Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/5og4i6PWufr9z5Wjmy447BF0MnI.roa
File:                     5og4i6PWufr9z5Wjmy447BF0MnI.roa (raw, json)
Hash identifier:          YCaN/g4v5C1rq4Auj9dFq70XUsiEkdYIlRGIBpOgVaM=
Subject key identifier:   E6:88:38:8B:A3:D6:B9:FA:FD:CF:95:A3:9B:2E:38:EC:11:74:32:72
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       0197A759F6E6567FDE9BEC999618BA3052B4
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/5og4i6PWufr9z5Wjmy447BF0MnI.roa
Signing time:             Wed 25 Jun 2025 13:49:40 +0000
ROA not before:           Wed 25 Jun 2025 13:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209183
IP address blocks:        2a0c:f642::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a7:59:f6:e6:56:7f:de:9b:ec:99:96:18:ba:30:52:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Jun 25 13:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e688388ba3d6b9fafdcf95a39b2e38ec11743272
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3e:14:50:e2:f3:c5:e1:6b:c3:a5:a6:4a:cf:
                    2f:ec:8b:fa:bd:78:78:99:bb:69:8f:ee:2a:bd:3d:
                    a3:0f:32:74:82:61:9c:f9:aa:86:45:2c:23:39:77:
                    f6:f8:30:09:4c:f1:57:eb:cb:a5:29:0b:e9:d6:25:
                    73:6c:18:7f:80:8a:32:1b:f3:11:74:5a:6a:ef:46:
                    47:71:cc:bf:88:cf:f6:07:27:36:69:f8:17:0f:ac:
                    96:f2:3b:36:de:b6:d4:b0:d7:30:d9:d9:ee:84:9e:
                    b3:5f:72:1a:39:06:0e:b0:00:95:c2:08:99:1b:cb:
                    56:72:de:6e:10:16:61:4c:3d:38:72:d7:d5:20:f9:
                    39:b4:d7:01:1b:3f:1d:78:1d:48:de:f1:3c:75:2d:
                    70:10:79:68:85:b9:50:6d:83:1d:5a:ea:b7:64:41:
                    f0:e2:31:8a:bf:d7:b4:ca:4b:0e:28:24:3c:c6:e2:
                    33:64:73:b8:cb:bb:af:11:67:4b:7c:84:35:e0:1e:
                    d7:72:2b:38:b0:a2:42:7b:9d:ae:65:34:4a:0d:99:
                    86:06:af:35:a5:95:97:4c:c5:ea:69:95:42:0b:99:
                    81:34:dd:da:ab:cc:02:2d:dc:ea:a4:2c:be:37:e2:
                    71:14:fe:ca:07:7b:46:d0:a9:5a:e0:d8:bd:38:7d:
                    a0:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:88:38:8B:A3:D6:B9:FA:FD:CF:95:A3:9B:2E:38:EC:11:74:32:72
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/5og4i6PWufr9z5Wjmy447BF0MnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:f642::/32

    Signature Algorithm: sha256WithRSAEncryption
         5a:40:ca:57:8c:95:a6:1e:e0:68:ec:f4:82:02:46:31:d4:1f:
         0e:4d:99:90:fb:df:a3:e0:aa:aa:4e:00:64:6b:7b:71:45:41:
         57:1e:27:49:b6:2e:df:a7:e2:7e:cb:84:73:8e:11:32:9e:39:
         00:c3:a4:01:a7:9a:d4:42:f5:f3:65:b1:3b:54:35:69:62:ef:
         c2:e7:d7:e3:04:93:98:64:06:fa:30:73:d3:d8:f1:bd:9f:32:
         57:6b:0a:40:6b:a9:aa:b2:87:e6:84:76:97:14:06:69:d0:bd:
         ff:a1:53:63:67:26:92:2c:bf:90:a0:b5:cb:7d:c3:80:fa:c8:
         27:71:47:fc:d0:99:cb:4f:4a:41:82:58:ba:ef:cb:2e:b6:2c:
         30:be:be:e4:01:61:28:7a:87:a2:af:d5:3f:1e:68:d6:65:c6:
         b2:61:81:4a:37:0a:78:dd:1f:e8:0a:7d:e2:b5:2c:ef:b4:ee:
         c6:9c:4b:55:25:ab:47:c9:ee:81:b3:2e:2a:41:0e:52:5f:88:
         df:5c:b7:2d:90:7c:bf:bd:d0:7b:00:a2:7d:85:bf:30:2c:ec:
         f6:31:5b:7f:af:41:68:2e:02:f4:55:a3:60:ea:23:48:e1:88:
         bb:2c:b0:2e:fc:e2:7b:00:46:16:f7:da:cd:de:84:3c:85:62:
         b2:04:77:68
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZenWfbmVn/em+yZlhi6MFK0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjUwNjI1MTM0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjg4Mzg4YmEzZDZiOWZhZmRjZjk1YTM5YjJlMzhlYzExNzQzMjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD4UUOLzxeFrw6WmSs8v7Iv6vXh4
mbtpj+4qvT2jDzJ0gmGc+aqGRSwjOXf2+DAJTPFX68ulKQvp1iVzbBh/gIoyG/MR
dFpq70ZHccy/iM/2Byc2afgXD6yW8js23rbUsNcw2dnuhJ6zX3IaOQYOsACVwgiZ
G8tWct5uEBZhTD04ctfVIPk5tNcBGz8deB1I3vE8dS1wEHlohblQbYMdWuq3ZEHw
4jGKv9e0yksOKCQ8xuIzZHO4y7uvEWdLfIQ14B7Xcis4sKJCe52uZTRKDZmGBq81
pZWXTMXqaZVCC5mBNN3aq8wCLdzqpCy+N+JxFP7KB3tG0Kla4Ni9OH2goQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOaIOIuj1rn6/c+Vo5suOOwRdDJyMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvNW9nNGk2UFd1ZnI5ejVXam15NDQ3QkYwTW5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgz2QjAN
BgkqhkiG9w0BAQsFAAOCAQEAWkDKV4yVph7gaOz0ggJGMdQfDk2ZkPvfo+Cqqk4A
ZGt7cUVBVx4nSbYu36fifsuEc44RMp45AMOkAaea1EL182WxO1Q1aWLvwufX4wST
mGQG+jBz09jxvZ8yV2sKQGupqrKH5oR2lxQGadC9/6FTY2cmkiy/kKC1y33DgPrI
J3FH/NCZy09KQYJYuu/LLrYsML6+5AFhKHqHoq/VPx5o1mXGsmGBSjcKeN0f6Ap9
4rUs77TuxpxLVSWrR8nugbMuKkEOUl+I31y3LZB8v73QewCifYW/MCzs9jFbf69B
aC4C9FWjYOojSOGIuyywLvziewBGFvfazd6EPIVisgR3aA==
-----END CERTIFICATE-----