Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/3841fe-dc49-4b9c-af9d-daa23ffb4cbf/1/KGtn_CGJ9WQ0fMr4tUY-3i93MNg.roa
File:                     KGtn_CGJ9WQ0fMr4tUY-3i93MNg.roa (raw, json)
Hash identifier:          03IEtTQfIrx28kdxnAxm3chhufsP9RPQAiqL8u3FBkA=
Subject key identifier:   28:6B:67:FC:21:89:F5:64:34:7C:CA:F8:B5:46:3E:DE:2F:77:30:D8
Certificate issuer:       /CN=20c6611fc85462f0bccac72f3df4c5351be510de
Certificate serial:       0198EC39BEEC41182214158B356634BDCD75
Authority key identifier: 20:C6:61:1F:C8:54:62:F0:BC:CA:C7:2F:3D:F4:C5:35:1B:E5:10:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IMZhH8hUYvC8yscvPfTFNRvlEN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/3841fe-dc49-4b9c-af9d-daa23ffb4cbf/1/KGtn_CGJ9WQ0fMr4tUY-3i93MNg.roa
Signing time:             Wed 27 Aug 2025 15:51:04 +0000
ROA not before:           Wed 27 Aug 2025 15:51:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47239
IP address blocks:        2a07:1bc0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/3841fe-dc49-4b9c-af9d-daa23ffb4cbf/1/IMZhH8hUYvC8yscvPfTFNRvlEN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/3841fe-dc49-4b9c-af9d-daa23ffb4cbf/1/IMZhH8hUYvC8yscvPfTFNRvlEN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IMZhH8hUYvC8yscvPfTFNRvlEN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ec:39:be:ec:41:18:22:14:15:8b:35:66:34:bd:cd:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20c6611fc85462f0bccac72f3df4c5351be510de
        Validity
            Not Before: Aug 27 15:51:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=286b67fc2189f564347ccaf8b5463ede2f7730d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:0f:12:c0:df:fa:e2:6d:da:df:38:4c:b7:af:
                    98:00:a4:3f:49:68:ef:12:06:52:f5:c5:44:c6:6c:
                    a0:d3:07:3d:d5:d3:04:0b:1a:53:2d:5d:e9:3f:5a:
                    4c:7e:0b:67:26:d7:8a:e6:b9:eb:b5:59:17:7c:f4:
                    7e:c0:5b:10:6b:26:dc:a1:a2:4c:88:30:42:96:3b:
                    b9:0f:a9:80:16:5d:76:c4:be:d8:f0:b1:df:d7:55:
                    02:e1:03:bd:9e:90:c2:65:2f:9c:a9:10:7f:76:03:
                    32:ec:92:5e:2e:e2:72:46:6f:08:7e:8f:78:c4:65:
                    ea:51:ea:a4:78:c2:26:b7:7d:d9:b4:1e:15:44:c4:
                    88:05:38:35:05:c6:80:49:3e:36:e6:5e:fa:d0:c2:
                    50:ad:38:1c:a4:08:46:62:ba:0a:a3:57:ed:32:06:
                    a0:0c:9e:c6:a5:60:c6:56:a7:55:66:48:84:bf:42:
                    9a:c9:ea:02:16:05:a7:4b:02:36:ed:05:bd:b4:89:
                    8d:18:9a:94:3d:3e:74:15:30:df:ba:91:f0:23:7f:
                    03:f9:89:f6:b2:19:18:73:3d:a7:27:86:fb:ff:5a:
                    33:6a:81:5e:ac:19:e2:2b:d0:22:ff:3d:f1:43:1b:
                    e4:1b:5a:c8:ee:b9:61:2d:60:a8:bc:57:b3:94:5f:
                    7b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:6B:67:FC:21:89:F5:64:34:7C:CA:F8:B5:46:3E:DE:2F:77:30:D8
            X509v3 Authority Key Identifier:
