Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/kdMtwtDJmdqv3HDG9muRaFw5ex8.roa
File:                     kdMtwtDJmdqv3HDG9muRaFw5ex8.roa (raw, json)
Hash identifier:          taFUnwaPjnMuNpwKt3NpDB2U8nZ71Tsuw+rhigA15xo=
Subject key identifier:   91:D3:2D:C2:D0:C9:99:DA:AF:DC:70:C6:F6:6B:91:68:5C:39:7B:1F
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       019744FCF4BB96E397276B855A91C4F24D19
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/kdMtwtDJmdqv3HDG9muRaFw5ex8.roa
Signing time:             Fri 06 Jun 2025 11:25:17 +0000
ROA not before:           Fri 06 Jun 2025 11:25:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34665
IP address blocks:        2a09:da40::/32 maxlen: 32
                          2a0d:adc4::/32 maxlen: 32
                          2a14:9705::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:44:fc:f4:bb:96:e3:97:27:6b:85:5a:91:c4:f2:4d:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Jun  6 11:25:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91d32dc2d0c999daafdc70c6f66b91685c397b1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6d:f7:50:df:e6:c2:a8:cb:ac:2d:68:3a:00:
                    9a:5f:ec:79:89:2b:35:23:e9:28:7d:81:7b:9a:1d:
                    56:92:a0:a6:0c:e6:6e:21:6e:ad:76:97:96:81:36:
                    d9:2a:76:c5:ac:ec:91:d5:9f:b7:32:36:32:51:74:
                    20:9b:0b:00:d5:07:6b:24:a6:40:17:32:77:46:b4:
                    b1:c7:3a:8f:52:92:9e:b7:8c:dc:b6:f0:00:e5:42:
                    f2:57:56:d0:85:7f:2b:7e:6c:57:99:3b:3f:d8:11:
                    8d:46:14:b1:8c:86:9b:36:06:3c:03:18:c6:65:0b:
                    81:c1:cd:c6:b9:12:67:6e:67:e3:37:28:9a:76:47:
                    fd:a0:4b:00:23:56:4b:69:ef:b3:e6:36:b4:26:8b:
                    a4:8f:19:f1:67:8e:94:ec:8e:63:81:ff:85:54:14:
                    e8:a1:76:c0:40:2b:54:ca:97:f9:d5:d4:a7:8b:93:
                    9e:2f:4b:de:41:6b:8c:e2:40:f0:fc:97:8d:c5:ad:
                    9f:48:70:21:94:0d:d6:90:23:0f:5f:05:40:20:98:
                    b1:5c:c6:04:51:d0:8e:a4:81:2c:fe:e8:0f:de:fc:
                    2c:5b:77:6f:cb:db:e3:b2:a3:b4:81:ce:2e:fe:76:
                    0d:35:4c:72:68:e4:a3:38:10:ef:32:38:d4:67:7e:
                    e4:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:D3:2D:C2:D0:C9:99:DA:AF:DC:70:C6:F6:6B:91:68:5C:39:7B:1F
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/kdMtwtDJmdqv3HDG9muRaFw5ex8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:da40::/32
                  2a0d:adc4::/32
                  2a14:9705::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:fd:f9:4b:6e:ac:9a:8a:62:19:d3:40:b0:50:b9:99:16:3b:
         5c:d0:0d:b9:58:a2:12:6f:69:e6:51:dd:9a:4d:2b:4f:7c:04:
         93:f5:33:b4:f9:c8:58:ea:02:51:de:2e:f2:f4:73:0d:20:91:
         20:b1:93:9e:01:bb:90:77:3d:a5:f3:6f:f6:54:34:f0:e0:83:
         e8:98:92:bb:fc:7c:ee:63:3c:ec:f2:f4:4f:77:b2:d3:42:f0:
         e9:70:6c:08:81:27:79:34:f2:01:c7:b6:e8:46:84:44:3d:37:
         42:be:7d:16:c2:76:00:fd:d0:bf:58:23:dd:7e:c3:b3:6f:74:
         53:50:9d:56:23:4e:06:e7:fc:05:5f:38:68:da:be:f0:65:c9:
         5b:46:1a:98:f9:3e:90:83:8e:58:80:b8:06:60:0b:b4:b1:5b:
         57:49:6d:69:c3:a9:a4:86:08:00:62:d3:a1:85:3e:fb:5d:79:
         a3:8b:ba:2f:5e:66:a9:54:3b:7f:59:d0:83:f2:83:8a:b5:6c:
         d6:74:38:7c:01:5a:b2:b1:81:98:b7:7e:f4:6c:91:6a:ad:2d:
         63:67:0e:8d:f0:93:42:02:1e:d2:3f:49:d1:f5:02:0f:44:1c:
         a5:f1:cc:47:70:42:ba:9b:49:93:40:67:0d:5d:80:c2:9b:b6:
         31:81:eb:a6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZdE/PS7luOXJ2uFWpHE8k0ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwNjA2MTEyNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWQzMmRjMmQwYzk5OWRhYWZkYzcwYzZmNjZiOTE2ODVjMzk3YjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr233UN/mwqjLrC1oOgCaX+x5iSs1
I+kofYF7mh1WkqCmDOZuIW6tdpeWgTbZKnbFrOyR1Z+3MjYyUXQgmwsA1QdrJKZA
FzJ3RrSxxzqPUpKet4zctvAA5ULyV1bQhX8rfmxXmTs/2BGNRhSxjIabNgY8AxjG
ZQuBwc3GuRJnbmfjNyiadkf9oEsAI1ZLae+z5ja0JoukjxnxZ46U7I5jgf+FVBTo
oXbAQCtUypf51dSni5OeL0veQWuM4kDw/JeNxa2fSHAhlA3WkCMPXwVAIJixXMYE
UdCOpIEs/ugP3vwsW3dvy9vjsqO0gc4u/nYNNUxyaOSjOBDvMjjUZ37kawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJHTLcLQyZnar9xwxvZrkWhcOXsfMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEva2RNdHd0REptZHF2M0hERzltdVJhRnc1ZXg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgnaQAMF
ACoNrcQDBQAqFJcFMA0GCSqGSIb3DQEBCwUAA4IBAQB0/flLbqyaimIZ00CwULmZ
Fjtc0A25WKISb2nmUd2aTStPfAST9TO0+chY6gJR3i7y9HMNIJEgsZOeAbuQdz2l
82/2VDTw4IPomJK7/HzuYzzs8vRPd7LTQvDpcGwIgSd5NPIBx7boRoREPTdCvn0W
wnYA/dC/WCPdfsOzb3RTUJ1WI04G5/wFXzho2r7wZclbRhqY+T6Qg45YgLgGYAu0
sVtXSW1pw6mkhggAYtOhhT77XXmji7ovXmapVDt/WdCD8oOKtWzWdDh8AVqysYGY
t370bJFqrS1jZw6N8JNCAh7SP0nR9QIPRByl8cxHcEK6m0mTQGcNXYDCm7Yxgeum
-----END CERTIFICATE-----