Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/C0uiO_SbsEDc0tLkrH3qOQghgck.roa
File:                     C0uiO_SbsEDc0tLkrH3qOQghgck.roa (raw, json)
Hash identifier:          l6nudC+hnX+HTOH70KjEsckS/CblYhfgW6Lz16yxKjw=
Subject key identifier:   0B:4B:A2:3B:F4:9B:B0:40:DC:D2:D2:E4:AC:7D:EA:39:08:21:81:C9
Certificate issuer:       /CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
Certificate serial:       0196EA534FDBE3EC026A45E6BC01EB304EA0
Authority key identifier: 36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/C0uiO_SbsEDc0tLkrH3qOQghgck.roa
Signing time:             Mon 19 May 2025 20:54:10 +0000
ROA not before:           Mon 19 May 2025 20:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3257
IP address blocks:        2a09:dc00::/29 maxlen: 29
                          2a0a:1f40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ea:53:4f:db:e3:ec:02:6a:45:e6:bc:01:eb:30:4e:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
        Validity
            Not Before: May 19 20:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b4ba23bf49bb040dcd2d2e4ac7dea39082181c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:91:63:2a:aa:3c:77:1f:2e:5c:ea:a3:a3:4b:
                    e9:a1:76:c9:93:24:bc:13:29:43:88:fd:10:5b:a2:
                    1e:cf:45:39:08:51:e2:6f:7e:b9:42:f1:a5:99:13:
                    64:2e:6f:e1:4b:c5:e3:42:91:ca:4f:9c:82:b6:3f:
                    a9:20:16:d5:d4:d3:de:20:27:a8:47:95:66:79:10:
                    4c:ca:35:16:77:f4:f7:c9:ab:f0:00:a1:28:f2:01:
                    ab:09:64:f5:9c:ee:e7:7b:52:9b:dd:42:f1:43:09:
                    84:d8:c1:6e:ba:52:85:22:06:ba:ec:6e:63:fd:4f:
                    fd:a3:b9:de:bd:1a:08:89:cd:40:0d:3a:63:f9:33:
                    2f:8f:d2:0f:4f:38:3c:7f:53:ad:b9:2e:bc:31:87:
                    eb:bb:75:bc:9d:94:49:37:3e:9a:3c:06:13:b6:32:
                    aa:c6:8d:15:17:a2:94:a5:52:0d:86:14:1b:ff:bc:
                    3e:83:a9:a2:15:72:37:d9:9e:84:23:bc:c6:b7:70:
                    ef:39:81:5f:ac:5c:80:96:72:f1:53:73:9e:cd:2d:
                    ac:f2:57:67:6f:a1:c5:9f:95:4f:69:de:2f:44:51:
                    35:a4:85:cb:fc:ee:64:6f:eb:3c:18:fa:88:a3:58:
                    7b:0b:0d:5a:ef:cf:11:86:f1:e7:c2:09:22:aa:79:
                    76:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:4B:A2:3B:F4:9B:B0:40:DC:D2:D2:E4:AC:7D:EA:39:08:21:81:C9
            X509v3 Authority Key Identifier:
                keyid:36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/C0uiO_SbsEDc0tLkrH3qOQghgck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:dc00::/29
                  2a0a:1f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         4b:d2:6d:96:65:30:64:4a:b1:a0:0b:15:6e:2d:c8:ae:9f:95:
         c7:4a:a2:51:19:cd:91:42:5f:77:ca:4a:e4:b7:ee:0f:48:83:
         40:d0:34:33:08:22:31:12:12:b1:6c:53:62:31:08:67:01:96:
         88:24:a5:59:66:05:3f:a0:9b:3b:13:17:5b:12:85:f1:30:58:
         91:18:50:bf:c4:be:56:3b:70:8f:7a:d8:10:d8:97:a7:10:77:
         8c:b8:38:dc:62:62:17:dd:cc:0c:70:8f:85:75:87:28:5c:6f:
         e4:00:6f:3b:ec:34:07:ed:f8:1e:15:5c:49:df:7d:cb:18:85:
         0d:a1:ff:b1:6f:df:8a:c2:53:a8:82:de:ae:8a:7c:64:ac:a3:
         c9:c5:8e:d4:6e:73:9a:0d:f7:81:2d:5b:4a:d8:eb:06:4a:bf:
         06:6c:35:fa:42:ae:73:4a:bd:9e:5b:91:6e:19:3c:ef:ac:c8:
         4f:3e:d2:69:63:c7:36:59:d9:27:2b:c1:08:16:33:73:3a:59:
         d1:7e:56:79:26:8e:67:38:76:0e:3c:0b:05:bf:8b:38:80:26:
         33:91:f6:0f:d7:ed:9d:0a:ee:ae:a3:f1:8c:34:7e:00:14:9d:
         44:1a:3c:72:ef:4d:00:4a:5b:a5:33:5c:c6:62:2c:ff:07:9d:
         7d:1c:c2:00
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZbqU0/b4+wCakXmvAHrME6gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjJmYzJmOGFkOGIwMDgzNTdkYmU2ZjAxOTU5NjBjOWRl
NjFiZDUwHhcNMjUwNTE5MjA1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjRiYTIzYmY0OWJiMDQwZGNkMmQyZTRhYzdkZWEzOTA4MjE4MWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5FjKqo8dx8uXOqjo0vpoXbJkyS8
EylDiP0QW6Iez0U5CFHib365QvGlmRNkLm/hS8XjQpHKT5yCtj+pIBbV1NPeICeo
R5VmeRBMyjUWd/T3yavwAKEo8gGrCWT1nO7ne1Kb3ULxQwmE2MFuulKFIga67G5j
/U/9o7nevRoIic1ADTpj+TMvj9IPTzg8f1OtuS68MYfru3W8nZRJNz6aPAYTtjKq
xo0VF6KUpVINhhQb/7w+g6miFXI32Z6EI7zGt3DvOYFfrFyAlnLxU3OezS2s8ldn
b6HFn5VPad4vRFE1pIXL/O5kb+s8GPqIo1h7Cw1a788RhvHnwgkiqnl28wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAtLojv0m7BA3NLS5Kx96jkIIYHJMB8GA1UdIwQY
MBaAFDYi/C+K2LAINX2+bwGVlgyd5hvVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmIt
MDg4MzVkZmY2YzRmLzEvQzB1aU9fU2JzRURjMHRMa3JIM3FPUWdoZ2NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmItMDg4MzVkZmY2YzRm
LzEvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgncAAMF
AyoKH0AwDQYJKoZIhvcNAQELBQADggEBAEvSbZZlMGRKsaALFW4tyK6flcdKolEZ
zZFCX3fKSuS37g9Ig0DQNDMIIjESErFsU2IxCGcBlogkpVlmBT+gmzsTF1sShfEw
WJEYUL/EvlY7cI962BDYl6cQd4y4ONxiYhfdzAxwj4V1hyhcb+QAbzvsNAft+B4V
XEnffcsYhQ2h/7Fv34rCU6iC3q6KfGSso8nFjtRuc5oN94EtW0rY6wZKvwZsNfpC
rnNKvZ5bkW4ZPO+syE8+0mljxzZZ2ScrwQgWM3M6WdF+Vnkmjmc4dg48CwW/iziA
JjOR9g/X7Z0K7q6j8Yw0fgAUnUQaPHLvTQBKW6UzXMZiLP8HnX0cwgA=
-----END CERTIFICATE-----