Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/d67087-765b-46eb-808c-677bab613aff/1/ghemx7_KeR2Mo7Zd7b3Yw7Rm5m0.roa
File:                     ghemx7_KeR2Mo7Zd7b3Yw7Rm5m0.roa (raw, json)
Hash identifier:          dfuZiKRSGnfBsJSrGQVK/jOI9vvcNJZDWJg5sUNCJuk=
Subject key identifier:   82:17:A6:C7:BF:CA:79:1D:8C:A3:B6:5D:ED:BD:D8:C3:B4:66:E6:6D
Certificate issuer:       /CN=dfecad56eaae1235fa788e4ead3922c296e283a5
Certificate serial:       0196AB39BE8DF56FC41CC19BB18DD7DF4A8E
Authority key identifier: DF:EC:AD:56:EA:AE:12:35:FA:78:8E:4E:AD:39:22:C2:96:E2:83:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3-ytVuquEjX6eI5OrTkiwpbig6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/d67087-765b-46eb-808c-677bab613aff/1/ghemx7_KeR2Mo7Zd7b3Yw7Rm5m0.roa
Signing time:             Wed 07 May 2025 14:50:10 +0000
ROA not before:           Wed 07 May 2025 14:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202391
IP address blocks:        2a0e:2300::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/d67087-765b-46eb-808c-677bab613aff/1/3-ytVuquEjX6eI5OrTkiwpbig6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/d67087-765b-46eb-808c-677bab613aff/1/3-ytVuquEjX6eI5OrTkiwpbig6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3-ytVuquEjX6eI5OrTkiwpbig6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ab:39:be:8d:f5:6f:c4:1c:c1:9b:b1:8d:d7:df:4a:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfecad56eaae1235fa788e4ead3922c296e283a5
        Validity
            Not Before: May  7 14:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8217a6c7bfca791d8ca3b65dedbdd8c3b466e66d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:3f:86:0f:9b:76:4e:5e:f9:32:b6:b7:8c:4a:
                    a4:c3:c2:ec:77:86:71:42:df:54:3c:3e:cf:1f:e0:
                    14:85:ba:d3:ff:00:08:9a:ee:b7:f3:6c:06:ae:b9:
                    ce:48:9d:c2:ac:3d:16:87:35:54:99:3d:e4:36:98:
                    31:af:0c:2f:b6:35:aa:ff:96:da:2f:fd:90:1f:eb:
                    76:bb:c2:6f:27:74:56:6a:7b:cd:27:32:0f:f7:17:
                    59:eb:83:d0:8c:f1:e4:7d:be:18:9c:f0:dc:5b:2a:
                    0e:ab:0c:9d:f8:ea:d1:f9:ec:1f:8b:ee:65:51:13:
                    c5:4d:a5:7e:98:46:54:f3:e8:6a:f0:8d:45:65:23:
                    9e:54:ab:c8:10:82:a5:f5:9a:e8:eb:79:52:3d:c7:
                    09:f1:83:4f:47:4a:93:7e:21:42:08:58:d1:f7:a6:
                    a6:34:14:dc:01:24:9f:a4:90:62:6c:fa:90:6c:49:
                    d3:25:10:ae:ca:14:21:a1:8b:b9:cc:73:5c:56:be:
                    f7:f9:42:80:5e:37:ae:43:92:14:68:2a:4f:b1:d3:
                    e5:3a:ed:3a:56:17:51:30:0e:3d:7b:fd:81:5f:19:
                    74:f7:37:9e:f9:ca:33:7b:b1:4a:45:35:f4:65:df:
                    19:e2:e4:2f:6b:e9:68:4f:5c:ea:fc:67:9e:e6:81:
                    6e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:17:A6:C7:BF:CA:79:1D:8C:A3:B6:5D:ED:BD:D8:C3:B4:66:E6:6D
            X509v3 Authority Key Identifier:
