Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/fk0Xlg-9w-A2loQv9XksmSbPwOY.roa
File:                     fk0Xlg-9w-A2loQv9XksmSbPwOY.roa (raw, json)
Hash identifier:          bL4uRe18zJHwNvTxqiRSt9A3zafbwK9vMP1pK6Mv+QQ=
Subject key identifier:   7E:4D:17:96:0F:BD:C3:E0:36:96:84:2F:F5:79:2C:99:26:CF:C0:E6
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       0196F708DC25C7C70FA387D39353F02976E3
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/fk0Xlg-9w-A2loQv9XksmSbPwOY.roa
Signing time:             Thu 22 May 2025 08:07:54 +0000
ROA not before:           Thu 22 May 2025 08:07:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216260
IP address blocks:        2a01:ecc0:680::/42 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f7:08:dc:25:c7:c7:0f:a3:87:d3:93:53:f0:29:76:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: May 22 08:07:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e4d17960fbdc3e03696842ff5792c9926cfc0e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:9d:a3:8c:77:9c:23:7c:58:dd:66:25:ed:eb:
                    a4:f5:89:de:6c:f4:16:71:a9:ad:b3:a6:96:7d:b3:
                    05:96:c8:66:9e:84:79:a9:dd:24:58:c0:53:f1:84:
                    49:43:71:3e:ab:a2:55:65:82:6d:bc:45:fc:04:ff:
                    ea:51:fd:8c:18:86:1e:ca:eb:9c:4d:f4:f5:8b:99:
                    eb:c5:40:63:9e:e3:36:22:49:64:90:a4:d6:0c:86:
                    b8:f2:80:21:c8:9e:d3:79:70:6d:f4:43:47:75:b1:
                    49:38:0b:b4:55:47:e2:4f:57:56:bb:b9:ef:6d:94:
                    be:e5:b4:e3:6b:73:49:5c:a5:55:64:2a:60:69:1b:
                    a9:b5:b0:75:d8:27:bb:72:83:7d:7c:a2:13:e3:52:
                    51:27:76:f0:cb:f1:fb:33:08:a0:c4:01:0a:7a:18:
                    09:ad:28:29:29:31:66:88:f7:6b:29:1e:8b:3e:8a:
                    46:9e:f8:1e:31:0e:55:9c:30:85:ee:1c:a8:af:9f:
                    7e:d8:71:1e:96:34:ed:67:36:19:ed:bb:01:89:2c:
                    25:1d:fe:24:64:32:73:cc:9c:6f:c3:ac:5f:e0:12:
                    81:fa:9d:7a:86:f7:c2:71:3c:fb:06:97:b2:d2:26:
                    0e:97:5d:b1:75:87:be:91:51:1e:bc:59:be:66:ef:
                    cb:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:4D:17:96:0F:BD:C3:E0:36:96:84:2F:F5:79:2C:99:26:CF:C0:E6
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/fk0Xlg-9w-A2loQv9XksmSbPwOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:680::/42

    Signature Algorithm: sha256WithRSAEncryption
         3a:00:83:7c:50:1a:7c:fa:3f:2c:0a:ed:5d:0f:7b:a5:1c:29:
         15:0b:e3:b0:b0:2b:24:11:dd:8b:5d:e0:66:cf:7a:0e:58:84:
         71:64:b9:f6:da:d2:fc:13:e6:2a:44:b0:43:ac:8f:e3:4b:24:
         ab:62:0d:91:77:72:7a:48:e8:98:fd:aa:38:37:1a:c2:3f:7b:
         e8:1c:2e:59:df:1f:af:bc:b1:59:25:42:87:bc:c6:05:93:14:
         35:44:70:45:22:dc:84:39:be:8e:d4:2e:43:c0:d0:9b:3f:e9:
         17:b0:f9:60:25:22:50:1e:6a:0d:71:32:28:fa:75:69:b2:49:
         c0:fc:64:7e:80:5c:17:9a:fd:6e:a7:ef:15:c5:34:4b:34:60:
         46:46:07:b4:95:b9:3b:ed:9d:7e:ab:ad:9a:df:fd:bf:2c:06:
         3b:09:8a:13:ea:55:c0:6b:dc:8e:fc:33:de:52:ad:de:7d:eb:
         0b:82:b2:ce:a9:a1:9b:d0:f9:a6:f6:45:b0:f0:b1:da:ee:cb:
         4e:88:48:11:ee:36:02:58:72:41:c0:b4:b7:9a:29:3a:f2:38:
         c4:66:35:7b:0d:17:d7:77:52:ea:ee:4e:c0:9c:1c:e6:a3:1d:
         22:5c:3d:d6:dd:d3:a6:a4:a0:e8:48:44:bc:5e:7e:2f:c1:16:
         31:6f:7e:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZb3CNwlx8cPo4fTk1PwKXbjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjUwNTIyMDgwNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTRkMTc5NjBmYmRjM2UwMzY5Njg0MmZmNTc5MmM5OTI2Y2ZjMGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z2jjHecI3xY3WYl7euk9YnebPQW
camts6aWfbMFlshmnoR5qd0kWMBT8YRJQ3E+q6JVZYJtvEX8BP/qUf2MGIYeyuuc
TfT1i5nrxUBjnuM2IklkkKTWDIa48oAhyJ7TeXBt9ENHdbFJOAu0VUfiT1dWu7nv
bZS+5bTja3NJXKVVZCpgaRuptbB12Ce7coN9fKIT41JRJ3bwy/H7MwigxAEKehgJ
rSgpKTFmiPdrKR6LPopGnvgeMQ5VnDCF7hyor59+2HEeljTtZzYZ7bsBiSwlHf4k
ZDJzzJxvw6xf4BKB+p16hvfCcTz7Bpey0iYOl12xdYe+kVEevFm+Zu/LSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH5NF5YPvcPgNpaEL/V5LJkmz8DmMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvZmswWGxnLTl3LUEybG9RdjlYa3NtU2JQd09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKgHswAaA
MA0GCSqGSIb3DQEBCwUAA4IBAQA6AIN8UBp8+j8sCu1dD3ulHCkVC+OwsCskEd2L
XeBmz3oOWIRxZLn22tL8E+YqRLBDrI/jSySrYg2Rd3J6SOiY/ao4NxrCP3voHC5Z
3x+vvLFZJUKHvMYFkxQ1RHBFItyEOb6O1C5DwNCbP+kXsPlgJSJQHmoNcTIo+nVp
sknA/GR+gFwXmv1up+8VxTRLNGBGRge0lbk77Z1+q62a3/2/LAY7CYoT6lXAa9yO
/DPeUq3efesLgrLOqaGb0Pmm9kWw8LHa7stOiEgR7jYCWHJBwLS3mik68jjEZjV7
DRfXd1Lq7k7AnBzmox0iXD3W3dOmpKDoSES8Xn4vwRYxb34y
-----END CERTIFICATE-----