Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/5yK2af_g5CTlXz9q-R5Ey4S2raY.roa
File:                     5yK2af_g5CTlXz9q-R5Ey4S2raY.roa (raw, json)
Hash identifier:          LxU9aJpGxPnyOcQ82YucJ2+C9wvejuknSWDM/RouRtA=
Subject key identifier:   E7:22:B6:69:FF:E0:E4:24:E5:5F:3F:6A:F9:1E:44:CB:84:B6:AD:A6
Certificate issuer:       /CN=9d6b9774c94876c98321de3201b11b75a1358d19
Certificate serial:       0197783AA26DDE0D28518D47C2841C3AD219
Authority key identifier: 9D:6B:97:74:C9:48:76:C9:83:21:DE:32:01:B1:1B:75:A1:35:8D:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/5yK2af_g5CTlXz9q-R5Ey4S2raY.roa
Signing time:             Mon 16 Jun 2025 10:13:18 +0000
ROA not before:           Mon 16 Jun 2025 10:13:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207675
IP address blocks:        2a0d:8140:9000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Jun 2025 15:30:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:3a:a2:6d:de:0d:28:51:8d:47:c2:84:1c:3a:d2:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d6b9774c94876c98321de3201b11b75a1358d19
        Validity
            Not Before: Jun 16 10:13:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e722b669ffe0e424e55f3f6af91e44cb84b6ada6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:c3:0a:8e:93:38:bd:78:c4:03:da:8e:89:0d:
                    83:f0:eb:1e:d5:73:e6:1e:c2:89:32:6a:8c:b2:af:
                    8c:a7:56:75:e7:0a:f0:4d:d2:b1:53:93:16:a3:a0:
                    75:2b:c1:d9:0a:a1:d5:10:e9:d2:37:65:bc:01:6b:
                    f5:53:5f:15:6e:4f:5e:42:68:2b:ce:24:7f:21:5a:
                    99:50:5b:d3:3f:e0:d5:89:0f:f5:be:7a:c6:d4:4e:
                    79:ff:74:0f:5b:c4:6b:a1:fe:2c:c8:21:20:b3:de:
                    92:f4:81:51:e5:09:eb:d3:4f:4d:cd:af:de:f0:72:
                    9c:d8:62:c7:d8:7d:98:70:89:e4:23:c7:25:bf:aa:
                    bd:ed:5c:09:5c:f5:b5:98:9f:8e:58:2a:2a:a9:06:
                    dc:ee:0d:85:7d:ef:99:46:92:e7:59:11:a1:89:29:
                    2a:9b:e8:fc:f6:32:b5:2b:e7:7f:8b:ac:09:d5:61:
                    dc:ba:2c:45:04:84:78:66:e9:6e:36:25:16:6c:6f:
                    55:af:09:4e:86:00:5e:1d:4b:35:16:70:68:d8:28:
                    de:a5:f9:1e:cd:b5:4d:de:71:41:d9:71:57:4d:22:
                    d9:d2:ac:06:c2:69:73:54:60:16:10:6c:6f:d0:5c:
                    d6:f3:58:0d:05:3d:80:8a:68:8d:93:dd:f9:87:2f:
                    ab:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:22:B6:69:FF:E0:E4:24:E5:5F:3F:6A:F9:1E:44:CB:84:B6:AD:A6
            X509v3 Authority Key Identifier:
                keyid:9D:6B:97:74:C9:48:76:C9:83:21:DE:32:01:B1:1B:75:A1:35:8D:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/5yK2af_g5CTlXz9q-R5Ey4S2raY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:8140:9000::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:59:c1:93:08:83:83:f8:6f:47:94:42:d1:83:b7:c7:f5:8a:
         f6:b3:66:f5:37:7f:3f:a1:2b:d5:db:93:6a:10:0a:2c:db:55:
         da:01:74:cd:73:0f:eb:c2:11:5f:bd:e5:25:b5:69:67:b2:44:
         94:1e:4f:8e:64:c8:c3:5f:e7:48:88:f4:b2:c4:b2:63:78:5b:
         77:0a:9a:a3:b6:1d:14:ae:d9:68:39:94:bd:13:85:41:c2:4a:
         46:4a:5d:a0:36:45:12:57:79:92:c3:24:d7:82:da:10:19:75:
         22:de:74:c2:56:52:ba:cf:1e:b8:a7:ec:b2:5f:74:47:76:35:
         55:70:f8:56:ef:f5:48:21:c7:20:9d:9d:bb:77:15:b5:64:7b:
         d7:cf:41:ec:62:67:f2:75:9d:4f:13:99:69:90:aa:4d:4b:7d:
         89:8e:66:c6:a5:fb:c1:35:08:4c:7d:0e:68:63:2a:99:05:75:
         55:40:3c:b6:f5:55:b2:67:a4:5a:d7:08:b8:d5:34:cc:83:07:
         b4:06:32:db:2d:8c:91:da:a1:b6:f8:fd:73:c2:de:f5:58:e0:
         80:9d:92:56:80:26:60:93:4f:b9:47:ae:94:f9:21:1d:da:66:
         37:8f:58:47:ce:c3:c8:f5:cb:7e:83:a3:c2:41:a1:c3:77:c4:
         6a:bb:8f:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZd4OqJt3g0oUY1HwoQcOtIZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNmI5Nzc0Yzk0ODc2Yzk4MzIxZGUzMjAxYjExYjc1YTEz
NThkMTkwHhcNMjUwNjE2MTAxMzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzIyYjY2OWZmZTBlNDI0ZTU1ZjNmNmFmOTFlNDRjYjg0YjZhZGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MMKjpM4vXjEA9qOiQ2D8Ose1XPm
HsKJMmqMsq+Mp1Z15wrwTdKxU5MWo6B1K8HZCqHVEOnSN2W8AWv1U18Vbk9eQmgr
ziR/IVqZUFvTP+DViQ/1vnrG1E55/3QPW8Rrof4syCEgs96S9IFR5Qnr009Nza/e
8HKc2GLH2H2YcInkI8clv6q97VwJXPW1mJ+OWCoqqQbc7g2Ffe+ZRpLnWRGhiSkq
m+j89jK1K+d/i6wJ1WHcuixFBIR4ZuluNiUWbG9VrwlOhgBeHUs1FnBo2Cjepfke
zbVN3nFB2XFXTSLZ0qwGwmlzVGAWEGxv0FzW81gNBT2AimiNk935hy+r9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOcitmn/4OQk5V8/avkeRMuEtq2mMB8GA1UdIwQY
MBaAFJ1rl3TJSHbJgyHeMgGxG3WhNY0ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbld1WGRNbElkc21ESWQ0eUFiRWJkYUUxalJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS80MGNiOWMtYzQyNi00OGFiLTk5Njgt
YTU2YmRmYWRiODFlLzEvNXlLMmFmX2c1Q1RsWHo5cS1SNUV5NFMycmFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS80MGNiOWMtYzQyNi00OGFiLTk5NjgtYTU2YmRmYWRiODFl
LzEvbld1WGRNbElkc21ESWQ0eUFiRWJkYUUxalJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg2BQJAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAqWcGTCIOD+G9HlELRg7fH9Yr2s2b1N38/oSvV
25NqEAos21XaAXTNcw/rwhFfveUltWlnskSUHk+OZMjDX+dIiPSyxLJjeFt3Cpqj
th0UrtloOZS9E4VBwkpGSl2gNkUSV3mSwyTXgtoQGXUi3nTCVlK6zx64p+yyX3RH
djVVcPhW7/VIIccgnZ27dxW1ZHvXz0HsYmfydZ1PE5lpkKpNS32JjmbGpfvBNQhM
fQ5oYyqZBXVVQDy29VWyZ6Ra1wi41TTMgwe0BjLbLYyR2qG2+P1zwt71WOCAnZJW
gCZgk0+5R66U+SEd2mY3j1hHzsPI9ct+g6PCQaHDd8Rqu497
-----END CERTIFICATE-----