Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/2160f4-7d57-4c7c-89af-98f1a2dfc39c/1/bktyDBqNSVITQAf_MKFUeQ2s_nU.roa
File:                     bktyDBqNSVITQAf_MKFUeQ2s_nU.roa (raw, json)
Hash identifier:          q/tuR42MGkp/VtZe/IwxRfy5LTdFIBVwnpSc5i4a68A=
Subject key identifier:   6E:4B:72:0C:1A:8D:49:52:13:40:07:FF:30:A1:54:79:0D:AC:FE:75
Certificate issuer:       /CN=a41f7bb7bea1581624fcb6503ab5a70f420c9b3e
Certificate serial:       0196F2C58A8CCD526F81647FB92E06CB9111
Authority key identifier: A4:1F:7B:B7:BE:A1:58:16:24:FC:B6:50:3A:B5:A7:0F:42:0C:9B:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pB97t76hWBYk_LZQOrWnD0IMmz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/2160f4-7d57-4c7c-89af-98f1a2dfc39c/1/bktyDBqNSVITQAf_MKFUeQ2s_nU.roa
Signing time:             Wed 21 May 2025 12:15:54 +0000
ROA not before:           Wed 21 May 2025 12:15:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2001:678:105c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/2160f4-7d57-4c7c-89af-98f1a2dfc39c/1/pB97t76hWBYk_LZQOrWnD0IMmz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/2160f4-7d57-4c7c-89af-98f1a2dfc39c/1/pB97t76hWBYk_LZQOrWnD0IMmz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pB97t76hWBYk_LZQOrWnD0IMmz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f2:c5:8a:8c:cd:52:6f:81:64:7f:b9:2e:06:cb:91:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a41f7bb7bea1581624fcb6503ab5a70f420c9b3e
        Validity
            Not Before: May 21 12:15:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e4b720c1a8d4952134007ff30a154790dacfe75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f7:59:dc:c4:63:da:bc:8d:db:0a:df:94:8c:
                    d3:b4:4a:7b:95:f1:b6:57:39:58:70:04:92:27:5c:
                    1f:5e:52:34:ef:96:2c:1d:69:0c:b7:06:51:85:05:
                    ca:0c:17:ed:70:19:5b:ef:a1:71:7f:2d:20:69:75:
                    cb:7c:4f:43:ab:42:35:87:dd:c3:55:88:68:dd:31:
                    fd:04:61:df:59:32:7b:11:75:b2:bc:ad:cd:a7:74:
                    fd:3d:62:d3:dd:cb:3c:bd:2e:ce:73:ab:39:3a:70:
                    c0:88:f8:c2:d4:bd:ce:d5:92:72:9f:55:2a:71:51:
                    6a:dd:09:33:c2:16:e7:5a:ad:14:1a:3c:0b:7f:5b:
                    fd:a5:f3:82:19:7c:97:60:4c:9a:e3:76:62:a2:f5:
                    bc:de:40:cb:c1:4b:c2:57:04:ab:e6:ea:4e:5e:cb:
                    c3:ec:9e:09:54:f5:fa:48:ec:a1:6e:a4:d9:ea:c8:
                    1d:8d:e1:a5:0e:1c:e1:39:b4:a8:8d:4e:f7:04:55:
                    9a:ab:85:f8:65:d7:7e:44:91:5c:3e:e4:d9:0d:12:
                    dc:36:b5:86:45:15:c6:5c:3d:70:3a:99:fc:d8:2d:
                    a9:25:cf:0b:5f:71:4b:fa:90:80:1d:b4:54:cd:a9:
                    c3:9f:f3:06:79:9d:17:00:f4:32:d2:b1:73:0c:6d:
                    c6:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:4B:72:0C:1A:8D:49:52:13:40:07:FF:30:A1:54:79:0D:AC:FE:75
            X509v3 Authority Key Identifier:
