Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/PhzgtCpnkHCxdbhmCD0h8GG3SoE.roa
File:                     PhzgtCpnkHCxdbhmCD0h8GG3SoE.roa (raw, json)
Hash identifier:          ujlbrRs4IE7LtRmOUGoyGAmztzV9tN+1yizHckWKsYA=
Subject key identifier:   3E:1C:E0:B4:2A:67:90:70:B1:75:B8:66:08:3D:21:F0:61:B7:4A:81
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       01975AA0CFEA3511AEEF92661ED200DBC5A9
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/PhzgtCpnkHCxdbhmCD0h8GG3SoE.roa
Signing time:             Tue 10 Jun 2025 16:16:17 +0000
ROA not before:           Tue 10 Jun 2025 16:16:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30700
IP address blocks:        2a09:1:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5a:a0:cf:ea:35:11:ae:ef:92:66:1e:d2:00:db:c5:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jun 10 16:16:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e1ce0b42a679070b175b866083d21f061b74a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:24:a1:89:06:7e:46:e8:10:4b:08:f0:ae:9a:
                    5c:2e:fb:ca:6c:6b:e5:85:1d:ac:fb:c3:ee:15:5c:
                    94:fd:f3:33:c3:4f:67:81:7a:52:32:29:75:1b:ef:
                    c0:f9:d5:11:5d:28:cf:a5:7c:5c:ed:9b:92:fb:76:
                    b0:f8:d8:de:16:e7:37:35:7d:c4:e5:4e:47:ef:3c:
                    47:0d:58:8d:ff:cd:a1:01:e6:b8:1e:7f:f6:3e:b3:
                    a8:a2:6f:40:a6:47:6a:db:05:c7:a6:a5:35:84:d2:
                    16:37:9d:62:2b:3f:73:b3:4f:34:9f:14:2a:69:30:
                    4b:d4:98:cd:47:9d:32:ed:fb:f9:d3:6d:50:23:a8:
                    27:42:81:e1:b0:35:6f:ec:35:db:82:2f:3f:85:31:
                    e6:b6:13:2a:28:43:5f:42:e7:b5:9d:44:f2:21:ff:
                    db:15:e4:2b:bf:a8:1c:16:4d:75:0b:70:ea:d4:fb:
                    3f:35:54:7e:30:06:40:a9:6b:4f:c7:61:d5:81:4a:
                    3c:5c:49:8c:87:3e:31:89:80:8a:38:e8:69:b1:25:
                    2e:ca:33:a2:61:c6:3c:bb:fb:a7:31:21:d1:4d:ed:
                    fb:04:fd:2d:6d:f6:c7:43:29:df:b5:c2:64:78:85:
                    6f:c3:45:d4:73:9e:d0:30:c8:02:f5:13:ad:1e:68:
                    8c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:1C:E0:B4:2A:67:90:70:B1:75:B8:66:08:3D:21:F0:61:B7:4A:81
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/PhzgtCpnkHCxdbhmCD0h8GG3SoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:1:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:df:12:e8:65:8b:54:85:06:68:21:a7:22:ab:0e:3e:c0:83:
         ea:2d:a5:eb:d7:4e:f5:27:95:2f:1c:86:c0:68:e2:cb:28:32:
         1f:39:ec:76:5d:b3:4e:60:38:06:47:ff:6d:eb:fe:a5:20:f2:
         bf:4a:e0:c5:5f:7d:66:c5:99:b9:db:3f:8c:d8:67:4f:1f:19:
         ff:98:24:41:63:c1:25:31:32:7c:e8:14:7c:95:71:19:d9:d4:
         ca:85:d5:9e:c4:a7:bc:f8:78:a0:0f:99:75:fb:bd:41:2a:23:
         90:4b:25:15:3f:f4:65:ec:41:b0:18:78:f6:ff:60:2c:53:14:
         dd:48:70:58:43:e9:eb:e9:a2:88:b8:76:4f:1c:78:e2:25:6b:
         f6:47:26:f3:cd:34:e0:30:9e:55:a9:cc:2b:dd:11:04:6f:20:
         69:30:de:c3:9e:71:fa:a9:0d:a7:5d:0a:14:88:67:d7:f1:48:
         5a:c7:df:f1:28:09:83:43:28:6f:fb:99:76:5c:39:df:e9:44:
         bf:f1:d7:0d:3e:9f:51:e8:fc:79:85:e9:29:d4:66:39:8e:5c:
         41:cf:48:21:ac:65:58:cf:55:a2:e0:ac:fc:96:09:73:09:d0:
         c8:7e:0e:6a:96:96:71:d3:da:21:45:bb:f9:29:be:6a:6f:ec:
         e3:4b:b2:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdaoM/qNRGu75JmHtIA28WpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjUwNjEwMTYxNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTFjZTBiNDJhNjc5MDcwYjE3NWI4NjYwODNkMjFmMDYxYjc0YTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiShiQZ+RugQSwjwrppcLvvKbGvl
hR2s+8PuFVyU/fMzw09ngXpSMil1G+/A+dURXSjPpXxc7ZuS+3aw+NjeFuc3NX3E
5U5H7zxHDViN/82hAea4Hn/2PrOoom9Apkdq2wXHpqU1hNIWN51iKz9zs080nxQq
aTBL1JjNR50y7fv5021QI6gnQoHhsDVv7DXbgi8/hTHmthMqKENfQue1nUTyIf/b
FeQrv6gcFk11C3Dq1Ps/NVR+MAZAqWtPx2HVgUo8XEmMhz4xiYCKOOhpsSUuyjOi
YcY8u/unMSHRTe37BP0tbfbHQynftcJkeIVvw0XUc57QMMgC9ROtHmiMfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD4c4LQqZ5BwsXW4Zgg9IfBht0qBMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvUGh6Z3RDcG5rSEN4ZGJobUNEMGg4R0czU29FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgkAAQAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBi3xLoZYtUhQZoIaciqw4+wIPqLaXr1071J5Uv
HIbAaOLLKDIfOex2XbNOYDgGR/9t6/6lIPK/SuDFX31mxZm52z+M2GdPHxn/mCRB
Y8ElMTJ86BR8lXEZ2dTKhdWexKe8+HigD5l1+71BKiOQSyUVP/Rl7EGwGHj2/2As
UxTdSHBYQ+nr6aKIuHZPHHjiJWv2RybzzTTgMJ5Vqcwr3REEbyBpMN7DnnH6qQ2n
XQoUiGfX8Uhax9/xKAmDQyhv+5l2XDnf6US/8dcNPp9R6Px5hekp1GY5jlxBz0gh
rGVYz1Wi4Kz8lglzCdDIfg5qlpZx09ohRbv5Kb5qb+zjS7J1
-----END CERTIFICATE-----