Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/9I757ATXS3jYWshZO2dVvlzep8s.roa
File:                     9I757ATXS3jYWshZO2dVvlzep8s.roa (raw, json)
Hash identifier:          DJitRYaCs1XIqpnx+zSSpL2XB/eXSpuwpDJfp5JcxhU=
Subject key identifier:   F4:8E:F9:EC:04:D7:4B:78:D8:5A:C8:59:3B:67:55:BE:5C:DE:A7:CB
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01962FFF42A29976EA45CC157A4D24A3C167
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/9I757ATXS3jYWshZO2dVvlzep8s.roa
Signing time:             Sun 13 Apr 2025 16:32:59 +0000
ROA not before:           Sun 13 Apr 2025 16:32:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57433
IP address blocks:        2a02:2fc0::/48 maxlen: 48
                          2a02:2fc0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:2f:ff:42:a2:99:76:ea:45:cc:15:7a:4d:24:a3:c1:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 13 16:32:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f48ef9ec04d74b78d85ac8593b6755be5cdea7cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:aa:a3:9a:47:09:64:5d:4d:0d:59:36:36:1e:
                    31:b9:cd:74:b3:be:77:c7:b5:7e:37:16:92:7f:f2:
                    7f:2b:6a:00:cf:f8:a2:0f:ab:2b:81:a7:7c:8a:47:
                    16:f6:0b:e5:73:11:d9:66:78:5c:26:ab:59:6b:50:
                    a1:d2:2b:88:55:e9:ad:7a:06:d0:df:9d:c8:87:c3:
                    1d:b3:a3:a6:3f:8c:7f:12:a0:9a:44:8e:41:ef:04:
                    02:94:3b:f7:47:12:7b:40:47:45:12:da:79:85:74:
                    ba:10:d0:78:c7:6a:9f:b9:9b:de:3f:c5:ca:33:70:
                    64:66:96:7d:46:1a:41:e9:90:9f:27:58:18:6a:f2:
                    38:80:e9:f6:87:08:da:79:22:0a:19:cf:87:6b:18:
                    28:75:2e:c3:66:78:d3:4d:aa:32:21:97:f7:80:2c:
                    99:6e:10:f4:93:fa:92:51:13:26:20:d9:73:f0:94:
                    42:1e:8c:69:b2:0c:90:4b:43:2f:0a:cd:5f:1b:f5:
                    f1:67:59:3f:a4:11:13:6b:93:54:79:86:90:57:00:
                    dc:d3:87:27:25:60:90:35:b0:e9:9e:4c:cf:81:f6:
                    91:e3:c7:e1:6a:6e:66:78:2f:98:62:2c:a3:62:82:
                    9f:fe:1a:ca:50:ad:a2:87:0b:ba:b6:ed:5c:62:17:
                    7a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:8E:F9:EC:04:D7:4B:78:D8:5A:C8:59:3B:67:55:BE:5C:DE:A7:CB
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/9I757ATXS3jYWshZO2dVvlzep8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2fc0::/47

    Signature Algorithm: sha256WithRSAEncryption
         dd:f9:d5:3f:1b:b6:26:2c:5b:67:51:a7:d9:88:e9:d8:30:16:
         2f:75:95:ba:af:df:7b:ca:ce:51:cd:6d:82:b7:8c:b6:41:62:
         be:8b:4d:06:75:b3:7c:13:6d:37:19:ba:c3:c1:f1:b9:cd:a0:
         7b:f4:65:a3:df:5b:82:af:a9:8c:84:f2:48:08:c2:39:28:7c:
         6a:4b:95:14:e8:f9:88:98:42:58:61:ab:f6:ac:fc:0c:89:1a:
         93:9a:a1:be:38:47:e2:81:cc:38:9a:ec:e9:38:69:27:47:37:
         68:3b:b8:59:be:68:c5:5b:04:a0:fd:38:b2:03:3d:a1:23:cb:
         f7:99:4e:8a:1b:a9:af:6e:d9:10:ad:79:61:f6:d4:b4:99:8c:
         55:03:d5:0f:52:6c:63:99:a3:44:eb:c6:8b:7c:18:05:13:30:
         dd:1d:92:32:96:b7:ee:9e:6a:4e:19:6e:ae:8e:56:f5:cf:09:
         8f:af:0d:79:df:e1:67:7e:80:ff:49:67:89:e9:c2:1d:1f:af:
         be:be:99:fc:cb:cf:da:3c:99:30:fa:34:ce:58:5f:19:1f:ec:
         2f:89:f1:41:0a:f3:fe:ed:f8:79:97:2d:1b:76:83:00:c0:70:
         48:6f:91:ed:d1:43:a5:8a:e6:b7:00:5e:de:26:84:9e:51:d8:
         be:16:91:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZYv/0KimXbqRcwVek0ko8FnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNDEzMTYzMjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDhlZjllYzA0ZDc0Yjc4ZDg1YWM4NTkzYjY3NTViZTVjZGVhN2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6qjmkcJZF1NDVk2Nh4xuc10s753
x7V+NxaSf/J/K2oAz/iiD6srgad8ikcW9gvlcxHZZnhcJqtZa1Ch0iuIVemtegbQ
353Ih8Mds6OmP4x/EqCaRI5B7wQClDv3RxJ7QEdFEtp5hXS6ENB4x2qfuZveP8XK
M3BkZpZ9RhpB6ZCfJ1gYavI4gOn2hwjaeSIKGc+HaxgodS7DZnjTTaoyIZf3gCyZ
bhD0k/qSURMmINlz8JRCHoxpsgyQS0MvCs1fG/XxZ1k/pBETa5NUeYaQVwDc04cn
JWCQNbDpnkzPgfaR48fham5meC+YYiyjYoKf/hrKUK2ihwu6tu1cYhd67wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPSO+ewE10t42FrIWTtnVb5c3qfLMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvOUk3NTdBVFhTM2pZV3NoWk8yZFZ2bHplcDhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgIvwAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQDd+dU/G7YmLFtnUafZiOnYMBYvdZW6r997ys5R
zW2Ct4y2QWK+i00GdbN8E203GbrDwfG5zaB79GWj31uCr6mMhPJICMI5KHxqS5UU
6PmImEJYYav2rPwMiRqTmqG+OEfigcw4muzpOGknRzdoO7hZvmjFWwSg/TiyAz2h
I8v3mU6KG6mvbtkQrXlh9tS0mYxVA9UPUmxjmaNE68aLfBgFEzDdHZIylrfunmpO
GW6ujlb1zwmPrw153+FnfoD/SWeJ6cIdH6++vpn8y8/aPJkw+jTOWF8ZH+wvifFB
CvP+7fh5ly0bdoMAwHBIb5Ht0UOliua3AF7eJoSeUdi+FpFu
-----END CERTIFICATE-----