Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/GeXsXGYacgDo76JSLUvujh0bfdU.roa
File:                     GeXsXGYacgDo76JSLUvujh0bfdU.roa (raw, json)
Hash identifier:          fLfZrJRRlaHjAC3DtGoIdZbflJwGMzqPeY1ONg3jVPk=
Subject key identifier:   19:E5:EC:5C:66:1A:72:00:E8:EF:A2:52:2D:4B:EE:8E:1D:1B:7D:D5
Certificate issuer:       /CN=c2919334ad2ad53616c34fece96ce29230f86349
Certificate serial:       01973F91EE57C173BFCD6D65AD8CD2D68F16
Authority key identifier: C2:91:93:34:AD:2A:D5:36:16:C3:4F:EC:E9:6C:E2:92:30:F8:63:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/GeXsXGYacgDo76JSLUvujh0bfdU.roa
Signing time:             Thu 05 Jun 2025 10:10:17 +0000
ROA not before:           Thu 05 Jun 2025 10:10:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21100
IP address blocks:        2a01:f040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 10:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3f:91:ee:57:c1:73:bf:cd:6d:65:ad:8c:d2:d6:8f:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2919334ad2ad53616c34fece96ce29230f86349
        Validity
            Not Before: Jun  5 10:10:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19e5ec5c661a7200e8efa2522d4bee8e1d1b7dd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:85:8c:ec:41:b3:07:e0:da:fa:0e:f6:37:e9:
                    e5:ba:0f:e3:97:3a:3f:75:46:e6:cb:d4:98:21:57:
                    a5:6d:09:f7:de:47:b8:4c:eb:86:ba:77:71:8f:c5:
                    ce:d5:3b:a0:41:e8:89:01:f6:83:22:c2:37:26:67:
                    ec:83:a3:a8:b2:3e:4f:09:c9:21:53:a2:3a:9b:33:
                    d6:d6:a4:eb:ca:76:74:e4:26:0a:6c:2f:0c:9d:51:
                    00:12:27:d9:25:4c:71:65:4e:a7:ab:1a:03:ce:0a:
                    f3:e0:0b:a5:31:6d:82:25:74:0c:87:6b:9c:57:1c:
                    10:a0:5f:6f:0d:cc:1c:29:7e:d2:3b:bd:f9:0a:74:
                    25:63:bd:d9:9b:13:67:c8:6f:3f:73:b8:cc:37:a2:
                    d7:68:f3:28:a4:8c:5f:75:cd:dc:a8:ac:fe:9a:19:
                    5b:05:3c:13:66:41:b1:61:9d:b9:7f:06:86:9d:c7:
                    b5:16:02:2d:97:5b:37:7e:18:73:b2:16:fe:98:15:
                    8a:12:ba:15:79:01:f3:26:74:27:97:9a:f1:bd:37:
                    d5:0b:c3:64:a7:b6:0d:49:93:63:a2:32:7b:0f:e5:
                    26:0d:ab:2e:34:9e:b4:64:fb:c6:ed:8f:99:f2:5c:
                    a1:61:e9:f9:ef:9f:3a:0a:80:00:9e:36:23:2c:b1:
                    4f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:E5:EC:5C:66:1A:72:00:E8:EF:A2:52:2D:4B:EE:8E:1D:1B:7D:D5
            X509v3 Authority Key Identifier:
