Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/KIcKUhtodUhmesQcw4UOrgje-VM.roa
File:                     KIcKUhtodUhmesQcw4UOrgje-VM.roa (raw, json)
Hash identifier:          ZjtXxzfOCPus9MATQw2KmYmGCHHWM6Ux5YwzOydVNao=
Subject key identifier:   28:87:0A:52:1B:68:75:48:66:7A:C4:1C:C3:85:0E:AE:08:DE:F9:53
Certificate issuer:       /CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
Certificate serial:       0198C38F49E5F2C8CCC4F29AF889EB6F08BA
Authority key identifier: 95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/KIcKUhtodUhmesQcw4UOrgje-VM.roa
Signing time:             Tue 19 Aug 2025 18:20:04 +0000
ROA not before:           Tue 19 Aug 2025 18:20:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13213
IP address blocks:        2a03:efc0:5800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/lQLYuCacawf4FKzwx-1ymz9LWYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/lQLYuCacawf4FKzwx-1ymz9LWYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 06:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c3:8f:49:e5:f2:c8:cc:c4:f2:9a:f8:89:eb:6f:08:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
        Validity
            Not Before: Aug 19 18:20:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28870a521b687548667ac41cc3850eae08def953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:8d:75:bd:41:81:d2:af:98:77:82:59:2e:4a:
                    83:44:83:25:37:5b:ed:1b:bf:55:91:a1:d9:d8:48:
                    c2:1c:7f:8b:f6:73:ea:67:66:6d:3f:de:b4:71:74:
                    54:ac:b3:f7:e2:77:40:a5:55:16:af:7d:27:8c:5b:
                    0b:28:3c:40:e0:a8:f2:55:0f:be:9a:ec:3c:7f:8f:
                    ec:40:d3:17:b3:d1:55:bf:38:2f:96:ef:a3:b3:c5:
                    2c:4b:17:57:0f:72:0d:c6:23:d5:32:3f:b6:94:d6:
                    db:11:48:c8:9b:dd:c0:b9:1e:95:e8:d5:fb:fd:95:
                    f5:ce:62:6f:c7:13:e2:df:2c:9e:d0:74:7c:c3:91:
                    d8:00:10:d8:90:be:62:40:17:e8:c0:00:fa:6c:a5:
                    ec:02:d8:96:4e:2e:6d:a4:44:97:12:cf:1f:95:c2:
                    44:b3:dc:17:2a:59:17:e9:54:77:d8:92:aa:9d:a7:
                    bc:3e:ee:bc:5c:82:47:82:d0:c6:a0:21:b0:a4:8c:
                    bf:c8:b8:aa:9c:42:35:e0:5a:09:fc:35:8d:88:73:
                    87:a1:4f:ee:d3:41:f5:e5:d4:ab:92:14:d8:00:14:
                    87:4a:cd:21:46:74:75:40:5e:2a:83:f8:f7:4f:cf:
                    32:88:37:43:11:21:44:85:e9:13:8c:10:40:a1:58:
                    b4:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:87:0A:52:1B:68:75:48:66:7A:C4:1C:C3:85:0E:AE:08:DE:F9:53
            X509v3 Authority Key Identifier:
                keyid:95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/KIcKUhtodUhmesQcw4UOrgje-VM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/lQLYuCacawf4FKzwx-1ymz9LWYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:efc0:5800::/40

    Signature Algorithm: sha256WithRSAEncryption
         5e:d7:24:17:28:56:d4:be:aa:40:eb:56:d8:8c:1f:90:7d:a3:
         2c:48:9e:ed:a5:0f:28:3c:1f:d5:98:0a:f6:91:2b:c3:96:9f:
         e8:b3:3e:22:ba:2e:2b:a9:de:26:8b:bb:a6:2f:2d:5a:f8:41:
         d3:73:28:3e:7a:11:20:dc:9c:3b:07:a4:a7:d5:0e:03:77:10:
         a2:1e:ad:cb:8e:62:78:c7:a3:22:1c:ef:75:96:58:45:4c:da:
         f6:42:62:14:33:09:af:a5:74:6c:39:e0:f0:35:91:ba:16:d1:
         83:1c:ea:df:29:68:4d:bf:6a:c5:24:36:b8:17:dd:22:43:a1:
         b4:29:80:2b:e7:cf:67:74:01:ac:94:d5:e7:5c:2e:44:ba:e1:
         17:4d:c4:29:f0:7e:48:0e:45:f2:a9:9c:7b:87:78:f1:1e:34:
         b5:f2:bb:f8:5d:c2:79:a1:dd:f0:3f:b9:43:6e:10:2f:11:94:
         06:86:b7:8a:3e:ff:65:f7:52:4c:df:36:3f:18:27:2a:99:c3:
         23:3d:a3:b0:0a:0e:8e:c6:d9:a8:98:bf:9a:4d:ea:79:29:13:
         61:9e:cf:af:23:a8:29:54:65:e5:c9:21:6e:33:14:be:14:fb:
         99:87:28:09:86:38:64:71:e8:db:71:12:fc:30:c1:81:81:0f:
         76:20:fe:58
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZjDj0nl8sjMxPKa+Inrbwi6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MDJkOGI4MjY5YzZiMDdmODE0YWNmMGM3ZWQ3MjliM2Y0
YjU5ODQwHhcNMjUwODE5MTgyMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODg3MGE1MjFiNjg3NTQ4NjY3YWM0MWNjMzg1MGVhZTA4ZGVmOTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0o11vUGB0q+Yd4JZLkqDRIMlN1vt
G79VkaHZ2EjCHH+L9nPqZ2ZtP960cXRUrLP34ndApVUWr30njFsLKDxA4KjyVQ++
muw8f4/sQNMXs9FVvzgvlu+js8UsSxdXD3INxiPVMj+2lNbbEUjIm93AuR6V6NX7
/ZX1zmJvxxPi3yye0HR8w5HYABDYkL5iQBfowAD6bKXsAtiWTi5tpESXEs8flcJE
s9wXKlkX6VR32JKqnae8Pu68XIJHgtDGoCGwpIy/yLiqnEI14FoJ/DWNiHOHoU/u
00H15dSrkhTYABSHSs0hRnR1QF4qg/j3T88yiDdDESFEhekTjBBAoVi0swIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCiHClIbaHVIZnrEHMOFDq4I3vlTMB8GA1UdIwQY
MBaAFJUC2LgmnGsH+BSs8Mftcps/S1mEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYt
MDFiOGJiNmFkOTBhLzEvS0ljS1VodG9kVWhtZXNRY3c0VU9yZ2plLVZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYtMDFiOGJiNmFkOTBh
LzEvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgPvwFgw
DQYJKoZIhvcNAQELBQADggEBAF7XJBcoVtS+qkDrVtiMH5B9oyxInu2lDyg8H9WY
CvaRK8OWn+izPiK6Liup3iaLu6YvLVr4QdNzKD56ESDcnDsHpKfVDgN3EKIercuO
YnjHoyIc73WWWEVM2vZCYhQzCa+ldGw54PA1kboW0YMc6t8paE2/asUkNrgX3SJD
obQpgCvnz2d0AayU1edcLkS64RdNxCnwfkgORfKpnHuHePEeNLXyu/hdwnmh3fA/
uUNuEC8RlAaGt4o+/2X3UkzfNj8YJyqZwyM9o7AKDo7G2aiYv5pN6nkpE2Gez68j
qClUZeXJIW4zFL4U+5mHKAmGOGRx6NtxEvwwwYGBD3Yg/lg=
-----END CERTIFICATE-----