Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/iw9kNkv-dkyYtEoLjtCHmwGGJs0.roa
File:                     iw9kNkv-dkyYtEoLjtCHmwGGJs0.roa (raw, json)
Hash identifier:          WAVrCgR0Lig7wZih5a6i+wCsRj3CJZHI3ntVJTN6GcM=
Subject key identifier:   8B:0F:64:36:4B:FE:76:4C:98:B4:4A:0B:8E:D0:87:9B:01:86:26:CD
Certificate issuer:       /CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
Certificate serial:       0197A6EC1AA8E11758AB52AF778349B3B5D2
Authority key identifier: FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/iw9kNkv-dkyYtEoLjtCHmwGGJs0.roa
Signing time:             Wed 25 Jun 2025 11:49:40 +0000
ROA not before:           Wed 25 Jun 2025 11:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205964
IP address blocks:        2a02:e9c1::/32 maxlen: 32
                          2a13:6cc1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:ec:1a:a8:e1:17:58:ab:52:af:77:83:49:b3:b5:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
        Validity
            Not Before: Jun 25 11:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b0f64364bfe764c98b44a0b8ed0879b018626cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:0a:b2:aa:11:2a:2b:2d:6a:2a:57:f0:47:51:
                    09:6c:c3:da:b0:88:15:24:a5:7a:77:58:d0:e4:fa:
                    37:e1:52:cf:56:4b:ba:89:95:cf:a2:27:43:05:6b:
                    0d:1b:4d:f1:88:07:83:13:b2:cd:ee:0a:e0:49:d4:
                    c3:be:c3:a0:f7:e3:91:89:9f:f4:89:e1:88:70:4e:
                    9b:1f:2e:7a:a5:cf:b5:06:31:38:ab:85:cf:0c:1c:
                    98:6d:cb:68:8c:ef:fb:45:9d:52:c9:70:f4:c9:4a:
                    7c:22:b2:1c:34:76:ee:f0:8a:8e:9b:f4:90:57:6c:
                    52:67:ca:bf:77:cd:f6:c9:65:f9:24:67:a7:ea:0c:
                    49:99:da:07:33:a3:82:cf:78:51:5d:62:ff:66:87:
                    00:0c:f1:44:8d:b8:a6:42:7f:ee:88:e1:7d:19:5e:
                    6b:a8:bc:09:a4:ce:10:17:9c:8a:c9:3a:ba:97:91:
                    fd:3a:6e:b2:a7:d7:6a:6d:77:8a:70:bb:72:aa:03:
                    30:1b:ca:3c:94:62:36:25:1e:a4:54:13:d7:14:8b:
                    83:ec:e1:0b:33:ec:4e:82:f0:a4:3d:14:1d:dc:80:
                    2e:f1:7e:4f:cb:b8:ff:38:e8:cf:32:b1:07:f0:16:
                    7f:d4:1b:a3:da:b6:dd:73:98:b8:7e:1a:ac:61:e3:
                    da:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:0F:64:36:4B:FE:76:4C:98:B4:4A:0B:8E:D0:87:9B:01:86:26:CD
            X509v3 Authority Key Identifier:
                keyid:FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/iw9kNkv-dkyYtEoLjtCHmwGGJs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:e9c1::/32
                  2a13:6cc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:5f:4d:cd:d5:88:6d:33:47:8b:53:33:f5:9c:d2:70:ec:69:
         6a:3d:24:3b:1a:28:2d:49:4e:44:bd:62:59:bd:b8:7a:3a:c5:
         89:84:44:db:58:ab:8a:19:5f:6a:fa:c5:d7:0f:45:75:e7:57:
         b7:39:3d:e5:0c:c7:82:cb:ca:27:c9:70:50:40:50:8d:c3:72:
         33:e8:bc:2d:35:3d:7a:8b:cb:7c:d2:80:c6:99:9a:3c:16:59:
         0e:e3:50:0d:10:b6:b4:1b:01:16:0a:e8:e0:2e:e1:d4:a7:aa:
         ca:8c:fb:5c:e0:3c:21:e5:b7:18:71:68:f6:e3:f3:6a:71:49:
         9c:96:11:bd:a4:7b:5a:ec:f1:5b:ee:9d:7e:eb:58:60:99:4e:
         61:43:dc:d2:83:2b:f2:37:b6:fd:72:21:ff:23:0c:d7:a5:ed:
         fc:d0:b3:59:b7:8b:2d:57:ad:36:b7:f4:40:06:03:ce:d3:61:
         38:81:ac:71:8f:3b:50:50:6f:15:f5:fa:8b:3d:de:20:e3:07:
         42:ec:74:6e:e6:f1:bc:92:27:9b:5a:ba:1d:df:6b:72:0e:1b:
         c7:a9:75:4c:f4:ad:23:9b:73:72:eb:78:85:26:65:40:b5:0a:
         9c:24:85:49:2a:a1:b7:58:ce:9e:96:10:43:b5:34:41:c7:91:
         74:df:f8:b6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZem7Bqo4RdYq1Kvd4NJs7XSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGJmYmRiNmU5NzVkZGNhOGY2ZGQ5NjhjMzdhN2Q1NTYw
ZTY5MWQwHhcNMjUwNjI1MTE0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjBmNjQzNjRiZmU3NjRjOThiNDRhMGI4ZWQwODc5YjAxODYyNmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAqyqhEqKy1qKlfwR1EJbMPasIgV
JKV6d1jQ5Po34VLPVku6iZXPoidDBWsNG03xiAeDE7LN7grgSdTDvsOg9+ORiZ/0
ieGIcE6bHy56pc+1BjE4q4XPDByYbctojO/7RZ1SyXD0yUp8IrIcNHbu8IqOm/SQ
V2xSZ8q/d832yWX5JGen6gxJmdoHM6OCz3hRXWL/ZocADPFEjbimQn/uiOF9GV5r
qLwJpM4QF5yKyTq6l5H9Om6yp9dqbXeKcLtyqgMwG8o8lGI2JR6kVBPXFIuD7OEL
M+xOgvCkPRQd3IAu8X5Py7j/OOjPMrEH8BZ/1Buj2rbdc5i4fhqsYePaIQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIsPZDZL/nZMmLRKC47Qh5sBhibNMB8GA1UdIwQY
MBaAFP/b+9tul13cqPbdlow3p9VWDmkdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUt
MTk3NjlmNTc4ZWZkLzEvaXc5a05rdi1ka3lZdEVvTGp0Q0htd0dHSnMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUtMTk3NjlmNTc4ZWZk
LzEvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgLpwQMF
ACoTbMEwDQYJKoZIhvcNAQELBQADggEBAGVfTc3ViG0zR4tTM/Wc0nDsaWo9JDsa
KC1JTkS9Ylm9uHo6xYmERNtYq4oZX2r6xdcPRXXnV7c5PeUMx4LLyifJcFBAUI3D
cjPovC01PXqLy3zSgMaZmjwWWQ7jUA0QtrQbARYK6OAu4dSnqsqM+1zgPCHltxhx
aPbj82pxSZyWEb2ke1rs8VvunX7rWGCZTmFD3NKDK/I3tv1yIf8jDNel7fzQs1m3
iy1XrTa39EAGA87TYTiBrHGPO1BQbxX1+os93iDjB0LsdG7m8bySJ5tauh3fa3IO
G8epdUz0rSObc3LreIUmZUC1CpwkhUkqobdYzp6WEEO1NEHHkXTf+LY=
-----END CERTIFICATE-----