Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/itvM61LAfKyfPTjtxottIb5913c.roa
File:                     itvM61LAfKyfPTjtxottIb5913c.roa (raw, json)
Hash identifier:          swnmBd6zWo8E/AKMWxN3M8+VEsnPH81VxfrCxeSd18o=
Subject key identifier:   8A:DB:CC:EB:52:C0:7C:AC:9F:3D:38:ED:C6:8B:6D:21:BE:7D:D7:77
Certificate issuer:       /CN=7e3150f8c67063121027328954968d08d4cf329a
Certificate serial:       0197457B4CDBAB5BDFE0F77A3F56DA4FA49B
Authority key identifier: 7E:31:50:F8:C6:70:63:12:10:27:32:89:54:96:8D:08:D4:CF:32:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/itvM61LAfKyfPTjtxottIb5913c.roa
Signing time:             Fri 06 Jun 2025 13:43:17 +0000
ROA not before:           Fri 06 Jun 2025 13:43:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200529
IP address blocks:        2a06:2c80:2000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 13:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:45:7b:4c:db:ab:5b:df:e0:f7:7a:3f:56:da:4f:a4:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e3150f8c67063121027328954968d08d4cf329a
        Validity
            Not Before: Jun  6 13:43:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8adbcceb52c07cac9f3d38edc68b6d21be7dd777
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:fd:b6:5c:10:31:2c:84:78:84:cb:69:b8:bf:
                    dc:12:30:c6:7b:1a:c9:b7:ec:c8:5e:62:66:80:c5:
                    8c:69:40:6a:fc:c0:63:a1:b6:86:5a:c5:17:7b:f1:
                    84:72:8f:1b:7a:e4:79:85:28:07:d4:45:0c:76:47:
                    38:2b:f7:8c:73:3c:66:59:04:82:e1:68:b4:55:38:
                    11:7b:69:a8:fb:8d:d9:94:e9:5a:15:aa:c3:8b:82:
                    d3:6a:fe:d2:9b:0b:1a:a1:75:1e:d9:d0:26:c9:ef:
                    d5:64:2e:65:c2:d1:3b:1d:f6:d9:db:8e:7d:1a:9f:
                    13:01:54:2e:14:2b:18:1d:03:40:7a:cf:00:88:d1:
                    4b:3a:cb:d2:da:24:d6:8f:37:b9:93:4b:ab:e3:94:
                    9d:1d:52:3b:ad:e2:6f:dd:87:68:9b:63:e6:29:5c:
                    bd:ef:74:d0:2c:32:15:3b:be:5d:46:9e:46:a2:51:
                    ff:10:5a:d6:3a:f6:32:3a:d1:56:e5:dc:c3:e9:d9:
                    66:2c:55:d5:0d:70:10:4b:4e:4b:b8:a1:87:31:e7:
                    80:65:e8:1a:39:72:fe:50:f5:6d:60:3d:9e:d6:df:
                    9f:3e:f6:da:20:f6:93:5d:26:4b:92:49:8a:0f:f1:
                    72:44:ab:dc:b7:98:58:de:d9:7f:bf:d8:37:28:66:
                    57:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:DB:CC:EB:52:C0:7C:AC:9F:3D:38:ED:C6:8B:6D:21:BE:7D:D7:77
            X509v3 Authority Key Identifier:
