Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/ySmmDjcV5o8HMr8fci-zFbiYdNg.roa
File:                     ySmmDjcV5o8HMr8fci-zFbiYdNg.roa (raw, json)
Hash identifier:          QRYJ/tIaqmXv+2YeufSiFwnuiLCPfX4BPxDANJPYOl0=
Subject key identifier:   C9:29:A6:0E:37:15:E6:8F:07:32:BF:1F:72:2F:B3:15:B8:98:74:D8
Certificate issuer:       /CN=1efa596a3126ace029c6d70d529257e07b38ba06
Certificate serial:       01978CC44A30617A3D8B512989ADA639A284
Authority key identifier: 1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/ySmmDjcV5o8HMr8fci-zFbiYdNg.roa
Signing time:             Fri 20 Jun 2025 09:56:03 +0000
ROA not before:           Fri 20 Jun 2025 09:56:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        128.139.4.0/24 maxlen: 24
                          128.139.6.0/24 maxlen: 24
                          128.139.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8c:c4:4a:30:61:7a:3d:8b:51:29:89:ad:a6:39:a2:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1efa596a3126ace029c6d70d529257e07b38ba06
        Validity
            Not Before: Jun 20 09:56:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c929a60e3715e68f0732bf1f722fb315b89874d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:52:2f:b3:8d:d9:c8:ea:d3:f7:c7:4e:c1:44:
                    bf:8a:09:c5:c2:28:fa:3e:e9:1d:d0:09:b2:0a:f1:
                    48:53:af:e6:09:1e:60:31:20:82:25:40:c1:f1:ea:
                    f7:dc:df:eb:45:42:66:11:06:73:de:94:36:48:f7:
                    80:7c:25:69:aa:91:ec:59:d6:36:1a:f5:9d:5a:bc:
                    45:ce:6a:72:92:09:ba:74:f0:3e:4c:6a:5e:60:4a:
                    ab:f0:c1:44:a1:01:99:58:a2:2c:a5:12:d1:c2:60:
                    67:ad:5e:e9:e0:5d:6a:96:b6:77:5d:1a:67:1c:bd:
                    1c:94:1a:9f:99:03:e5:fa:5c:bb:88:07:20:f3:95:
                    1e:83:b9:63:58:6f:78:a1:d5:75:05:f2:2d:b2:a6:
                    ee:9a:fb:a6:20:89:cc:82:77:11:d6:ce:27:54:3f:
                    ed:10:14:4c:15:c7:75:6c:68:78:b3:cd:67:f4:0d:
                    a5:db:88:46:21:39:3e:e5:55:ba:15:24:dc:a1:cc:
                    ff:57:78:89:ff:64:11:d3:10:6b:14:b8:3e:fa:9c:
                    2e:50:ec:b2:c8:4e:63:1c:43:d1:35:33:53:5e:1d:
                    d0:74:32:97:2b:83:f0:78:da:4a:7f:96:78:e2:e9:
                    90:6d:42:63:f7:a2:d4:6d:e8:08:01:0a:f6:4c:9a:
                    06:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:29:A6:0E:37:15:E6:8F:07:32:BF:1F:72:2F:B3:15:B8:98:74:D8
            X509v3 Authority Key Identifier:
                keyid:1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/ySmmDjcV5o8HMr8fci-zFbiYdNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.139.4.0/24
                  128.139.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:16:ea:bb:8f:03:5b:a4:b2:20:70:8a:4d:bb:17:4d:7a:a3:
         3c:98:aa:c4:d4:c7:6a:84:db:a1:62:48:3c:47:20:89:8d:43:
         80:73:ad:d4:f5:51:bf:c4:04:90:13:00:1a:ae:a3:7f:69:be:
         1e:a3:5d:8a:82:33:a1:cf:24:e6:8b:30:a8:88:0d:58:c1:2e:
         79:f0:18:e8:24:af:91:21:5c:e4:2c:e5:a2:c2:e5:bd:dc:1e:
         af:06:2c:b5:92:87:26:a1:45:c3:d0:83:ce:14:92:24:ad:73:
         f1:47:a4:e2:9b:db:fb:83:2b:dc:01:4a:c4:2d:33:62:58:f8:
         fc:dc:44:7c:1b:70:d9:c2:cc:f0:d2:34:a5:54:66:8d:ce:f5:
         03:24:39:92:ba:a6:2b:72:c1:0a:da:a4:f6:3d:ca:88:85:3f:
         67:eb:50:45:5e:65:cb:cd:9b:e0:06:9f:b1:21:02:c8:6d:76:
         77:8c:41:ec:61:40:52:26:e2:e5:f8:90:21:54:82:dd:c9:cb:
         be:7a:32:20:a1:c9:b4:18:33:37:cd:63:b5:f0:dd:5c:ca:2f:
         44:0b:be:ff:45:ad:11:1b:df:91:49:da:09:8a:ef:27:e9:45:
         bc:94:b1:bd:2c:04:44:08:f6:31:80:a1:f1:a8:3d:f1:a7:6c:
         a2:3c:16:be
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeMxEowYXo9i1Epia2mOaKEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZmE1OTZhMzEyNmFjZTAyOWM2ZDcwZDUyOTI1N2UwN2Iz
OGJhMDYwHhcNMjUwNjIwMDk1NjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTI5YTYwZTM3MTVlNjhmMDczMmJmMWY3MjJmYjMxNWI4OTg3NGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1Ivs43ZyOrT98dOwUS/ignFwij6
Pukd0AmyCvFIU6/mCR5gMSCCJUDB8er33N/rRUJmEQZz3pQ2SPeAfCVpqpHsWdY2
GvWdWrxFzmpykgm6dPA+TGpeYEqr8MFEoQGZWKIspRLRwmBnrV7p4F1qlrZ3XRpn
HL0clBqfmQPl+ly7iAcg85Ueg7ljWG94odV1BfItsqbumvumIInMgncR1s4nVD/t
EBRMFcd1bGh4s81n9A2l24hGITk+5VW6FSTcocz/V3iJ/2QR0xBrFLg++pwuUOyy
yE5jHEPRNTNTXh3QdDKXK4PweNpKf5Z44umQbUJj96LUbegIAQr2TJoG8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMkppg43FeaPBzK/H3IvsxW4mHTYMB8GA1UdIwQY
MBaAFB76WWoxJqzgKcbXDVKSV+B7OLoGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODIt
OWQwYzYyMDczNWYxLzEveVNtbURqY1Y1bzhITXI4ZmNpLXpGYmlZZE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODItOWQwYzYyMDczNWYx
LzEvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAgIsEAwQB
gIsGMA0GCSqGSIb3DQEBCwUAA4IBAQCTFuq7jwNbpLIgcIpNuxdNeqM8mKrE1Mdq
hNuhYkg8RyCJjUOAc63U9VG/xASQEwAarqN/ab4eo12KgjOhzyTmizCoiA1YwS55
8BjoJK+RIVzkLOWiwuW93B6vBiy1kocmoUXD0IPOFJIkrXPxR6Tim9v7gyvcAUrE
LTNiWPj83ER8G3DZwszw0jSlVGaNzvUDJDmSuqYrcsEK2qT2PcqIhT9n61BFXmXL
zZvgBp+xIQLIbXZ3jEHsYUBSJuLl+JAhVILdycu+ejIgocm0GDM3zWO18N1cyi9E
C77/Ra0RG9+RSdoJiu8n6UW8lLG9LARECPYxgKHxqD3xp2yiPBa+
-----END CERTIFICATE-----