                keyid:DF:EC:AD:56:EA:AE:12:35:FA:78:8E:4E:AD:39:22:C2:96:E2:83:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-ytVuquEjX6eI5OrTkiwpbig6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/d67087-765b-46eb-808c-677bab613aff/1/ghemx7_KeR2Mo7Zd7b3Yw7Rm5m0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/d67087-765b-46eb-808c-677bab613aff/1/3-ytVuquEjX6eI5OrTkiwpbig6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:2300::/29

    Signature Algorithm: sha256WithRSAEncryption
         97:88:6b:82:c2:db:02:35:c3:2d:a8:bc:fd:6d:4d:fc:b6:06:
         6b:fc:c7:7a:13:a7:37:3b:97:96:a7:c6:0d:f0:cc:fc:be:3a:
         2e:ce:cd:c0:c8:a2:22:8a:15:09:84:dd:27:a9:80:df:43:10:
         bb:00:39:f1:e2:05:d8:09:e0:fa:51:79:7c:81:c8:5f:b0:81:
         61:b5:72:cc:e6:87:1e:51:05:bc:be:fe:39:04:b0:8f:1d:cb:
         03:f1:63:7f:5d:6c:26:ef:f9:d9:7e:4c:bd:eb:fd:25:3b:97:
         b0:ee:5a:ab:d9:d7:6a:70:b1:2e:fb:2b:c7:a8:cc:85:f4:9a:
         73:2d:28:94:73:f2:20:ec:75:5f:c2:54:51:c8:0b:7a:35:b5:
         e0:a5:74:28:10:09:49:b8:45:7e:7d:ec:99:cd:1e:be:85:bb:
         4e:31:6f:5d:ca:da:42:ed:73:d1:71:4d:21:c2:47:30:49:68:
         75:ab:a5:90:ea:6a:a1:c1:73:f4:2b:82:a0:7b:1f:c8:2c:2a:
         aa:1f:67:66:e3:68:93:fb:18:18:47:9d:52:7c:ba:3e:02:a6:
         08:50:ca:10:29:27:cf:07:1c:08:5f:b4:4e:13:a7:19:74:d6:
         40:29:c9:7f:05:8d:17:4a:80:55:13:4b:f7:3d:aa:c8:7e:3e:
         07:d1:85:93
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZarOb6N9W/EHMGbsY3X30qOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWNhZDU2ZWFhZTEyMzVmYTc4OGU0ZWFkMzkyMmMyOTZl
MjgzYTUwHhcNMjUwNTA3MTQ1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjE3YTZjN2JmY2E3OTFkOGNhM2I2NWRlZGJkZDhjM2I0NjZlNjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmD+GD5t2Tl75Mra3jEqkw8Lsd4Zx
Qt9UPD7PH+AUhbrT/wAImu6382wGrrnOSJ3CrD0WhzVUmT3kNpgxrwwvtjWq/5ba
L/2QH+t2u8JvJ3RWanvNJzIP9xdZ64PQjPHkfb4YnPDcWyoOqwyd+OrR+ewfi+5l
URPFTaV+mEZU8+hq8I1FZSOeVKvIEIKl9Zro63lSPccJ8YNPR0qTfiFCCFjR96am
NBTcASSfpJBibPqQbEnTJRCuyhQhoYu5zHNcVr73+UKAXjeuQ5IUaCpPsdPlOu06
VhdRMA49e/2BXxl09zee+coze7FKRTX0Zd8Z4uQva+loT1zq/Gee5oFuDwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIIXpse/ynkdjKO2Xe292MO0ZuZtMB8GA1UdIwQY
MBaAFN/srVbqrhI1+niOTq05IsKW4oOlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy15dFZ1cXVFalg2ZUk1T3JUa2l3cGJpZzZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9kNjcwODctNzY1Yi00NmViLTgwOGMt
Njc3YmFiNjEzYWZmLzEvZ2hlbXg3X0tlUjJNbzdaZDdiM1l3N1JtNW0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9kNjcwODctNzY1Yi00NmViLTgwOGMtNjc3YmFiNjEzYWZm
LzEvMy15dFZ1cXVFalg2ZUk1T3JUa2l3cGJpZzZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg4jADAN
BgkqhkiG9w0BAQsFAAOCAQEAl4hrgsLbAjXDLai8/W1N/LYGa/zHehOnNzuXlqfG
DfDM/L46Ls7NwMiiIooVCYTdJ6mA30MQuwA58eIF2Ang+lF5fIHIX7CBYbVyzOaH
HlEFvL7+OQSwjx3LA/Fjf11sJu/52X5Mvev9JTuXsO5aq9nXanCxLvsrx6jMhfSa
cy0olHPyIOx1X8JUUcgLejW14KV0KBAJSbhFfn3smc0evoW7TjFvXcraQu1z0XFN
IcJHMElodaulkOpqocFz9CuCoHsfyCwqqh9nZuNok/sYGEedUny6PgKmCFDKECkn
zwccCF+0ThOnGXTWQCnJfwWNF0qAVRNL9z2qyH4+B9GFkw==
-----END CERTIFICATE-----