Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/1-lyX4JIsY34qoSsN-PTTYSxCYz0.roa
File:                     1-lyX4JIsY34qoSsN-PTTYSxCYz0.roa (raw, json)
Hash identifier:          6h3tZa9OQ8UDf48KQx4i86jA03XYZw8QmNFGA5NUQCA=
Subject key identifier:   FA:5C:97:E0:92:2C:63:7E:2A:A1:2B:0D:F8:F4:D3:61:2C:42:63:3D
Certificate issuer:       /CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Certificate serial:       019611974B51D19E219DEEB76D181131C629
Authority key identifier: CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/1-lyX4JIsY34qoSsN-PTTYSxCYz0.roa
Signing time:             Mon 07 Apr 2025 18:50:49 +0000
ROA not before:           Mon 07 Apr 2025 18:50:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206873
IP address blocks:        2a0a:c387::/32 maxlen: 32
                          2a11:5881::/32 maxlen: 32
                          2a11:8f81::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 20:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:11:97:4b:51:d1:9e:21:9d:ee:b7:6d:18:11:31:c6:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
        Validity
            Not Before: Apr  7 18:50:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa5c97e0922c637e2aa12b0df8f4d3612c42633d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ab:7f:20:02:be:11:40:08:1b:bb:60:82:7a:
                    fd:93:37:94:ea:0a:79:2f:23:5c:21:d6:c9:3b:be:
                    3d:a3:b8:f9:a9:5d:c4:7d:7f:11:11:2d:cc:dd:73:
                    54:46:5d:11:89:9c:7a:09:83:70:ee:20:bd:07:5b:
                    27:03:55:d9:3a:b1:c6:ca:1f:f6:c8:19:a3:7c:1c:
                    25:96:69:4e:25:3c:9e:57:96:78:3b:d3:25:c2:73:
                    e7:4c:8b:18:f8:72:9d:4a:ac:7b:68:3b:4c:68:06:
                    b0:b2:11:cf:b9:69:8a:62:fd:eb:80:c4:b3:e8:20:
                    4a:13:fb:ea:56:17:63:19:37:8d:c4:df:6d:35:23:
                    2a:1d:a8:7b:37:71:a7:8e:11:ff:46:d0:41:f1:57:
                    83:56:91:d4:03:3c:ad:5a:fe:01:4c:a9:b9:e5:48:
                    28:bb:19:8c:eb:df:5d:b7:81:a6:3b:d0:99:5c:c7:
                    a1:1c:ce:ac:70:b0:32:ca:10:e8:39:ed:79:cb:3d:
                    5c:99:5c:a2:1f:9a:bb:d1:69:9d:bb:3b:3d:84:01:
                    2e:f8:40:a7:e1:97:ab:7b:f4:d9:fb:c2:dd:48:85:
                    43:9a:54:54:cf:7b:9c:a2:06:d4:70:2e:7d:1f:fc:
                    24:ef:b1:17:d7:eb:97:6a:76:62:36:ee:28:0b:c9:
                    22:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:5C:97:E0:92:2C:63:7E:2A:A1:2B:0D:F8:F4:D3:61:2C:42:63:3D
            X509v3 Authority Key Identifier:
                keyid:CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/1-lyX4JIsY34qoSsN-PTTYSxCYz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:c387::/32
