Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/9BXiEQjn5W6lMHhuWbByxqAo6DY.roa
File:                     9BXiEQjn5W6lMHhuWbByxqAo6DY.roa (raw, json)
Hash identifier:          ms90TdWgi2QMMA9ihksE1tFZ/qYNR52wHG92b68lC+U=
Subject key identifier:   F4:15:E2:11:08:E7:E5:6E:A5:30:78:6E:59:B0:72:C6:A0:28:E8:36
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       01987C16DD4A4C868B0126E157F47A4E0DED
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/9BXiEQjn5W6lMHhuWbByxqAo6DY.roa
Signing time:             Tue 05 Aug 2025 21:15:29 +0000
ROA not before:           Tue 05 Aug 2025 21:15:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214940
IP address blocks:        2a11:f082::/32 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 14:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7c:16:dd:4a:4c:86:8b:01:26:e1:57:f4:7a:4e:0d:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Aug  5 21:15:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f415e21108e7e56ea530786e59b072c6a028e836
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e4:0e:99:17:56:df:32:2a:b3:68:7d:99:97:
                    2b:d2:a0:96:68:d6:cb:a8:b2:73:cf:a5:96:43:04:
                    9c:cf:7d:36:f2:90:96:5e:67:a0:94:0a:7c:82:85:
                    cd:7c:3f:e3:2e:4c:09:8d:a1:2f:ff:35:73:0a:6b:
                    e3:1e:ab:3d:5e:67:9e:3e:e0:de:8d:9b:94:8d:2c:
                    de:19:77:b6:fb:a5:80:fa:cf:ff:80:3e:c7:88:7e:
                    f4:ad:6f:95:4e:3d:e7:41:1c:06:b4:6b:49:e7:74:
                    23:a4:58:f2:d1:ce:65:7d:10:bb:38:da:19:c1:6d:
                    56:94:b2:54:7a:43:28:d8:61:47:42:de:71:6a:42:
                    66:8d:fa:ba:76:79:b2:d4:2d:b2:7f:54:38:e0:a7:
                    06:7b:c1:0f:1b:c4:89:bf:a1:c1:d2:cd:94:a3:93:
                    6c:d5:b4:43:65:14:c6:b1:9d:43:19:ce:7b:a2:78:
                    96:87:0c:69:01:3b:af:38:d2:4c:0c:5f:34:c5:6c:
                    38:e1:6b:3a:9b:80:59:1a:3a:a1:41:2e:e1:f7:86:
                    c6:21:b3:5b:77:59:26:02:40:8e:ee:e3:a2:7c:29:
                    d1:84:84:7a:18:d8:2a:51:61:3e:80:5c:b8:d6:8a:
                    e1:1d:3e:59:bd:1b:f9:91:f3:6a:d0:b6:65:7e:c1:
                    37:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:15:E2:11:08:E7:E5:6E:A5:30:78:6E:59:B0:72:C6:A0:28:E8:36
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/9BXiEQjn5W6lMHhuWbByxqAo6DY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:f082::/32

    Signature Algorithm: sha256WithRSAEncryption
         7c:ca:9f:8c:b1:8e:1f:f7:5d:17:30:9a:17:db:18:c3:57:eb:
         22:65:dd:8e:f4:24:0d:17:fc:bf:5a:43:52:35:09:4b:ad:4c:
         de:8c:bf:6d:1e:a2:40:c1:9d:7b:0e:7c:a5:c1:a6:ab:bc:eb:
         38:24:91:1f:00:e6:6c:69:fd:b2:c6:85:2c:98:64:73:1d:cd:
         d9:84:f6:5b:ba:31:ae:57:48:2c:30:77:68:bf:38:9d:3c:40:
         c2:12:e6:37:0e:70:ca:49:37:f7:ae:6c:6e:f5:79:01:5f:95:
         37:b6:dd:74:e2:cd:6e:f2:85:c1:64:fb:df:f4:61:81:4a:5e:
         18:22:1e:14:ff:46:cf:c8:15:40:88:85:b8:b4:f9:9f:e6:19:
         b3:59:c6:53:a5:c2:a8:9c:54:d0:a8:d1:9f:f5:5e:65:44:01:
         dd:7c:c3:e5:ee:ae:27:f8:62:2e:0a:42:d9:53:f4:06:7e:0e:
         38:94:46:5d:1c:88:5d:39:26:d1:0e:05:43:9e:c7:1c:78:56:
         5a:c4:e0:11:c7:e1:7d:fd:e2:83:ac:43:be:65:36:d3:77:03:
         da:ab:ef:59:5c:4f:06:0c:50:2d:5a:d1:0a:e4:c1:dc:b2:05:
         b1:6f:b3:58:7c:74:e7:97:65:77:8d:44:74:c0:a9:4c:ae:4f:
         c3:0b:a9:18
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZh8Ft1KTIaLASbhV/R6Tg3tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwODA1MjExNTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDE1ZTIxMTA4ZTdlNTZlYTUzMDc4NmU1OWIwNzJjNmEwMjhlODM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOQOmRdW3zIqs2h9mZcr0qCWaNbL
qLJzz6WWQwScz3028pCWXmeglAp8goXNfD/jLkwJjaEv/zVzCmvjHqs9XmeePuDe
jZuUjSzeGXe2+6WA+s//gD7HiH70rW+VTj3nQRwGtGtJ53QjpFjy0c5lfRC7ONoZ
wW1WlLJUekMo2GFHQt5xakJmjfq6dnmy1C2yf1Q44KcGe8EPG8SJv6HB0s2Uo5Ns
1bRDZRTGsZ1DGc57oniWhwxpATuvONJMDF80xWw44Ws6m4BZGjqhQS7h94bGIbNb
d1kmAkCO7uOifCnRhIR6GNgqUWE+gFy41orhHT5ZvRv5kfNq0LZlfsE30QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPQV4hEI5+VupTB4blmwcsagKOg2MB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvOUJYaUVRam41VzZsTUhodVdiQnl4cUFvNkRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhHwgjAN
BgkqhkiG9w0BAQsFAAOCAQEAfMqfjLGOH/ddFzCaF9sYw1frImXdjvQkDRf8v1pD
UjUJS61M3oy/bR6iQMGdew58pcGmq7zrOCSRHwDmbGn9ssaFLJhkcx3N2YT2W7ox
rldILDB3aL84nTxAwhLmNw5wykk3965sbvV5AV+VN7bddOLNbvKFwWT73/RhgUpe
GCIeFP9Gz8gVQIiFuLT5n+YZs1nGU6XCqJxU0KjRn/VeZUQB3XzD5e6uJ/hiLgpC
2VP0Bn4OOJRGXRyIXTkm0Q4FQ57HHHhWWsTgEcfhff3ig6xDvmU203cD2qvvWVxP
BgxQLVrRCuTB3LIFsW+zWHx055dld41EdMCpTK5PwwupGA==
-----END CERTIFICATE-----