Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/YlKjKgaOiisW0FHjngmaioczr4Y.roa
File:                     YlKjKgaOiisW0FHjngmaioczr4Y.roa (raw, json)
Hash identifier:          FpDMBSbxjsLWLw0isR/r6zYDC4KzpsK8uQPc6tOVZcY=
Subject key identifier:   62:52:A3:2A:06:8E:8A:2B:16:D0:51:E3:9E:09:9A:8A:87:33:AF:86
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       01978970D7E09830F47CD5E92F4A29D8C80D
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/YlKjKgaOiisW0FHjngmaioczr4Y.roa
Signing time:             Thu 19 Jun 2025 18:26:03 +0000
ROA not before:           Thu 19 Jun 2025 18:26:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29182
IP address blocks:        2a12:41c7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:89:70:d7:e0:98:30:f4:7c:d5:e9:2f:4a:29:d8:c8:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Jun 19 18:26:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6252a32a068e8a2b16d051e39e099a8a8733af86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:05:0c:e7:0e:76:99:c8:6d:85:3e:b3:b2:5b:
                    98:b8:60:38:2b:29:77:04:c8:cd:d1:19:ae:be:55:
                    b7:eb:93:91:2f:2e:16:00:58:31:84:46:55:b9:0f:
                    76:0e:54:0b:bf:d0:32:fc:4b:96:c7:0d:90:f3:cf:
                    0f:64:9d:a2:0f:29:17:04:48:ac:c7:42:06:df:ad:
                    0d:e2:57:50:c6:97:e8:d5:11:ce:92:d3:8c:ae:9b:
                    9e:54:d9:61:b0:6f:6e:fd:b4:0a:10:b0:24:92:11:
                    cd:a8:12:2b:66:e3:bb:de:89:12:8a:ae:ad:ba:9b:
                    25:ca:e2:7d:06:cc:4b:b7:67:c3:66:72:83:15:ca:
                    59:09:6b:f5:d7:d8:f9:4f:60:11:15:70:6a:5f:99:
                    92:f7:ef:e3:6f:ae:83:f6:33:2b:1b:48:86:74:d1:
                    e2:7c:18:c5:1c:5a:6b:20:38:ec:1c:a4:55:77:c0:
                    6f:5f:fa:00:e9:6d:e0:87:f7:f9:45:19:98:a1:59:
                    61:52:72:e5:46:e3:33:a2:65:3f:9f:9c:4e:6e:2e:
                    f8:14:2b:60:b5:33:33:bc:94:af:d2:ed:ba:4f:83:
                    b5:16:ab:3e:25:ef:c8:18:6d:72:9b:b0:e9:22:5d:
                    6f:44:ec:9b:5f:b3:93:d2:79:c9:37:8f:ea:78:02:
                    b6:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:52:A3:2A:06:8E:8A:2B:16:D0:51:E3:9E:09:9A:8A:87:33:AF:86
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/YlKjKgaOiisW0FHjngmaioczr4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:41c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         c1:c7:d1:00:91:ef:7b:5f:4e:d2:df:b9:cb:51:3e:7b:8e:80:
         93:30:61:13:e2:04:eb:b0:63:f4:af:fa:52:63:1e:a8:05:c9:
         05:95:9d:83:90:9e:c8:80:17:ce:04:65:3c:15:bf:93:35:8b:
         68:11:a4:d9:ac:78:f5:7e:ea:a2:ff:04:0c:d9:19:2d:c0:94:
         3a:d5:ac:31:e0:cb:d8:3e:63:35:41:b7:03:dc:7d:2f:47:3f:
         d4:ca:3f:e2:fc:b1:02:36:c4:26:88:47:5b:59:e7:5d:34:f9:
         f3:cd:75:c8:0c:78:8a:1a:0b:b6:f9:68:a9:a4:c7:90:a0:83:
         cf:c1:36:94:ad:cf:3b:a0:a2:2e:de:3c:31:46:57:f4:79:e4:
         20:30:70:85:0f:5d:4f:1a:08:49:af:82:7f:d7:f7:79:78:d3:
         d9:4b:57:b4:db:8d:77:3a:fc:69:a0:97:c7:e0:f2:9e:5e:02:
         bd:c9:38:dd:19:a6:1a:32:a0:d7:5c:c0:eb:09:5c:d2:60:ce:
         3b:51:d1:3b:f5:31:30:42:41:7a:bd:46:30:87:b7:ba:f5:25:
         89:bd:43:dd:bc:d2:be:2f:17:b2:a4:e6:12:03:2c:ba:a1:40:
         1f:cd:cc:86:ea:be:54:12:43:9f:6a:1b:f0:ed:0c:f7:42:25:
         60:24:3f:26
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZeJcNfgmDD0fNXpL0op2MgNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwNjE5MTgyNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjUyYTMyYTA2OGU4YTJiMTZkMDUxZTM5ZTA5OWE4YTg3MzNhZjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQUM5w52mchthT6zsluYuGA4Kyl3
BMjN0RmuvlW365ORLy4WAFgxhEZVuQ92DlQLv9Ay/EuWxw2Q888PZJ2iDykXBEis
x0IG360N4ldQxpfo1RHOktOMrpueVNlhsG9u/bQKELAkkhHNqBIrZuO73okSiq6t
upslyuJ9BsxLt2fDZnKDFcpZCWv119j5T2ARFXBqX5mS9+/jb66D9jMrG0iGdNHi
fBjFHFprIDjsHKRVd8BvX/oA6W3gh/f5RRmYoVlhUnLlRuMzomU/n5xObi74FCtg
tTMzvJSv0u26T4O1Fqs+Je/IGG1ym7DpIl1vROybX7OT0nnJN4/qeAK2/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGJSoyoGjoorFtBR454JmoqHM6+GMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvWWxLaktnYU9paXNXMEZIam5nbWFpb2N6cjRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhJBxzAN
BgkqhkiG9w0BAQsFAAOCAQEAwcfRAJHve19O0t+5y1E+e46AkzBhE+IE67Bj9K/6
UmMeqAXJBZWdg5CeyIAXzgRlPBW/kzWLaBGk2ax49X7qov8EDNkZLcCUOtWsMeDL
2D5jNUG3A9x9L0c/1Mo/4vyxAjbEJohHW1nnXTT58811yAx4ihoLtvloqaTHkKCD
z8E2lK3PO6CiLt48MUZX9HnkIDBwhQ9dTxoISa+Cf9f3eXjT2UtXtNuNdzr8aaCX
x+Dynl4Cvck43RmmGjKg11zA6wlc0mDOO1HRO/UxMEJBer1GMIe3uvUlib1D3bzS
vi8XsqTmEgMsuqFAH83Mhuq+VBJDn2ob8O0M90IlYCQ/Jg==
-----END CERTIFICATE-----