                keyid:C2:91:93:34:AD:2A:D5:36:16:C3:4F:EC:E9:6C:E2:92:30:F8:63:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/GeXsXGYacgDo76JSLUvujh0bfdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f040::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:3a:87:01:0a:9c:95:ab:6c:53:cc:a9:db:62:71:2b:73:3f:
         81:b5:1a:d1:d7:ed:61:78:8f:4d:6d:54:5b:8f:2a:2d:85:e0:
         3a:2f:da:bd:fe:d1:84:6d:15:9e:db:56:59:83:a0:c1:04:39:
         c5:b0:e4:39:ff:9e:42:13:8b:e1:55:1d:23:dd:df:ad:f2:40:
         89:fe:55:53:21:ff:06:93:ec:b6:f2:3d:14:d9:37:70:82:5c:
         71:5e:e5:58:85:c3:53:da:e6:3f:bc:ac:c5:09:e1:00:5b:21:
         92:1d:d1:4e:eb:d0:46:1c:67:52:9a:98:51:db:4a:6e:bb:dd:
         c9:66:8a:88:14:41:9a:51:16:3a:6e:cc:cf:5c:e3:22:0e:ac:
         a1:7e:dc:02:7a:c0:1c:01:63:55:61:1b:67:e3:46:3b:53:03:
         4c:31:7a:76:88:2f:43:62:6a:37:0e:29:58:c5:46:2c:1f:a9:
         6e:92:54:35:47:ad:46:16:ab:b7:ae:53:d9:c6:8f:e2:78:19:
         55:63:91:c6:29:0c:70:8a:c9:95:96:6c:0e:86:33:a9:97:9a:
         ae:18:28:14:f5:fe:75:df:39:c7:ce:62:cc:a9:4b:1a:04:a8:
         e5:f2:de:08:86:3f:c3:86:4f:46:52:0f:3d:45:99:fb:26:22:
         37:e5:99:b9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZc/ke5XwXO/zW1lrYzS1o8WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyOTE5MzM0YWQyYWQ1MzYxNmMzNGZlY2U5NmNlMjkyMzBm
ODYzNDkwHhcNMjUwNjA1MTAxMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWU1ZWM1YzY2MWE3MjAwZThlZmEyNTIyZDRiZWU4ZTFkMWI3ZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6oWM7EGzB+Da+g72N+nlug/jlzo/
dUbmy9SYIVelbQn33ke4TOuGundxj8XO1TugQeiJAfaDIsI3Jmfsg6Oosj5PCckh
U6I6mzPW1qTrynZ05CYKbC8MnVEAEifZJUxxZU6nqxoDzgrz4AulMW2CJXQMh2uc
VxwQoF9vDcwcKX7SO735CnQlY73ZmxNnyG8/c7jMN6LXaPMopIxfdc3cqKz+mhlb
BTwTZkGxYZ25fwaGnce1FgItl1s3fhhzshb+mBWKEroVeQHzJnQnl5rxvTfVC8Nk
p7YNSZNjojJ7D+UmDasuNJ60ZPvG7Y+Z8lyhYen57586CoAAnjYjLLFPBQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBnl7FxmGnIA6O+iUi1L7o4dG33VMB8GA1UdIwQY
MBaAFMKRkzStKtU2FsNP7Ols4pIw+GNJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3BHVE5LMHExVFlXdzBfczZXemlrakQ0WTBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi84OTRiZGMtMjhhNi00YzM2LWJhNDIt
MTY1MzE4OGQ4MTI2LzEvR2VYc1hHWWFjZ0RvNzZKU0xVdnVqaDBiZmRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi84OTRiZGMtMjhhNi00YzM2LWJhNDItMTY1MzE4OGQ4MTI2
LzEvd3BHVE5LMHExVFlXdzBfczZXemlrakQ0WTBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHwQDAN
BgkqhkiG9w0BAQsFAAOCAQEAlDqHAQqclatsU8yp22JxK3M/gbUa0dftYXiPTW1U
W48qLYXgOi/avf7RhG0VnttWWYOgwQQ5xbDkOf+eQhOL4VUdI93frfJAif5VUyH/
BpPstvI9FNk3cIJccV7lWIXDU9rmP7ysxQnhAFshkh3RTuvQRhxnUpqYUdtKbrvd
yWaKiBRBmlEWOm7Mz1zjIg6soX7cAnrAHAFjVWEbZ+NGO1MDTDF6dogvQ2JqNw4p
WMVGLB+pbpJUNUetRhart65T2caP4ngZVWORxikMcIrJlZZsDoYzqZearhgoFPX+
dd85x85izKlLGgSo5fLeCIY/w4ZPRlIPPUWZ+yYiN+WZuQ==
-----END CERTIFICATE-----