Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/5zSM_pBjX_3dpyf-YwjcDjYlru4.roa
File:                     5zSM_pBjX_3dpyf-YwjcDjYlru4.roa (raw, json)
Hash identifier:          hP7P6s65IzDU7xsWXh+JeNqJQmsReGguvFaUYpTOlbQ=
Subject key identifier:   E7:34:8C:FE:90:63:5F:FD:DD:A7:27:FE:63:08:DC:0E:36:25:AE:EE
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       0197ADC81DC889F2C69B6F923C034904E7E8
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/5zSM_pBjX_3dpyf-YwjcDjYlru4.roa
Signing time:             Thu 26 Jun 2025 19:47:42 +0000
ROA not before:           Thu 26 Jun 2025 19:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29182
IP address blocks:        2a0e:9183::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ad:c8:1d:c8:89:f2:c6:9b:6f:92:3c:03:49:04:e7:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Jun 26 19:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7348cfe90635ffddda727fe6308dc0e3625aeee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:ca:35:76:87:0d:84:8c:58:f3:7b:7c:52:05:
                    32:23:c6:d2:e0:75:ab:30:41:fa:1c:a1:94:19:76:
                    77:10:cb:06:a2:db:07:3f:96:c7:70:18:c5:70:71:
                    0b:b5:05:b4:c5:af:ae:cd:5c:a8:d9:1a:77:94:59:
                    56:aa:85:29:b3:46:4e:91:56:20:2a:19:3d:b9:9a:
                    89:c5:65:29:0f:ca:9f:8c:20:da:f3:56:a2:54:97:
                    aa:4e:ff:7e:c3:a0:39:77:0e:32:f0:3d:81:b9:8b:
                    2a:17:90:51:d3:ec:b6:ab:02:6d:9b:34:7b:5a:11:
                    f5:05:19:a8:2c:63:96:31:7f:df:46:90:a5:59:62:
                    2e:6a:92:58:29:fa:9e:80:2d:b0:2b:e9:aa:4b:a2:
                    a3:2b:56:47:d1:aa:49:70:ae:26:44:38:ce:14:44:
                    4b:e3:cb:35:5b:56:34:7a:b0:01:07:f7:ff:30:ad:
                    57:b7:ab:88:28:e4:42:ae:24:ce:69:e9:60:63:7e:
                    d6:64:c9:f0:a9:17:c9:6d:e0:a3:3a:7d:94:0a:a2:
                    5e:11:db:3a:58:75:63:70:51:a8:25:bd:30:3d:ec:
                    cb:40:c4:c2:4b:9a:1f:1f:2d:9e:21:a3:32:1e:88:
                    af:ab:c6:27:fe:b3:b1:f7:3b:85:0d:7d:50:26:a4:
                    1e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:34:8C:FE:90:63:5F:FD:DD:A7:27:FE:63:08:DC:0E:36:25:AE:EE
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/5zSM_pBjX_3dpyf-YwjcDjYlru4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:9183::/32

    Signature Algorithm: sha256WithRSAEncryption
         00:8d:53:59:1e:11:36:1c:e5:31:48:00:5e:b7:ee:94:61:64:
         23:32:46:a1:43:53:0b:ab:2f:a1:7a:7e:0f:01:e8:fd:ad:53:
         92:d0:3e:b4:e6:4a:c2:d7:18:26:5d:28:0e:da:83:4a:5e:4f:
         05:17:d4:c4:74:5f:4e:75:1c:8f:3d:7e:02:db:ce:1f:28:62:
         df:77:ba:2a:97:ca:e0:25:11:62:c4:c1:35:c2:15:98:33:77:
         7e:a6:24:e0:23:f6:fc:e0:0d:11:dd:b4:03:c5:ee:23:31:fb:
         f3:23:29:c7:f0:2d:4d:8d:3a:4c:c5:e9:49:da:90:c0:1a:37:
         26:43:4a:e7:75:57:48:d7:e4:d8:d4:30:89:c7:d7:ec:0c:47:
         1f:97:68:c6:5f:8a:37:15:82:73:5e:7f:44:8d:5b:2b:38:9b:
         d2:7b:e2:c1:86:73:4a:c9:ac:94:1d:8f:ae:24:70:88:77:4b:
         d0:0c:6a:1b:cc:91:4d:a6:f3:9b:9d:01:e9:c8:6d:f2:69:47:
         58:05:71:af:ff:5e:f2:c3:73:d5:7a:45:59:48:2b:54:bd:31:
         80:c8:aa:54:3a:f4:a5:19:99:90:14:20:bf:e4:86:8d:f0:87:
         5a:1b:c4:3b:8e:82:d1:af:46:ff:53:b9:06:5a:0d:41:07:40:
         9d:f1:3f:5b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZetyB3IifLGm2+SPANJBOfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjUwNjI2MTk0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzM0OGNmZTkwNjM1ZmZkZGRhNzI3ZmU2MzA4ZGMwZTM2MjVhZWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1so1docNhIxY83t8UgUyI8bS4HWr
MEH6HKGUGXZ3EMsGotsHP5bHcBjFcHELtQW0xa+uzVyo2Rp3lFlWqoUps0ZOkVYg
Khk9uZqJxWUpD8qfjCDa81aiVJeqTv9+w6A5dw4y8D2BuYsqF5BR0+y2qwJtmzR7
WhH1BRmoLGOWMX/fRpClWWIuapJYKfqegC2wK+mqS6KjK1ZH0apJcK4mRDjOFERL
48s1W1Y0erABB/f/MK1Xt6uIKORCriTOaelgY37WZMnwqRfJbeCjOn2UCqJeEds6
WHVjcFGoJb0wPezLQMTCS5ofHy2eIaMyHoivq8Yn/rOx9zuFDX1QJqQeXwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOc0jP6QY1/93acn/mMI3A42Ja7uMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvNXpTTV9wQmpYXzNkcHlmLVl3amNEallscnU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg6RgzAN
BgkqhkiG9w0BAQsFAAOCAQEAAI1TWR4RNhzlMUgAXrfulGFkIzJGoUNTC6svoXp+
DwHo/a1TktA+tOZKwtcYJl0oDtqDSl5PBRfUxHRfTnUcjz1+AtvOHyhi33e6KpfK
4CURYsTBNcIVmDN3fqYk4CP2/OANEd20A8XuIzH78yMpx/AtTY06TMXpSdqQwBo3
JkNK53VXSNfk2NQwicfX7AxHH5doxl+KNxWCc15/RI1bKzib0nviwYZzSsmslB2P
riRwiHdL0AxqG8yRTabzm50B6cht8mlHWAVxr/9e8sNz1XpFWUgrVL0xgMiqVDr0
pRmZkBQgv+SGjfCHWhvEO46C0a9G/1O5BloNQQdAnfE/Ww==
-----END CERTIFICATE-----