Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/OI1uK9LvyBYMrxZk6Wtsms4rrxQ.roa
File:                     OI1uK9LvyBYMrxZk6Wtsms4rrxQ.roa (raw, json)
Hash identifier:          r4xm6yQr/cgOXWzX1uA52pwqnclq3721sVsfso5FXPI=
Subject key identifier:   38:8D:6E:2B:D2:EF:C8:16:0C:AF:16:64:E9:6B:6C:9A:CE:2B:AF:14
Certificate issuer:       /CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
Certificate serial:       0197A6EC19B4770F108D620E8B89E43D0763
Authority key identifier: FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/OI1uK9LvyBYMrxZk6Wtsms4rrxQ.roa
Signing time:             Wed 25 Jun 2025 11:49:40 +0000
ROA not before:           Wed 25 Jun 2025 11:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     149428
IP address blocks:        2a02:e9c0::/32 maxlen: 32
                          2a13:6cc2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 14:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:ec:19:b4:77:0f:10:8d:62:0e:8b:89:e4:3d:07:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
        Validity
            Not Before: Jun 25 11:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=388d6e2bd2efc8160caf1664e96b6c9ace2baf14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b2:b7:a2:a1:f4:b5:bc:8d:33:a2:b8:6a:ef:
                    05:3d:e2:ee:bc:1c:a6:5a:02:c3:a0:0b:ff:cd:af:
                    ac:07:fb:20:de:ca:d4:aa:2b:12:f8:73:56:33:43:
                    f8:a9:eb:fd:27:f3:40:21:c0:1b:47:19:f3:4f:d8:
                    9f:90:4f:a0:f3:3f:d4:a6:d0:94:05:cc:7f:22:4e:
                    0a:4a:b4:d7:c9:de:78:55:21:b4:9a:b3:f4:fa:50:
                    8e:31:e7:04:75:e8:67:f0:e8:7a:20:a4:24:9d:04:
                    0e:de:45:07:65:4b:47:35:0d:f0:63:ce:0c:fa:37:
                    54:e0:83:f5:fa:c1:8a:56:38:34:ef:cb:a5:d5:29:
                    2c:74:5f:db:79:49:f7:16:4f:21:4a:3b:27:63:70:
                    81:8a:fd:a8:15:2f:7c:02:eb:3a:18:8e:e9:03:c4:
                    8f:ae:c7:b6:48:b0:e4:11:a7:7f:7f:8e:a1:65:2c:
                    67:c2:bf:77:75:66:8d:41:c2:d8:0c:fe:af:06:e4:
                    30:b0:16:11:f1:12:1d:9b:6a:c9:53:98:1c:11:02:
                    64:2c:e8:3d:a5:f8:88:53:d4:ed:77:5a:e1:31:5a:
                    3d:e2:2d:7c:16:d4:67:96:e1:7e:f8:e3:81:e3:f8:
                    80:c1:71:78:ef:d3:08:a7:a9:a8:7d:24:af:e6:17:
                    8d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:8D:6E:2B:D2:EF:C8:16:0C:AF:16:64:E9:6B:6C:9A:CE:2B:AF:14
            X509v3 Authority Key Identifier:
                keyid:FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/OI1uK9LvyBYMrxZk6Wtsms4rrxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:e9c0::/32
                  2a13:6cc2::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:c6:48:96:47:d1:b3:00:0a:c9:fa:ad:de:f1:aa:8e:db:84:
         b1:17:27:a4:a9:a8:4a:12:be:49:59:00:75:4d:c2:8f:48:75:
         16:15:95:da:20:16:32:4f:f7:f1:43:c1:4c:05:43:85:28:8c:
         55:35:51:06:ac:9b:14:87:84:ef:7d:35:b5:04:9e:ff:b6:09:
         0a:80:0b:35:cc:86:ad:6b:a3:3c:e6:4f:64:b4:33:34:5f:ae:
         1d:aa:86:b2:ad:f3:46:47:d0:cb:be:dc:d2:bc:3f:ad:65:f2:
         64:57:26:c1:70:87:fa:99:a9:06:2f:db:35:30:9b:06:c9:5a:
         b3:f4:d8:88:14:fe:1a:6e:b3:c4:02:15:7e:82:30:ec:bc:77:
         86:21:2e:1e:4f:68:d1:43:b6:ba:3a:94:93:63:ef:64:42:3b:
         59:b7:ab:37:36:cc:82:72:d6:7e:22:64:e3:9e:73:68:57:b7:
         32:f3:6e:d9:55:f5:96:f3:7d:8f:b4:12:cf:87:8c:72:64:25:
         d3:8c:bd:71:35:c6:74:bb:60:11:89:9a:f2:a3:fa:45:cc:7e:
         2f:f6:d3:ea:69:92:af:18:5d:5a:2f:1e:e3:3c:0f:18:5f:b0:
         0f:a6:4c:29:4e:1d:47:66:df:ed:06:b3:0d:b9:e7:1d:4a:ca:
         14:c3:c7:db
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZem7Bm0dw8QjWIOi4nkPQdjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGJmYmRiNmU5NzVkZGNhOGY2ZGQ5NjhjMzdhN2Q1NTYw
ZTY5MWQwHhcNMjUwNjI1MTE0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODhkNmUyYmQyZWZjODE2MGNhZjE2NjRlOTZiNmM5YWNlMmJhZjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLK3oqH0tbyNM6K4au8FPeLuvBym
WgLDoAv/za+sB/sg3srUqisS+HNWM0P4qev9J/NAIcAbRxnzT9ifkE+g8z/UptCU
Bcx/Ik4KSrTXyd54VSG0mrP0+lCOMecEdehn8Oh6IKQknQQO3kUHZUtHNQ3wY84M
+jdU4IP1+sGKVjg078ul1SksdF/beUn3Fk8hSjsnY3CBiv2oFS98Aus6GI7pA8SP
rse2SLDkEad/f46hZSxnwr93dWaNQcLYDP6vBuQwsBYR8RIdm2rJU5gcEQJkLOg9
pfiIU9Ttd1rhMVo94i18FtRnluF++OOB4/iAwXF479MIp6mofSSv5heN8QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDiNbivS78gWDK8WZOlrbJrOK68UMB8GA1UdIwQY
MBaAFP/b+9tul13cqPbdlow3p9VWDmkdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUt
MTk3NjlmNTc4ZWZkLzEvT0kxdUs5THZ5QllNcnhaazZXdHNtczRycnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUtMTk3NjlmNTc4ZWZk
LzEvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgLpwAMF
ACoTbMIwDQYJKoZIhvcNAQELBQADggEBAC7GSJZH0bMACsn6rd7xqo7bhLEXJ6Sp
qEoSvklZAHVNwo9IdRYVldogFjJP9/FDwUwFQ4UojFU1UQasmxSHhO99NbUEnv+2
CQqACzXMhq1rozzmT2S0MzRfrh2qhrKt80ZH0Mu+3NK8P61l8mRXJsFwh/qZqQYv
2zUwmwbJWrP02IgU/hpus8QCFX6CMOy8d4YhLh5PaNFDtro6lJNj72RCO1m3qzc2
zIJy1n4iZOOec2hXtzLzbtlV9ZbzfY+0Es+HjHJkJdOMvXE1xnS7YBGJmvKj+kXM
fi/20+ppkq8YXVovHuM8DxhfsA+mTClOHUdm3+0Gsw255x1KyhTDx9s=
-----END CERTIFICATE-----