Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/HmaBq20Ai-2jt3GKPD_-ROKj49Y.roa
File:                     HmaBq20Ai-2jt3GKPD_-ROKj49Y.roa (raw, json)
Hash identifier:          gSo5KfhPovPTAVY7PFwBWRlcgqGnF2FyomzYepsvdqA=
Subject key identifier:   1E:66:81:AB:6D:00:8B:ED:A3:B7:71:8A:3C:3F:FE:44:E2:A3:E3:D6
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       01991BA15D3FE2F4724771B7104BBA45E5DD
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/HmaBq20Ai-2jt3GKPD_-ROKj49Y.roa
Signing time:             Fri 05 Sep 2025 20:46:24 +0000
ROA not before:           Fri 05 Sep 2025 20:46:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42375
IP address blocks:        2a12:1880::/29 maxlen: 29
                          2a12:6600::/29 maxlen: 29
                          2a12:9e00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:14:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1b:a1:5d:3f:e2:f4:72:47:71:b7:10:4b:ba:45:e5:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Sep  5 20:46:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e6681ab6d008beda3b7718a3c3ffe44e2a3e3d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:76:f9:88:51:52:23:cf:54:1c:4b:cf:0f:7e:
                    d7:ca:f5:8f:8d:0b:1d:14:41:92:34:95:0e:17:af:
                    f0:f4:8e:c0:d0:79:4c:30:a5:2b:3d:2b:57:44:53:
                    3d:e6:92:35:da:d4:a5:6b:da:ae:4a:1f:91:11:5c:
                    96:ea:34:37:81:56:30:23:00:f1:de:44:e3:4b:65:
                    80:25:5b:17:8e:0a:ec:82:ab:20:e6:44:50:3f:c8:
                    2a:83:2a:fb:49:11:fa:29:87:08:a9:1b:9f:9a:2d:
                    da:2c:df:4b:5b:b7:62:62:05:92:9f:fa:33:f7:18:
                    51:54:59:f6:67:4c:e2:32:c2:36:13:f8:42:c9:ea:
                    bc:9f:bf:f8:43:d4:c0:e0:13:f0:c5:12:b4:9a:e0:
                    dc:85:2d:57:7e:63:ab:4a:fb:2b:ee:57:dd:04:50:
                    d3:47:da:3a:82:fe:38:2b:e0:c6:39:0f:bf:40:6d:
                    aa:b8:0a:0d:ee:15:5a:02:c7:8e:91:c7:bc:63:37:
                    c7:a8:d7:74:67:23:d2:75:11:ce:e4:7d:bd:52:a0:
                    d1:3a:ab:d8:0d:04:5c:cf:c3:6e:3e:14:7e:21:e5:
                    94:0b:23:dc:68:14:8e:9a:19:df:d5:00:64:f7:05:
                    8d:b6:8a:42:f3:c1:e7:18:fc:ec:de:84:85:af:b1:
                    b5:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:66:81:AB:6D:00:8B:ED:A3:B7:71:8A:3C:3F:FE:44:E2:A3:E3:D6
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/HmaBq20Ai-2jt3GKPD_-ROKj49Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:1880::/29
                  2a12:6600::/29
                  2a12:9e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:78:79:10:35:15:2a:9b:c2:6d:02:8a:f0:11:a7:79:a4:fb:
         a3:02:fe:90:3f:f4:a6:33:ee:52:a8:c6:a9:fd:57:e1:29:e5:
         b7:d5:ab:d9:d0:59:72:28:b6:49:e4:19:9d:60:ea:76:73:e3:
         69:96:0b:77:31:b3:41:2a:00:32:81:fd:48:de:fb:16:4c:42:
         e7:0e:3f:69:77:e6:e8:fd:34:dd:63:56:09:62:96:98:06:e1:
         14:24:73:fd:2a:aa:6b:73:19:75:80:44:86:ab:9c:2f:5b:b5:
         a3:2f:35:d5:15:a0:11:1f:7f:4e:dd:c6:ca:de:46:02:d5:ca:
         f1:17:ca:b4:b0:72:fa:bd:45:ed:91:5d:50:08:e6:1f:36:ac:
         e7:d8:8d:53:01:04:9d:de:19:bb:4b:1c:66:2b:61:05:ab:71:
         fd:51:e7:cc:c0:1f:44:f6:99:a0:a3:8f:86:af:b8:d1:a9:0b:
         b5:27:bf:d7:89:1e:44:d1:a3:51:b7:0c:17:23:a0:e3:08:76:
         d6:48:15:a0:c6:93:66:6e:d7:4a:b0:fe:12:41:8a:a0:70:01:
         98:9b:8b:31:7e:ac:54:ea:91:17:c0:ca:44:e1:52:0f:0a:da:
         cc:a4:ea:c4:b2:8c:24:d7:be:88:ff:2a:f3:f4:fa:b4:d0:67:
         51:56:01:eb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZkboV0/4vRyR3G3EEu6ReXdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwOTA1MjA0NjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTY2ODFhYjZkMDA4YmVkYTNiNzcxOGEzYzNmZmU0NGUyYTNlM2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunb5iFFSI89UHEvPD37XyvWPjQsd
FEGSNJUOF6/w9I7A0HlMMKUrPStXRFM95pI12tSla9quSh+REVyW6jQ3gVYwIwDx
3kTjS2WAJVsXjgrsgqsg5kRQP8gqgyr7SRH6KYcIqRufmi3aLN9LW7diYgWSn/oz
9xhRVFn2Z0ziMsI2E/hCyeq8n7/4Q9TA4BPwxRK0muDchS1XfmOrSvsr7lfdBFDT
R9o6gv44K+DGOQ+/QG2quAoN7hVaAseOkce8YzfHqNd0ZyPSdRHO5H29UqDROqvY
DQRcz8NuPhR+IeWUCyPcaBSOmhnf1QBk9wWNtopC88HnGPzs3oSFr7G1lwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB5mgattAIvto7dxijw//kTio+PWMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvSG1hQnEyMEFpLTJqdDNHS1BEXy1ST0tqNDlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKhIYgAMF
AyoSZgADBQMqEp4AMA0GCSqGSIb3DQEBCwUAA4IBAQAMeHkQNRUqm8JtAorwEad5
pPujAv6QP/SmM+5SqMap/VfhKeW31avZ0FlyKLZJ5BmdYOp2c+Nplgt3MbNBKgAy
gf1I3vsWTELnDj9pd+bo/TTdY1YJYpaYBuEUJHP9Kqprcxl1gESGq5wvW7WjLzXV
FaARH39O3cbK3kYC1crxF8q0sHL6vUXtkV1QCOYfNqzn2I1TAQSd3hm7SxxmK2EF
q3H9UefMwB9E9pmgo4+Gr7jRqQu1J7/XiR5E0aNRtwwXI6DjCHbWSBWgxpNmbtdK
sP4SQYqgcAGYm4sxfqxU6pEXwMpE4VIPCtrMpOrEsowk176I/yrz9Pq00GdRVgHr
-----END CERTIFICATE-----