Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/ymi9yVyZH-4QjFqx4TNJYTh4zAw.roa
File:                     ymi9yVyZH-4QjFqx4TNJYTh4zAw.roa (raw, json)
Hash identifier:          BjRl81ZbEIDdTp592nI0/wEPMbPN+bb2781H4ezqZJw=
Subject key identifier:   CA:68:BD:C9:5C:99:1F:EE:10:8C:5A:B1:E1:33:49:61:38:78:CC:0C
Certificate issuer:       /CN=9f3ec21e10f3646e4dc0e23f5f7ec44501560de3
Certificate serial:       01977F3EE520E39748E45A0C801D6B862BB6
Authority key identifier: 9F:3E:C2:1E:10:F3:64:6E:4D:C0:E2:3F:5F:7E:C4:45:01:56:0D:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nz7CHhDzZG5NwOI_X37ERQFWDeM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/ymi9yVyZH-4QjFqx4TNJYTh4zAw.roa
Signing time:             Tue 17 Jun 2025 18:55:17 +0000
ROA not before:           Tue 17 Jun 2025 18:55:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:efc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/nz7CHhDzZG5NwOI_X37ERQFWDeM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/nz7CHhDzZG5NwOI_X37ERQFWDeM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nz7CHhDzZG5NwOI_X37ERQFWDeM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7f:3e:e5:20:e3:97:48:e4:5a:0c:80:1d:6b:86:2b:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f3ec21e10f3646e4dc0e23f5f7ec44501560de3
        Validity
            Not Before: Jun 17 18:55:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca68bdc95c991fee108c5ab1e13349613878cc0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:b4:19:8f:31:29:bc:ac:8b:bd:5c:09:ec:e7:
                    df:fe:be:e6:70:cf:8e:8e:60:8c:f1:55:f3:1c:46:
                    45:7d:14:8e:83:c3:df:16:f1:6c:6a:d6:24:a7:48:
                    ec:eb:e6:93:d1:60:a2:0d:1c:8f:dd:4a:96:c4:ca:
                    51:ef:35:66:4f:39:a7:ac:c3:df:45:15:48:79:1f:
                    ae:2e:2c:a0:a3:13:f9:73:44:80:94:87:e4:4f:b5:
                    ac:de:01:fc:81:fb:1a:7d:ca:02:2e:e5:aa:57:b4:
                    f0:79:e3:9c:52:a9:49:9c:7a:79:fe:8f:e8:a7:a1:
                    1c:5b:52:45:16:51:fb:5b:d5:0b:77:90:9e:02:c7:
                    4f:5d:b7:df:33:12:87:8d:ca:cd:61:a6:50:d2:ec:
                    23:d2:2e:94:96:30:51:ec:42:89:e5:02:9d:7a:94:
                    f1:01:07:25:b4:a9:36:b8:14:8a:18:1f:3d:84:4b:
                    6c:0e:92:c3:39:ee:aa:19:d1:2a:d2:6d:2a:3a:e8:
                    cc:6e:8b:4e:b1:1f:7c:80:a6:0a:91:0a:bd:23:3d:
                    0b:a1:6a:6d:1f:8d:dd:24:0d:f0:cc:50:72:87:00:
                    7e:77:d6:75:d5:1a:11:e9:53:4d:65:04:00:ed:4a:
                    2a:3c:47:33:23:64:34:4b:93:30:09:75:4d:e4:72:
                    dd:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:68:BD:C9:5C:99:1F:EE:10:8C:5A:B1:E1:33:49:61:38:78:CC:0C
            X509v3 Authority Key Identifier:
