Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/pGCa8ewPnGrDN42G2YmJiI8CNaM.roa
File:                     pGCa8ewPnGrDN42G2YmJiI8CNaM.roa (raw, json)
Hash identifier:          VHyxjE8BSrobaXn9OLbg6V/jTMp++uPyOrdjWlu+LjI=
Subject key identifier:   A4:60:9A:F1:EC:0F:9C:6A:C3:37:8D:86:D9:89:89:88:8F:02:35:A3
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       01974646327CCA8D1A7A453A57B8B3472A9F
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/pGCa8ewPnGrDN42G2YmJiI8CNaM.roa
Signing time:             Fri 06 Jun 2025 17:24:54 +0000
ROA not before:           Fri 06 Jun 2025 17:24:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204916
IP address blocks:        2a12:1cc7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 11:44:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:46:46:32:7c:ca:8d:1a:7a:45:3a:57:b8:b3:47:2a:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Jun  6 17:24:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4609af1ec0f9c6ac3378d86d98989888f0235a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:9b:e4:fb:c7:8c:3e:40:e4:d5:ac:27:3e:0a:
                    fa:11:b0:5e:3b:b8:d1:3b:6c:9b:c1:da:a3:a5:5c:
                    0b:4a:17:a7:11:7b:01:b1:94:10:39:2a:46:fe:1b:
                    51:f5:7f:f2:58:0c:99:ec:3f:f2:6c:00:7e:93:ad:
                    cd:75:31:73:d3:7e:ec:37:a4:0f:60:78:78:63:0a:
                    b9:c4:5f:9e:10:81:6c:3f:3a:e6:0d:07:3e:82:47:
                    18:7a:02:df:36:84:7f:ee:a4:46:6f:f8:31:74:a4:
                    4c:24:57:f1:c3:4d:76:31:40:a4:87:9a:e7:9a:d0:
                    39:5f:09:56:5b:cf:c8:0e:6d:c7:c3:51:87:03:59:
                    9b:96:43:72:50:dd:41:7b:98:09:cb:de:fd:d1:22:
                    89:86:da:47:80:a7:44:c8:0e:4c:1b:d0:8a:4e:6c:
                    79:db:ab:e9:f0:0b:76:f6:e2:9c:b4:a6:39:3a:2c:
                    5f:39:90:f7:c0:43:99:7e:15:09:2e:86:9b:aa:94:
                    a4:99:ac:90:fc:17:cd:9b:97:f0:86:e7:eb:e3:fe:
                    08:05:32:ed:c4:5a:61:2c:8e:fb:25:4d:68:1d:f1:
                    6c:ac:72:cd:7b:6c:59:28:37:5b:8c:e6:cc:a0:05:
                    b6:4d:fe:6d:90:f2:71:7a:b3:67:49:e9:47:66:97:
                    e8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:60:9A:F1:EC:0F:9C:6A:C3:37:8D:86:D9:89:89:88:8F:02:35:A3
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/pGCa8ewPnGrDN42G2YmJiI8CNaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:1cc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:ab:38:85:49:cf:88:86:97:12:65:20:64:d5:15:ee:3a:a7:
         e5:e7:ae:b2:8d:45:69:da:7f:71:61:ef:d0:e8:22:54:cf:46:
         3e:af:c4:49:42:67:99:0f:dd:97:fe:43:9a:4c:14:23:b3:bb:
         f1:71:6a:3e:71:91:4e:70:d4:d7:4e:28:c5:b1:eb:94:e3:59:
         e0:52:66:40:f1:18:0f:cd:29:c0:b7:b2:27:78:65:fa:73:c9:
         94:dd:82:00:90:64:06:4b:9f:b2:49:6f:de:94:9c:bf:6a:a6:
         20:11:62:c9:87:4a:1a:f0:eb:92:40:e9:b1:e2:83:ae:25:fa:
         67:aa:70:5c:f7:7e:69:08:24:4e:f3:ee:e7:26:46:5c:bd:f3:
         9b:8c:93:b0:a2:53:6a:d7:27:7a:b9:97:6a:45:b2:6f:b0:cf:
         34:60:96:54:4d:2a:4d:34:81:c8:a1:29:5c:fd:6e:46:3c:6f:
         6c:2d:85:a9:0c:e6:33:e0:2c:94:d0:12:4c:18:30:33:47:44:
         fb:bd:2f:11:17:d9:0f:3a:fc:9f:f0:f6:ba:4f:e7:ff:a8:a3:
         13:9f:07:0f:8b:ec:cf:41:b4:14:9d:f5:22:53:99:f8:05:2f:
         ca:ce:b0:e4:f4:77:4c:43:3d:1d:26:99:1a:db:ef:b8:f7:15:
         74:62:b5:87
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZdGRjJ8yo0aekU6V7izRyqfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNjA2MTcyNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDYwOWFmMWVjMGY5YzZhYzMzNzhkODZkOTg5ODk4ODhmMDIzNWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+pvk+8eMPkDk1awnPgr6EbBeO7jR
O2ybwdqjpVwLShenEXsBsZQQOSpG/htR9X/yWAyZ7D/ybAB+k63NdTFz037sN6QP
YHh4Ywq5xF+eEIFsPzrmDQc+gkcYegLfNoR/7qRGb/gxdKRMJFfxw012MUCkh5rn
mtA5XwlWW8/IDm3Hw1GHA1mblkNyUN1Be5gJy9790SKJhtpHgKdEyA5MG9CKTmx5
26vp8At29uKctKY5OixfOZD3wEOZfhUJLoabqpSkmayQ/BfNm5fwhufr4/4IBTLt
xFphLI77JU1oHfFsrHLNe2xZKDdbjObMoAW2Tf5tkPJxerNnSelHZpfoqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKRgmvHsD5xqwzeNhtmJiYiPAjWjMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvcEdDYThld1BuR3JETjQyRzJZbUppSThDTmFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhIcxzAN
BgkqhkiG9w0BAQsFAAOCAQEAoas4hUnPiIaXEmUgZNUV7jqn5eeuso1Fadp/cWHv
0OgiVM9GPq/ESUJnmQ/dl/5DmkwUI7O78XFqPnGRTnDU104oxbHrlONZ4FJmQPEY
D80pwLeyJ3hl+nPJlN2CAJBkBkufsklv3pScv2qmIBFiyYdKGvDrkkDpseKDriX6
Z6pwXPd+aQgkTvPu5yZGXL3zm4yTsKJTatcnermXakWyb7DPNGCWVE0qTTSByKEp
XP1uRjxvbC2FqQzmM+AslNASTBgwM0dE+70vERfZDzr8n/D2uk/n/6ijE58HD4vs
z0G0FJ31IlOZ+AUvys6w5PR3TEM9HSaZGtvvuPcVdGK1hw==
-----END CERTIFICATE-----