Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/9C0mIaPBG-iVuzLxGxDQPqp6IbY.roa
File:                     9C0mIaPBG-iVuzLxGxDQPqp6IbY.roa (raw, json)
Hash identifier:          CcCj1h0WVuGVZfPi7NWEF6h5skrN5TvojZEnjKgrvbQ=
Subject key identifier:   F4:2D:26:21:A3:C1:1B:E8:95:BB:32:F1:1B:10:D0:3E:AA:7A:21:B6
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       0197B231E044454E35A6213F47916F0FA064
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/9C0mIaPBG-iVuzLxGxDQPqp6IbY.roa
Signing time:             Fri 27 Jun 2025 16:21:42 +0000
ROA not before:           Fri 27 Jun 2025 16:21:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204916
IP address blocks:        2a11:21c2::/32 maxlen: 32
                          2a12:24c1::/32 maxlen: 32
                          2a12:35c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b2:31:e0:44:45:4e:35:a6:21:3f:47:91:6f:0f:a0:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Jun 27 16:21:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f42d2621a3c11be895bb32f11b10d03eaa7a21b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:33:22:48:bf:a2:84:0e:31:d3:7f:0c:86:f9:
                    43:44:3a:fe:89:aa:a3:ad:7b:25:ef:b4:f2:b6:99:
                    3d:a8:20:66:59:fe:80:c6:db:3c:39:25:e1:9e:d4:
                    af:d3:44:77:d0:c7:ed:32:34:6b:7c:f3:c4:9b:df:
                    5c:2c:47:c7:75:26:3e:98:e6:12:81:70:e7:2f:b6:
                    c7:69:0e:a0:bb:7d:0f:c2:17:7e:c4:4f:69:1b:e4:
                    7b:58:e0:a8:8b:d7:2a:47:01:c4:b7:9d:69:83:45:
                    0b:37:3c:a8:b3:cd:d7:5f:1a:cb:52:0c:01:75:c6:
                    50:75:55:85:f5:d2:8c:87:91:10:63:b9:79:d7:4c:
                    97:dd:62:62:70:86:21:20:dc:f3:8d:8c:cf:5b:71:
                    15:33:6b:58:cf:fb:c4:ad:d7:e1:21:13:fa:84:a0:
                    be:41:91:a9:99:76:28:4c:8e:49:34:0b:71:bd:c5:
                    5f:0d:4e:b4:2b:a6:1e:44:a1:dd:5a:86:03:1f:ff:
                    d9:b0:68:96:86:9f:fe:26:83:05:5f:9a:1c:45:ef:
                    c9:9a:85:c0:45:35:7b:a9:05:e0:be:a9:e0:fa:96:
                    ac:9d:a8:b2:04:ee:35:9f:ce:26:82:5c:88:45:c6:
                    19:96:52:db:56:37:fe:0f:91:19:31:be:94:25:6b:
                    b7:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:2D:26:21:A3:C1:1B:E8:95:BB:32:F1:1B:10:D0:3E:AA:7A:21:B6
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/9C0mIaPBG-iVuzLxGxDQPqp6IbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:21c2::/32
                  2a12:24c1::/32
                  2a12:35c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:b1:8f:0a:32:43:c8:92:1d:50:dd:3e:c8:02:db:38:fc:a7:
         8a:8a:ec:69:04:3a:cf:59:d9:c6:02:4d:54:df:23:90:2b:1e:
         d9:83:5e:73:55:2a:ee:18:53:39:c0:10:ed:1d:8f:b9:d9:f6:
         f6:2e:3e:cb:5b:a3:14:75:05:8f:f8:8b:de:a5:73:39:af:f2:
         04:de:f1:89:24:7f:eb:d2:e6:71:ff:74:8d:d2:b9:0c:ae:df:
         81:af:50:97:46:20:00:78:e3:4b:f8:88:2f:b9:04:56:fd:43:
         68:3d:b3:e5:c2:9b:19:28:df:bd:fc:c0:b0:ef:ad:08:80:bb:
         00:71:fd:4d:e4:c3:4a:be:a8:28:b2:35:c2:e8:74:ba:99:e3:
         69:c7:90:30:09:8b:48:45:82:96:12:16:ac:e9:3f:19:f9:ef:
         ff:4f:09:f2:df:58:ff:22:3f:12:ac:b0:5f:bf:ef:7b:ba:c4:
         94:20:44:f1:d3:e0:72:6a:c0:27:f7:1c:4c:f7:11:e9:3f:00:
         10:0a:07:be:a4:4d:89:55:29:a1:3b:30:bd:e3:cb:72:c5:92:
         2e:80:a2:81:af:bf:7c:68:d9:da:be:fe:71:b6:92:80:b2:62:
         c3:34:03:98:bd:2e:07:44:3c:6f:0e:74:19:f8:f8:38:0e:0a:
         d1:ac:81:24
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZeyMeBERU41piE/R5FvD6BkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwNjI3MTYyMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDJkMjYyMWEzYzExYmU4OTViYjMyZjExYjEwZDAzZWFhN2EyMWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDMiSL+ihA4x038MhvlDRDr+iaqj
rXsl77Tytpk9qCBmWf6Axts8OSXhntSv00R30MftMjRrfPPEm99cLEfHdSY+mOYS
gXDnL7bHaQ6gu30Pwhd+xE9pG+R7WOCoi9cqRwHEt51pg0ULNzyos83XXxrLUgwB
dcZQdVWF9dKMh5EQY7l510yX3WJicIYhINzzjYzPW3EVM2tYz/vErdfhIRP6hKC+
QZGpmXYoTI5JNAtxvcVfDU60K6YeRKHdWoYDH//ZsGiWhp/+JoMFX5ocRe/JmoXA
RTV7qQXgvqng+pasnaiyBO41n84mglyIRcYZllLbVjf+D5EZMb6UJWu38wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPQtJiGjwRvolbsy8RsQ0D6qeiG2MB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvOUMwbUlhUEJHLWlWdXpMeEd4RFFQcXA2SWJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKhEhwgMF
ACoSJMEDBQAqEjXFMA0GCSqGSIb3DQEBCwUAA4IBAQBYsY8KMkPIkh1Q3T7IAts4
/KeKiuxpBDrPWdnGAk1U3yOQKx7Zg15zVSruGFM5wBDtHY+52fb2Lj7LW6MUdQWP
+IvepXM5r/IE3vGJJH/r0uZx/3SN0rkMrt+Br1CXRiAAeONL+IgvuQRW/UNoPbPl
wpsZKN+9/MCw760IgLsAcf1N5MNKvqgosjXC6HS6meNpx5AwCYtIRYKWEhas6T8Z
+e//Twny31j/Ij8SrLBfv+97usSUIETx0+ByasAn9xxM9xHpPwAQCge+pE2JVSmh
OzC948tyxZIugKKBr798aNnavv5xtpKAsmLDNAOYvS4HRDxvDnQZ+Pg4DgrRrIEk
-----END CERTIFICATE-----