Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/_GUEYp_ZvXFjTzg6X0GYxguDxqk.roa
File:                     _GUEYp_ZvXFjTzg6X0GYxguDxqk.roa (raw, json)
Hash identifier:          ILywVwzLVmDK7onvjHWRnavh4R3aawRApY/DmqcCPJA=
Subject key identifier:   FC:65:04:62:9F:D9:BD:71:63:4F:38:3A:5F:41:98:C6:0B:83:C6:A9
Certificate issuer:       /CN=2ca61567cb1099855117008fd1d36aa8ada96faf
Certificate serial:       01977768F98302ACE9FDF49D9D55A3546DE3
Authority key identifier: 2C:A6:15:67:CB:10:99:85:51:17:00:8F:D1:D3:6A:A8:AD:A9:6F:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LKYVZ8sQmYVRFwCP0dNqqK2pb68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/_GUEYp_ZvXFjTzg6X0GYxguDxqk.roa
Signing time:             Mon 16 Jun 2025 06:24:17 +0000
ROA not before:           Mon 16 Jun 2025 06:24:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216412
IP address blocks:        2a01:f100:1f8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/LKYVZ8sQmYVRFwCP0dNqqK2pb68.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/LKYVZ8sQmYVRFwCP0dNqqK2pb68.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LKYVZ8sQmYVRFwCP0dNqqK2pb68.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 12:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:77:68:f9:83:02:ac:e9:fd:f4:9d:9d:55:a3:54:6d:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ca61567cb1099855117008fd1d36aa8ada96faf
        Validity
            Not Before: Jun 16 06:24:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc6504629fd9bd71634f383a5f4198c60b83c6a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:59:3b:64:85:41:88:9c:5e:57:2d:69:83:b0:
                    61:59:bc:41:1d:c4:f0:10:86:d0:4a:90:58:ac:ac:
                    08:fe:e9:f2:1d:a9:9e:ac:a4:26:dc:3e:6d:0c:a4:
                    9c:20:c3:e7:be:28:d8:21:77:ab:00:d2:3b:9b:c6:
                    91:c6:98:1d:6c:02:f7:dd:a2:49:12:1a:ef:7c:78:
                    23:0b:aa:f6:63:b8:45:61:4c:dd:6c:3b:38:32:4f:
                    8f:9c:ff:fc:08:7e:83:b6:97:60:d5:44:25:06:17:
                    fb:08:c2:c8:3c:28:8f:47:c2:ef:97:3e:4b:5b:d4:
                    cd:6b:ae:f4:b0:22:0c:ac:95:0e:ef:da:95:a4:f0:
                    69:7c:6d:e5:30:d7:f4:a8:1c:91:07:ca:8c:62:5b:
                    f6:ca:de:c0:64:df:ce:2d:0b:0b:d5:d2:58:0d:3c:
                    96:d6:74:9e:fd:b4:26:4e:14:4e:11:2f:56:58:70:
                    68:0c:ce:94:51:03:9d:c8:c4:6b:b8:49:c6:88:8a:
                    f3:d9:d7:d5:42:67:ea:1f:8e:6c:06:89:67:5d:f2:
                    66:b8:c2:71:d7:1d:33:02:79:e5:82:0d:9d:72:34:
                    3a:1f:12:80:64:6d:c3:e7:87:08:a1:b2:d0:31:42:
                    93:71:01:f8:30:f5:dc:61:50:8e:45:8f:54:3a:7b:
                    52:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:65:04:62:9F:D9:BD:71:63:4F:38:3A:5F:41:98:C6:0B:83:C6:A9
            X509v3 Authority Key Identifier:
