Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/wrl9kLnP1rk7nT8nfaCtICzeH9s.roa
File:                     wrl9kLnP1rk7nT8nfaCtICzeH9s.roa (raw, json)
Hash identifier:          hvWb2rrC33UUwdJUa2tUX3NGj1r9RLGSxKqLlZYr8D4=
Subject key identifier:   C2:B9:7D:90:B9:CF:D6:B9:3B:9D:3F:27:7D:A0:AD:20:2C:DE:1F:DB
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       019932C0177B1770419EECD964A2AB012454
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/wrl9kLnP1rk7nT8nfaCtICzeH9s.roa
Signing time:             Wed 10 Sep 2025 08:31:13 +0000
ROA not before:           Wed 10 Sep 2025 08:31:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29226
IP address blocks:        2a09:3b04::/32 maxlen: 32
                          2a12:7c07::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:32:c0:17:7b:17:70:41:9e:ec:d9:64:a2:ab:01:24:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Sep 10 08:31:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2b97d90b9cfd6b93b9d3f277da0ad202cde1fdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f4:07:87:6e:87:d4:77:e5:21:73:83:86:1b:
                    b2:0a:c2:44:80:22:6c:ae:5a:2c:b5:ff:9e:f4:34:
                    46:e0:da:4f:7b:ca:44:60:84:74:69:92:46:e7:23:
                    25:7d:9d:85:12:ee:64:ed:a1:4b:97:e9:27:60:8b:
                    bd:39:24:a8:ca:77:07:d0:5c:37:f4:f9:21:e5:61:
                    06:9c:27:7a:4d:c3:d6:0c:9f:69:ca:9a:b1:f9:d5:
                    b7:61:0c:da:51:36:b8:dc:2b:27:c4:1d:78:a2:0d:
                    d0:d4:1a:71:d9:a0:b0:52:09:d4:ee:c5:02:b0:a5:
                    89:ee:6b:f8:88:06:37:fe:9f:ef:f5:78:c6:99:40:
                    10:2f:e9:d9:66:b3:b2:1c:ee:84:99:a9:e1:c2:8a:
                    a1:9d:03:5f:0b:a6:e6:53:3a:37:aa:66:b4:2b:71:
                    f9:55:42:dd:47:02:4c:95:61:85:6f:71:08:ee:bf:
                    1e:ab:63:ad:71:19:50:ca:81:3a:f9:50:bf:de:59:
                    a3:c2:0c:07:93:14:f8:df:09:c7:bf:8e:8e:8b:37:
                    45:4f:fb:07:71:b5:79:e2:05:5d:41:4d:36:74:c6:
                    3d:92:9c:a2:31:59:da:3f:df:be:ff:36:b8:9a:6a:
                    a2:97:81:48:58:5d:7b:5c:3b:49:67:95:97:81:69:
                    5b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:B9:7D:90:B9:CF:D6:B9:3B:9D:3F:27:7D:A0:AD:20:2C:DE:1F:DB
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/wrl9kLnP1rk7nT8nfaCtICzeH9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:3b04::/32
                  2a12:7c07::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:5a:29:82:2b:28:c0:f3:f5:5e:b7:73:52:e6:b5:68:13:0a:
         ca:8e:38:43:13:a6:7d:19:75:1b:c2:d1:d3:09:4b:53:8c:db:
         a3:b9:35:df:cf:cf:18:c0:25:9a:3b:7c:8e:9d:9e:21:b1:29:
         e0:bf:47:66:0e:7d:82:bc:25:22:c3:a9:59:cc:bb:4d:bb:ff:
         e3:ff:e5:98:68:aa:54:37:df:57:18:bb:7c:d9:cb:25:b6:51:
         50:4e:89:5e:f5:a7:3a:32:f3:5c:f0:db:8c:54:29:e6:45:18:
         bd:4c:cd:f3:8d:b2:17:61:97:b0:a3:b3:04:e2:6c:2e:c7:11:
         ca:f5:04:b5:95:4c:d8:55:bd:06:d6:aa:5b:d5:0e:60:2d:2b:
         89:87:47:25:19:1a:20:38:e3:db:4a:91:c0:61:e3:b4:11:5d:
         37:7c:1f:22:64:c4:af:0f:b0:24:10:a3:88:9e:14:61:5f:d1:
         f1:ee:da:1a:be:b7:2d:71:d1:6d:70:47:f1:91:9c:f4:22:45:
         f4:88:c9:58:6b:60:b4:0e:f1:56:49:3e:75:a8:ab:03:e2:6f:
         6d:f0:a6:1b:5d:a9:34:7f:52:a7:80:44:d6:13:d9:91:60:4d:
         52:6c:28:84:75:d2:98:a8:4c:50:ae:de:80:57:d4:5d:20:00:
         d7:43:66:6b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZkywBd7F3BBnuzZZKKrASRUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjUwOTEwMDgzMTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmI5N2Q5MGI5Y2ZkNmI5M2I5ZDNmMjc3ZGEwYWQyMDJjZGUxZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/QHh26H1HflIXODhhuyCsJEgCJs
rlostf+e9DRG4NpPe8pEYIR0aZJG5yMlfZ2FEu5k7aFLl+knYIu9OSSoyncH0Fw3
9Pkh5WEGnCd6TcPWDJ9pypqx+dW3YQzaUTa43CsnxB14og3Q1Bpx2aCwUgnU7sUC
sKWJ7mv4iAY3/p/v9XjGmUAQL+nZZrOyHO6EmanhwoqhnQNfC6bmUzo3qma0K3H5
VULdRwJMlWGFb3EI7r8eq2OtcRlQyoE6+VC/3lmjwgwHkxT43wnHv46OizdFT/sH
cbV54gVdQU02dMY9kpyiMVnaP9++/za4mmqil4FIWF17XDtJZ5WXgWlbwwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMK5fZC5z9a5O50/J32grSAs3h/bMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvd3JsOWtMblAxcms3blQ4bmZhQ3RJQ3plSDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgk7BAMF
ACoSfAcwDQYJKoZIhvcNAQELBQADggEBAIhaKYIrKMDz9V63c1LmtWgTCsqOOEMT
pn0ZdRvC0dMJS1OM26O5Nd/PzxjAJZo7fI6dniGxKeC/R2YOfYK8JSLDqVnMu027
/+P/5ZhoqlQ331cYu3zZyyW2UVBOiV71pzoy81zw24xUKeZFGL1MzfONshdhl7Cj
swTibC7HEcr1BLWVTNhVvQbWqlvVDmAtK4mHRyUZGiA449tKkcBh47QRXTd8HyJk
xK8PsCQQo4ieFGFf0fHu2hq+ty1x0W1wR/GRnPQiRfSIyVhrYLQO8VZJPnWoqwPi
b23wphtdqTR/UqeARNYT2ZFgTVJsKIR10pioTFCu3oBX1F0gANdDZms=
-----END CERTIFICATE-----