                  2a11:5881::/32
                  2a11:8f81::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:50:e9:12:05:a6:f8:65:f3:d3:ea:d5:20:90:1e:be:48:85:
         9a:f5:0e:91:5a:ef:a5:eb:5a:01:a5:70:fa:31:5a:f9:3b:b2:
         69:29:30:10:26:e0:a4:95:32:62:1c:dd:03:5f:f3:4e:67:c4:
         10:53:d3:3a:b0:32:df:ab:ad:76:d6:24:ec:81:c7:8f:e5:a1:
         80:47:f2:2e:cf:61:30:c1:9f:97:cd:69:5f:81:1f:9e:03:47:
         8c:fc:5a:5b:ce:95:48:21:53:35:31:bd:84:69:3a:92:53:e5:
         c3:c7:f0:50:b2:e7:10:85:b1:e5:aa:db:7f:97:11:29:95:21:
         67:1b:1f:54:2b:9b:b2:99:5f:0c:3c:a5:55:9b:a3:06:a5:79:
         f0:0e:84:95:9b:4b:ec:b6:1f:e7:50:f5:4b:94:60:94:37:fb:
         9a:80:73:1d:27:8e:98:70:19:29:f5:2f:f3:31:7d:7f:b2:8c:
         47:b9:0f:9c:e0:fe:b0:03:b1:ce:4b:71:f0:0c:1f:6a:96:f5:
         cb:57:54:7d:23:6f:2d:f9:b6:58:6f:af:57:d2:fb:e3:65:c0:
         c2:08:11:1a:0b:08:d6:81:ad:1b:aa:ca:be:b5:ad:5d:58:92:
         41:53:3a:b7:3c:25:b1:94:57:43:8d:d8:a7:f1:81:af:0f:e8:
         fe:a3:e8:19
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZYRl0tR0Z4hne63bRgRMcYpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWNjZDgzMGI3ZTAzMzA4YmY1Y2YyNWU2N2E3ZmMyYmRl
MDk1N2MwHhcNMjUwNDA3MTg1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTVjOTdlMDkyMmM2MzdlMmFhMTJiMGRmOGY0ZDM2MTJjNDI2MzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qt/IAK+EUAIG7tggnr9kzeU6gp5
LyNcIdbJO749o7j5qV3EfX8RES3M3XNURl0RiZx6CYNw7iC9B1snA1XZOrHGyh/2
yBmjfBwllmlOJTyeV5Z4O9MlwnPnTIsY+HKdSqx7aDtMaAawshHPuWmKYv3rgMSz
6CBKE/vqVhdjGTeNxN9tNSMqHah7N3GnjhH/RtBB8VeDVpHUAzytWv4BTKm55Ugo
uxmM699dt4GmO9CZXMehHM6scLAyyhDoOe15yz1cmVyiH5q70Wmduzs9hAEu+ECn
4Zere/TZ+8LdSIVDmlRUz3ucogbUcC59H/wk77EX1+uXanZiNu4oC8kiwQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPpcl+CSLGN+KqErDfj002EsQmM9MB8GA1UdIwQY
MBaAFMqczYMLfgMwi/XPJeZ6f8K94JV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQt
ZDFjZGUyNDY1Zjg5LzEvMS1seVg0SklzWTM0cW9Tc04tUFRUWVN4Q1l6MC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDMvYTY4ZjIxLTlmZjgtNGE0NC1hMzZkLWQxY2RlMjQ2NWY4
OS8xL3lwek5nd3QtQXpDTDljOGw1bnBfd3IzZ2xYdy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wGwQCAAIwFQMFACoKw4cD
BQAqEViBAwUAKhGPgTANBgkqhkiG9w0BAQsFAAOCAQEAl1DpEgWm+GXz0+rVIJAe
vkiFmvUOkVrvpetaAaVw+jFa+TuyaSkwECbgpJUyYhzdA1/zTmfEEFPTOrAy36ut
dtYk7IHHj+WhgEfyLs9hMMGfl81pX4EfngNHjPxaW86VSCFTNTG9hGk6klPlw8fw
ULLnEIWx5arbf5cRKZUhZxsfVCubsplfDDylVZujBqV58A6ElZtL7LYf51D1S5Rg
lDf7moBzHSeOmHAZKfUv8zF9f7KMR7kPnOD+sAOxzktx8Awfapb1y1dUfSNvLfm2
WG+vV9L742XAwggRGgsI1oGtG6rKvrWtXViSQVM6tzwlsZRXQ43Yp/GBrw/o/qPo
GQ==
-----END CERTIFICATE-----