Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/9nL5_P24JLKYMiakkVMo6TlgCug.roa
File:                     9nL5_P24JLKYMiakkVMo6TlgCug.roa (raw, json)
Hash identifier:          fWkZp6QpsCRR5QNNT0hz/+58v4Qis8o4l0c2LUn7tD0=
Subject key identifier:   F6:72:F9:FC:FD:B8:24:B2:98:32:26:A4:91:53:28:E9:39:60:0A:E8
Certificate issuer:       /CN=61b534437503668815add93cd17d0ad3e1b1a877
Certificate serial:       01990501ECFDA78CA2855081479BA7113251
Authority key identifier: 61:B5:34:43:75:03:66:88:15:AD:D9:3C:D1:7D:0A:D3:E1:B1:A8:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbU0Q3UDZogVrdk80X0K0-GxqHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/9nL5_P24JLKYMiakkVMo6TlgCug.roa
Signing time:             Mon 01 Sep 2025 11:20:36 +0000
ROA not before:           Mon 01 Sep 2025 11:20:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25596
IP address blocks:        2a02:58::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/YbU0Q3UDZogVrdk80X0K0-GxqHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/YbU0Q3UDZogVrdk80X0K0-GxqHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbU0Q3UDZogVrdk80X0K0-GxqHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:05:01:ec:fd:a7:8c:a2:85:50:81:47:9b:a7:11:32:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b534437503668815add93cd17d0ad3e1b1a877
        Validity
            Not Before: Sep  1 11:20:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f672f9fcfdb824b2983226a4915328e939600ae8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:a0:b5:fb:94:01:0c:70:e2:7c:c4:70:70:d1:
                    7f:3f:5f:f4:ee:bb:17:e7:a4:6e:1d:54:06:8d:75:
                    70:a1:9b:c6:28:58:b5:c1:4b:f4:5e:09:b2:20:d5:
                    f2:f2:b9:b0:cb:40:0c:a2:7b:ee:05:f2:59:2c:a0:
                    ed:4c:78:6d:d5:18:f3:fa:c3:89:9d:dd:fb:e3:70:
                    85:e2:2d:93:b6:0f:b2:88:d6:f3:c4:a2:5d:5b:56:
                    8a:1d:86:8a:97:19:cd:0b:43:cd:09:6a:e7:cb:e1:
                    99:07:5d:04:95:96:e7:77:54:49:be:b3:7f:c8:d8:
                    58:57:b8:bc:1e:6b:ab:5b:e4:52:18:46:f6:8c:f4:
                    12:88:d5:1a:da:50:d3:c4:d8:96:2a:45:3e:f0:a4:
                    d1:6b:4c:7f:d5:51:10:4b:ab:ff:75:3c:a5:e4:95:
                    70:ad:fb:da:ed:ef:19:d1:cb:f7:64:8a:d9:61:bb:
                    c6:4f:de:49:21:20:4d:8f:ea:04:33:bc:3f:cb:49:
                    3a:c3:e8:6b:32:d5:49:f9:c1:21:4a:8f:04:14:d4:
                    9e:01:01:09:e1:39:7e:9b:e7:ef:3c:91:d3:9e:8a:
                    82:6f:eb:f2:27:d5:9b:d3:d3:52:e6:f6:8d:8e:c9:
                    2c:a2:da:68:5b:35:62:c5:1a:4f:75:c1:7f:7a:a9:
                    63:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:72:F9:FC:FD:B8:24:B2:98:32:26:A4:91:53:28:E9:39:60:0A:E8
            X509v3 Authority Key Identifier:
