Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/ALkfcWF7UJGR2tb5zhGBDnpqX44.roa
File:                     ALkfcWF7UJGR2tb5zhGBDnpqX44.roa (raw, json)
Hash identifier:          WF6WDvn4oZzPn5FS462GjxAIDqtzIKiQAJx+Ez2vmhY=
Subject key identifier:   00:B9:1F:71:61:7B:50:91:91:DA:D6:F9:CE:11:81:0E:7A:6A:5F:8E
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       0196F7F5FAD370FB8B8FD0B9335A982506EE
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/ALkfcWF7UJGR2tb5zhGBDnpqX44.roa
Signing time:             Thu 22 May 2025 12:26:54 +0000
ROA not before:           Thu 22 May 2025 12:26:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208024
IP address blocks:        2a0c:9a40:8830::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 14:25:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f7:f5:fa:d3:70:fb:8b:8f:d0:b9:33:5a:98:25:06:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: May 22 12:26:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00b91f71617b509191dad6f9ce11810e7a6a5f8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ba:4d:c6:7a:69:c7:03:4f:95:5d:f6:f9:a1:
                    de:cd:c8:64:34:fb:30:95:14:f7:62:68:bd:e0:b2:
                    d8:95:c2:78:d3:38:89:53:86:6f:d4:4b:bb:a0:0e:
                    e8:20:95:16:05:0f:f0:f6:4c:f7:f0:c0:86:a9:c1:
                    f3:cd:97:61:7d:d9:e4:0f:fc:f7:4d:4c:2c:8c:ea:
                    1b:ff:e2:3a:3d:7a:6c:b5:32:7a:b2:21:2d:ae:6e:
                    85:c8:85:20:b1:e9:06:3e:73:dd:ad:bc:a6:ba:6d:
                    22:6c:f1:0e:10:fd:38:98:d2:fb:2c:f6:19:a7:42:
                    95:3e:8e:20:58:50:7d:c2:cb:61:69:8a:0e:9c:e7:
                    9c:09:56:32:5f:39:f6:52:47:ef:ef:13:c5:e9:fd:
                    bf:b5:28:64:84:46:ae:7c:57:38:fe:e8:97:07:d2:
                    78:5a:f4:37:15:76:ac:46:f9:f4:01:5a:b5:94:c8:
                    08:40:d4:69:b6:a3:c2:dd:d4:8f:39:67:37:d1:6e:
                    01:a3:a0:f2:7a:9b:1c:9a:11:fc:34:08:8b:18:7f:
                    4b:04:c7:fe:70:56:0a:07:0f:8d:34:9c:99:a8:11:
                    34:ae:0a:ec:6c:9f:2b:d5:19:f9:85:be:9b:f3:7c:
                    de:58:38:d4:08:a0:fe:37:36:cd:13:af:c7:5c:34:
                    5f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:B9:1F:71:61:7B:50:91:91:DA:D6:F9:CE:11:81:0E:7A:6A:5F:8E
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/ALkfcWF7UJGR2tb5zhGBDnpqX44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8830::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:4c:ff:d4:d7:0b:7e:22:9f:c6:23:6f:80:60:ab:ba:4b:ad:
         6d:22:81:3a:b4:51:fe:3b:f7:f2:4f:d9:b2:fa:5b:7f:6d:fa:
         32:d1:a5:70:82:36:31:43:44:0a:da:30:5c:4c:b6:d4:2b:52:
         d8:02:e7:fd:2c:f3:91:9f:ce:7d:59:99:9f:44:a1:ad:ca:e9:
         2f:6d:ec:8d:af:4e:3c:cc:f6:40:b0:0c:b2:2b:cd:9e:30:63:
         94:3e:13:7b:e5:6a:75:48:74:a7:a0:af:ce:dd:e3:a1:db:1c:
         13:79:61:4b:e9:65:7b:b1:d8:7f:76:9a:63:1b:38:75:a3:a4:
         44:7b:61:ef:d6:cb:45:00:87:68:fb:51:c8:ce:7a:12:bc:b8:
         ed:9b:55:70:c7:5b:b4:6f:7f:8a:71:60:4d:5d:65:f2:00:c7:
         a1:11:cf:3c:23:7b:1b:e1:97:c0:5e:55:ce:6b:06:a5:a9:3c:
         11:c4:e3:c6:72:cc:7f:6f:0b:b0:fc:4a:94:99:fe:fa:0d:c6:
         f6:b5:dc:61:6d:b2:9a:b8:bc:26:02:a8:e4:a4:2d:13:92:3c:
         5f:ec:b8:1a:91:fd:42:56:8e:d4:2a:56:7f:57:13:9f:3a:5a:
         a3:4e:65:5c:d4:af:70:d7:86:f3:51:d2:e4:14:cd:db:00:ab:
         04:07:40:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZb39frTcPuLj9C5M1qYJQbuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwNTIyMTIyNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGI5MWY3MTYxN2I1MDkxOTFkYWQ2ZjljZTExODEwZTdhNmE1ZjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrpNxnppxwNPlV32+aHezchkNPsw
lRT3Ymi94LLYlcJ40ziJU4Zv1Eu7oA7oIJUWBQ/w9kz38MCGqcHzzZdhfdnkD/z3
TUwsjOob/+I6PXpstTJ6siEtrm6FyIUgsekGPnPdrbymum0ibPEOEP04mNL7LPYZ
p0KVPo4gWFB9wsthaYoOnOecCVYyXzn2Ukfv7xPF6f2/tShkhEaufFc4/uiXB9J4
WvQ3FXasRvn0AVq1lMgIQNRptqPC3dSPOWc30W4Bo6DyepscmhH8NAiLGH9LBMf+
cFYKBw+NNJyZqBE0rgrsbJ8r1Rn5hb6b83zeWDjUCKD+NzbNE6/HXDRfBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAC5H3Fhe1CRkdrW+c4RgQ56al+OMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvQUxrZmNXRjdVSkdSMnRiNXpoR0JEbnBxWDQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIgw
MA0GCSqGSIb3DQEBCwUAA4IBAQCDTP/U1wt+Ip/GI2+AYKu6S61tIoE6tFH+O/fy
T9my+lt/bfoy0aVwgjYxQ0QK2jBcTLbUK1LYAuf9LPORn859WZmfRKGtyukvbeyN
r048zPZAsAyyK82eMGOUPhN75Wp1SHSnoK/O3eOh2xwTeWFL6WV7sdh/dppjGzh1
o6REe2Hv1stFAIdo+1HIznoSvLjtm1Vwx1u0b3+KcWBNXWXyAMehEc88I3sb4ZfA
XlXOawalqTwRxOPGcsx/bwuw/EqUmf76Dcb2tdxhbbKauLwmAqjkpC0Tkjxf7Lga
kf1CVo7UKlZ/VxOfOlqjTmVc1K9w14bzUdLkFM3bAKsEB0D4
-----END CERTIFICATE-----