                keyid:7E:31:50:F8:C6:70:63:12:10:27:32:89:54:96:8D:08:D4:CF:32:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/itvM61LAfKyfPTjtxottIb5913c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:2c80:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         9b:21:f0:09:dd:e4:2c:85:bf:da:a5:65:b1:c4:4b:bd:97:a8:
         f5:ab:36:02:14:dd:17:6e:8a:83:9e:2b:d8:2b:56:46:6a:15:
         c6:b7:86:48:1d:66:2f:e6:ac:ed:d5:be:56:d4:8a:54:e0:47:
         b6:dd:ec:7a:f1:99:a4:d9:77:28:81:10:58:2f:05:19:a3:3f:
         5a:86:08:3a:3b:d9:a6:57:f1:e7:53:a6:6f:f4:52:3b:a3:2e:
         cb:48:7e:22:9c:10:e4:fd:23:df:c2:ce:14:a4:be:b1:73:7f:
         cd:df:d0:3c:11:f7:40:c9:1d:7c:30:f6:f7:20:f6:e7:e5:bb:
         64:01:b0:49:ce:d2:8f:46:a7:72:78:8e:b1:3f:7c:5d:bf:f3:
         b1:76:5e:a6:39:5a:3c:2f:44:d2:a0:69:73:63:bb:2a:d5:05:
         44:41:58:bb:6a:21:1d:fa:f9:c9:a7:9a:d9:c1:a9:3a:6d:0a:
         ef:cd:6e:06:ea:14:01:10:43:ae:ca:ab:ae:36:61:74:74:e8:
         5c:24:09:48:8b:89:ea:17:9a:85:b6:fa:0b:ca:3c:29:c0:43:
         80:ad:4c:76:00:6f:b6:7d:d1:8b:b5:27:69:96:87:df:a5:91:
         a6:5d:be:08:03:b4:84:23:88:05:1c:72:53:ce:f4:8a:25:0a:
         ad:4e:67:4c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZdFe0zbq1vf4Pd6P1baT6SbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMzE1MGY4YzY3MDYzMTIxMDI3MzI4OTU0OTY4ZDA4ZDRj
ZjMyOWEwHhcNMjUwNjA2MTM0MzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWRiY2NlYjUyYzA3Y2FjOWYzZDM4ZWRjNjhiNmQyMWJlN2RkNzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4v22XBAxLIR4hMtpuL/cEjDGexrJ
t+zIXmJmgMWMaUBq/MBjobaGWsUXe/GEco8beuR5hSgH1EUMdkc4K/eMczxmWQSC
4Wi0VTgRe2mo+43ZlOlaFarDi4LTav7SmwsaoXUe2dAmye/VZC5lwtE7HfbZ2459
Gp8TAVQuFCsYHQNAes8AiNFLOsvS2iTWjze5k0ur45SdHVI7reJv3Ydom2PmKVy9
73TQLDIVO75dRp5GolH/EFrWOvYyOtFW5dzD6dlmLFXVDXAQS05LuKGHMeeAZega
OXL+UPVtYD2e1t+fPvbaIPaTXSZLkkmKD/FyRKvct5hY3tl/v9g3KGZXIwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIrbzOtSwHysnz047caLbSG+fdd3MB8GA1UdIwQY
MBaAFH4xUPjGcGMSECcyiVSWjQjUzzKaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmpGUS1NWndZeElRSnpLSlZKYU5DTlRQTXBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84YmNmZDctZjZkMy00MzJhLWI1ZjAt
OTM1ZTQxOGJkYmU3LzEvaXR2TTYxTEFmS3lmUFRqdHhvdHRJYjU5MTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84YmNmZDctZjZkMy00MzJhLWI1ZjAtOTM1ZTQxOGJkYmU3
LzEvZmpGUS1NWndZeElRSnpLSlZKYU5DTlRQTXBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgYsgCAw
DQYJKoZIhvcNAQELBQADggEBAJsh8And5CyFv9qlZbHES72XqPWrNgIU3RduioOe
K9grVkZqFca3hkgdZi/mrO3VvlbUilTgR7bd7HrxmaTZdyiBEFgvBRmjP1qGCDo7
2aZX8edTpm/0UjujLstIfiKcEOT9I9/CzhSkvrFzf83f0DwR90DJHXww9vcg9ufl
u2QBsEnO0o9Gp3J4jrE/fF2/87F2XqY5WjwvRNKgaXNjuyrVBURBWLtqIR36+cmn
mtnBqTptCu/NbgbqFAEQQ67Kq642YXR06FwkCUiLieoXmoW2+gvKPCnAQ4CtTHYA
b7Z90Yu1J2mWh9+lkaZdvggDtIQjiAUcclPO9IolCq1OZ0w=
-----END CERTIFICATE-----