Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/jEuhOWOO-QlWKQlP_vQxpSPLQb4.roa
File:                     jEuhOWOO-QlWKQlP_vQxpSPLQb4.roa (raw, json)
Hash identifier:          T76BJeDOcF7APO1x6/gqGhi/5iskR6Zu3KBZKjePpuU=
Subject key identifier:   8C:4B:A1:39:63:8E:F9:09:56:29:09:4F:FE:F4:31:A5:23:CB:41:BE
Certificate issuer:       /CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
Certificate serial:       0197A6EDF01FDC131B1C83F156841E901146
Authority key identifier: FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/jEuhOWOO-QlWKQlP_vQxpSPLQb4.roa
Signing time:             Wed 25 Jun 2025 11:51:40 +0000
ROA not before:           Wed 25 Jun 2025 11:51:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205659
IP address blocks:        2a02:e9c6::/32 maxlen: 32
                          2a13:6cc6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:ed:f0:1f:dc:13:1b:1c:83:f1:56:84:1e:90:11:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
        Validity
            Not Before: Jun 25 11:51:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c4ba139638ef9095629094ffef431a523cb41be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:16:4d:fc:57:4d:58:0c:d4:00:4f:a6:71:7f:
                    48:e8:54:a1:90:46:18:45:1c:c4:2b:a8:d2:96:28:
                    89:99:a5:49:f4:df:b2:68:e6:51:9d:93:54:03:15:
                    29:3d:34:db:dd:5b:0a:57:37:7c:7f:b0:c3:07:4e:
                    30:06:af:54:b0:11:88:45:bf:61:19:fc:67:09:c2:
                    d5:ad:bc:dc:8f:01:ce:df:ba:42:9d:88:d9:4a:d1:
                    c5:b9:dd:99:a3:eb:e6:15:c7:55:ec:e3:9a:62:65:
                    6e:93:0b:3b:dc:29:1a:b9:1a:e6:51:86:8e:1f:77:
                    3c:b0:b4:9b:c1:07:7c:f5:ed:31:61:6a:8a:fd:65:
                    3b:6e:b4:d6:96:07:91:f7:d7:65:bc:22:ab:af:52:
                    8c:56:4b:fd:af:19:e6:c9:87:d0:d4:7f:34:13:ec:
                    b1:54:de:f1:a5:a0:60:4c:73:5c:5a:c4:c1:f5:10:
                    59:26:8f:d8:40:7b:f0:a9:86:4f:89:4a:f4:e3:dd:
                    95:01:3a:cf:2c:42:a0:04:f1:59:f1:17:96:d2:52:
                    7c:64:e4:7f:49:3c:c4:9a:a1:58:56:8e:4b:f6:28:
                    3b:2f:69:71:bd:21:1e:6c:72:9e:c8:64:e2:92:cf:
                    0d:43:49:36:cc:75:ab:25:ad:e0:68:ae:ca:8a:b8:
                    fc:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:4B:A1:39:63:8E:F9:09:56:29:09:4F:FE:F4:31:A5:23:CB:41:BE
            X509v3 Authority Key Identifier:
                keyid:FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/jEuhOWOO-QlWKQlP_vQxpSPLQb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:e9c6::/32
                  2a13:6cc6::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:24:e9:77:fd:4a:2b:65:9b:ab:b4:ce:54:f5:d7:9e:4a:dc:
         71:91:cf:a1:4b:27:12:44:04:c8:f2:f0:d5:53:49:be:bb:e9:
         6c:98:78:9d:25:1c:25:bc:4f:a8:5f:6a:f5:47:9c:d5:f2:f4:
         23:f4:8a:99:29:0d:05:3f:22:65:63:14:83:06:d6:cb:f9:39:
         82:22:da:e8:2e:63:a8:b8:55:a3:8a:5a:cb:26:a8:60:d4:40:
         aa:f6:f0:e7:49:c5:25:ad:b7:bb:a1:33:dc:60:0d:9b:fc:f8:
         79:09:8f:12:b8:61:4c:d7:8e:61:1f:b7:68:ab:e2:c7:98:8e:
         79:ce:32:e1:33:dd:7a:dc:3c:d5:e8:e7:fe:db:4d:d4:44:77:
         dc:46:52:4f:ef:cf:b4:51:85:a2:07:18:d6:eb:ca:49:e2:de:
         b6:3f:fc:fe:12:25:7d:0f:9a:bb:07:59:8a:4e:af:e1:2a:e5:
         33:07:70:90:68:1a:9f:c5:b8:21:6c:39:44:4e:cb:ee:87:67:
         2b:e1:58:1a:81:ec:36:ba:9a:b1:73:49:16:97:d5:6f:b3:aa:
         d7:2f:aa:24:fe:15:4f:9c:32:46:a9:6b:e0:7d:e7:53:1f:53:
         39:b6:50:86:60:af:24:9d:1e:97:54:d1:fa:3d:b6:b8:a1:c1:
         37:50:d6:b5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZem7fAf3BMbHIPxVoQekBFGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGJmYmRiNmU5NzVkZGNhOGY2ZGQ5NjhjMzdhN2Q1NTYw
ZTY5MWQwHhcNMjUwNjI1MTE1MTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzRiYTEzOTYzOGVmOTA5NTYyOTA5NGZmZWY0MzFhNTIzY2I0MWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRZN/FdNWAzUAE+mcX9I6FShkEYY
RRzEK6jSliiJmaVJ9N+yaOZRnZNUAxUpPTTb3VsKVzd8f7DDB04wBq9UsBGIRb9h
GfxnCcLVrbzcjwHO37pCnYjZStHFud2Zo+vmFcdV7OOaYmVukws73CkauRrmUYaO
H3c8sLSbwQd89e0xYWqK/WU7brTWlgeR99dlvCKrr1KMVkv9rxnmyYfQ1H80E+yx
VN7xpaBgTHNcWsTB9RBZJo/YQHvwqYZPiUr0492VATrPLEKgBPFZ8ReW0lJ8ZOR/
STzEmqFYVo5L9ig7L2lxvSEebHKeyGTiks8NQ0k2zHWrJa3gaK7Kirj84QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIxLoTljjvkJVikJT/70MaUjy0G+MB8GA1UdIwQY
MBaAFP/b+9tul13cqPbdlow3p9VWDmkdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUt
MTk3NjlmNTc4ZWZkLzEvakV1aE9XT08tUWxXS1FsUF92UXhwU1BMUWI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUtMTk3NjlmNTc4ZWZk
LzEvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgLpxgMF
ACoTbMYwDQYJKoZIhvcNAQELBQADggEBAC4k6Xf9Sitlm6u0zlT1155K3HGRz6FL
JxJEBMjy8NVTSb676WyYeJ0lHCW8T6hfavVHnNXy9CP0ipkpDQU/ImVjFIMG1sv5
OYIi2uguY6i4VaOKWssmqGDUQKr28OdJxSWtt7uhM9xgDZv8+HkJjxK4YUzXjmEf
t2ir4seYjnnOMuEz3XrcPNXo5/7bTdREd9xGUk/vz7RRhaIHGNbrykni3rY//P4S
JX0PmrsHWYpOr+Eq5TMHcJBoGp/FuCFsOUROy+6HZyvhWBqB7Da6mrFzSRaX1W+z
qtcvqiT+FU+cMkapa+B951MfUzm2UIZgrySdHpdU0fo9trihwTdQ1rU=
-----END CERTIFICATE-----