Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/ZiWYCsD1Dry724z5OmJJ8Oawr6w.roa
File:                     ZiWYCsD1Dry724z5OmJJ8Oawr6w.roa (raw, json)
Hash identifier:          pA+krdDNaZYU7n+P4r9c22BIzRTJGvLkmVz3LgTk2aU=
Subject key identifier:   66:25:98:0A:C0:F5:0E:BC:BB:DB:8C:F9:3A:62:49:F0:E6:B0:AF:AC
Certificate issuer:       /CN=6583d322ef24c87198b765ea1d1c42c283a7f8f6
Certificate serial:       01967C37237A79291D399795270F870A4DB0
Authority key identifier: 65:83:D3:22:EF:24:C8:71:98:B7:65:EA:1D:1C:42:C2:83:A7:F8:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/ZiWYCsD1Dry724z5OmJJ8Oawr6w.roa
Signing time:             Mon 28 Apr 2025 11:45:10 +0000
ROA not before:           Mon 28 Apr 2025 11:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59411
IP address blocks:        2a11:fe80:d100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 05:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:37:23:7a:79:29:1d:39:97:95:27:0f:87:0a:4d:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6583d322ef24c87198b765ea1d1c42c283a7f8f6
        Validity
            Not Before: Apr 28 11:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6625980ac0f50ebcbbdb8cf93a6249f0e6b0afac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:24:bd:15:f0:7f:cc:9b:1a:c8:cc:29:83:a1:
                    8f:fe:d0:fa:31:5b:5b:ff:ce:19:9d:86:e9:b9:8a:
                    b9:d1:24:66:25:a1:cf:e1:95:ab:83:be:34:41:5d:
                    c4:56:44:27:96:49:22:a8:18:b9:46:cd:18:a8:4f:
                    03:0a:fa:9b:91:cb:bc:2a:61:e0:33:7d:92:71:fc:
                    82:bc:7c:22:a7:e8:b2:b3:36:cd:e9:d1:3f:cd:bb:
                    16:d6:52:2f:0f:13:a5:46:1c:b4:fe:fb:25:a8:1d:
                    d9:aa:87:a4:eb:65:08:50:cf:cd:49:4a:93:7f:c1:
                    85:46:52:f9:0b:40:b3:44:05:2f:74:bd:cf:e2:99:
                    b1:2e:00:03:2e:75:ae:34:55:b6:0c:ef:a3:87:53:
                    e3:e9:e7:6d:f7:35:ba:73:e7:a6:68:97:0c:fc:7f:
                    75:70:e1:73:71:79:25:d4:0e:26:c7:a3:86:67:31:
                    b6:80:6b:11:60:0e:d0:1c:11:de:73:25:d8:6e:2a:
                    67:27:b7:22:d9:5b:31:a0:95:fe:c1:a0:93:75:16:
                    23:98:09:75:58:3e:24:20:c9:55:59:3b:6f:00:12:
                    2c:65:55:a4:1f:ec:f7:b5:80:bf:29:d9:2a:2d:14:
                    a0:98:bc:7f:5e:4a:ab:08:eb:ae:0a:6e:c3:27:84:
                    50:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:25:98:0A:C0:F5:0E:BC:BB:DB:8C:F9:3A:62:49:F0:E6:B0:AF:AC
            X509v3 Authority Key Identifier:
                keyid:65:83:D3:22:EF:24:C8:71:98:B7:65:EA:1D:1C:42:C2:83:A7:F8:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/ZiWYCsD1Dry724z5OmJJ8Oawr6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:fe80:d100::/40

