Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/b5s6CPLFznLsovYoy29wVzi-3Ok.roa
File:                     b5s6CPLFznLsovYoy29wVzi-3Ok.roa (raw, json)
Hash identifier:          gTEcnWNc7gGNNW8CTA/atNwTpPOjqZ/Ir9LwK3/7Z6U=
Subject key identifier:   6F:9B:3A:08:F2:C5:CE:72:EC:A2:F6:28:CB:6F:70:57:38:BE:DC:E9
Certificate issuer:       /CN=8daf61f6608f9a9eac14b18224854807bcdc1324
Certificate serial:       019740F17EBE8C1CA30F375A76895FDD6392
Authority key identifier: 8D:AF:61:F6:60:8F:9A:9E:AC:14:B1:82:24:85:48:07:BC:DC:13:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/b5s6CPLFznLsovYoy29wVzi-3Ok.roa
Signing time:             Thu 05 Jun 2025 16:34:17 +0000
ROA not before:           Thu 05 Jun 2025 16:34:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213426
IP address blocks:        2a09:9340:1805::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 22:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:40:f1:7e:be:8c:1c:a3:0f:37:5a:76:89:5f:dd:63:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8daf61f6608f9a9eac14b18224854807bcdc1324
        Validity
            Not Before: Jun  5 16:34:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f9b3a08f2c5ce72eca2f628cb6f705738bedce9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:1c:fc:8e:ac:6c:79:bb:af:df:fb:c6:f2:a1:
                    c7:68:79:fa:47:a6:58:12:de:97:47:f2:29:22:10:
                    fc:27:85:2e:fe:cf:eb:6e:c9:a0:f3:71:eb:5b:e3:
                    22:4d:64:09:93:c0:a9:b4:19:13:c6:b1:60:77:b1:
                    b1:13:7c:89:7a:7d:13:28:74:85:ad:ea:eb:e6:ad:
                    14:ba:32:b5:a7:f3:09:6f:69:14:f0:a2:d8:c7:33:
                    33:48:50:ad:fc:96:07:ab:37:0d:33:ae:8b:bf:af:
                    a8:6b:0c:81:32:ab:d5:7f:13:7d:c1:ab:1b:bb:34:
                    3f:90:e3:f7:70:8f:f4:63:a6:a3:c7:e5:94:6e:fb:
                    89:a1:cd:a2:6e:d7:4d:7e:e6:a3:28:65:00:d7:6a:
                    e0:fa:34:95:14:92:50:45:8b:1a:f9:d1:85:ef:55:
                    f8:b7:6f:d0:b9:87:73:36:ec:15:b9:b0:9b:bf:04:
                    5d:65:4c:ab:0e:0a:7f:80:b8:59:2a:cc:f6:3c:ef:
                    a2:94:b3:0c:a6:37:bb:e8:e3:ec:e7:ea:eb:fa:c0:
                    93:35:1a:c0:07:26:6a:8b:a2:90:0e:ee:f0:4a:c5:
                    52:53:a9:2d:da:61:c0:f1:10:06:8c:93:d1:08:fa:
                    2b:95:1d:91:7a:1c:50:ce:77:26:d9:2c:c4:8d:7e:
                    9d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:9B:3A:08:F2:C5:CE:72:EC:A2:F6:28:CB:6F:70:57:38:BE:DC:E9
            X509v3 Authority Key Identifier:
                keyid:8D:AF:61:F6:60:8F:9A:9E:AC:14:B1:82:24:85:48:07:BC:DC:13:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/b5s6CPLFznLsovYoy29wVzi-3Ok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/50f935-d675-4089-aae5-fb24be75a3f4/1/ja9h9mCPmp6sFLGCJIVIB7zcEyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:9340:1805::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:dc:5b:28:fd:f7:19:b5:b8:f0:b4:a5:48:6f:ef:81:22:1d:
         45:74:4a:43:1c:f9:75:4b:8f:33:87:39:97:07:97:81:8a:00:
         51:b0:83:7c:5b:e7:58:de:a3:11:5c:69:0e:0e:c0:2d:30:51:
         cd:51:17:06:11:62:a6:b9:d4:fb:69:9a:45:3c:80:2a:4f:4d:
         84:c3:41:18:54:63:f7:3e:29:a5:7a:ce:db:20:56:45:9a:f1:
         49:f0:a9:26:35:a2:9d:28:c2:4c:9c:67:5c:53:43:98:74:5f:
         36:f6:6f:4e:6b:cb:bf:1a:2b:9d:da:77:0f:84:21:8d:38:fb:
         1a:43:13:f9:6b:1d:d2:f6:5f:55:1e:c8:16:5d:e6:5e:d1:18:
         cf:22:41:68:f1:c0:51:28:67:d4:44:12:24:85:49:44:56:ce:
         9e:84:aa:03:32:25:d1:77:d1:05:8b:65:05:51:6e:c7:4c:bb:
         51:da:5c:ee:7d:7e:4c:7c:83:1b:47:46:ab:fa:4a:3a:64:b2:
         47:c0:79:f9:7b:ee:1c:db:1e:0a:88:48:b1:ea:a0:6f:76:f6:
         32:3b:b2:0b:b1:13:27:7f:72:00:fb:31:2f:52:c8:a4:93:2e:
         24:63:5f:5e:d5:e5:71:37:ce:5c:a6:16:78:cb:e6:7d:a4:6e:
         6f:ae:7f:31
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdA8X6+jByjDzdadolf3WOSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYWY2MWY2NjA4ZjlhOWVhYzE0YjE4MjI0ODU0ODA3YmNk
YzEzMjQwHhcNMjUwNjA1MTYzNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjliM2EwOGYyYzVjZTcyZWNhMmY2MjhjYjZmNzA1NzM4YmVkY2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhz8jqxsebuv3/vG8qHHaHn6R6ZY
Et6XR/IpIhD8J4Uu/s/rbsmg83HrW+MiTWQJk8CptBkTxrFgd7GxE3yJen0TKHSF
rerr5q0UujK1p/MJb2kU8KLYxzMzSFCt/JYHqzcNM66Lv6+oawyBMqvVfxN9wasb
uzQ/kOP3cI/0Y6ajx+WUbvuJoc2ibtdNfuajKGUA12rg+jSVFJJQRYsa+dGF71X4
t2/QuYdzNuwVubCbvwRdZUyrDgp/gLhZKsz2PO+ilLMMpje76OPs5+rr+sCTNRrA
ByZqi6KQDu7wSsVSU6kt2mHA8RAGjJPRCPorlR2RehxQzncm2SzEjX6dDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG+bOgjyxc5y7KL2KMtvcFc4vtzpMB8GA1UdIwQY
MBaAFI2vYfZgj5qerBSxgiSFSAe83BMkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamE5aDltQ1BtcDZzRkxHQ0pJVklCN3pjRXlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81MGY5MzUtZDY3NS00MDg5LWFhZTUt
ZmIyNGJlNzVhM2Y0LzEvYjVzNkNQTEZ6bkxzb3ZZb3kyOXdWemktM09rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS81MGY5MzUtZDY3NS00MDg5LWFhZTUtZmIyNGJlNzVhM2Y0
LzEvamE5aDltQ1BtcDZzRkxHQ0pJVklCN3pjRXlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgmTQBgF
MA0GCSqGSIb3DQEBCwUAA4IBAQAM3Fso/fcZtbjwtKVIb++BIh1FdEpDHPl1S48z
hzmXB5eBigBRsIN8W+dY3qMRXGkODsAtMFHNURcGEWKmudT7aZpFPIAqT02Ew0EY
VGP3Pimles7bIFZFmvFJ8KkmNaKdKMJMnGdcU0OYdF829m9Oa8u/Giud2ncPhCGN
OPsaQxP5ax3S9l9VHsgWXeZe0RjPIkFo8cBRKGfURBIkhUlEVs6ehKoDMiXRd9EF
i2UFUW7HTLtR2lzufX5MfIMbR0ar+ko6ZLJHwHn5e+4c2x4KiEix6qBvdvYyO7IL
sRMnf3IA+zEvUsikky4kY19e1eVxN85cphZ4y+Z9pG5vrn8x
-----END CERTIFICATE-----