57ocT2Cmp0
wfopxzoLF/RZQN6oG9yT+8vuH5GLi9dpoKBd8fLJsz5TWA==
-----END CERTIFICATE-----