Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/3rqvk9Ly9Ero57NmYxKaPl0vDoA.roa
File:                     3rqvk9Ly9Ero57NmYxKaPl0vDoA.roa (raw, json)
Hash identifier:          M8FySyxOTMDlpGnQamTf4gMdwU/cr4xnBa652N0ZBzE=
Subject key identifier:   DE:BA:AF:93:D2:F2:F4:4A:E8:E7:B3:66:63:12:9A:3E:5D:2F:0E:80
Certificate issuer:       /CN=8daf61f6608f9a9eac14b18224854807bcdc1324
Certificate serial:       019740F6FCC3186A1E43939EAA0C990C9424
Authority key identifier: 8D:AF:61:F6:60:8F:9A:9E:AC:14:B1:82:24:85:48:07:BC:DC:13:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/3rqvk9Ly9Ero57NmYxKaPl0vDoA.roa
Signing time:             Thu 05 Jun 2025 16:40:17 +0000
ROA not before:           Thu 05 Jun 2025 16:40:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216296
IP address blocks:        2a09:9340:1809::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:40:f6:fc:c3:18:6a:1e:43:93:9e:aa:0c:99:0c:94:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8daf61f6608f9a9eac14b18224854807bcdc1324
        Validity
            Not Before: Jun  5 16:40:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=debaaf93d2f2f44ae8e7b36663129a3e5d2f0e80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:78:2a:50:5f:02:76:b1:3c:20:12:d8:b9:67:
                    e0:ff:94:0c:b4:e2:92:5d:bd:8e:fa:fb:81:71:50:
                    9e:40:f0:a3:2e:22:52:60:79:44:56:79:df:ca:d3:
                    ce:6b:14:f2:b8:0d:3f:0c:de:1f:13:35:0b:f6:c6:
                    4c:9e:65:13:87:83:a3:7d:26:05:b4:98:41:e8:2e:
                    d6:71:8c:b6:c9:4a:a3:12:aa:08:ea:01:ef:ff:08:
                    a2:2d:c9:01:03:64:3a:b2:89:e2:0a:f4:1c:14:a5:
                    af:62:c1:ae:32:5e:cb:cd:e4:35:98:0e:d0:4a:3b:
                    a1:2d:bb:e3:f5:72:3b:cb:b0:55:10:b9:3c:77:37:
                    5a:4d:5a:85:a0:fe:57:cd:3e:39:52:f1:77:63:27:
                    f1:79:57:49:e3:b1:36:5f:a3:a9:17:24:45:61:c4:
                    1b:f1:2b:be:53:55:79:64:23:8e:2d:16:f8:ca:5b:
                    0a:31:80:b5:d4:6a:56:eb:f5:e2:0e:16:bf:74:4e:
                    d2:91:cb:47:c0:4c:7d:2b:6d:13:d6:30:b0:0c:07:
                    08:9d:4a:40:0a:d3:b8:c9:ba:28:4e:e2:9b:96:61:
                    16:10:99:6e:ae:0a:12:d8:b2:98:fa:31:5d:34:88:
                    7d:e2:47:77:28:8a:1c:20:64:28:60:24:73:5b:39:
                    29:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:BA:AF:93:D2:F2:F4:4A:E8:E7:B3:66:63:12:9A:3E:5D:2F:0E:80
            X509v3 Authority Key Identifier:
                keyid:8D:AF:61:F6:60:8F:9A:9E:AC:14:B1:82:24:85:48:07:BC:DC:13:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/3rqvk9Ly9Ero57NmYxKaPl0vDoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:9340:1809::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:6b:70:aa:56:c2:8b:95:03:48:8e:f5:7e:58:3d:fe:58:0e:
         e7:42:91:ce:65:a7:80:ab:db:75:5d:6d:ab:1c:f0:85:05:b5:
         3b:bc:9d:8c:e7:c8:c4:55:f6:f4:d0:bd:78:32:26:b4:87:07:
         d0:3e:e3:03:98:63:78:94:87:f9:5a:35:1c:48:ab:81:cb:58:
         55:40:08:da:06:23:07:67:8c:c1:0b:85:d1:5e:56:af:16:c4:
         ac:70:c5:62:f1:bc:b9:67:16:fd:bc:4d:b3:d2:5b:42:71:b3:
         05:17:36:85:54:86:8e:21:d0:98:8b:e5:a3:ff:78:d3:6b:23:
         d4:58:fe:51:c9:4c:90:1c:f5:4c:25:19:2c:48:0d:b9:42:ab:
         69:07:2e:3a:5a:9d:3f:33:65:2c:22:74:75:cd:c0:d3:99:2d:
         ab:e0:ef:3a:4b:05:f4:12:ed:0d:fe:7e:52:7e:71:7e:01:d9:
         ad:60:26:ac:2c:44:a5:13:5f:1f:bd:c9:7a:7c:36:33:bc:b2:
         18:5c:40:fe:d5:38:a4:9f:8c:f3:3b:73:f7:5d:6c:e4:f2:10:
         4f:31:81:97:7b:d1:a3:59:4f:c0:2d:7e:d2:78:c4:ff:16:ec:
         f8:c7:69:8a:af:2d:e8:6b:5c:23:d0:00:cc:37:49:78:92:70:
         58:5a:6e:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdA9vzDGGoeQ5OeqgyZDJQkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYWY2MWY2NjA4ZjlhOWVhYzE0YjE4MjI0ODU0ODA3YmNk
YzEzMjQwHhcNMjUwNjA1MTY0MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWJhYWY5M2QyZjJmNDRhZThlN2IzNjY2MzEyOWEzZTVkMmYwZTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3gqUF8CdrE8IBLYuWfg/5QMtOKS
Xb2O+vuBcVCeQPCjLiJSYHlEVnnfytPOaxTyuA0/DN4fEzUL9sZMnmUTh4OjfSYF
tJhB6C7WcYy2yUqjEqoI6gHv/wiiLckBA2Q6soniCvQcFKWvYsGuMl7LzeQ1mA7Q
SjuhLbvj9XI7y7BVELk8dzdaTVqFoP5XzT45UvF3YyfxeVdJ47E2X6OpFyRFYcQb
8Su+U1V5ZCOOLRb4ylsKMYC11GpW6/XiDha/dE7SkctHwEx9K20T1jCwDAcInUpA
CtO4ybooTuKblmEWEJlurgoS2LKY+jFdNIh94kd3KIocIGQoYCRzWzkpDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN66r5PS8vRK6OezZmMSmj5dLw6AMB8GA1UdIwQY
MBaAFI2vYfZgj5qerBSxgiSFSAe83BMkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamE5aDltQ1BtcDZzRkxHQ0pJVklCN3pjRXlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81MGY5MzUtZDY3NS00MDg5LWFhZTUt
ZmIyNGJlNzVhM2Y0LzEvM3Jxdms5THk5RXJvNTdObVl4S2FQbDB2RG9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS81MGY5MzUtZDY3NS00MDg5LWFhZTUtZmIyNGJlNzVhM2Y0
LzEvamE5aDltQ1BtcDZzRkxHQ0pJVklCN3pjRXlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgmTQBgJ
MA0GCSqGSIb3DQEBCwUAA4IBAQAta3CqVsKLlQNIjvV+WD3+WA7nQpHOZaeAq9t1
XW2rHPCFBbU7vJ2M58jEVfb00L14Mia0hwfQPuMDmGN4lIf5WjUcSKuBy1hVQAja
BiMHZ4zBC4XRXlavFsSscMVi8by5Zxb9vE2z0ltCcbMFFzaFVIaOIdCYi+Wj/3jT
ayPUWP5RyUyQHPVMJRksSA25QqtpBy46Wp0/M2UsInR1zcDTmS2r4O86SwX0Eu0N
/n5SfnF+AdmtYCasLESlE18fvcl6fDYzvLIYXED+1Tikn4zzO3P3XWzk8hBPMYGX
e9GjWU/ALX7SeMT/Fuz4x2mKry3oa1wj0ADMN0l4knBYWm4T
-----END CERTIFICATE-----