                keyid:9F:3E:C2:1E:10:F3:64:6E:4D:C0:E2:3F:5F:7E:C4:45:01:56:0D:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nz7CHhDzZG5NwOI_X37ERQFWDeM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/ymi9yVyZH-4QjFqx4TNJYTh4zAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/nz7CHhDzZG5NwOI_X37ERQFWDeM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:efc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:79:4b:6f:29:0a:b6:07:dd:75:57:10:e0:93:74:9e:51:d1:
         48:e8:8e:a8:9d:0c:3f:e5:53:e9:42:00:0f:c6:28:36:db:1d:
         c8:8d:11:f3:17:8d:ee:c1:7c:b3:af:6a:5c:19:91:8a:12:bc:
         71:1d:01:a9:79:7f:df:be:77:de:5f:a2:45:9e:31:55:ab:9a:
         79:ba:d1:92:c5:97:3c:5c:96:51:3c:c9:7f:40:03:d3:16:d3:
         cf:90:97:4b:fc:0f:cd:04:70:ec:84:ef:83:09:8d:68:f6:a9:
         b1:20:d2:b8:1b:9e:2f:0a:c2:50:94:c6:60:e9:26:95:1c:ed:
         58:f9:a2:6e:b3:21:ab:3d:2b:a3:f5:6a:f9:a5:c3:68:43:9c:
         7b:3b:a9:68:2d:37:a4:e4:21:e2:5e:ef:90:15:0e:c1:c5:b9:
         54:47:c8:96:b0:57:76:f1:09:be:48:58:c3:ea:a3:d8:e0:e2:
         4f:d1:3a:d2:f0:37:20:76:a0:d0:fe:3a:77:8e:5f:ee:92:6d:
         78:91:61:cc:1b:7e:51:5c:31:44:b1:e4:fb:00:b7:c3:fc:c8:
         4e:53:7f:c0:ec:59:77:9d:40:1f:ca:ea:2c:5f:42:35:e0:51:
         ab:35:01:2f:2e:0b:fd:da:97:f8:da:c2:17:64:1b:57:a2:d8:
         8e:bb:e7:02
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd/PuUg45dI5FoMgB1rhiu2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmM2VjMjFlMTBmMzY0NmU0ZGMwZTIzZjVmN2VjNDQ1MDE1
NjBkZTMwHhcNMjUwNjE3MTg1NTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTY4YmRjOTVjOTkxZmVlMTA4YzVhYjFlMTMzNDk2MTM4NzhjYzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4bQZjzEpvKyLvVwJ7Off/r7mcM+O
jmCM8VXzHEZFfRSOg8PfFvFsatYkp0js6+aT0WCiDRyP3UqWxMpR7zVmTzmnrMPf
RRVIeR+uLiygoxP5c0SAlIfkT7Ws3gH8gfsafcoCLuWqV7TweeOcUqlJnHp5/o/o
p6EcW1JFFlH7W9ULd5CeAsdPXbffMxKHjcrNYaZQ0uwj0i6UljBR7EKJ5QKdepTx
AQcltKk2uBSKGB89hEtsDpLDOe6qGdEq0m0qOujMbotOsR98gKYKkQq9Iz0LoWpt
H43dJA3wzFByhwB+d9Z11RoR6VNNZQQA7UoqPEczI2Q0S5MwCXVN5HLd1QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMpovclcmR/uEIxaseEzSWE4eMwMMB8GA1UdIwQY
MBaAFJ8+wh4Q82RuTcDiP19+xEUBVg3jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbno3Q0hoRHpaRzVOd09JX1gzN0VSUUZXRGVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS82YmFmZTktODc4Yi00NmZkLWEzMDUt
N2JhMjVkNTU5NWZhLzEveW1pOXlWeVpILTRRakZxeDRUTkpZVGg0ekF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS82YmFmZTktODc4Yi00NmZkLWEzMDUtN2JhMjVkNTU5NWZh
LzEvbno3Q0hoRHpaRzVOd09JX1gzN0VSUUZXRGVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHvwDAN
BgkqhkiG9w0BAQsFAAOCAQEAVXlLbykKtgfddVcQ4JN0nlHRSOiOqJ0MP+VT6UIA
D8YoNtsdyI0R8xeN7sF8s69qXBmRihK8cR0BqXl/37533l+iRZ4xVauaebrRksWX
PFyWUTzJf0AD0xbTz5CXS/wPzQRw7ITvgwmNaPapsSDSuBueLwrCUJTGYOkmlRzt
WPmibrMhqz0ro/Vq+aXDaEOcezupaC03pOQh4l7vkBUOwcW5VEfIlrBXdvEJvkhY
w+qj2ODiT9E60vA3IHag0P46d45f7pJteJFhzBt+UVwxRLHk+wC3w/zITlN/wOxZ
d51AH8rqLF9CNeBRqzUBLy4L/dqX+NrCF2QbV6LYjrvnAg==
-----END CERTIFICATE-----