Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/DhJdlSXGg4nwo43i-3hsY3C4PiQ.roa
File:                     DhJdlSXGg4nwo43i-3hsY3C4PiQ.roa (raw, json)
Hash identifier:          OLFOl5avnYQnKlew3nA3PZbHQQyKutwAJUJzm6ztUrI=
Subject key identifier:   0E:12:5D:95:25:C6:83:89:F0:A3:8D:E2:FB:78:6C:63:70:B8:3E:24
Certificate issuer:       /CN=2e3487da65e85e87bdac4f5f6758dc6c20ef9763
Certificate serial:       01999A8A5C33D25B2E1AAEA2A68B68B0411B
Authority key identifier: 2E:34:87:DA:65:E8:5E:87:BD:AC:4F:5F:67:58:DC:6C:20:EF:97:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/DhJdlSXGg4nwo43i-3hsY3C4PiQ.roa
Signing time:             Tue 30 Sep 2025 12:13:02 +0000
ROA not before:           Tue 30 Sep 2025 12:13:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:f2c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 07:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:8a:5c:33:d2:5b:2e:1a:ae:a2:a6:8b:68:b0:41:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e3487da65e85e87bdac4f5f6758dc6c20ef9763
        Validity
            Not Before: Sep 30 12:13:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e125d9525c68389f0a38de2fb786c6370b83e24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e1:e3:83:bd:23:43:53:0a:be:b0:e5:fd:d1:
                    67:b9:b8:e9:d4:df:79:23:47:ae:5b:84:72:2d:3e:
                    86:67:53:65:56:38:65:47:89:0e:88:c9:3e:cc:86:
                    9b:17:ab:17:3a:12:58:91:7e:7a:15:de:03:18:b1:
                    f2:32:6a:81:92:70:41:c4:92:e6:b9:f7:1f:57:5e:
                    58:db:3f:01:cc:ca:94:14:73:f3:d4:b6:1c:69:8e:
                    c6:00:01:58:65:6f:6b:03:bd:38:c0:e4:07:4a:b3:
                    26:a6:f6:e6:d3:d5:f6:64:7f:eb:6c:61:0c:0f:46:
                    b6:0e:55:83:26:63:ab:c2:eb:de:1a:dd:c1:36:5f:
                    88:99:5c:19:32:a5:03:1e:42:c8:47:e3:b0:44:4e:
                    9c:52:ca:a5:a3:4a:80:95:97:8b:42:c7:1e:87:d5:
                    67:1f:13:d2:6c:d3:32:9d:ae:5a:85:35:7d:c6:2e:
                    71:8d:34:f7:fd:bf:a8:09:3d:60:ce:ed:e3:19:cc:
                    9e:44:f8:37:0a:8b:aa:29:46:a7:cf:51:a1:68:59:
                    97:29:86:a2:62:0e:03:15:a4:55:cf:e1:c8:b7:70:
                    b2:d7:ed:b6:2a:5d:3a:d6:e5:03:a4:6c:49:33:2c:
                    ca:0e:6e:87:f8:8a:d9:99:3f:44:b6:53:86:66:fb:
                    62:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:12:5D:95:25:C6:83:89:F0:A3:8D:E2:FB:78:6C:63:70:B8:3E:24
            X509v3 Authority Key Identifier:
                keyid:2E:34:87:DA:65:E8:5E:87:BD:AC:4F:5F:67:58:DC:6C:20:EF:97:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/DhJdlSXGg4nwo43i-3hsY3C4PiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:39:84:0e:31:ae:fb:bf:c1:a3:f6:0f:f6:07:9f:b7:81:ab:
         d4:9a:36:86:3e:f2:54:d6:d2:01:25:0d:26:e8:20:dd:a5:6e:
         cf:98:40:60:b6:41:5c:62:5b:cf:3b:d5:7f:e0:a7:d1:07:96:
         d5:52:ee:72:82:43:f2:0b:1b:1d:4e:a6:a8:ab:6a:ca:ba:8e:
         19:d0:e0:74:ec:24:a3:a9:0a:b6:33:f7:28:09:85:de:ef:9f:
         d8:a8:99:cc:87:27:0a:97:93:82:b9:03:ed:2f:0e:94:54:db:
         32:e4:1f:29:a1:05:62:3b:26:af:5c:dd:fa:84:ec:da:84:d0:
         b9:61:13:ca:b3:86:71:d6:93:b8:70:9f:c5:e7:0d:4e:5e:db:
         ae:d6:bf:9b:fe:9a:08:95:64:17:1b:b2:1a:ff:c6:57:ca:c9:
         3c:4a:5d:ba:c4:6e:c8:e3:15:48:09:f2:99:14:c8:17:05:bd:
         e4:3f:ae:b5:8b:f6:bf:4b:55:ef:fb:d1:5f:95:e7:c2:c5:3c:
         43:70:ca:ba:23:f0:04:6e:b9:dc:86:68:17:f0:3b:d0:33:0f:
         45:81:ff:d1:f2:60:67:46:d9:a3:ff:4f:2c:23:1f:30:18:17:
         66:40:13:98:ca:53:ec:07:7e:db:7a:c2:40:8d:f0:34:86:bd:
         be:75:cf:ea
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZmailwz0lsuGq6ipotosEEbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzQ4N2RhNjVlODVlODdiZGFjNGY1ZjY3NThkYzZjMjBl
Zjk3NjMwHhcNMjUwOTMwMTIxMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTEyNWQ5NTI1YzY4Mzg5ZjBhMzhkZTJmYjc4NmM2MzcwYjgzZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+Hjg70jQ1MKvrDl/dFnubjp1N95
I0euW4RyLT6GZ1NlVjhlR4kOiMk+zIabF6sXOhJYkX56Fd4DGLHyMmqBknBBxJLm
ufcfV15Y2z8BzMqUFHPz1LYcaY7GAAFYZW9rA704wOQHSrMmpvbm09X2ZH/rbGEM
D0a2DlWDJmOrwuveGt3BNl+ImVwZMqUDHkLIR+OwRE6cUsqlo0qAlZeLQsceh9Vn
HxPSbNMyna5ahTV9xi5xjTT3/b+oCT1gzu3jGcyeRPg3CouqKUanz1GhaFmXKYai
Yg4DFaRVz+HIt3Cy1+22Kl061uUDpGxJMyzKDm6H+IrZmT9EtlOGZvti7QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFA4SXZUlxoOJ8KON4vt4bGNwuD4kMB8GA1UdIwQY
MBaAFC40h9pl6F6HvaxPX2dY3Gwg75djMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGpTSDJtWG9Yb2U5ckU5ZloxamNiQ0R2bDJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8yZmUwOTQtMzczYy00NGY2LTkzZTAt
ZDBhZWNkNWQ3MDQyLzEvRGhKZGxTWEdnNG53bzQzaS0zaHNZM0M0UGlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8yZmUwOTQtMzczYy00NGY2LTkzZTAtZDBhZWNkNWQ3MDQy
LzEvTGpTSDJtWG9Yb2U5ckU5ZloxamNiQ0R2bDJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHywDAN
BgkqhkiG9w0BAQsFAAOCAQEAdjmEDjGu+7/Bo/YP9geft4Gr1Jo2hj7yVNbSASUN
Jugg3aVuz5hAYLZBXGJbzzvVf+Cn0QeW1VLucoJD8gsbHU6mqKtqyrqOGdDgdOwk
o6kKtjP3KAmF3u+f2KiZzIcnCpeTgrkD7S8OlFTbMuQfKaEFYjsmr1zd+oTs2oTQ
uWETyrOGcdaTuHCfxecNTl7brta/m/6aCJVkFxuyGv/GV8rJPEpdusRuyOMVSAny
mRTIFwW95D+utYv2v0tV7/vRX5XnwsU8Q3DKuiPwBG653IZoF/A70DMPRYH/0fJg
Z0bZo/9PLCMfMBgXZkATmMpT7Ad+23rCQI3wNIa9vnXP6g==
-----END CERTIFICATE-----