Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/c058vaKW2q2SEgN7MTDBlii74TU.roa
File:                     c058vaKW2q2SEgN7MTDBlii74TU.roa (raw, json)
Hash identifier:          qkSWGzegQ9qv/uY6suBAC1ezFokcpt8Kro9INhY4sGc=
Subject key identifier:   73:4E:7C:BD:A2:96:DA:AD:92:12:03:7B:31:30:C1:96:28:BB:E1:35
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       01992CB158A24F8029CECAF34DCBB173ABC4
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/c058vaKW2q2SEgN7MTDBlii74TU.roa
Signing time:             Tue 09 Sep 2025 04:17:24 +0000
ROA not before:           Tue 09 Sep 2025 04:17:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39335
IP address blocks:        2a0b:6b86:1200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Sep 2025 17:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2c:b1:58:a2:4f:80:29:ce:ca:f3:4d:cb:b1:73:ab:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Sep  9 04:17:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=734e7cbda296daad9212037b3130c19628bbe135
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ef:8d:7d:5d:43:37:00:65:a2:14:d0:70:42:
                    f9:2e:33:f6:db:9f:9d:25:c7:ad:35:91:88:c9:2f:
                    c8:f8:51:8f:05:c1:20:5d:c2:27:07:f2:5f:6d:ba:
                    ea:14:dd:13:b6:b5:d3:09:2a:d6:82:36:05:c3:2e:
                    99:79:f7:4e:8e:14:c6:a7:7a:0b:3b:b3:0e:b8:d3:
                    73:c6:da:9a:4a:20:9c:4b:04:8b:bb:b5:be:fe:92:
                    34:67:2f:96:0d:4f:ef:5f:ca:81:6c:58:24:43:0a:
                    6f:4b:c6:7e:f5:03:5f:6b:d1:3f:8f:10:a0:00:01:
                    c3:1d:47:6d:8a:c3:d1:87:07:bd:6d:1a:c4:39:bb:
                    05:cc:6f:c4:cb:f6:ac:70:99:d4:d5:dc:ed:37:35:
                    d2:21:9c:83:5c:7b:53:a4:04:8e:34:ff:57:5d:ba:
                    4d:b6:e0:6a:95:e1:d2:6a:01:8e:4b:97:a0:b6:2f:
                    8c:2e:40:7d:96:01:29:ac:cf:7a:b5:8b:cf:7c:16:
                    c2:30:9e:4c:a6:fe:cd:b3:ef:93:78:f3:01:ed:46:
                    05:10:f3:87:72:97:62:fd:06:5e:e7:2c:36:c9:40:
                    4a:62:3b:0a:f3:75:ea:b5:72:e0:b0:18:5e:81:f2:
                    21:aa:c0:47:39:f9:ec:4c:fc:82:5c:27:99:4e:40:
                    e0:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:4E:7C:BD:A2:96:DA:AD:92:12:03:7B:31:30:C1:96:28:BB:E1:35
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/c058vaKW2q2SEgN7MTDBlii74TU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:1200::/40

    Signature Algorithm: sha256WithRSAEncryption
         cc:d3:69:1a:49:72:0c:d1:0a:c8:1f:3c:b6:11:8a:35:06:71:
         ac:bd:60:d2:f8:18:77:07:27:ad:3b:dc:4d:e2:ab:ea:a0:bb:
         81:94:39:43:3d:3b:c7:c7:32:d4:40:58:64:fd:17:52:51:6b:
         27:bf:84:86:8e:a5:2d:10:2d:c5:21:99:97:8c:49:39:0e:1e:
         cf:5a:55:ef:07:50:e5:d4:69:77:1e:85:6e:d4:fc:78:02:6c:
         73:33:96:41:40:ba:1e:33:04:eb:85:87:eb:cb:5a:ae:a7:56:
         27:49:6f:59:b2:9e:d8:58:bc:a2:d3:0f:04:e2:c2:c5:32:89:
         68:71:96:f8:21:2a:92:86:9a:fa:67:bd:32:10:26:47:dc:63:
         10:e0:4c:7e:5e:15:5d:a0:8b:fa:bd:ef:f0:ac:98:6e:b7:c4:
         f6:92:f0:70:8f:1f:c3:b1:ff:09:d5:92:53:c2:8a:60:f7:1b:
         5f:24:49:82:31:9e:29:d9:85:c1:84:9a:f1:e2:af:67:6a:1f:
         56:38:18:3b:a2:26:23:8c:14:ae:37:7e:71:a3:87:38:2e:16:
         27:91:3f:6a:b2:7f:9f:30:34:0c:77:2c:4c:13:1c:7c:b7:42:
         c5:16:c1:fa:40:b9:23:fe:26:4c:6e:dd:9d:8c:fa:f8:fd:f6:
         94:f3:55:84
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZkssViiT4ApzsrzTcuxc6vEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjUwOTA5MDQxNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzRlN2NiZGEyOTZkYWFkOTIxMjAzN2IzMTMwYzE5NjI4YmJlMTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt++NfV1DNwBlohTQcEL5LjP225+d
JcetNZGIyS/I+FGPBcEgXcInB/JfbbrqFN0TtrXTCSrWgjYFwy6ZefdOjhTGp3oL
O7MOuNNzxtqaSiCcSwSLu7W+/pI0Zy+WDU/vX8qBbFgkQwpvS8Z+9QNfa9E/jxCg
AAHDHUdtisPRhwe9bRrEObsFzG/Ey/ascJnU1dztNzXSIZyDXHtTpASONP9XXbpN
tuBqleHSagGOS5egti+MLkB9lgEprM96tYvPfBbCMJ5Mpv7Ns++TePMB7UYFEPOH
cpdi/QZe5yw2yUBKYjsK83XqtXLgsBhegfIhqsBHOfnsTPyCXCeZTkDgnwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHNOfL2iltqtkhIDezEwwZYou+E1MB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvYzA1OHZhS1cycTJTRWdON01UREJsaWk3NFRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhhIw
DQYJKoZIhvcNAQELBQADggEBAMzTaRpJcgzRCsgfPLYRijUGcay9YNL4GHcHJ607
3E3iq+qgu4GUOUM9O8fHMtRAWGT9F1JRaye/hIaOpS0QLcUhmZeMSTkOHs9aVe8H
UOXUaXcehW7U/HgCbHMzlkFAuh4zBOuFh+vLWq6nVidJb1mynthYvKLTDwTiwsUy
iWhxlvghKpKGmvpnvTIQJkfcYxDgTH5eFV2gi/q97/CsmG63xPaS8HCPH8Ox/wnV
klPCimD3G18kSYIxninZhcGEmvHir2dqH1Y4GDuiJiOMFK43fnGjhzguFieRP2qy
f58wNAx3LEwTHHy3QsUWwfpAuSP+Jkxu3Z2M+vj99pTzVYQ=
-----END CERTIFICATE-----