Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/SnJnvCbTNrEMF1kRlYnaQpP1-CM.roa
File:                     SnJnvCbTNrEMF1kRlYnaQpP1-CM.roa (raw, json)
Hash identifier:          M/883UPP+y+ETclB7OhwNjCUVOl1P7x38ODsI02JpL0=
Subject key identifier:   4A:72:67:BC:26:D3:36:B1:0C:17:59:11:95:89:DA:42:93:F5:F8:23
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       0196433ECB617889FA6938C36821AC93C67D
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/SnJnvCbTNrEMF1kRlYnaQpP1-CM.roa
Signing time:             Thu 17 Apr 2025 10:15:10 +0000
ROA not before:           Thu 17 Apr 2025 10:15:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213861
IP address blocks:        2a0f:c084::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:43:3e:cb:61:78:89:fa:69:38:c3:68:21:ac:93:c6:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Apr 17 10:15:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a7267bc26d336b10c1759119589da4293f5f823
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:26:43:96:65:79:80:f9:41:bc:02:21:6e:ec:
                    d4:16:84:0e:6d:d1:0d:f7:97:47:7e:84:69:63:06:
                    9c:54:2f:ec:c5:35:d6:d1:64:60:64:67:82:33:74:
                    c7:ce:eb:15:3a:0b:39:9a:96:47:2b:3b:d0:3e:ac:
                    c4:0c:5f:87:cf:af:a0:36:8f:9f:91:57:3d:3b:1f:
                    6c:e3:69:77:7f:69:98:7d:d1:50:d0:1b:7a:43:79:
                    db:a7:3d:bd:a8:c2:a8:b3:36:8b:a2:e4:8c:4a:60:
                    c7:e6:da:86:39:13:aa:d4:e1:2e:cf:e4:c8:27:5f:
                    c7:8b:be:8e:54:24:52:8e:2c:4f:70:7f:0f:44:71:
                    3a:6a:70:d9:cc:1d:db:96:b3:47:e8:67:ef:ad:d0:
                    0e:ca:6e:98:cb:1c:67:c4:00:5f:78:b6:ef:61:5a:
                    fd:e2:7f:c2:60:7b:17:07:60:bd:29:82:0e:4b:1e:
                    29:1f:35:95:4a:af:97:df:28:d3:36:f6:72:1d:df:
                    c6:42:77:08:fc:9a:9e:3c:1f:53:4f:bc:ac:f7:69:
                    6f:64:50:f8:89:f3:e5:4a:97:96:b8:b9:8c:92:b9:
                    bf:ed:40:7c:00:57:7f:82:33:d3:69:8d:b0:16:3f:
                    14:b7:a5:97:06:c3:c5:d2:ea:dc:50:48:4d:8d:22:
                    e2:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:72:67:BC:26:D3:36:B1:0C:17:59:11:95:89:DA:42:93:F5:F8:23
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/SnJnvCbTNrEMF1kRlYnaQpP1-CM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:c084::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:60:88:4d:82:53:20:8b:bc:1e:46:62:e1:1b:8d:df:13:49:
         57:e6:df:5a:df:b2:ea:8d:98:d8:18:a3:f0:8e:b9:ec:a6:ca:
         c8:8c:f2:78:66:50:fe:1e:3b:40:6e:b1:e4:1a:95:fd:f1:04:
         46:0b:17:21:82:54:1a:0d:39:c1:6d:ce:f9:a1:72:84:2b:88:
         99:5f:de:d2:2f:44:d7:ba:1c:2e:d8:fd:4d:bf:b0:6d:8b:ac:
         9e:b7:c5:74:13:6a:43:10:5a:7b:c0:ad:27:a0:bc:92:30:3f:
         c3:21:b9:1b:fd:6b:36:d0:44:e3:c9:0e:35:62:59:bd:b7:e3:
         de:8c:c8:18:46:a8:c8:cd:14:84:85:dd:1a:47:ec:fc:a9:30:
         d7:3e:2f:25:19:02:0e:0c:4f:ae:15:43:5e:c5:40:d2:de:3e:
         fc:ff:c8:01:29:4e:17:3d:78:68:0a:db:50:41:a5:1c:f5:e5:
         a7:41:a4:36:d5:ae:15:cb:dd:39:4e:2b:5b:db:fb:f1:3e:d1:
         0a:10:6e:4e:ef:12:7d:9a:72:d0:bc:8e:6a:21:ed:4e:d0:ab:
         c2:ce:9d:21:e0:82:69:1f:ca:bf:66:ef:c4:ab:60:4f:8f:bd:
         d4:40:a3:26:bf:3b:26:87:fb:9c:d2:89:aa:07:75:f7:e1:cf:
         e5:56:ae:b4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZDPstheIn6aTjDaCGsk8Z9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjUwNDE3MTAxNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTcyNjdiYzI2ZDMzNmIxMGMxNzU5MTE5NTg5ZGE0MjkzZjVmODIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSZDlmV5gPlBvAIhbuzUFoQObdEN
95dHfoRpYwacVC/sxTXW0WRgZGeCM3THzusVOgs5mpZHKzvQPqzEDF+Hz6+gNo+f
kVc9Ox9s42l3f2mYfdFQ0Bt6Q3nbpz29qMKoszaLouSMSmDH5tqGOROq1OEuz+TI
J1/Hi76OVCRSjixPcH8PRHE6anDZzB3blrNH6GfvrdAOym6YyxxnxABfeLbvYVr9
4n/CYHsXB2C9KYIOSx4pHzWVSq+X3yjTNvZyHd/GQncI/JqePB9TT7ys92lvZFD4
ifPlSpeWuLmMkrm/7UB8AFd/gjPTaY2wFj8Ut6WXBsPF0urcUEhNjSLiuwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEpyZ7wm0zaxDBdZEZWJ2kKT9fgjMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvU25KbnZDYlROckVNRjFrUmxZbmFRcFAxLUNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg/AhDAN
BgkqhkiG9w0BAQsFAAOCAQEAp2CITYJTIIu8HkZi4RuN3xNJV+bfWt+y6o2Y2Bij
8I657KbKyIzyeGZQ/h47QG6x5BqV/fEERgsXIYJUGg05wW3O+aFyhCuImV/e0i9E
17ocLtj9Tb+wbYusnrfFdBNqQxBae8CtJ6C8kjA/wyG5G/1rNtBE48kONWJZvbfj
3ozIGEaoyM0UhIXdGkfs/Kkw1z4vJRkCDgxPrhVDXsVA0t4+/P/IASlOFz14aArb
UEGlHPXlp0GkNtWuFcvdOU4rW9v78T7RChBuTu8SfZpy0LyOaiHtTtCrws6dIeCC
aR/Kv2bvxKtgT4+91ECjJr87Jof7nNKJqgd19+HP5VautA==
-----END CERTIFICATE-----