Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/r_KvJv83UWZ7GxTGf8Wcme3ktnw.roa
File:                     r_KvJv83UWZ7GxTGf8Wcme3ktnw.roa (raw, json)
Hash identifier:          d3lvS9v2d04dXWrzZAL/95YfMQ48ufz4iEKRW8zSM58=
Subject key identifier:   AF:F2:AF:26:FF:37:51:66:7B:1B:14:C6:7F:C5:9C:99:ED:E4:B6:7C
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       0197A5870BB8CD6F402B1F4216C7BF35D56C
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/r_KvJv83UWZ7GxTGf8Wcme3ktnw.roa
Signing time:             Wed 25 Jun 2025 05:19:40 +0000
ROA not before:           Wed 25 Jun 2025 05:19:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39335
IP address blocks:        2a0b:6b86:1200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 23:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a5:87:0b:b8:cd:6f:40:2b:1f:42:16:c7:bf:35:d5:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jun 25 05:19:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aff2af26ff3751667b1b14c67fc59c99ede4b67c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5f:e8:2b:49:fe:6d:c2:de:26:b0:3b:fb:6d:
                    32:66:ee:6d:4d:e7:18:de:40:a8:2e:60:77:9d:6b:
                    7f:a2:1d:91:c0:6c:75:d0:81:05:55:30:84:c2:12:
                    8e:1e:de:4e:80:52:a1:9b:ed:d9:37:ee:1e:0f:f0:
                    77:57:56:40:39:bd:a7:4b:fb:a7:12:67:96:5a:1b:
                    6c:26:ef:d1:f7:d6:de:71:43:bb:17:0a:9b:6e:22:
                    04:0d:5f:66:ba:d8:9b:7b:58:56:d4:f2:66:e4:c7:
                    7c:2d:5e:de:15:52:b1:c5:9c:c1:20:31:c7:33:a8:
                    3e:3d:4a:37:4a:11:3d:da:8a:d6:36:cd:1f:48:d4:
                    50:0b:cd:94:2c:02:3a:47:ab:5b:29:0b:6e:61:75:
                    81:5c:ea:2c:5b:9c:b8:36:9c:1f:7c:10:0b:47:0e:
                    c8:f5:90:ed:4f:a4:e2:04:56:5b:ab:b1:cb:0a:fc:
                    76:3e:87:b5:37:d5:80:fa:ad:59:27:6b:64:4e:0d:
                    47:40:39:2a:87:62:b6:57:91:b9:4f:04:03:3d:29:
                    36:25:cb:1c:91:01:ff:b1:2a:49:c7:bc:00:29:0d:
                    55:01:38:4f:f1:d1:0a:7c:33:c1:54:70:eb:ff:36:
                    40:d1:57:73:af:5b:04:83:72:4c:bf:20:76:ea:bf:
                    d7:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:F2:AF:26:FF:37:51:66:7B:1B:14:C6:7F:C5:9C:99:ED:E4:B6:7C
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/r_KvJv83UWZ7GxTGf8Wcme3ktnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:1200::/40

    Signature Algorithm: sha256WithRSAEncryption
         0d:6a:07:5b:67:c0:8a:55:11:10:3e:86:8a:71:2d:1d:37:17:
         ba:96:ba:33:4f:cd:05:03:cb:da:67:45:8f:26:a3:3b:67:77:
         a1:f6:d4:06:8e:f1:89:ac:a6:a0:81:47:b1:0f:39:84:c5:e2:
         a8:5e:51:0a:e9:5e:1e:3c:e8:59:4a:0f:ec:2d:e9:50:eb:3d:
         05:dc:7e:d0:eb:4b:78:aa:ea:bb:e4:67:4d:34:a2:77:c0:80:
         98:67:4d:19:fa:f3:b8:b9:8e:57:f8:57:7e:d3:fd:c2:a8:6e:
         d9:10:10:65:5f:f4:de:12:5a:69:c4:5f:3d:68:b5:03:89:ce:
         95:4f:ca:6c:9e:21:d0:e7:57:0c:e2:54:25:59:65:e5:cf:f6:
         f7:c0:81:a0:a0:23:12:d2:dd:e2:f0:ef:c4:42:03:50:0f:e8:
         db:79:8f:b5:8f:9d:df:2b:77:6b:18:68:b9:0f:35:a0:fb:ff:
         89:48:be:10:0f:5f:65:2b:1c:09:78:1f:d1:c2:36:2d:96:99:
         90:72:38:9a:d8:55:b8:fc:23:2a:77:ee:6e:eb:b0:c7:95:b9:
         71:7b:4e:74:d2:c1:a3:da:00:1a:b0:57:49:dc:be:f8:74:d8:
         5f:54:4e:41:f8:aa:60:0e:82:df:63:54:2d:8e:9c:e3:fa:ec:
         d7:1f:94:09
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZelhwu4zW9AKx9CFse/NdVsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjUwNjI1MDUxOTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmYyYWYyNmZmMzc1MTY2N2IxYjE0YzY3ZmM1OWM5OWVkZTRiNjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1/oK0n+bcLeJrA7+20yZu5tTecY
3kCoLmB3nWt/oh2RwGx10IEFVTCEwhKOHt5OgFKhm+3ZN+4eD/B3V1ZAOb2nS/un
EmeWWhtsJu/R99becUO7FwqbbiIEDV9mutibe1hW1PJm5Md8LV7eFVKxxZzBIDHH
M6g+PUo3ShE92orWNs0fSNRQC82ULAI6R6tbKQtuYXWBXOosW5y4NpwffBALRw7I
9ZDtT6TiBFZbq7HLCvx2Poe1N9WA+q1ZJ2tkTg1HQDkqh2K2V5G5TwQDPSk2Jcsc
kQH/sSpJx7wAKQ1VAThP8dEKfDPBVHDr/zZA0Vdzr1sEg3JMvyB26r/XiwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFK/yryb/N1FmexsUxn/FnJnt5LZ8MB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvcl9Ldkp2ODNVV1o3R3hUR2Y4V2NtZTNrdG53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhhIw
DQYJKoZIhvcNAQELBQADggEBAA1qB1tnwIpVERA+hopxLR03F7qWujNPzQUDy9pn
RY8moztnd6H21AaO8YmspqCBR7EPOYTF4qheUQrpXh486FlKD+wt6VDrPQXcftDr
S3iq6rvkZ000onfAgJhnTRn687i5jlf4V37T/cKobtkQEGVf9N4SWmnEXz1otQOJ
zpVPymyeIdDnVwziVCVZZeXP9vfAgaCgIxLS3eLw78RCA1AP6Nt5j7WPnd8rd2sY
aLkPNaD7/4lIvhAPX2UrHAl4H9HCNi2WmZByOJrYVbj8Iyp37m7rsMeVuXF7TnTS
waPaABqwV0ncvvh02F9UTkH4qmAOgt9jVC2OnOP67NcflAk=
-----END CERTIFICATE-----