                keyid:A4:1F:7B:B7:BE:A1:58:16:24:FC:B6:50:3A:B5:A7:0F:42:0C:9B:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pB97t76hWBYk_LZQOrWnD0IMmz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/2160f4-7d57-4c7c-89af-98f1a2dfc39c/1/bktyDBqNSVITQAf_MKFUeQ2s_nU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/2160f4-7d57-4c7c-89af-98f1a2dfc39c/1/pB97t76hWBYk_LZQOrWnD0IMmz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:105c::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:cc:b1:cc:f3:dd:71:2f:8d:5f:72:c8:21:bb:eb:2d:cb:10:
         69:51:22:ec:43:03:52:28:89:86:e5:d8:72:65:f4:43:0d:16:
         89:9d:48:c1:14:d4:51:93:53:51:25:f9:27:d2:a8:b7:fd:30:
         92:7f:bd:f8:aa:28:cc:6a:74:c4:a5:bb:5b:3c:b3:8f:d4:83:
         21:10:8d:72:94:22:fc:ad:e8:ec:21:c4:ea:5a:87:df:e6:71:
         54:42:f4:f8:6c:5d:cf:e3:6f:8b:48:b3:19:91:c7:c0:e6:4b:
         aa:d5:99:82:5a:d5:e5:ec:6b:29:81:ab:5d:2f:b4:32:4d:ad:
         66:ca:1e:a7:94:e4:f2:32:8e:fa:9f:17:03:11:ec:9d:ea:5b:
         95:4f:3c:e0:0e:ea:f1:e3:ea:82:6e:5c:22:ca:e0:aa:a0:85:
         79:0e:a1:02:e5:71:1f:16:75:a3:15:79:91:af:d9:85:da:f9:
         86:42:5d:e4:fb:a1:fa:7e:1b:aa:8e:66:c6:fa:30:c2:6f:c5:
         cf:7c:82:ec:4a:c5:04:be:93:4c:af:fc:aa:ba:81:df:26:08:
         93:9f:2d:5a:7b:bf:86:d9:99:ee:24:a5:3a:1c:37:39:0a:83:
         17:e1:31:70:39:62:6e:b4:5f:5b:3b:cf:95:25:77:c5:24:11:
         bb:2e:72:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZbyxYqMzVJvgWR/uS4Gy5ERMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MWY3YmI3YmVhMTU4MTYyNGZjYjY1MDNhYjVhNzBmNDIw
YzliM2UwHhcNMjUwNTIxMTIxNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTRiNzIwYzFhOGQ0OTUyMTM0MDA3ZmYzMGExNTQ3OTBkYWNmZTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvdZ3MRj2ryN2wrflIzTtEp7lfG2
VzlYcASSJ1wfXlI075YsHWkMtwZRhQXKDBftcBlb76Fxfy0gaXXLfE9Dq0I1h93D
VYho3TH9BGHfWTJ7EXWyvK3Np3T9PWLT3cs8vS7Oc6s5OnDAiPjC1L3O1ZJyn1Uq
cVFq3QkzwhbnWq0UGjwLf1v9pfOCGXyXYEya43ZiovW83kDLwUvCVwSr5upOXsvD
7J4JVPX6SOyhbqTZ6sgdjeGlDhzhObSojU73BFWaq4X4Zdd+RJFcPuTZDRLcNrWG
RRXGXD1wOpn82C2pJc8LX3FL+pCAHbRUzanDn/MGeZ0XAPQy0rFzDG3GowIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG5LcgwajUlSE0AH/zChVHkNrP51MB8GA1UdIwQY
MBaAFKQfe7e+oVgWJPy2UDq1pw9CDJs+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEI5N3Q3NmhXQllrX0xaUU9yV25EMElNbXo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8yMTYwZjQtN2Q1Ny00YzdjLTg5YWYt
OThmMWEyZGZjMzljLzEvYmt0eURCcU5TVklUUUFmX01LRlVlUTJzX25VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8yMTYwZjQtN2Q1Ny00YzdjLTg5YWYtOThmMWEyZGZjMzlj
LzEvcEI5N3Q3NmhXQllrX0xaUU9yV25EMElNbXo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBBc
MA0GCSqGSIb3DQEBCwUAA4IBAQCFzLHM891xL41fcsghu+styxBpUSLsQwNSKImG
5dhyZfRDDRaJnUjBFNRRk1NRJfkn0qi3/TCSf734qijManTEpbtbPLOP1IMhEI1y
lCL8rejsIcTqWoff5nFUQvT4bF3P42+LSLMZkcfA5kuq1ZmCWtXl7GspgatdL7Qy
Ta1myh6nlOTyMo76nxcDEeyd6luVTzzgDurx4+qCblwiyuCqoIV5DqEC5XEfFnWj
FXmRr9mF2vmGQl3k+6H6fhuqjmbG+jDCb8XPfILsSsUEvpNMr/yquoHfJgiTny1a
e7+G2ZnuJKU6HDc5CoMX4TFwOWJutF9bO8+VJXfFJBG7LnLk
-----END CERTIFICATE-----