Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/222df2-6225-4041-9cb0-0cd9faa5653e/1/sW8bwiGLsI7Vh96L_GlmvLQDJKY.roa
File:                     sW8bwiGLsI7Vh96L_GlmvLQDJKY.roa (raw, json)
Hash identifier:          zwPk0zZ0KWeH/lkVto00u9mSsOX9BDpbaWABcwD0yq4=
Subject key identifier:   B1:6F:1B:C2:21:8B:B0:8E:D5:87:DE:8B:FC:69:66:BC:B4:03:24:A6
Certificate issuer:       /CN=f1e57e350d3a6db8a580559299f0b9d38bcc5952
Certificate serial:       019720814F40B6F6F7128A458916C25732B7
Authority key identifier: F1:E5:7E:35:0D:3A:6D:B8:A5:80:55:92:99:F0:B9:D3:8B:CC:59:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8eV-NQ06bbilgFWSmfC504vMWVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/222df2-6225-4041-9cb0-0cd9faa5653e/1/sW8bwiGLsI7Vh96L_GlmvLQDJKY.roa
Signing time:             Fri 30 May 2025 09:23:54 +0000
ROA not before:           Fri 30 May 2025 09:23:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a12:dd40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/222df2-6225-4041-9cb0-0cd9faa5653e/1/8eV-NQ06bbilgFWSmfC504vMWVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/222df2-6225-4041-9cb0-0cd9faa5653e/1/8eV-NQ06bbilgFWSmfC504vMWVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8eV-NQ06bbilgFWSmfC504vMWVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Jun 2025 15:25:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:20:81:4f:40:b6:f6:f7:12:8a:45:89:16:c2:57:32:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1e57e350d3a6db8a580559299f0b9d38bcc5952
        Validity
            Not Before: May 30 09:23:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b16f1bc2218bb08ed587de8bfc6966bcb40324a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:0b:c6:0d:1c:85:f1:c9:9e:55:e4:3a:ea:05:
                    3b:ea:33:bb:12:7b:ed:bc:cb:9e:5c:d0:32:2b:02:
                    53:ac:06:25:66:49:a2:31:a3:5e:03:63:7b:3e:1f:
                    16:ca:7b:13:6f:31:23:f7:b0:d8:76:61:bf:a2:26:
                    86:af:d4:06:3f:e6:d5:e4:b1:7a:2b:8b:01:ad:47:
                    c2:bf:7d:21:00:16:92:ca:a5:90:a9:a1:df:f6:eb:
                    5d:7a:32:9c:90:c0:80:8f:4e:0b:f3:05:d5:64:55:
                    94:f7:ed:13:fe:3a:a2:89:6a:72:ca:9a:55:15:32:
                    de:da:ea:cb:0d:9b:a8:32:4e:9c:16:06:b6:6d:ff:
                    1d:6d:26:40:19:25:7f:cf:63:9f:41:98:60:b1:f8:
                    80:5d:a4:2a:e6:7d:88:c4:cd:bd:bf:3d:db:0d:ce:
                    15:3f:78:bf:61:77:12:00:87:cf:9c:ce:da:34:5b:
                    0f:d6:a6:58:3a:5f:4e:b2:25:5f:6e:1b:eb:93:3b:
                    17:91:e4:2c:0f:85:34:d5:74:f3:de:f0:68:c2:37:
                    73:1d:5d:f3:ce:71:97:73:4e:b3:bd:29:b6:42:a9:
                    c6:8b:0d:29:e1:1b:d4:b2:34:b9:cf:62:17:9f:e5:
                    5e:cd:9d:ea:ef:d6:b6:5a:86:8d:90:e9:74:48:ce:
                    55:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:6F:1B:C2:21:8B:B0:8E:D5:87:DE:8B:FC:69:66:BC:B4:03:24:A6
            X509v3 Authority Key Identifier:
                keyid:F1:E5:7E:35:0D:3A:6D:B8:A5:80:55:92:99:F0:B9:D3:8B:CC:59:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8eV-NQ06bbilgFWSmfC504vMWVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/222df2-6225-4041-9cb0-0cd9faa5653e/1/sW8bwiGLsI7Vh96L_GlmvLQDJKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/222df2-6225-4041-9cb0-0cd9faa5653e/1/8eV-NQ06bbilgFWSmfC504vMWVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd40::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:d6:18:79:f2:2e:ed:4e:12:75:63:0b:7d:12:78:7c:19:19:
         77:86:3d:e2:38:f1:b9:16:2f:98:e3:f0:fa:68:1d:5f:7f:5f:
         4b:7f:a3:e2:9e:d0:9c:d7:e6:e5:e2:0a:0d:a3:02:55:cc:b9:
         e6:a4:31:54:d5:ce:59:5c:f8:0b:74:d8:61:bc:50:4c:ab:80:
         d5:0a:4e:c1:9c:69:22:c8:b5:4d:c0:bb:d1:84:10:43:d7:2d:
         17:05:22:fa:27:ff:be:ad:83:2d:10:00:31:06:2a:45:3e:b0:
         8d:0a:14:70:f5:e2:b7:ae:d2:58:1b:b8:7e:74:38:ad:48:e3:
         69:f2:44:bd:38:fe:4b:23:89:3e:98:f8:9e:73:34:35:e7:62:
         b3:9a:8f:8c:90:17:06:63:2d:1a:33:37:18:cf:75:d0:bc:73:
         6d:33:da:b3:a4:8d:9a:ca:0a:cf:e3:71:a0:d3:f5:8b:b1:db:
         c7:e1:f8:7a:1f:fd:cc:a1:ec:f6:b4:49:c3:a6:a0:7c:5a:9c:
         64:db:33:38:69:96:ec:e9:c4:1a:d2:77:3a:b4:b1:8b:b9:4d:
         9c:4c:61:f5:62:84:84:31:4e:dc:71:5d:95:e0:e2:ab:c8:84:
         e1:8d:92:35:07:88:5e:3a:57:bc:ed:49:11:9c:9c:09:0e:c6:
         4b:ee:45:62
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcggU9Atvb3EopFiRbCVzK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZTU3ZTM1MGQzYTZkYjhhNTgwNTU5Mjk5ZjBiOWQzOGJj
YzU5NTIwHhcNMjUwNTMwMDkyMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTZmMWJjMjIxOGJiMDhlZDU4N2RlOGJmYzY5NjZiY2I0MDMyNGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgvGDRyF8cmeVeQ66gU76jO7Envt
vMueXNAyKwJTrAYlZkmiMaNeA2N7Ph8WynsTbzEj97DYdmG/oiaGr9QGP+bV5LF6
K4sBrUfCv30hABaSyqWQqaHf9utdejKckMCAj04L8wXVZFWU9+0T/jqiiWpyyppV
FTLe2urLDZuoMk6cFga2bf8dbSZAGSV/z2OfQZhgsfiAXaQq5n2IxM29vz3bDc4V
P3i/YXcSAIfPnM7aNFsP1qZYOl9OsiVfbhvrkzsXkeQsD4U01XTz3vBowjdzHV3z
znGXc06zvSm2QqnGiw0p4RvUsjS5z2IXn+VezZ3q79a2WoaNkOl0SM5VDQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLFvG8Ihi7CO1Yfei/xpZry0AySmMB8GA1UdIwQY
MBaAFPHlfjUNOm24pYBVkpnwudOLzFlSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGVWLU5RMDZiYmlsZ0ZXU21mQzUwNHZNV1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8yMjJkZjItNjIyNS00MDQxLTljYjAt
MGNkOWZhYTU2NTNlLzEvc1c4YndpR0xzSTdWaDk2TF9HbG12TFFESktZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8yMjJkZjItNjIyNS00MDQxLTljYjAtMGNkOWZhYTU2NTNl
LzEvOGVWLU5RMDZiYmlsZ0ZXU21mQzUwNHZNV1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhLdQDAN
BgkqhkiG9w0BAQsFAAOCAQEAKdYYefIu7U4SdWMLfRJ4fBkZd4Y94jjxuRYvmOPw
+mgdX39fS3+j4p7QnNfm5eIKDaMCVcy55qQxVNXOWVz4C3TYYbxQTKuA1QpOwZxp
Isi1TcC70YQQQ9ctFwUi+if/vq2DLRAAMQYqRT6wjQoUcPXit67SWBu4fnQ4rUjj
afJEvTj+SyOJPpj4nnM0Nedis5qPjJAXBmMtGjM3GM910LxzbTPas6SNmsoKz+Nx
oNP1i7Hbx+H4eh/9zKHs9rRJw6agfFqcZNszOGmW7OnEGtJ3OrSxi7lNnExh9WKE
hDFO3HFdleDiq8iE4Y2SNQeIXjpXvO1JEZycCQ7GS+5FYg==
-----END CERTIFICATE-----