Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/MaON6tltdE_nNRyafDLxcoztK6E.roa
File:                     MaON6tltdE_nNRyafDLxcoztK6E.roa (raw, json)
Hash identifier:          Sb8QCt7PRXcCVTxqpNcJ/gxYw3sApRrWPJqKe86QFYM=
Subject key identifier:   31:A3:8D:EA:D9:6D:74:4F:E7:35:1C:9A:7C:32:F1:72:8C:ED:2B:A1
Certificate issuer:       /CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
Certificate serial:       019A01B753D8A19E79C2F93B3B7DBFCFEB93
Authority key identifier: FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/MaON6tltdE_nNRyafDLxcoztK6E.roa
Signing time:             Mon 20 Oct 2025 13:03:03 +0000
ROA not before:           Mon 20 Oct 2025 13:03:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133944
IP address blocks:        2a02:e9c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Oct 2025 15:30:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:b7:53:d8:a1:9e:79:c2:f9:3b:3b:7d:bf:cf:eb:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
        Validity
            Not Before: Oct 20 13:03:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31a38dead96d744fe7351c9a7c32f1728ced2ba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:04:d1:ac:40:23:a0:90:76:0f:39:ac:4e:06:
                    d3:c2:be:e8:8c:d4:cd:5b:58:ec:22:f0:05:28:49:
                    77:f9:80:d3:9e:f2:c6:f7:19:1d:00:73:1a:d8:e2:
                    12:4f:ec:5f:07:1c:a1:b3:b8:10:e3:49:9e:4b:78:
                    6f:f9:dc:a3:ab:0d:fc:50:3c:1a:7c:8e:6f:9a:04:
                    75:ac:f0:a9:9f:4c:d5:0c:e9:b0:f5:08:3e:9e:7b:
                    0d:b3:71:d8:80:d8:70:84:b0:80:bb:de:f0:64:12:
                    41:12:b8:e3:6d:28:3f:1a:91:2f:71:23:e1:39:a3:
                    42:94:fe:d5:77:53:5d:ba:8d:86:cf:5b:d5:5b:9a:
                    3d:a8:88:fc:6a:3c:ea:ff:41:0b:87:9a:34:c8:ea:
                    02:77:ea:81:34:c7:51:e4:e8:8c:a3:53:8d:a1:58:
                    9b:ee:e1:12:36:03:04:fe:48:e1:8a:20:4a:2b:d1:
                    ec:06:a6:c6:63:2a:65:8e:db:6b:98:ef:a3:27:ef:
                    90:4c:5c:72:85:8e:77:ff:d1:53:a3:5a:f6:31:0c:
                    46:70:d9:eb:f4:47:59:40:39:7c:86:63:38:71:44:
                    25:da:2e:bc:24:c0:8f:42:32:9d:01:ee:c9:10:45:
                    31:20:79:a5:49:b7:c9:c4:4a:de:fc:d0:b1:e0:e7:
                    20:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:A3:8D:EA:D9:6D:74:4F:E7:35:1C:9A:7C:32:F1:72:8C:ED:2B:A1
            X509v3 Authority Key Identifier:
                keyid:FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/MaON6tltdE_nNRyafDLxcoztK6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:e9c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:8f:42:ca:08:4f:97:59:08:ad:21:3c:6e:86:54:0c:b2:28:
         66:b1:07:f0:11:ad:30:f2:57:1f:32:3b:4b:ce:69:55:e0:0c:
         ad:c5:48:15:ea:31:08:07:3c:78:bd:87:8b:70:95:f3:cf:fe:
         c9:6a:03:4e:5b:21:b2:07:c8:81:03:b0:14:f9:89:9d:54:14:
         0d:05:8a:c3:d3:5c:0c:4e:19:0b:9b:86:ca:58:a5:95:b9:09:
         2f:8c:41:6a:74:57:e8:a3:54:3a:a7:79:ed:83:76:df:bf:b3:
         26:bb:e3:fa:86:14:6c:df:4d:39:4a:e2:91:7e:f5:7f:a8:30:
         0d:0e:a5:1e:7e:26:da:24:66:0f:35:aa:ab:a6:a2:30:a4:0d:
         7c:99:65:4b:56:43:db:f9:26:15:04:69:39:ba:39:c5:5c:bb:
         44:5d:92:87:2b:6b:dc:6e:39:cd:bf:00:2e:23:e7:e2:c1:4b:
         20:56:a2:8b:8b:61:2a:00:e2:e7:63:9e:e7:87:37:d4:03:0a:
         39:81:c6:a9:5e:57:b7:ea:66:c9:0f:a8:81:24:7a:10:e9:da:
         14:da:fc:fb:47:a9:14:a3:3c:b3:c9:c7:ce:e8:56:c7:f1:ca:
         1e:be:d3:34:70:56:98:78:48:86:ed:12:30:b5:9a:c1:2b:ee:
         04:4c:a2:a9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZoBt1PYoZ55wvk7O32/z+uTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGJmYmRiNmU5NzVkZGNhOGY2ZGQ5NjhjMzdhN2Q1NTYw
ZTY5MWQwHhcNMjUxMDIwMTMwMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWEzOGRlYWQ5NmQ3NDRmZTczNTFjOWE3YzMyZjE3MjhjZWQyYmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wTRrEAjoJB2DzmsTgbTwr7ojNTN
W1jsIvAFKEl3+YDTnvLG9xkdAHMa2OIST+xfBxyhs7gQ40meS3hv+dyjqw38UDwa
fI5vmgR1rPCpn0zVDOmw9Qg+nnsNs3HYgNhwhLCAu97wZBJBErjjbSg/GpEvcSPh
OaNClP7Vd1Nduo2Gz1vVW5o9qIj8ajzq/0ELh5o0yOoCd+qBNMdR5OiMo1ONoVib
7uESNgME/kjhiiBKK9HsBqbGYypljttrmO+jJ++QTFxyhY53/9FTo1r2MQxGcNnr
9EdZQDl8hmM4cUQl2i68JMCPQjKdAe7JEEUxIHmlSbfJxEre/NCx4OcgKwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDGjjerZbXRP5zUcmnwy8XKM7SuhMB8GA1UdIwQY
MBaAFP/b+9tul13cqPbdlow3p9VWDmkdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUt
MTk3NjlmNTc4ZWZkLzEvTWFPTjZ0bHRkRV9uTlJ5YWZETHhjb3p0SzZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUtMTk3NjlmNTc4ZWZk
LzEvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgLpxTAN
BgkqhkiG9w0BAQsFAAOCAQEAlI9CyghPl1kIrSE8boZUDLIoZrEH8BGtMPJXHzI7
S85pVeAMrcVIFeoxCAc8eL2Hi3CV88/+yWoDTlshsgfIgQOwFPmJnVQUDQWKw9Nc
DE4ZC5uGylillbkJL4xBanRX6KNUOqd57YN237+zJrvj+oYUbN9NOUrikX71f6gw
DQ6lHn4m2iRmDzWqq6aiMKQNfJllS1ZD2/kmFQRpObo5xVy7RF2Shytr3G45zb8A
LiPn4sFLIFaii4thKgDi52Oe54c31AMKOYHGqV5Xt+pmyQ+ogSR6EOnaFNr8+0ep
FKM8s8nHzuhWx/HKHr7TNHBWmHhIhu0SMLWawSvuBEyiqQ==
-----END CERTIFICATE-----