                keyid:20:C6:61:1F:C8:54:62:F0:BC:CA:C7:2F:3D:F4:C5:35:1B:E5:10:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IMZhH8hUYvC8yscvPfTFNRvlEN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/3841fe-dc49-4b9c-af9d-daa23ffb4cbf/1/KGtn_CGJ9WQ0fMr4tUY-3i93MNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/3841fe-dc49-4b9c-af9d-daa23ffb4cbf/1/IMZhH8hUYvC8yscvPfTFNRvlEN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:1bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:de:51:8e:88:d2:c0:db:96:40:2a:e9:01:3f:59:9b:a2:3f:
         08:3a:13:c9:35:c2:2d:7b:0e:43:5d:55:7e:66:59:70:b1:57:
         5b:e0:d5:ae:cd:ac:b5:0e:0f:70:c8:41:38:f2:8a:83:c1:d2:
         a8:92:da:a3:dc:ec:ad:e1:df:96:74:8f:bb:12:d3:96:a8:05:
         e4:4d:d9:e3:db:5b:50:aa:62:7f:77:03:47:17:a7:cc:94:d3:
         f2:70:21:23:93:fb:d2:40:b3:07:f2:e8:d8:30:64:ee:15:17:
         c3:4e:20:33:df:db:23:c6:df:5d:0f:c1:58:8b:ef:a1:09:6d:
         a5:4b:bd:a3:9c:b9:11:3d:aa:46:68:bb:70:77:ed:a0:ff:05:
         21:4a:b0:fc:5d:2b:20:3a:68:30:f2:92:07:63:e4:a1:69:66:
         91:47:7a:c9:a8:e1:0f:aa:b3:c8:c5:4c:45:1f:8f:69:d6:89:
         dc:13:34:c7:e6:04:d6:43:23:d0:4f:67:07:94:79:a1:63:91:
         20:72:4b:0b:33:54:db:e0:00:68:9b:36:3e:28:5e:c3:d5:5b:
         5c:9b:9d:d7:97:a6:20:4f:92:db:e6:32:61:fd:2a:63:24:76:
         d1:5b:0c:9e:cb:da:10:ee:7e:8b:c3:e4:21:03:a4:63:2d:cb:
         6a:88:08:55
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZjsOb7sQRgiFBWLNWY0vc11MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYzY2MTFmYzg1NDYyZjBiY2NhYzcyZjNkZjRjNTM1MWJl
NTEwZGUwHhcNMjUwODI3MTU1MTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODZiNjdmYzIxODlmNTY0MzQ3Y2NhZjhiNTQ2M2VkZTJmNzczMGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhw8SwN/64m3a3zhMt6+YAKQ/SWjv
EgZS9cVExmyg0wc91dMECxpTLV3pP1pMfgtnJteK5rnrtVkXfPR+wFsQaybcoaJM
iDBClju5D6mAFl12xL7Y8LHf11UC4QO9npDCZS+cqRB/dgMy7JJeLuJyRm8Ifo94
xGXqUeqkeMImt33ZtB4VRMSIBTg1BcaAST425l760MJQrTgcpAhGYroKo1ftMgag
DJ7GpWDGVqdVZkiEv0KayeoCFgWnSwI27QW9tImNGJqUPT50FTDfupHwI38D+Yn2
shkYcz2nJ4b7/1ozaoFerBniK9Ai/z3xQxvkG1rI7rlhLWCovFezlF97twIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFChrZ/whifVkNHzK+LVGPt4vdzDYMB8GA1UdIwQY
MBaAFCDGYR/IVGLwvMrHLz30xTUb5RDeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU1aaEg4aFVZdkM4eXNjdlBmVEZOUnZsRU40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8zODQxZmUtZGM0OS00YjljLWFmOWQt
ZGFhMjNmZmI0Y2JmLzEvS0d0bl9DR0o5V1EwZk1yNHRVWS0zaTkzTU5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8zODQxZmUtZGM0OS00YjljLWFmOWQtZGFhMjNmZmI0Y2Jm
LzEvSU1aaEg4aFVZdkM4eXNjdlBmVEZOUnZsRU40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgcbwDAN
BgkqhkiG9w0BAQsFAAOCAQEAYt5RjojSwNuWQCrpAT9Zm6I/CDoTyTXCLXsOQ11V
fmZZcLFXW+DVrs2stQ4PcMhBOPKKg8HSqJLao9zsreHflnSPuxLTlqgF5E3Z49tb
UKpif3cDRxenzJTT8nAhI5P70kCzB/Lo2DBk7hUXw04gM9/bI8bfXQ/BWIvvoQlt
pUu9o5y5ET2qRmi7cHftoP8FIUqw/F0rIDpoMPKSB2PkoWlmkUd6yajhD6qzyMVM
RR+PadaJ3BM0x+YE1kMj0E9nB5R5oWORIHJLCzNU2+AAaJs2Pihew9VbXJud15em
IE+S2+YyYf0qYyR20VsMnsvaEO5+i8PkIQOkYy3LaogIVQ==
-----END CERTIFICATE-----