Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/w065yF2KMBb9aVnQ4BfNT-qmTRU.roa
File:                     w065yF2KMBb9aVnQ4BfNT-qmTRU.roa (raw, json)
Hash identifier:          jJgjEmmyXXQf+/0rV+v9URt/GJe8fT1hRfQv43u3dw0=
Subject key identifier:   C3:4E:B9:C8:5D:8A:30:16:FD:69:59:D0:E0:17:CD:4F:EA:A6:4D:15
Certificate issuer:       /CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
Certificate serial:       0197A6EDEF2D13847B4B991E469E0FAA2A47
Authority key identifier: FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/w065yF2KMBb9aVnQ4BfNT-qmTRU.roa
Signing time:             Wed 25 Jun 2025 11:51:40 +0000
ROA not before:           Wed 25 Jun 2025 11:51:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201341
IP address blocks:        2a02:e9c3::/32 maxlen: 32
                          2a13:6cc3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:ed:ef:2d:13:84:7b:4b:99:1e:46:9e:0f:aa:2a:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
        Validity
            Not Before: Jun 25 11:51:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c34eb9c85d8a3016fd6959d0e017cd4feaa64d15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d3:8f:bc:6a:a5:e9:37:0f:74:9e:5f:c2:5d:
                    3c:98:e6:7a:0c:58:4c:2d:e8:5c:86:af:6c:d1:59:
                    da:9d:3b:4a:d1:be:a8:e6:72:57:a8:0a:a3:45:c0:
                    b1:25:c1:c0:06:e6:29:f6:ac:74:72:8f:63:e5:dc:
                    68:89:f1:fc:3d:9d:fb:fd:3a:00:ff:df:53:be:34:
                    61:e7:3a:99:a2:12:8b:48:20:c6:b9:80:7e:98:11:
                    89:ec:80:bf:90:02:53:64:99:26:89:6e:c1:d6:8e:
                    45:5b:24:3d:7c:52:6e:8f:dd:ca:ef:bc:cd:9a:2f:
                    ad:6e:65:66:17:22:23:20:87:13:24:85:ef:a1:df:
                    56:ed:d6:a2:7f:0a:87:8d:8e:8d:57:f7:61:0d:fa:
                    e4:cc:77:46:36:2a:a4:30:81:f3:a8:01:88:c1:5c:
                    bb:a2:85:ff:c7:96:5b:6d:c7:04:1c:39:bb:5d:cd:
                    8f:a8:62:f8:f2:67:bf:f2:3b:d9:c0:e2:1d:0f:26:
                    f8:86:a1:65:1c:3b:2b:c9:02:08:bc:2a:27:b8:68:
                    c1:11:66:d9:01:23:25:44:de:1c:f8:b8:de:14:80:
                    ad:5a:65:9f:fd:5b:ab:0b:f0:65:d9:e3:37:72:6b:
                    2d:5f:ad:ab:9e:b6:8f:1c:4a:6d:d3:d0:ef:6c:82:
                    03:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:4E:B9:C8:5D:8A:30:16:FD:69:59:D0:E0:17:CD:4F:EA:A6:4D:15
            X509v3 Authority Key Identifier:
                keyid:FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/w065yF2KMBb9aVnQ4BfNT-qmTRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:e9c3::/32
                  2a13:6cc3::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:44:30:15:07:28:d9:e0:f1:cc:7f:b9:5a:2d:4b:9a:cf:0b:
         fc:a8:87:f2:03:89:dc:1e:b7:f7:3d:bf:68:57:ba:f9:bc:92:
         5f:f7:0e:cd:f4:96:d6:8c:f4:72:a2:f7:53:d8:71:38:1e:7b:
         b7:90:94:48:6e:21:39:83:c7:da:db:47:73:94:57:49:1e:46:
         5b:c4:cf:22:60:89:1d:ca:6f:45:f4:62:3a:f7:2c:43:b2:c1:
         c9:f9:7e:a6:41:5f:05:b5:f8:60:6c:6f:4c:61:ed:fe:33:7c:
         de:28:31:9c:be:88:68:fa:59:09:17:5c:c2:f5:a1:3e:98:ca:
         e6:a1:bc:23:bb:08:46:e0:31:fc:68:23:37:17:10:9e:25:9e:
         75:3d:6b:76:72:e4:75:02:a7:0e:21:43:f2:38:56:1a:5e:65:
         f0:73:ad:bf:1e:2d:dd:31:07:53:e7:90:3a:99:11:de:9e:12:
         fb:22:66:8b:4d:39:57:d6:47:e8:7e:c8:53:10:a5:fd:7d:58:
         b3:d7:ed:23:7a:bb:0c:78:20:73:14:be:98:a1:7e:bb:38:8c:
         15:ad:16:f2:a9:e5:69:75:39:90:47:c3:28:88:ca:7b:5b:c4:
         be:37:3f:d3:63:2d:cd:29:44:15:f3:6b:2c:cb:d0:ff:d1:18:
         11:95:e9:57
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZem7e8tE4R7S5keRp4PqipHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGJmYmRiNmU5NzVkZGNhOGY2ZGQ5NjhjMzdhN2Q1NTYw
ZTY5MWQwHhcNMjUwNjI1MTE1MTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzRlYjljODVkOGEzMDE2ZmQ2OTU5ZDBlMDE3Y2Q0ZmVhYTY0ZDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9OPvGql6TcPdJ5fwl08mOZ6DFhM
Lehchq9s0VnanTtK0b6o5nJXqAqjRcCxJcHABuYp9qx0co9j5dxoifH8PZ37/ToA
/99TvjRh5zqZohKLSCDGuYB+mBGJ7IC/kAJTZJkmiW7B1o5FWyQ9fFJuj93K77zN
mi+tbmVmFyIjIIcTJIXvod9W7daifwqHjY6NV/dhDfrkzHdGNiqkMIHzqAGIwVy7
ooX/x5ZbbccEHDm7Xc2PqGL48me/8jvZwOIdDyb4hqFlHDsryQIIvConuGjBEWbZ
ASMlRN4c+LjeFICtWmWf/VurC/Bl2eM3cmstX62rnraPHEpt09DvbIIDewIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMNOuchdijAW/WlZ0OAXzU/qpk0VMB8GA1UdIwQY
MBaAFP/b+9tul13cqPbdlow3p9VWDmkdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUt
MTk3NjlmNTc4ZWZkLzEvdzA2NXlGMktNQmI5YVZuUTRCZk5ULXFtVFJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUtMTk3NjlmNTc4ZWZk
LzEvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgLpwwMF
ACoTbMMwDQYJKoZIhvcNAQELBQADggEBAFFEMBUHKNng8cx/uVotS5rPC/yoh/ID
idwet/c9v2hXuvm8kl/3Ds30ltaM9HKi91PYcTgee7eQlEhuITmDx9rbR3OUV0ke
RlvEzyJgiR3Kb0X0Yjr3LEOywcn5fqZBXwW1+GBsb0xh7f4zfN4oMZy+iGj6WQkX
XML1oT6YyuahvCO7CEbgMfxoIzcXEJ4lnnU9a3Zy5HUCpw4hQ/I4VhpeZfBzrb8e
Ld0xB1PnkDqZEd6eEvsiZotNOVfWR+h+yFMQpf19WLPX7SN6uwx4IHMUvpihfrs4
jBWtFvKp5Wl1OZBHwyiIyntbxL43P9NjLc0pRBXzayzL0P/RGBGV6Vc=
-----END CERTIFICATE-----