    Signature Algorithm: sha256WithRSAEncryption
         4d:c5:82:8d:01:82:f8:d8:bd:bc:fe:1b:65:b1:c2:51:13:4c:
         9d:07:45:a4:14:d3:8e:7a:ff:49:94:ff:47:7c:89:15:7c:92:
         a0:1b:e7:88:0f:5d:86:23:4f:e9:77:e6:33:7b:bc:b2:29:a2:
         fe:03:8a:14:06:8a:8a:35:5a:00:c5:cf:cf:f2:83:0f:4c:05:
         25:33:fc:9b:8c:37:16:c3:a5:6c:53:62:29:53:3a:d1:de:ce:
         f3:39:c3:79:9d:b8:76:5d:d8:24:a6:6e:74:94:21:52:e5:43:
         0a:e0:dc:5f:37:0c:6c:3a:1d:e7:28:62:6a:82:01:ec:20:45:
         46:29:db:04:65:09:4c:78:cb:4d:f5:18:ed:ca:47:01:09:17:
         d5:fb:11:3b:0f:b5:29:a3:f5:d1:b4:f5:71:c6:d6:2d:29:ce:
         26:be:7c:49:17:b4:37:1c:a9:98:30:2a:44:a9:ff:7f:b4:50:
         b0:28:e3:88:27:fc:af:04:1d:55:bf:cb:ab:c8:b7:22:65:14:
         87:de:d6:1a:47:74:30:64:70:5d:f9:5a:88:8b:b5:12:c8:da:
         dc:d4:64:e4:71:6a:13:36:62:9a:5a:21:20:be:12:1f:af:ff:
         c3:30:20:3a:1a:e7:50:42:2e:fb:ee:70:73:c6:a1:e8:9f:1d:
         1d:68:92:bd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZZ8NyN6eSkdOZeVJw+HCk2wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ODNkMzIyZWYyNGM4NzE5OGI3NjVlYTFkMWM0MmMyODNh
N2Y4ZjYwHhcNMjUwNDI4MTE0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjI1OTgwYWMwZjUwZWJjYmJkYjhjZjkzYTYyNDlmMGU2YjBhZmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSS9FfB/zJsayMwpg6GP/tD6MVtb
/84ZnYbpuYq50SRmJaHP4ZWrg740QV3EVkQnlkkiqBi5Rs0YqE8DCvqbkcu8KmHg
M32ScfyCvHwip+iyszbN6dE/zbsW1lIvDxOlRhy0/vslqB3Zqoek62UIUM/NSUqT
f8GFRlL5C0CzRAUvdL3P4pmxLgADLnWuNFW2DO+jh1Pj6edt9zW6c+emaJcM/H91
cOFzcXkl1A4mx6OGZzG2gGsRYA7QHBHecyXYbipnJ7ci2VsxoJX+waCTdRYjmAl1
WD4kIMlVWTtvABIsZVWkH+z3tYC/KdkqLRSgmLx/XkqrCOuuCm7DJ4RQuQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGYlmArA9Q68u9uM+TpiSfDmsK+sMB8GA1UdIwQY
MBaAFGWD0yLvJMhxmLdl6h0cQsKDp/j2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWllQVEl1OGt5SEdZdDJYcUhSeEN3b09uLVBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDk3MWEtODg5MS00YjUzLTk0NGMt
NWJlOWUxMTdkYmRhLzEvWmlXWUNzRDFEcnk3MjR6NU9tSko4T2F3cjZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDk3MWEtODg5MS00YjUzLTk0NGMtNWJlOWUxMTdkYmRh
LzEvWllQVEl1OGt5SEdZdDJYcUhSeEN3b09uLVBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhH+gNEw
DQYJKoZIhvcNAQELBQADggEBAE3Fgo0BgvjYvbz+G2WxwlETTJ0HRaQU0456/0mU
/0d8iRV8kqAb54gPXYYjT+l35jN7vLIpov4DihQGioo1WgDFz8/ygw9MBSUz/JuM
NxbDpWxTYilTOtHezvM5w3mduHZd2CSmbnSUIVLlQwrg3F83DGw6HecoYmqCAewg
RUYp2wRlCUx4y031GO3KRwEJF9X7ETsPtSmj9dG09XHG1i0pzia+fEkXtDccqZgw
KkSp/3+0ULAo44gn/K8EHVW/y6vItyJlFIfe1hpHdDBkcF35WoiLtRLI2tzUZORx
ahM2YppaISC+Eh+v/8MwIDoa51BCLvvucHPGoeifHR1okr0=
-----END CERTIFICATE-----