Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/U69EMMQKPz0oXoV_qrCEsQ1OpG4.roa
File:                     U69EMMQKPz0oXoV_qrCEsQ1OpG4.roa (raw, json)
Hash identifier:          9SJk+9pO0ggpn2oUKmNeGSv0g1Nw2b98Tnz7XfaoIII=
Subject key identifier:   53:AF:44:30:C4:0A:3F:3D:28:5E:85:7F:AA:B0:84:B1:0D:4E:A4:6E
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       01979D58AB5C1C28AA141E5A2592EB8D5DBB
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/U69EMMQKPz0oXoV_qrCEsQ1OpG4.roa
Signing time:             Mon 23 Jun 2025 15:12:03 +0000
ROA not before:           Mon 23 Jun 2025 15:12:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213887
IP address blocks:        2a0b:4141::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 21:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9d:58:ab:5c:1c:28:aa:14:1e:5a:25:92:eb:8d:5d:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Jun 23 15:12:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53af4430c40a3f3d285e857faab084b10d4ea46e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7a:c6:f7:d4:c6:f4:c1:77:a1:40:2c:a9:fe:
                    44:c0:66:d3:9e:dd:7a:9d:99:9d:e5:bd:10:a8:8b:
                    f9:8a:7e:b1:ec:66:84:64:ef:f2:d9:81:29:62:e8:
                    b8:57:37:42:39:a5:5e:66:f1:08:8e:ce:5f:88:38:
                    ad:59:32:70:ca:ee:bc:c4:23:a4:03:90:97:e1:c0:
                    eb:d3:34:fb:68:56:0f:d1:6a:65:75:13:8c:39:0a:
                    f3:e8:9c:d9:7c:63:4c:b4:02:b1:76:ff:cd:92:78:
                    0a:87:8e:8f:82:d4:5f:6e:41:59:56:e0:b6:7e:69:
                    09:ea:b0:cb:08:be:c8:f9:63:cc:91:d1:cb:d2:10:
                    68:57:a5:f3:00:1f:dc:82:80:db:ee:56:9b:56:5f:
                    c8:d9:90:68:ce:82:11:d3:34:c8:38:40:60:99:6c:
                    9e:6e:48:c0:3b:9e:47:8b:4b:0f:8e:f8:06:b4:0c:
                    b5:57:a9:09:3d:26:61:53:14:dd:63:e4:1f:93:d7:
                    ae:62:46:01:7c:d5:a9:5b:15:9c:7b:1e:03:5a:4c:
                    84:16:e0:d8:30:96:0e:3d:22:01:7b:ec:76:95:7b:
                    71:4f:49:79:ef:b6:ca:85:88:a8:a4:71:a4:ef:4a:
                    99:ba:40:37:eb:86:af:49:e6:1e:a5:d5:96:b8:5a:
                    ae:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:AF:44:30:C4:0A:3F:3D:28:5E:85:7F:AA:B0:84:B1:0D:4E:A4:6E
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/U69EMMQKPz0oXoV_qrCEsQ1OpG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4141::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:db:7e:96:58:c7:20:2c:c1:9d:b2:8d:70:8e:1f:20:31:8a:
         8c:ac:5b:43:ef:8e:03:9b:c6:43:2a:e7:c1:87:3a:35:3f:b4:
         40:6d:b9:4d:a6:55:ea:39:4d:2a:17:87:87:9b:8c:89:26:8d:
         29:b4:52:17:d1:7d:5f:0b:af:73:35:63:ea:b6:3f:25:7f:6d:
         60:e2:ad:f0:02:64:2e:f9:2e:f2:43:e1:d1:bd:1c:65:b8:cf:
         43:b4:40:df:07:86:91:5d:db:1a:57:26:31:2b:3a:fe:a4:d0:
         2d:79:6e:31:a0:41:92:4d:9c:c1:42:7c:06:b2:42:66:86:b3:
         63:54:af:0b:03:b3:8b:0e:c4:de:63:f8:a3:27:4a:49:13:81:
         09:e2:24:e5:a6:01:0b:75:e6:e7:c6:29:66:e1:2c:9b:ab:d0:
         b3:df:b5:0a:67:a2:00:d0:55:87:84:a4:28:7f:ef:32:28:c7:
         09:9b:17:66:fa:55:e9:48:9d:a4:cc:05:ac:95:58:81:19:7f:
         8c:b2:5f:18:98:de:68:d0:cc:df:94:61:8b:15:01:8b:0e:b9:
         98:d4:47:dc:7a:e5:7b:78:39:97:73:23:20:a3:6c:07:aa:e8:
         ed:22:94:51:cd:ea:fb:04:6a:06:cf:43:24:07:5a:f3:1e:32:
         16:96:75:b6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZedWKtcHCiqFB5aJZLrjV27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjUwNjIzMTUxMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2FmNDQzMGM0MGEzZjNkMjg1ZTg1N2ZhYWIwODRiMTBkNGVhNDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnrG99TG9MF3oUAsqf5EwGbTnt16
nZmd5b0QqIv5in6x7GaEZO/y2YEpYui4VzdCOaVeZvEIjs5fiDitWTJwyu68xCOk
A5CX4cDr0zT7aFYP0WpldROMOQrz6JzZfGNMtAKxdv/NkngKh46PgtRfbkFZVuC2
fmkJ6rDLCL7I+WPMkdHL0hBoV6XzAB/cgoDb7labVl/I2ZBozoIR0zTIOEBgmWye
bkjAO55Hi0sPjvgGtAy1V6kJPSZhUxTdY+Qfk9euYkYBfNWpWxWcex4DWkyEFuDY
MJYOPSIBe+x2lXtxT0l577bKhYiopHGk70qZukA364avSeYepdWWuFqudQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFOvRDDECj89KF6Ff6qwhLENTqRuMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvVTY5RU1NUUtQejBvWG9WX3FyQ0VzUTFPcEc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgtBQTAN
BgkqhkiG9w0BAQsFAAOCAQEAF9t+lljHICzBnbKNcI4fIDGKjKxbQ++OA5vGQyrn
wYc6NT+0QG25TaZV6jlNKheHh5uMiSaNKbRSF9F9XwuvczVj6rY/JX9tYOKt8AJk
Lvku8kPh0b0cZbjPQ7RA3weGkV3bGlcmMSs6/qTQLXluMaBBkk2cwUJ8BrJCZoaz
Y1SvCwOziw7E3mP4oydKSROBCeIk5aYBC3Xm58YpZuEsm6vQs9+1CmeiANBVh4Sk
KH/vMijHCZsXZvpV6UidpMwFrJVYgRl/jLJfGJjeaNDM35RhixUBiw65mNRH3Hrl
e3g5l3MjIKNsB6ro7SKUUc3q+wRqBs9DJAda8x4yFpZ1tg==
-----END CERTIFICATE-----