                keyid:2C:A6:15:67:CB:10:99:85:51:17:00:8F:D1:D3:6A:A8:AD:A9:6F:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LKYVZ8sQmYVRFwCP0dNqqK2pb68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/_GUEYp_ZvXFjTzg6X0GYxguDxqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/LKYVZ8sQmYVRFwCP0dNqqK2pb68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f100:1f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:4d:df:63:66:41:2f:f9:76:62:82:a3:a0:4e:69:b9:33:28:
         7c:0e:1f:1a:94:67:3f:21:39:29:32:62:fc:9f:95:56:44:87:
         73:a9:da:03:7e:0c:93:85:07:7c:bd:3c:19:58:39:24:6a:d9:
         ab:75:60:4a:99:2d:51:75:a4:5f:6a:e7:f5:dc:22:4e:3c:bb:
         4e:f3:41:1b:af:f3:c8:22:d1:2c:d9:33:79:9c:a7:33:f5:a5:
         0e:71:cc:7f:2d:cf:4f:0e:0a:41:3a:19:ab:f8:9b:79:8b:d9:
         e6:17:ab:eb:c7:4e:37:a5:1e:96:d7:ba:0d:c7:6d:9d:1f:11:
         de:0d:70:72:2e:0d:ac:35:10:31:fe:7b:d5:cd:e4:f0:3a:ec:
         cd:37:63:5d:39:da:92:72:75:9d:e6:37:f9:6b:34:dd:62:bd:
         9e:b4:4a:78:b3:ad:4e:29:23:fe:e3:41:e9:01:99:91:59:ef:
         bb:0d:05:ba:40:8a:08:c1:04:28:6e:06:e2:0d:51:02:42:9e:
         8c:e5:12:ef:b4:1f:d3:e9:a6:74:78:71:d6:cb:00:a7:e9:c9:
         23:f2:5e:3c:0b:f5:1c:38:a4:aa:b4:0d:77:97:86:c8:1b:e4:
         94:e5:99:80:67:4c:d9:aa:b4:0e:b5:67:a3:8b:56:78:61:2e:
         1a:a0:12:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZd3aPmDAqzp/fSdnVWjVG3jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYTYxNTY3Y2IxMDk5ODU1MTE3MDA4ZmQxZDM2YWE4YWRh
OTZmYWYwHhcNMjUwNjE2MDYyNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzY1MDQ2MjlmZDliZDcxNjM0ZjM4M2E1ZjQxOThjNjBiODNjNmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVk7ZIVBiJxeVy1pg7BhWbxBHcTw
EIbQSpBYrKwI/unyHamerKQm3D5tDKScIMPnvijYIXerANI7m8aRxpgdbAL33aJJ
EhrvfHgjC6r2Y7hFYUzdbDs4Mk+PnP/8CH6Dtpdg1UQlBhf7CMLIPCiPR8Lvlz5L
W9TNa670sCIMrJUO79qVpPBpfG3lMNf0qByRB8qMYlv2yt7AZN/OLQsL1dJYDTyW
1nSe/bQmThROES9WWHBoDM6UUQOdyMRruEnGiIrz2dfVQmfqH45sBolnXfJmuMJx
1x0zAnnlgg2dcjQ6HxKAZG3D54cIobLQMUKTcQH4MPXcYVCORY9UOntSuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPxlBGKf2b1xY084Ol9BmMYLg8apMB8GA1UdIwQY
MBaAFCymFWfLEJmFURcAj9HTaqitqW+vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEtZVlo4c1FtWVZSRndDUDBkTnFxSzJwYjY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8yYTcxNGUtYzdkMy00N2I1LThjNTct
Y2FhN2Q1YjQ4MmM1LzEvX0dVRVlwX1p2WEZqVHpnNlgwR1l4Z3VEeHFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8yYTcxNGUtYzdkMy00N2I1LThjNTctY2FhN2Q1YjQ4MmM1
LzEvTEtZVlo4c1FtWVZSRndDUDBkTnFxSzJwYjY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgHxAAH4
MA0GCSqGSIb3DQEBCwUAA4IBAQCvTd9jZkEv+XZigqOgTmm5Myh8Dh8alGc/ITkp
MmL8n5VWRIdzqdoDfgyThQd8vTwZWDkkatmrdWBKmS1RdaRfauf13CJOPLtO80Eb
r/PIItEs2TN5nKcz9aUOccx/Lc9PDgpBOhmr+Jt5i9nmF6vrx043pR6W17oNx22d
HxHeDXByLg2sNRAx/nvVzeTwOuzNN2NdOdqScnWd5jf5azTdYr2etEp4s61OKSP+
40HpAZmRWe+7DQW6QIoIwQQobgbiDVECQp6M5RLvtB/T6aZ0eHHWywCn6ckj8l48
C/UcOKSqtA13l4bIG+SU5ZmAZ0zZqrQOtWeji1Z4YS4aoBId
-----END CERTIFICATE-----