Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/yT3jgEty--bHZQ6VzksRagm4cQA.roa
File:                     yT3jgEty--bHZQ6VzksRagm4cQA.roa (raw, json)
Hash identifier:          4d1UC0j00yg6mNDfxBP7QhNOG9rIufYmVR0yyaqstZU=
Subject key identifier:   C9:3D:E3:80:4B:72:FB:E6:C7:65:0E:95:CE:4B:11:6A:09:B8:71:00
Certificate issuer:       /CN=7f6bd1a6b04625c571d830f878b1c0238247408c
Certificate serial:       01979BE14E4770BA6B4F1833D6ADD834BA6C
Authority key identifier: 7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/yT3jgEty--bHZQ6VzksRagm4cQA.roa
Signing time:             Mon 23 Jun 2025 08:22:03 +0000
ROA not before:           Mon 23 Jun 2025 08:22:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     996
IP address blocks:        2a0b:d500::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 17:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9b:e1:4e:47:70:ba:6b:4f:18:33:d6:ad:d8:34:ba:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f6bd1a6b04625c571d830f878b1c0238247408c
        Validity
            Not Before: Jun 23 08:22:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c93de3804b72fbe6c7650e95ce4b116a09b87100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d2:28:1a:24:f2:bb:6e:a7:91:54:ac:82:61:
                    e1:38:62:c7:5d:0f:fd:ee:fe:16:35:cb:59:2c:64:
                    a8:69:77:b8:1e:fd:69:ba:6f:f2:fb:d9:64:77:65:
                    fa:41:1d:8e:da:42:c9:ab:66:58:72:69:5e:cd:f8:
                    1e:9d:1c:1a:f6:d7:b3:cd:78:fd:a2:d2:21:39:f0:
                    0e:0e:e2:c0:b2:7f:11:47:db:a1:3e:35:9c:98:9f:
                    9d:87:3f:89:4e:92:b4:16:1b:56:d4:b3:e3:a4:14:
                    52:58:4a:a1:3f:a9:6f:95:42:ad:a9:34:37:05:a0:
                    c5:2b:e5:44:3e:fa:0c:d5:60:ce:c8:b4:07:28:7a:
                    a2:36:6c:11:57:dc:99:fe:a2:42:9f:8c:89:c5:18:
                    d6:65:5c:8a:92:b9:66:2d:0d:54:5c:d4:35:76:40:
                    0c:9f:3f:4b:2f:2f:20:99:5b:9e:6c:78:02:7d:a6:
                    ec:10:b7:c6:f3:cc:49:f8:21:ba:19:dc:e6:0e:30:
                    56:d2:53:4f:dc:4f:67:85:dd:82:08:5c:69:ad:8a:
                    32:3a:2a:04:c6:49:f0:d0:02:66:f2:a3:e7:05:94:
                    19:ed:62:34:ae:fd:b5:68:63:65:d6:75:9c:7f:1d:
                    d7:91:21:ef:5a:1b:cf:6b:19:cd:fd:78:e0:a0:36:
                    eb:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:3D:E3:80:4B:72:FB:E6:C7:65:0E:95:CE:4B:11:6A:09:B8:71:00
            X509v3 Authority Key Identifier:
                keyid:7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/yT3jgEty--bHZQ6VzksRagm4cQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:d500::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:e6:94:3d:4b:79:d3:a0:d3:2d:b4:58:ea:b9:2f:b8:cc:7e:
         74:8c:df:28:89:42:5f:90:54:02:9e:5b:d5:3f:b8:80:d8:83:
         13:db:a2:fe:b2:a4:65:af:b1:ba:db:bd:ad:15:3b:4c:9e:00:
         b6:d6:94:50:ce:d9:8a:e3:24:6f:dd:84:7c:56:9f:90:2c:83:
         a3:66:6b:5d:e0:d2:31:fc:5c:d3:44:a8:51:0c:38:8d:1f:ec:
         78:af:b5:29:67:43:7c:af:09:f9:4a:b1:c5:10:39:1b:8d:8f:
         c7:dc:9b:52:d7:dd:13:da:bf:2e:25:ef:6c:64:1c:d9:8a:7c:
         81:2f:be:27:2e:e2:4f:85:e6:09:bd:b7:de:d3:2f:c4:ad:34:
         9d:4d:a5:f6:88:2c:fe:ea:bf:b5:6b:aa:be:3a:a6:1f:43:bb:
         a7:fc:e6:6d:8e:40:da:e4:b2:b6:c5:08:7c:07:0d:5a:f3:20:
         5b:1a:fa:57:c6:3e:1f:4f:18:d2:dc:73:77:94:b6:dd:b4:09:
         f8:81:6a:07:ee:6f:3a:b0:bf:b8:1e:5a:73:5e:96:80:5f:b8:
         8e:27:78:25:bb:57:ae:84:8e:a7:ee:61:91:95:c1:de:04:28:
         a5:64:32:47:84:dc:e5:a3:c7:a1:c6:ae:5d:a3:62:7c:d7:ef:
         f2:a9:76:79
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZeb4U5HcLprTxgz1q3YNLpsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNmJkMWE2YjA0NjI1YzU3MWQ4MzBmODc4YjFjMDIzODI0
NzQwOGMwHhcNMjUwNjIzMDgyMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTNkZTM4MDRiNzJmYmU2Yzc2NTBlOTVjZTRiMTE2YTA5Yjg3MTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdIoGiTyu26nkVSsgmHhOGLHXQ/9
7v4WNctZLGSoaXe4Hv1pum/y+9lkd2X6QR2O2kLJq2ZYcmlezfgenRwa9tezzXj9
otIhOfAODuLAsn8RR9uhPjWcmJ+dhz+JTpK0FhtW1LPjpBRSWEqhP6lvlUKtqTQ3
BaDFK+VEPvoM1WDOyLQHKHqiNmwRV9yZ/qJCn4yJxRjWZVyKkrlmLQ1UXNQ1dkAM
nz9LLy8gmVuebHgCfabsELfG88xJ+CG6GdzmDjBW0lNP3E9nhd2CCFxprYoyOioE
xknw0AJm8qPnBZQZ7WI0rv21aGNl1nWcfx3XkSHvWhvPaxnN/XjgoDbrAQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMk944BLcvvmx2UOlc5LEWoJuHEAMB8GA1UdIwQY
MBaAFH9r0aawRiXFcdgw+HixwCOCR0CMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEt
ODliNmMzMjMxNWMyLzEveVQzamdFdHktLWJIWlE2Vnprc1JhZ200Y1FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEtODliNmMzMjMxNWMy
LzEvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgvVADAN
BgkqhkiG9w0BAQsFAAOCAQEAd+aUPUt506DTLbRY6rkvuMx+dIzfKIlCX5BUAp5b
1T+4gNiDE9ui/rKkZa+xutu9rRU7TJ4AttaUUM7ZiuMkb92EfFafkCyDo2ZrXeDS
Mfxc00SoUQw4jR/seK+1KWdDfK8J+UqxxRA5G42Px9ybUtfdE9q/LiXvbGQc2Yp8
gS++Jy7iT4XmCb233tMvxK00nU2l9ogs/uq/tWuqvjqmH0O7p/zmbY5A2uSytsUI
fAcNWvMgWxr6V8Y+H08Y0txzd5S23bQJ+IFqB+5vOrC/uB5ac16WgF+4jid4JbtX
roSOp+5hkZXB3gQopWQyR4Tc5aPHocauXaNifNfv8ql2eQ==
-----END CERTIFICATE-----