Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/s4XGskQFU7_Cf6_mWSLuiAFByjk.roa
File:                     s4XGskQFU7_Cf6_mWSLuiAFByjk.roa (raw, json)
Hash identifier:          nc4Vl3rpM+BRB2fbj+46n9BE/ubeond5FkvagoQcDxg=
Subject key identifier:   B3:85:C6:B2:44:05:53:BF:C2:7F:AF:E6:59:22:EE:88:01:41:CA:39
Certificate issuer:       /CN=2ca61567cb1099855117008fd1d36aa8ada96faf
Certificate serial:       0196F32A3DC619617E16BCBABBFF77D5521A
Authority key identifier: 2C:A6:15:67:CB:10:99:85:51:17:00:8F:D1:D3:6A:A8:AD:A9:6F:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LKYVZ8sQmYVRFwCP0dNqqK2pb68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/s4XGskQFU7_Cf6_mWSLuiAFByjk.roa
Signing time:             Wed 21 May 2025 14:05:53 +0000
ROA not before:           Wed 21 May 2025 14:05:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211931
IP address blocks:        2a01:f100::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/LKYVZ8sQmYVRFwCP0dNqqK2pb68.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/LKYVZ8sQmYVRFwCP0dNqqK2pb68.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LKYVZ8sQmYVRFwCP0dNqqK2pb68.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f3:2a:3d:c6:19:61:7e:16:bc:ba:bb:ff:77:d5:52:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ca61567cb1099855117008fd1d36aa8ada96faf
        Validity
            Not Before: May 21 14:05:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b385c6b2440553bfc27fafe65922ee880141ca39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:f7:32:32:7f:c2:c2:b7:8f:21:ae:d2:8a:36:
                    de:5d:e8:d0:82:44:a0:8e:39:4f:b1:9d:dc:1e:0b:
                    17:a8:4b:4e:97:a7:b3:89:4f:e6:c6:67:d7:38:9d:
                    79:5d:c9:e6:ab:76:7a:3e:ad:52:30:62:e3:e1:6a:
                    9a:6d:f4:88:73:f1:74:77:92:bf:df:29:d9:f7:db:
                    e3:13:70:0a:c7:1d:10:79:a4:0b:a6:3b:f6:cf:79:
                    d0:ae:b7:3e:68:ff:07:17:d3:18:c9:86:b8:a5:34:
                    34:86:04:9a:02:75:80:09:52:7a:d3:52:91:20:a5:
                    d4:33:97:70:33:c0:8a:a0:44:01:b3:4d:25:d4:11:
                    78:de:2a:e2:75:be:0f:d9:78:d9:61:09:56:de:72:
                    f9:60:06:b7:21:21:36:90:23:f1:22:4d:24:02:16:
                    a1:0e:ae:eb:4d:fc:25:98:45:15:a5:02:aa:a5:51:
                    2c:a8:04:9f:a8:d9:f3:9b:e9:bd:66:49:ef:7e:f3:
                    90:6a:52:cc:4f:eb:a4:11:1b:e9:fe:3f:23:fb:2b:
                    5e:e7:9c:db:ee:e4:fc:40:ba:b4:ef:00:b2:dc:3e:
                    47:da:df:3f:e0:7b:8c:23:16:90:01:79:23:32:91:
                    83:1d:bf:af:c8:1e:9f:05:44:df:50:12:d5:bf:a0:
                    0c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:85:C6:B2:44:05:53:BF:C2:7F:AF:E6:59:22:EE:88:01:41:CA:39
            X509v3 Authority Key Identifier:
