Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/n2YS8yp1tJWHJMlag5Z5onYqUSk.roa
File:                     n2YS8yp1tJWHJMlag5Z5onYqUSk.roa (raw, json)
Hash identifier:          9602pVv+wVFMR3fK8ulsFo7aN8W3oYT8p4SoPts899E=
Subject key identifier:   9F:66:12:F3:2A:75:B4:95:87:24:C9:5A:83:96:79:A2:76:2A:51:29
Certificate issuer:       /CN=304e59a223f4bcb823492fb1096c3a82310c03da
Certificate serial:       01990A275FB8077EAC9205E158FD63A04A4B
Authority key identifier: 30:4E:59:A2:23:F4:BC:B8:23:49:2F:B1:09:6C:3A:82:31:0C:03:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/n2YS8yp1tJWHJMlag5Z5onYqUSk.roa
Signing time:             Tue 02 Sep 2025 11:19:36 +0000
ROA not before:           Tue 02 Sep 2025 11:19:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204418
IP address blocks:        2a06:8a01::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0a:27:5f:b8:07:7e:ac:92:05:e1:58:fd:63:a0:4a:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=304e59a223f4bcb823492fb1096c3a82310c03da
        Validity
            Not Before: Sep  2 11:19:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f6612f32a75b4958724c95a839679a2762a5129
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:77:39:2e:7d:ee:6a:1a:e7:44:73:6d:77:c8:
                    8a:89:83:26:43:5f:eb:48:a1:d3:76:9a:c5:f1:02:
                    f5:00:19:3d:69:4a:77:35:77:0e:35:85:9f:48:53:
                    c0:35:ca:85:b1:7c:f1:69:55:e2:15:5e:a5:6c:61:
                    4f:a6:2d:92:c7:d4:3a:1a:16:22:7f:59:c5:00:b7:
                    b9:59:01:13:f7:a5:1f:ca:d6:8e:e2:49:21:8a:2d:
                    93:c2:44:27:c1:81:fe:d6:f4:5d:fd:d7:fe:aa:ad:
                    b8:66:31:e5:de:9b:dd:19:f1:5a:c6:1b:f2:a7:24:
                    16:fd:8f:46:21:63:d4:29:6f:82:c6:62:29:6a:7c:
                    34:9f:7d:b6:3a:9b:90:5f:d1:80:99:f8:b8:e4:ad:
                    0c:3a:82:72:5e:88:c9:1a:ee:74:60:72:4b:8a:87:
                    90:77:d5:1d:21:0a:06:dc:6e:63:b2:c1:53:09:13:
                    1b:d0:ae:58:cc:fb:2e:3f:e0:72:2e:9e:00:84:2f:
                    e5:57:a4:78:5f:23:ec:35:12:da:4e:ff:ff:22:3c:
                    c4:d4:d6:47:62:63:cd:1f:4c:57:f2:f1:f1:85:1c:
                    0f:85:f0:f1:02:dc:06:50:f9:db:65:34:c0:d1:1d:
                    a3:36:28:f4:43:41:6c:12:79:de:18:ed:fd:4c:d5:
                    51:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:66:12:F3:2A:75:B4:95:87:24:C9:5A:83:96:79:A2:76:2A:51:29
            X509v3 Authority Key Identifier:
                keyid:30:4E:59:A2:23:F4:BC:B8:23:49:2F:B1:09:6C:3A:82:31:0C:03:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/n2YS8yp1tJWHJMlag5Z5onYqUSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:8a01::/32

