Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/eXJnpYMa-IdGpU12uxGCY5NDT2Y.roa
File:                     eXJnpYMa-IdGpU12uxGCY5NDT2Y.roa (raw, json)
Hash identifier:          M3Nh2BNY8AV/HHul6zfhbO6slqPj10KjIlafndI4MS8=
Subject key identifier:   79:72:67:A5:83:1A:F8:87:46:A5:4D:76:BB:11:82:63:93:43:4F:66
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       0196A616217269A8D6823780C775DD53AC64
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/eXJnpYMa-IdGpU12uxGCY5NDT2Y.roa
Signing time:             Tue 06 May 2025 14:53:10 +0000
ROA not before:           Tue 06 May 2025 14:53:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213887
IP address blocks:        2a0d:d940:1e00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 07:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a6:16:21:72:69:a8:d6:82:37:80:c7:75:dd:53:ac:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: May  6 14:53:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=797267a5831af88746a54d76bb11826393434f66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:04:93:6a:c6:4d:dd:4b:37:d8:f5:99:ac:f8:
                    ae:69:e3:49:59:9d:b6:1b:4b:29:f7:9a:49:ea:e5:
                    03:d9:c9:49:af:04:70:f6:20:db:30:0a:77:22:d8:
                    1b:2d:c0:ea:c4:c2:fb:25:e0:09:cb:be:64:0c:1b:
                    1d:05:29:25:16:48:4c:9d:75:c7:31:d0:02:01:62:
                    fd:c0:d9:c4:22:8a:f4:32:f8:74:db:d7:0a:b8:dd:
                    19:11:74:1e:9b:8f:c9:6d:5b:bd:58:1c:9d:15:d6:
                    a5:b0:01:28:53:e4:65:48:b7:c3:48:e2:61:23:ff:
                    ed:2c:e4:2e:3e:4f:8f:06:18:32:bc:e4:f8:76:28:
                    75:3d:1e:5f:8e:df:42:52:94:0c:25:f2:52:6d:7b:
                    e5:05:af:97:75:26:1f:e8:db:a7:15:85:1d:60:27:
                    c7:24:55:c5:83:12:e9:17:cc:43:e6:ce:7a:f7:8b:
                    a1:32:93:96:2b:3e:b5:6d:b1:5d:c1:7a:6e:e1:e7:
                    9c:41:3e:a2:66:f6:b9:fe:30:b0:8e:ac:ae:76:2f:
                    24:3f:3d:a2:97:0d:59:7d:25:c7:a9:4d:18:29:4b:
                    f6:9e:81:19:b7:de:5d:7d:02:e9:26:fe:75:b6:f1:
                    48:bf:2b:15:7c:68:c0:72:c1:66:48:39:51:e6:b9:
                    eb:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:72:67:A5:83:1A:F8:87:46:A5:4D:76:BB:11:82:63:93:43:4F:66
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/eXJnpYMa-IdGpU12uxGCY5NDT2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:1e00::/40

    Signature Algorithm: sha256WithRSAEncryption
         c8:ee:c3:5a:51:d9:e6:4c:3e:b2:ef:9e:4f:28:e1:07:8e:e9:
         62:93:16:e7:e1:f3:01:cc:40:45:58:e7:b1:41:71:83:64:2e:
         67:fd:00:f7:04:2c:bb:6e:fa:28:7c:bb:6c:41:ce:2e:06:95:
         6f:09:03:07:3f:67:fb:44:68:3f:54:e4:bf:4f:f3:21:ad:70:
         15:1e:91:56:bf:0b:33:11:b9:fb:42:f0:ca:b4:49:a9:d2:88:
         02:c2:22:9f:95:8b:19:2c:a7:b7:ec:06:bb:27:bf:61:3e:e5:
         28:64:bd:80:19:b5:04:f7:1a:00:87:8e:72:0c:b6:67:f8:4e:
         37:69:46:f1:41:ed:86:48:87:80:c4:e6:c0:ed:cf:ef:d9:b7:
         e1:34:42:89:e0:92:d7:ba:84:06:e1:fc:44:c7:a4:20:d5:d5:
         3c:05:92:54:7f:80:60:6c:10:5e:57:81:47:77:f6:19:9d:69:
         15:69:18:50:37:d0:be:8c:12:c6:3f:cd:a7:cb:a3:51:fe:d1:
         c5:a5:3c:59:37:d0:86:f5:4d:65:e3:5b:5d:e5:fa:48:59:f4:
         34:57:cb:c9:f6:7a:22:cb:04:c6:72:61:12:32:78:06:ab:3a:
         25:fb:e3:1a:39:10:5a:d2:aa:25:d5:c2:6a:1d:ab:28:0b:fb:
         87:b9:1d:0c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZamFiFyaajWgjeAx3XdU6xkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwNTA2MTQ1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTcyNjdhNTgzMWFmODg3NDZhNTRkNzZiYjExODI2MzkzNDM0ZjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4QSTasZN3Us32PWZrPiuaeNJWZ22
G0sp95pJ6uUD2clJrwRw9iDbMAp3ItgbLcDqxML7JeAJy75kDBsdBSklFkhMnXXH
MdACAWL9wNnEIor0Mvh029cKuN0ZEXQem4/JbVu9WBydFdalsAEoU+RlSLfDSOJh
I//tLOQuPk+PBhgyvOT4dih1PR5fjt9CUpQMJfJSbXvlBa+XdSYf6NunFYUdYCfH
JFXFgxLpF8xD5s5694uhMpOWKz61bbFdwXpu4eecQT6iZva5/jCwjqyudi8kPz2i
lw1ZfSXHqU0YKUv2noEZt95dfQLpJv51tvFIvysVfGjAcsFmSDlR5rnrBwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHlyZ6WDGviHRqVNdrsRgmOTQ09mMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvZVhKbnBZTWEtSWRHcFUxMnV4R0NZNU5EVDJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg3ZQB4w
DQYJKoZIhvcNAQELBQADggEBAMjuw1pR2eZMPrLvnk8o4QeO6WKTFufh8wHMQEVY
57FBcYNkLmf9APcELLtu+ih8u2xBzi4GlW8JAwc/Z/tEaD9U5L9P8yGtcBUekVa/
CzMRuftC8Mq0SanSiALCIp+Vixksp7fsBrsnv2E+5ShkvYAZtQT3GgCHjnIMtmf4
TjdpRvFB7YZIh4DE5sDtz+/Zt+E0Qongkte6hAbh/ETHpCDV1TwFklR/gGBsEF5X
gUd39hmdaRVpGFA30L6MEsY/zafLo1H+0cWlPFk30Ib1TWXjW13l+khZ9DRXy8n2
eiLLBMZyYRIyeAarOiX74xo5EFrSqiXVwmodqygL+4e5HQw=
-----END CERTIFICATE-----