Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/XKPAfpnJs0YKxpboM_VhmYW_XwE.roa
File:                     XKPAfpnJs0YKxpboM_VhmYW_XwE.roa (raw, json)
Hash identifier:          4FBsGrUGyXPzmEwkNmler49Tg1dV+BB/mOUI9oNxZvs=
Subject key identifier:   5C:A3:C0:7E:99:C9:B3:46:0A:C6:96:E8:33:F5:61:99:85:BF:5F:01
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       0196ABDAE0A563CD3AD9894F2C61A50B8239
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/XKPAfpnJs0YKxpboM_VhmYW_XwE.roa
Signing time:             Wed 07 May 2025 17:46:10 +0000
ROA not before:           Wed 07 May 2025 17:46:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206873
IP address blocks:        2a0d:b9c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ab:da:e0:a5:63:cd:3a:d9:89:4f:2c:61:a5:0b:82:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: May  7 17:46:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ca3c07e99c9b3460ac696e833f5619985bf5f01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:87:8b:b3:46:b8:5f:71:77:3c:2b:81:4e:8f:
                    fa:d1:57:21:16:f4:eb:98:24:b4:19:ec:75:49:14:
                    33:ec:c1:38:25:e2:66:df:b8:bc:8d:07:f8:c1:69:
                    a9:2f:bb:f2:95:22:40:9f:72:02:64:ab:f5:5a:19:
                    02:b9:48:7d:1d:ba:20:17:6a:53:68:b3:d1:bd:a4:
                    3e:54:ff:a7:18:4a:70:0d:0d:d1:82:30:15:a2:3c:
                    46:00:70:a1:bc:ca:84:70:38:68:51:eb:96:79:02:
                    78:20:62:b9:db:43:dd:47:69:85:a1:52:dc:10:6d:
                    3b:67:19:a6:a0:7a:5c:de:d8:cf:f9:fd:45:c9:cf:
                    71:99:06:be:1c:9d:62:a1:d3:19:34:21:68:6a:b1:
                    6b:39:01:bb:1e:fb:12:dd:38:60:90:7c:9a:d3:e5:
                    6e:cd:63:a1:26:75:05:1b:9b:78:69:02:7e:f1:46:
                    89:1c:6f:7d:68:56:0b:3d:e1:2f:22:14:40:aa:10:
                    d5:d4:ba:7d:f6:37:02:81:f6:7d:a0:c8:2c:57:1e:
                    c7:5d:2c:0e:7f:7f:f4:c2:84:28:e2:db:8e:b8:0a:
                    43:14:51:56:21:b3:b8:b9:37:a1:fc:5e:c9:fe:19:
                    c8:ed:35:10:87:9a:69:6c:c2:08:9e:40:01:85:99:
                    c7:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:A3:C0:7E:99:C9:B3:46:0A:C6:96:E8:33:F5:61:99:85:BF:5F:01
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/XKPAfpnJs0YKxpboM_VhmYW_XwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:b9c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:80:32:65:eb:21:22:c7:c5:89:f8:59:c8:11:d3:8a:54:5b:
         69:27:a6:d6:dd:e4:a8:76:4b:2f:7e:70:02:ea:df:8f:40:5b:
         c9:35:d4:b6:20:83:95:9e:07:41:48:7d:d9:73:4e:08:9b:43:
         10:1f:40:97:51:e1:70:ee:ca:85:b9:3d:01:d4:43:80:64:9f:
         8c:88:9f:74:bb:bb:bf:47:f6:a1:16:00:8b:c1:f6:60:f2:e6:
         3b:c2:2c:df:42:e9:0e:43:47:20:93:ff:13:fd:a8:62:98:54:
         b8:41:28:b6:75:36:70:27:8f:2b:fe:06:6c:cf:bd:ea:5d:6e:
         a5:0d:53:ff:ce:e3:f4:24:ae:38:59:5c:45:84:a6:e5:a3:a2:
         8e:c4:cc:4b:4f:10:cb:ed:da:4a:4c:15:f1:6c:c3:e3:27:0a:
         f2:df:e3:ee:ca:7a:61:5a:99:51:e0:85:93:fe:f8:ec:8e:f7:
         62:70:14:27:36:78:ac:75:0a:2c:6b:11:97:fc:cb:f1:71:e0:
         47:12:34:37:df:59:0f:84:26:36:b6:fb:f3:ed:41:4d:de:9b:
         db:61:38:0a:e4:bf:fb:23:68:ee:97:15:5a:b0:20:d6:bd:43:
         42:26:76:75:24:79:5c:35:e6:6b:99:e2:84:58:ee:83:b0:40:
         bc:1e:16:6a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZar2uClY8062YlPLGGlC4I5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjUwNTA3MTc0NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2EzYzA3ZTk5YzliMzQ2MGFjNjk2ZTgzM2Y1NjE5OTg1YmY1ZjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIeLs0a4X3F3PCuBTo/60VchFvTr
mCS0Gex1SRQz7ME4JeJm37i8jQf4wWmpL7vylSJAn3ICZKv1WhkCuUh9HbogF2pT
aLPRvaQ+VP+nGEpwDQ3RgjAVojxGAHChvMqEcDhoUeuWeQJ4IGK520PdR2mFoVLc
EG07ZxmmoHpc3tjP+f1Fyc9xmQa+HJ1iodMZNCFoarFrOQG7HvsS3ThgkHya0+Vu
zWOhJnUFG5t4aQJ+8UaJHG99aFYLPeEvIhRAqhDV1Lp99jcCgfZ9oMgsVx7HXSwO
f3/0woQo4tuOuApDFFFWIbO4uTeh/F7J/hnI7TUQh5ppbMIInkABhZnHawIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFyjwH6ZybNGCsaW6DP1YZmFv18BMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvWEtQQWZwbkpzMFlLeHBib01fVmhtWVdfWHdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg25wDAN
BgkqhkiG9w0BAQsFAAOCAQEAD4AyZeshIsfFifhZyBHTilRbaSem1t3kqHZLL35w
Aurfj0BbyTXUtiCDlZ4HQUh92XNOCJtDEB9Al1HhcO7Khbk9AdRDgGSfjIifdLu7
v0f2oRYAi8H2YPLmO8Is30LpDkNHIJP/E/2oYphUuEEotnU2cCePK/4GbM+96l1u
pQ1T/87j9CSuOFlcRYSm5aOijsTMS08Qy+3aSkwV8WzD4ycK8t/j7sp6YVqZUeCF
k/747I73YnAUJzZ4rHUKLGsRl/zL8XHgRxI0N99ZD4QmNrb78+1BTd6b22E4CuS/
+yNo7pcVWrAg1r1DQiZ2dSR5XDXma5nihFjug7BAvB4Wag==
-----END CERTIFICATE-----