                keyid:61:B5:34:43:75:03:66:88:15:AD:D9:3C:D1:7D:0A:D3:E1:B1:A8:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbU0Q3UDZogVrdk80X0K0-GxqHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/9nL5_P24JLKYMiakkVMo6TlgCug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/YbU0Q3UDZogVrdk80X0K0-GxqHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:58::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:9c:c5:b9:c8:7b:d9:c0:f8:65:b6:3c:61:5f:76:a9:c0:db:
         5d:9b:1e:f9:ba:ab:32:b6:4d:50:9f:74:19:c9:d4:b7:03:89:
         46:89:c1:81:3c:b3:44:06:30:5f:4b:a7:fe:95:e6:00:79:ac:
         87:2a:b9:e2:72:4f:b1:3a:d0:2d:79:ad:63:88:6e:fa:07:f9:
         e0:80:eb:21:9b:dd:dd:d3:0e:77:9f:63:04:07:68:a2:55:55:
         82:be:e5:d3:a3:a8:29:c9:a6:4b:df:99:da:c5:2c:26:63:e2:
         01:3a:e1:f9:3a:18:b1:09:fd:a3:42:d2:d1:fb:ad:e3:53:91:
         f7:b8:d8:98:61:89:c3:3f:c9:3e:6a:bb:29:8c:da:82:e1:19:
         4e:cb:1d:a1:bb:d3:21:c5:12:3c:ac:42:de:ab:f2:f1:4a:bd:
         09:cb:fb:8d:16:69:e5:df:02:c5:44:ef:8f:6a:32:96:bd:bf:
         25:77:31:23:62:64:70:ba:51:26:7d:f7:55:7c:4c:a1:85:8e:
         9d:81:a9:7a:83:d8:37:ee:c2:78:45:1b:b0:aa:d7:e3:9e:ff:
         24:08:f0:72:8f:a8:57:b0:31:86:39:6c:41:44:ab:88:9c:b0:
         a1:52:c9:55:2d:54:03:e4:11:e4:4d:47:d0:ee:cf:e6:33:ab:
         6b:53:b6:89
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZkFAez9p4yihVCBR5unETJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjUzNDQzNzUwMzY2ODgxNWFkZDkzY2QxN2QwYWQzZTFi
MWE4NzcwHhcNMjUwOTAxMTEyMDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjcyZjlmY2ZkYjgyNGIyOTgzMjI2YTQ5MTUzMjhlOTM5NjAwYWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qC1+5QBDHDifMRwcNF/P1/07rsX
56RuHVQGjXVwoZvGKFi1wUv0XgmyINXy8rmwy0AMonvuBfJZLKDtTHht1Rjz+sOJ
nd3743CF4i2Ttg+yiNbzxKJdW1aKHYaKlxnNC0PNCWrny+GZB10ElZbnd1RJvrN/
yNhYV7i8HmurW+RSGEb2jPQSiNUa2lDTxNiWKkU+8KTRa0x/1VEQS6v/dTyl5JVw
rfva7e8Z0cv3ZIrZYbvGT95JISBNj+oEM7w/y0k6w+hrMtVJ+cEhSo8EFNSeAQEJ
4Tl+m+fvPJHTnoqCb+vyJ9Wb09NS5vaNjsksotpoWzVixRpPdcF/eqljqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPZy+fz9uCSymDImpJFTKOk5YAroMB8GA1UdIwQY
MBaAFGG1NEN1A2aIFa3ZPNF9CtPhsah3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJVMFEzVURab2dWcmRrODBYMEswLUd4cUhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9jMWFjZDYtMjMwYS00ZTM2LWE1OGYt
ZjU1NWUyZTY4YTEwLzEvOW5MNV9QMjRKTEtZTWlha2tWTW82VGxnQ3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9jMWFjZDYtMjMwYS00ZTM2LWE1OGYtZjU1NWUyZTY4YTEw
LzEvWWJVMFEzVURab2dWcmRrODBYMEswLUd4cUhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgIAWDAN
BgkqhkiG9w0BAQsFAAOCAQEApJzFuch72cD4ZbY8YV92qcDbXZse+bqrMrZNUJ90
GcnUtwOJRonBgTyzRAYwX0un/pXmAHmshyq54nJPsTrQLXmtY4hu+gf54IDrIZvd
3dMOd59jBAdoolVVgr7l06OoKcmmS9+Z2sUsJmPiATrh+ToYsQn9o0LS0fut41OR
97jYmGGJwz/JPmq7KYzaguEZTssdobvTIcUSPKxC3qvy8Uq9Ccv7jRZp5d8CxUTv
j2oylr2/JXcxI2JkcLpRJn33VXxMoYWOnYGpeoPYN+7CeEUbsKrX457/JAjwco+o
V7AxhjlsQUSriJywoVLJVS1UA+QR5E1H0O7P5jOra1O2iQ==
-----END CERTIFICATE-----