Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/04KCLm--9za3MwjcZovBV5MAsL4.roa
File:                     04KCLm--9za3MwjcZovBV5MAsL4.roa (raw, json)
Hash identifier:          bwrl0NNRWWWbqvvR9nUL3EtLFx6n2S969Soq1XaC/yI=
Subject key identifier:   D3:82:82:2E:6F:BE:F7:36:B7:33:08:DC:66:8B:C1:57:93:00:B0:BE
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       0196F384A37932EACD79E9F9BDB9740D4307
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/04KCLm--9za3MwjcZovBV5MAsL4.roa
Signing time:             Wed 21 May 2025 15:44:38 +0000
ROA not before:           Wed 21 May 2025 15:44:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212112
IP address blocks:        2a01:ecc0:600::/42 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f3:84:a3:79:32:ea:cd:79:e9:f9:bd:b9:74:0d:43:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: May 21 15:44:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d382822e6fbef736b73308dc668bc1579300b0be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2e:d6:66:c2:46:c7:43:15:a7:49:30:5c:fe:
                    19:5d:2e:98:a9:1e:39:9a:f1:f6:18:19:0c:a8:11:
                    1e:b1:63:ab:a3:35:b8:88:6a:b2:d7:99:7a:19:3d:
                    ff:46:26:12:a2:44:c2:29:88:c0:89:ec:d5:9f:86:
                    39:56:bb:c0:75:cf:1e:b3:61:ad:b6:a6:f5:c8:91:
                    06:17:ae:35:2a:90:4d:e8:74:31:ff:e2:00:3b:58:
                    7e:96:f2:02:6e:62:15:67:ba:52:2a:5a:78:80:d3:
                    ac:b5:4f:7d:87:fc:aa:dd:1b:b2:b8:59:34:46:6f:
                    14:36:ca:48:28:53:c4:5b:78:d1:b7:95:68:4b:e2:
                    79:ff:3d:df:ef:65:e2:f1:39:0d:ec:96:f8:9f:5a:
                    ef:aa:9d:27:1b:df:89:c5:52:fe:3f:71:66:fe:1b:
                    5e:e7:61:56:f3:c8:a3:37:ce:18:06:32:33:0c:cb:
                    bf:c5:fb:87:79:87:51:d1:57:5b:d0:ea:63:d0:59:
                    50:a4:9f:11:64:bb:fc:00:16:f1:1e:2a:50:0b:11:
                    35:91:7a:78:36:ec:ba:63:ea:e5:da:c9:11:b4:fd:
                    a9:9e:29:6d:df:ea:ef:46:75:7b:ec:dd:5c:61:58:
                    95:3c:13:f4:c7:1d:03:2e:e3:52:3c:6d:64:95:96:
                    d5:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:82:82:2E:6F:BE:F7:36:B7:33:08:DC:66:8B:C1:57:93:00:B0:BE
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/04KCLm--9za3MwjcZovBV5MAsL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:600::/42

    Signature Algorithm: sha256WithRSAEncryption
         3c:60:cc:e4:9b:62:3b:5e:bc:a8:c3:9f:ab:7c:ad:46:63:ce:
         50:f4:98:5d:05:00:8b:9e:3d:ff:70:17:7d:12:be:1b:99:14:
         0f:95:a0:2e:b8:d3:57:d0:49:c7:d2:87:be:2f:c5:3b:19:9a:
         04:76:34:21:50:ca:d4:2a:69:bc:ef:2e:ff:e4:dd:2a:1a:08:
         5f:e6:c0:6d:7f:18:94:a3:bb:b1:41:f9:99:e6:1d:46:32:3b:
         f9:2b:88:30:8d:63:26:41:ff:34:a2:5d:cb:4d:6a:af:e9:82:
         bf:e9:f0:59:be:27:c7:80:a1:3f:9c:e6:ae:53:d1:94:a4:46:
         6b:3e:df:f1:09:87:33:fd:00:aa:a5:c8:6d:4b:2d:dc:0e:46:
         bc:5a:d9:85:d1:07:66:d6:e8:c8:28:5d:3b:ff:f5:7d:21:75:
         71:5d:06:09:e9:95:c8:c3:d9:c1:d1:c4:46:2d:fd:82:5e:15:
         f3:72:bb:5a:3d:37:76:04:7c:39:48:b4:16:90:ac:c7:0c:0d:
         e7:e3:92:f8:a4:03:bc:f0:ce:b7:8c:cd:43:7b:39:1e:89:00:
         b1:7f:22:5e:ab:27:44:2e:f5:63:5e:03:4e:8e:c8:ce:8d:df:
         57:40:af:b5:57:4b:65:ab:41:e8:65:a7:41:1d:64:f1:ec:29:
         b9:af:5b:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZbzhKN5MurNeen5vbl0DUMHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjUwNTIxMTU0NDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzgyODIyZTZmYmVmNzM2YjczMzA4ZGM2NjhiYzE1NzkzMDBiMGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqi7WZsJGx0MVp0kwXP4ZXS6YqR45
mvH2GBkMqBEesWOrozW4iGqy15l6GT3/RiYSokTCKYjAiezVn4Y5VrvAdc8es2Gt
tqb1yJEGF641KpBN6HQx/+IAO1h+lvICbmIVZ7pSKlp4gNOstU99h/yq3RuyuFk0
Rm8UNspIKFPEW3jRt5VoS+J5/z3f72Xi8TkN7Jb4n1rvqp0nG9+JxVL+P3Fm/hte
52FW88ijN84YBjIzDMu/xfuHeYdR0Vdb0Opj0FlQpJ8RZLv8ABbxHipQCxE1kXp4
Nuy6Y+rl2skRtP2pnilt3+rvRnV77N1cYViVPBP0xx0DLuNSPG1klZbVowIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNOCgi5vvvc2tzMI3GaLwVeTALC+MB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvMDRLQ0xtLS05emEzTXdqY1pvdkJWNU1Bc0w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKgHswAYA
MA0GCSqGSIb3DQEBCwUAA4IBAQA8YMzkm2I7Xryow5+rfK1GY85Q9JhdBQCLnj3/
cBd9Er4bmRQPlaAuuNNX0EnH0oe+L8U7GZoEdjQhUMrUKmm87y7/5N0qGghf5sBt
fxiUo7uxQfmZ5h1GMjv5K4gwjWMmQf80ol3LTWqv6YK/6fBZvifHgKE/nOauU9GU
pEZrPt/xCYcz/QCqpchtSy3cDka8WtmF0Qdm1ujIKF07//V9IXVxXQYJ6ZXIw9nB
0cRGLf2CXhXzcrtaPTd2BHw5SLQWkKzHDA3n45L4pAO88M63jM1DezkeiQCxfyJe
qydELvVjXgNOjsjOjd9XQK+1V0tlq0HoZadBHWTx7Cm5r1uU
-----END CERTIFICATE-----