Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/dCNtZX3dyVqUESkVok9BWHucqLY.roa
File:                     dCNtZX3dyVqUESkVok9BWHucqLY.roa (raw, json)
Hash identifier:          yN6ejh5FYh5uP+l/qguLyjfxVezE4QjvRy/DcEPSryo=
Subject key identifier:   74:23:6D:65:7D:DD:C9:5A:94:11:29:15:A2:4F:41:58:7B:9C:A8:B6
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       01991ADD721BBB974B0A321F47BC8FC12578
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/dCNtZX3dyVqUESkVok9BWHucqLY.roa
Signing time:             Fri 05 Sep 2025 17:12:24 +0000
ROA not before:           Fri 05 Sep 2025 17:12:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207781
IP address blocks:        2a09:e1c1:efc0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1a:dd:72:1b:bb:97:4b:0a:32:1f:47:bc:8f:c1:25:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Sep  5 17:12:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74236d657dddc95a94112915a24f41587b9ca8b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:bb:1c:81:6b:94:94:20:bb:23:58:6b:dd:ef:
                    a8:a0:8f:b4:83:ad:09:15:6d:f8:d7:55:39:2f:3e:
                    ce:39:39:3e:35:f9:a3:c2:b3:bb:de:30:cd:85:d6:
                    36:5c:05:bf:0b:ca:eb:8a:18:a4:90:ae:50:2e:8b:
                    16:75:9c:ac:2b:f1:de:29:28:39:66:62:e4:e0:ef:
                    de:79:18:e3:0d:53:85:8a:8a:87:2e:26:5f:a7:ab:
                    89:8c:00:d0:67:4d:26:e6:f4:a4:8f:24:02:36:77:
                    1c:02:c3:5c:05:2d:e5:a3:01:30:8f:42:fd:dc:b7:
                    80:ee:8a:98:b2:67:09:fc:08:f6:7b:95:04:4e:ac:
                    06:47:a5:8f:99:3c:f0:e7:94:a1:0d:6a:9d:7c:cc:
                    e5:0c:39:3f:3d:31:08:da:c3:3c:01:b7:7d:47:fa:
                    ef:14:8c:9e:d7:74:e8:67:6d:d3:7a:94:35:f0:7f:
                    fa:46:4f:10:44:2f:ea:7c:fb:09:88:f1:48:5a:41:
                    94:2a:2b:98:53:ed:60:28:76:e7:51:b4:32:e8:b1:
                    33:07:4a:be:39:2c:24:10:c9:de:72:14:5f:44:27:
                    90:7b:a8:85:4d:ef:6b:d2:8f:29:6c:5b:2f:45:1d:
                    65:d0:4d:54:e9:de:ef:f4:37:8c:cd:17:a9:37:b5:
                    28:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:23:6D:65:7D:DD:C9:5A:94:11:29:15:A2:4F:41:58:7B:9C:A8:B6
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/dCNtZX3dyVqUESkVok9BWHucqLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e1c1:efc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         5d:93:28:05:d8:ab:79:64:f4:19:88:b7:67:6c:06:f3:ff:49:
         69:81:4b:b6:18:29:1e:55:76:c6:40:88:85:8a:f6:ad:be:e7:
         20:8b:79:3d:2b:a8:c7:f0:b6:6f:81:d5:3d:9c:f5:7c:d5:73:
         3b:46:5a:8e:af:6c:de:07:63:13:7f:d0:33:1a:6d:b8:bf:17:
         f3:d2:93:1c:8d:44:f1:34:8a:da:11:8c:8e:d9:74:55:c7:6b:
         21:ba:18:d2:39:39:2d:5e:cf:36:dd:2e:58:6d:e1:7d:52:f1:
         d5:42:73:b5:f2:ef:e1:4e:6f:dc:8d:95:30:29:a3:e4:36:b7:
         2a:ef:d0:9e:2d:44:c1:ef:d9:e6:ab:b6:db:4b:12:a1:95:a1:
         d7:f3:b7:a9:7d:28:7b:fa:42:ef:fd:95:0c:e5:50:2e:e0:6e:
         c5:39:c7:ea:6e:91:16:1d:9b:9e:a6:b5:9a:bb:35:52:6f:3b:
         06:c6:0a:fa:70:81:e3:18:a4:bb:81:22:60:d5:e7:b9:cd:52:
         33:b5:bf:98:b6:9a:bb:b2:5f:4f:b9:63:d9:34:e4:2a:bf:32:
         58:1c:de:3a:05:52:d6:3d:af:be:82:b8:15:bd:ce:ad:68:ad:
         83:45:33:9a:7d:75:fc:95:76:77:a3:7e:93:ca:fc:08:6a:f0:
         ee:ce:73:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZka3XIbu5dLCjIfR7yPwSV4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwOTA1MTcxMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDIzNmQ2NTdkZGRjOTVhOTQxMTI5MTVhMjRmNDE1ODdiOWNhOGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrscgWuUlCC7I1hr3e+ooI+0g60J
FW3411U5Lz7OOTk+NfmjwrO73jDNhdY2XAW/C8rrihikkK5QLosWdZysK/HeKSg5
ZmLk4O/eeRjjDVOFioqHLiZfp6uJjADQZ00m5vSkjyQCNnccAsNcBS3lowEwj0L9
3LeA7oqYsmcJ/Aj2e5UETqwGR6WPmTzw55ShDWqdfMzlDDk/PTEI2sM8Abd9R/rv
FIye13ToZ23TepQ18H/6Rk8QRC/qfPsJiPFIWkGUKiuYU+1gKHbnUbQy6LEzB0q+
OSwkEMnechRfRCeQe6iFTe9r0o8pbFsvRR1l0E1U6d7v9DeMzRepN7Uo9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHQjbWV93clalBEpFaJPQVh7nKi2MB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvZENOdFpYM2R5VnFVRVNrVm9rOUJXSHVjcUxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgnhwe/A
MA0GCSqGSIb3DQEBCwUAA4IBAQBdkygF2Kt5ZPQZiLdnbAbz/0lpgUu2GCkeVXbG
QIiFivatvucgi3k9K6jH8LZvgdU9nPV81XM7RlqOr2zeB2MTf9AzGm24vxfz0pMc
jUTxNIraEYyO2XRVx2shuhjSOTktXs823S5YbeF9UvHVQnO18u/hTm/cjZUwKaPk
Nrcq79CeLUTB79nmq7bbSxKhlaHX87epfSh7+kLv/ZUM5VAu4G7FOcfqbpEWHZue
prWauzVSbzsGxgr6cIHjGKS7gSJg1ee5zVIztb+Ytpq7sl9PuWPZNOQqvzJYHN46
BVLWPa++grgVvc6taK2DRTOafXX8lXZ3o36TyvwIavDuznM+
-----END CERTIFICATE-----