Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/ex4DOvPDqM0MHcX4072QFI1J-dg.roa
File:                     ex4DOvPDqM0MHcX4072QFI1J-dg.roa (raw, json)
Hash identifier:          hb9HDZK32mlayqYDJJsNMIHQYLFqVQuuMQ9e8DihaX0=
Subject key identifier:   7B:1E:03:3A:F3:C3:A8:CD:0C:1D:C5:F8:D3:BD:90:14:8D:49:F9:D8
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       01992BBDD0A68296E182332BBFCB4E8302A4
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/ex4DOvPDqM0MHcX4072QFI1J-dg.roa
Signing time:             Mon 08 Sep 2025 23:51:23 +0000
ROA not before:           Mon 08 Sep 2025 23:51:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:e281:a200::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 08:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2b:bd:d0:a6:82:96:e1:82:33:2b:bf:cb:4e:83:02:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Sep  8 23:51:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b1e033af3c3a8cd0c1dc5f8d3bd90148d49f9d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d0:ba:b9:96:00:88:d7:91:3b:3e:25:3a:87:
                    72:16:f3:63:9a:27:0f:7b:a6:f6:ec:a5:62:ea:36:
                    56:b9:3e:6f:7d:ca:0c:9d:53:55:26:f6:6b:9d:17:
                    90:82:6c:80:ab:52:34:35:50:9b:79:72:02:42:6a:
                    2b:05:9c:10:a3:9d:21:32:be:f3:2f:63:ad:92:7d:
                    36:62:97:c8:33:96:12:2c:a8:e0:cd:d3:6e:8d:e4:
                    bb:68:b7:4f:ce:fa:76:62:bb:4b:49:59:86:f4:05:
                    16:e3:c3:35:3e:a7:b6:4b:7d:02:a3:34:26:86:c3:
                    e2:39:38:fd:33:44:67:83:28:4b:3a:bb:02:4a:1e:
                    fe:23:39:e9:8d:b9:9e:25:2c:31:f9:68:03:ec:2a:
                    65:50:ad:fa:ca:9e:0b:e8:dd:be:44:7a:30:a1:c1:
                    8d:a3:f2:c0:7c:03:68:64:46:6b:04:8d:e9:97:9b:
                    9b:cc:5a:3c:63:4e:4b:95:ee:31:8a:a3:b4:f8:fa:
                    37:a3:07:06:51:bd:86:e3:5f:46:7b:be:5e:f7:a6:
                    78:da:14:99:e7:7f:46:50:fe:51:dd:29:18:b5:21:
                    c9:42:6f:d2:52:0a:9a:83:74:c1:ae:20:74:84:79:
                    17:48:f0:4f:73:11:d2:bc:86:32:91:da:25:9b:67:
                    a1:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:1E:03:3A:F3:C3:A8:CD:0C:1D:C5:F8:D3:BD:90:14:8D:49:F9:D8
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/ex4DOvPDqM0MHcX4072QFI1J-dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e281:a200::/40

    Signature Algorithm: sha256WithRSAEncryption
         a5:12:91:8a:15:98:66:94:34:ae:b4:d3:69:49:91:9a:7d:a4:
         1e:86:b3:5a:34:98:14:38:4f:22:7b:9a:18:d3:9c:bb:c3:43:
         28:3d:20:c4:a3:83:80:21:e8:cb:58:b0:b0:5a:da:51:e9:c7:
         28:9c:92:9a:68:83:a0:b6:47:a5:f6:c8:ee:9e:ab:13:97:65:
         ef:aa:07:41:a2:d5:da:4b:31:90:16:41:91:d6:1b:1f:00:33:
         36:65:86:dd:89:cb:7f:af:3e:f5:a8:7e:87:b9:31:6c:bc:5f:
         b2:b1:60:78:eb:61:5b:19:61:ab:bf:f7:bf:37:29:49:bd:ac:
         0d:3d:d3:2f:9a:25:bb:11:17:48:e2:85:a9:a9:fb:50:fb:ea:
         34:a4:5b:fd:13:e4:e1:ea:8d:c3:2d:d3:55:ff:e5:a5:13:6d:
         80:24:a2:00:f9:c4:f9:c7:bf:62:f8:bd:dc:41:38:d2:14:82:
         3e:16:93:d8:4b:8d:3c:b9:52:68:cf:08:87:66:a2:b5:b7:65:
         d3:3f:ad:ba:4d:b1:ff:1e:31:13:24:e8:9d:f4:db:70:84:bc:
         04:51:87:2c:ca:6f:3f:a5:d7:66:95:36:72:a3:ee:90:de:fe:
         8f:b8:4a:25:0a:74:14:09:c3:4b:9c:48:bc:9a:2d:8e:75:fa:
         f9:36:d9:62
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZkrvdCmgpbhgjMrv8tOgwKkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjUwOTA4MjM1MTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjFlMDMzYWYzYzNhOGNkMGMxZGM1ZjhkM2JkOTAxNDhkNDlmOWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNC6uZYAiNeROz4lOodyFvNjmicP
e6b27KVi6jZWuT5vfcoMnVNVJvZrnReQgmyAq1I0NVCbeXICQmorBZwQo50hMr7z
L2Otkn02YpfIM5YSLKjgzdNujeS7aLdPzvp2YrtLSVmG9AUW48M1Pqe2S30CozQm
hsPiOTj9M0RngyhLOrsCSh7+IznpjbmeJSwx+WgD7CplUK36yp4L6N2+RHowocGN
o/LAfANoZEZrBI3pl5ubzFo8Y05Lle4xiqO0+Po3owcGUb2G419Ge75e96Z42hSZ
539GUP5R3SkYtSHJQm/SUgqag3TBriB0hHkXSPBPcxHSvIYykdolm2ehWwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHseAzrzw6jNDB3F+NO9kBSNSfnYMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvZXg0RE92UERxTTBNSGNYNDA3MlFGSTFKLWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgHigaIw
DQYJKoZIhvcNAQELBQADggEBAKUSkYoVmGaUNK6002lJkZp9pB6Gs1o0mBQ4TyJ7
mhjTnLvDQyg9IMSjg4Ah6MtYsLBa2lHpxyickppog6C2R6X2yO6eqxOXZe+qB0Gi
1dpLMZAWQZHWGx8AMzZlht2Jy3+vPvWofoe5MWy8X7KxYHjrYVsZYau/9783KUm9
rA090y+aJbsRF0jihamp+1D76jSkW/0T5OHqjcMt01X/5aUTbYAkogD5xPnHv2L4
vdxBONIUgj4Wk9hLjTy5UmjPCIdmorW3ZdM/rbpNsf8eMRMk6J3023CEvARRhyzK
bz+l12aVNnKj7pDe/o+4SiUKdBQJw0ucSLyaLY51+vk22WI=
-----END CERTIFICATE-----