Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/Akp64JiXPw5xx332GRuPYCJ0yv8.roa
File:                     Akp64JiXPw5xx332GRuPYCJ0yv8.roa (raw, json)
Hash identifier:          q7vqZf3IzcgIJ116RXxXJ/Ot8N/TeIRTFA1YSdhKd28=
Subject key identifier:   02:4A:7A:E0:98:97:3F:0E:71:C7:7D:F6:19:1B:8F:60:22:74:CA:FF
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       019687D95958092EC51FAC8AF03F1184B527
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/Akp64JiXPw5xx332GRuPYCJ0yv8.roa
Signing time:             Wed 30 Apr 2025 17:58:10 +0000
ROA not before:           Wed 30 Apr 2025 17:58:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61400
IP address blocks:        2a0d:adc3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 14:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:87:d9:59:58:09:2e:c5:1f:ac:8a:f0:3f:11:84:b5:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Apr 30 17:58:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=024a7ae098973f0e71c77df6191b8f602274caff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:cb:6d:d6:7d:58:e6:2a:f9:02:24:90:c6:e0:
                    0e:8a:12:b4:03:e5:ec:8d:26:81:c8:52:25:61:bf:
                    6d:6e:1b:07:87:5a:32:a9:13:9c:7d:f4:82:bc:22:
                    da:8f:91:26:b1:0d:17:a9:6e:b1:45:00:51:50:73:
                    87:9e:6f:f6:9a:1b:d2:6a:e5:37:f5:67:30:56:60:
                    52:fe:10:c8:4f:04:02:e2:4d:fa:4c:83:76:6b:d4:
                    69:1c:31:05:c5:c9:e6:2e:b2:79:92:95:36:31:cd:
                    45:a5:42:37:42:1f:f8:dd:69:dc:79:fa:c9:8c:df:
                    cb:79:b4:7c:d5:23:ba:ab:d5:3b:c1:fc:08:21:1e:
                    19:3d:5e:31:8c:33:36:bc:ae:da:69:b3:14:52:d7:
                    b5:88:e2:27:8b:96:bc:84:ba:b9:01:1e:07:8c:14:
                    a8:86:1f:75:0f:5d:34:ce:28:c6:76:2d:78:0d:7c:
                    ab:c8:27:12:44:8f:0f:82:cd:7c:d9:44:cc:4b:a9:
                    2b:ed:33:b9:2f:f0:bb:c4:c2:91:ae:04:07:09:b0:
                    04:3b:80:78:1d:b8:ef:6b:43:50:04:75:55:58:7f:
                    f2:c0:4a:f7:3c:b9:d2:4e:dc:6d:90:88:c6:14:82:
                    68:2d:97:70:f4:be:3c:c1:57:6c:a9:56:90:c7:2a:
                    2a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:4A:7A:E0:98:97:3F:0E:71:C7:7D:F6:19:1B:8F:60:22:74:CA:FF
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/Akp64JiXPw5xx332GRuPYCJ0yv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:adc3::/32

    Signature Algorithm: sha256WithRSAEncryption
         c7:09:89:23:a8:18:9b:d7:8b:bb:5b:a6:d4:ce:6e:17:78:f5:
         c2:b8:2c:57:be:b7:89:34:d3:61:5f:de:f3:2a:f7:78:11:6e:
         89:5d:27:83:1f:74:63:a2:9e:d9:8c:70:34:60:9e:d3:5a:13:
         fa:9a:d6:e9:64:6e:46:15:59:90:23:46:e3:9d:67:72:48:b2:
         ba:c6:97:63:5d:b7:03:a1:0e:c6:e3:a0:61:06:f3:da:c6:d4:
         b1:fe:4b:1e:73:07:42:a4:03:d9:a1:20:fa:01:54:d3:0a:06:
         ba:bd:a5:7e:0b:15:0a:41:02:ad:50:5f:cc:f1:1d:e8:51:b7:
         5a:50:5f:d8:c1:55:8b:4f:6a:e3:87:51:37:24:8e:ec:08:20:
         85:a3:ea:28:38:3d:dc:29:de:31:4e:d6:b4:f1:4a:0a:d0:37:
         96:18:07:dc:2f:3e:79:12:4f:70:dc:fa:b1:1b:d7:35:93:6c:
         d0:31:28:5b:53:57:58:f3:a9:73:ad:c5:5c:b5:34:8a:e9:00:
         47:08:49:73:0e:b9:58:4d:a2:06:40:21:8b:9f:cc:f7:80:64:
         87:2b:4f:66:43:66:70:3e:6e:3e:51:a6:31:21:9f:67:76:0f:
         b6:e7:1b:d8:48:f9:86:28:fc:85:fc:44:02:d7:49:44:c9:74:
         9a:54:8a:75
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZaH2VlYCS7FH6yK8D8RhLUnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwNDMwMTc1ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjRhN2FlMDk4OTczZjBlNzFjNzdkZjYxOTFiOGY2MDIyNzRjYWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMtt1n1Y5ir5AiSQxuAOihK0A+Xs
jSaByFIlYb9tbhsHh1oyqROcffSCvCLaj5EmsQ0XqW6xRQBRUHOHnm/2mhvSauU3
9WcwVmBS/hDITwQC4k36TIN2a9RpHDEFxcnmLrJ5kpU2Mc1FpUI3Qh/43WncefrJ
jN/LebR81SO6q9U7wfwIIR4ZPV4xjDM2vK7aabMUUte1iOIni5a8hLq5AR4HjBSo
hh91D100zijGdi14DXyryCcSRI8Pgs182UTMS6kr7TO5L/C7xMKRrgQHCbAEO4B4
Hbjva0NQBHVVWH/ywEr3PLnSTtxtkIjGFIJoLZdw9L48wVdsqVaQxyoqsQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAJKeuCYlz8Occd99hkbj2AidMr/MB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvQWtwNjRKaVhQdzV4eDMzMkdSdVBZQ0oweXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg2twzAN
BgkqhkiG9w0BAQsFAAOCAQEAxwmJI6gYm9eLu1um1M5uF3j1wrgsV763iTTTYV/e
8yr3eBFuiV0ngx90Y6Ke2YxwNGCe01oT+prW6WRuRhVZkCNG451nckiyusaXY123
A6EOxuOgYQbz2sbUsf5LHnMHQqQD2aEg+gFU0woGur2lfgsVCkECrVBfzPEd6FG3
WlBf2MFVi09q44dRNySO7AgghaPqKDg93CneMU7WtPFKCtA3lhgH3C8+eRJPcNz6
sRvXNZNs0DEoW1NXWPOpc63FXLU0iukARwhJcw65WE2iBkAhi5/M94BkhytPZkNm
cD5uPlGmMSGfZ3YPtucb2Ej5hij8hfxEAtdJRMl0mlSKdQ==
-----END CERTIFICATE-----