    Signature Algorithm: sha256WithRSAEncryption
         a2:63:f9:7b:57:f4:25:ca:05:5f:5a:7d:70:b7:92:ed:c7:9a:
         a9:6e:a0:d5:2b:ea:98:2f:0c:8a:75:52:68:27:0e:e3:eb:34:
         b3:5d:53:c8:89:0b:88:5c:0f:12:e1:72:2f:9e:a1:d2:f1:88:
         a9:36:ba:10:ed:ba:f5:58:ce:06:f2:6c:4c:0d:83:ad:c1:cd:
         80:fc:00:7b:51:88:e1:12:5b:09:50:28:61:4a:f9:54:04:d6:
         28:bf:d4:13:7a:25:cc:b1:95:97:29:13:63:ea:fe:83:a5:89:
         65:37:ca:28:b0:42:f9:37:a3:bf:23:fb:79:6b:3f:15:6c:17:
         9c:68:21:66:85:a0:d7:fb:bb:c2:17:83:70:94:a1:42:61:65:
         c9:38:21:78:3b:45:8b:5e:a1:ec:c5:62:ec:97:64:ed:2d:47:
         8e:17:39:4c:7c:61:84:8a:c0:87:77:7f:36:a9:a8:5b:8c:3f:
         da:96:98:89:61:da:6e:43:89:76:87:dc:2e:d3:d5:1d:cc:87:
         fc:9d:a4:06:8b:18:24:02:73:c8:dd:96:37:67:e6:06:3b:93:
         53:63:ee:e3:d1:11:31:0f:63:49:9c:98:c1:ae:19:6d:1f:9f:
         1c:02:c5:bd:d0:e1:8e:04:4d:ed:2e:ac:ec:d1:a8:91:7b:bc:
         f6:44:ee:d1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZkKJ1+4B36skgXhWP1joEpLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNGU1OWEyMjNmNGJjYjgyMzQ5MmZiMTA5NmMzYTgyMzEw
YzAzZGEwHhcNMjUwOTAyMTExOTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjY2MTJmMzJhNzViNDk1ODcyNGM5NWE4Mzk2NzlhMjc2MmE1MTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXc5Ln3uahrnRHNtd8iKiYMmQ1/r
SKHTdprF8QL1ABk9aUp3NXcONYWfSFPANcqFsXzxaVXiFV6lbGFPpi2Sx9Q6GhYi
f1nFALe5WQET96UfytaO4kkhii2TwkQnwYH+1vRd/df+qq24ZjHl3pvdGfFaxhvy
pyQW/Y9GIWPUKW+CxmIpanw0n322OpuQX9GAmfi45K0MOoJyXojJGu50YHJLioeQ
d9UdIQoG3G5jssFTCRMb0K5YzPsuP+ByLp4AhC/lV6R4XyPsNRLaTv//IjzE1NZH
YmPNH0xX8vHxhRwPhfDxAtwGUPnbZTTA0R2jNij0Q0FsEnneGO39TNVRQQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ9mEvMqdbSVhyTJWoOWeaJ2KlEpMB8GA1UdIwQY
MBaAFDBOWaIj9Ly4I0kvsQlsOoIxDAPaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUU1Wm9pUDB2TGdqU1MteENXdzZnakVNQTlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9mNTM2Y2QtOTQzZi00NTU0LTlmMTct
MzQ0Y2M1MDJmMWJkLzEvbjJZUzh5cDF0SldISk1sYWc1WjVvbllxVVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9mNTM2Y2QtOTQzZi00NTU0LTlmMTctMzQ0Y2M1MDJmMWJk
LzEvTUU1Wm9pUDB2TGdqU1MteENXdzZnakVNQTlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgaKATAN
BgkqhkiG9w0BAQsFAAOCAQEAomP5e1f0JcoFX1p9cLeS7ceaqW6g1SvqmC8MinVS
aCcO4+s0s11TyIkLiFwPEuFyL56h0vGIqTa6EO269VjOBvJsTA2DrcHNgPwAe1GI
4RJbCVAoYUr5VATWKL/UE3olzLGVlykTY+r+g6WJZTfKKLBC+TejvyP7eWs/FWwX
nGghZoWg1/u7wheDcJShQmFlyTgheDtFi16h7MVi7Jdk7S1Hjhc5THxhhIrAh3d/
NqmoW4w/2paYiWHabkOJdofcLtPVHcyH/J2kBosYJAJzyN2WN2fmBjuTU2Pu49ER
MQ9jSZyYwa4ZbR+fHALFvdDhjgRN7S6s7NGokXu89kTu0Q==
-----END CERTIFICATE-----