                keyid:2C:A6:15:67:CB:10:99:85:51:17:00:8F:D1:D3:6A:A8:AD:A9:6F:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LKYVZ8sQmYVRFwCP0dNqqK2pb68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/s4XGskQFU7_Cf6_mWSLuiAFByjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/LKYVZ8sQmYVRFwCP0dNqqK2pb68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f100::/44

    Signature Algorithm: sha256WithRSAEncryption
         3e:88:98:73:a5:c5:d5:e5:e0:b1:84:40:cd:7f:2e:4c:80:e9:
         67:db:28:c2:a5:a2:c5:4a:84:01:f9:ae:dd:92:d1:3d:a1:51:
         23:5f:15:2d:0d:38:ca:3e:8e:6c:2f:4c:ff:13:c1:f8:7c:78:
         20:e4:29:ea:89:05:2b:7b:53:cc:84:b4:46:0c:a2:54:6b:fe:
         e7:ec:82:6f:90:48:39:bf:d9:d8:1a:b3:64:89:2a:c2:22:72:
         e0:03:c3:24:dc:84:0c:67:89:b6:0a:00:60:56:a7:3b:31:e4:
         7b:b3:84:f1:c9:27:41:83:98:71:a3:13:41:37:24:0e:74:2e:
         eb:f4:9f:05:1c:3e:55:3a:00:c4:97:5f:73:03:92:b2:fd:32:
         f9:a3:45:60:70:a0:5a:87:a3:34:5b:b5:88:96:96:38:a1:45:
         6b:58:1c:4d:c1:c0:89:c6:08:6f:db:33:1f:b7:3b:4f:8e:d7:
         88:51:5e:9f:e9:36:22:97:ad:8f:5a:fd:e6:9d:8b:7b:fe:87:
         fb:9e:cc:05:61:48:18:fe:59:6a:23:96:f4:ca:13:38:f9:5d:
         c7:0c:74:1f:8f:9b:b4:7d:26:14:5b:c5:b7:c3:c9:50:24:de:
         0a:a0:01:3c:8a:42:b9:12:bf:97:0d:02:fb:fe:a6:2a:75:90:
         21:07:6c:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZbzKj3GGWF+Fry6u/931VIaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYTYxNTY3Y2IxMDk5ODU1MTE3MDA4ZmQxZDM2YWE4YWRh
OTZmYWYwHhcNMjUwNTIxMTQwNTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzg1YzZiMjQ0MDU1M2JmYzI3ZmFmZTY1OTIyZWU4ODAxNDFjYTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3vcyMn/CwrePIa7SijbeXejQgkSg
jjlPsZ3cHgsXqEtOl6eziU/mxmfXOJ15Xcnmq3Z6Pq1SMGLj4WqabfSIc/F0d5K/
3ynZ99vjE3AKxx0QeaQLpjv2z3nQrrc+aP8HF9MYyYa4pTQ0hgSaAnWACVJ601KR
IKXUM5dwM8CKoEQBs00l1BF43iridb4P2XjZYQlW3nL5YAa3ISE2kCPxIk0kAhah
Dq7rTfwlmEUVpQKqpVEsqASfqNnzm+m9ZknvfvOQalLMT+ukERvp/j8j+yte55zb
7uT8QLq07wCy3D5H2t8/4HuMIxaQAXkjMpGDHb+vyB6fBUTfUBLVv6AMbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLOFxrJEBVO/wn+v5lki7ogBQco5MB8GA1UdIwQY
MBaAFCymFWfLEJmFURcAj9HTaqitqW+vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEtZVlo4c1FtWVZSRndDUDBkTnFxSzJwYjY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8yYTcxNGUtYzdkMy00N2I1LThjNTct
Y2FhN2Q1YjQ4MmM1LzEvczRYR3NrUUZVN19DZjZfbVdTTHVpQUZCeWprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8yYTcxNGUtYzdkMy00N2I1LThjNTctY2FhN2Q1YjQ4MmM1
LzEvTEtZVlo4c1FtWVZSRndDUDBkTnFxSzJwYjY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgHxAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA+iJhzpcXV5eCxhEDNfy5MgOln2yjCpaLFSoQB
+a7dktE9oVEjXxUtDTjKPo5sL0z/E8H4fHgg5CnqiQUre1PMhLRGDKJUa/7n7IJv
kEg5v9nYGrNkiSrCInLgA8Mk3IQMZ4m2CgBgVqc7MeR7s4TxySdBg5hxoxNBNyQO
dC7r9J8FHD5VOgDEl19zA5Ky/TL5o0VgcKBah6M0W7WIlpY4oUVrWBxNwcCJxghv
2zMftztPjteIUV6f6TYil62PWv3mnYt7/of7nswFYUgY/llqI5b0yhM4+V3HDHQf
j5u0fSYUW8W3w8lQJN4KoAE8ikK5Er+XDQL7/qYqdZAhB2yb
-----END CERTIFICATE-----