Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/2YO9OCUj-5UMjSkLus1_jFZEY5Y.roa
File:                     2YO9OCUj-5UMjSkLus1_jFZEY5Y.roa (raw, json)
Hash identifier:          3SGs0MVjTdEO4OSsTOD1CnMaU0p7/avF9ZQ4altFHsA=
Subject key identifier:   D9:83:BD:38:25:23:FB:95:0C:8D:29:0B:BA:CD:7F:8C:56:44:63:96
Certificate issuer:       /CN=45effe98c24c3d6d6087c8d1d3f901b8ccd40088
Certificate serial:       0197D6C324AE45D08C242C54944E3D952730
Authority key identifier: 45:EF:FE:98:C2:4C:3D:6D:60:87:C8:D1:D3:F9:01:B8:CC:D4:00:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/2YO9OCUj-5UMjSkLus1_jFZEY5Y.roa
Signing time:             Fri 04 Jul 2025 18:46:42 +0000
ROA not before:           Fri 04 Jul 2025 18:46:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:f440::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 08:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d6:c3:24:ae:45:d0:8c:24:2c:54:94:4e:3d:95:27:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45effe98c24c3d6d6087c8d1d3f901b8ccd40088
        Validity
            Not Before: Jul  4 18:46:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d983bd382523fb950c8d290bbacd7f8c56446396
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c9:12:df:3f:7a:79:9d:bb:34:a4:33:26:3e:
                    ef:bd:4d:08:a8:91:fc:8f:8f:5c:ac:88:49:2e:bc:
                    4e:bf:48:82:4b:69:3d:66:6d:23:ad:e2:0c:31:b7:
                    36:a5:a6:31:ce:33:64:1c:92:83:21:f3:9e:f5:6f:
                    d6:86:64:ed:12:66:76:eb:7a:1e:63:23:aa:f2:b7:
                    18:a4:ae:72:a2:79:be:cf:45:f8:8a:49:4b:38:2b:
                    98:d1:27:d1:68:93:8b:b1:f7:c8:31:f4:6a:0d:7a:
                    92:80:29:ce:cc:7a:c2:be:19:76:9d:3e:0a:dd:88:
                    d9:d8:41:46:36:43:2c:3c:e6:7b:02:42:6a:bb:94:
                    f2:b9:24:72:7a:c7:65:96:bd:4b:7b:bf:9f:fb:56:
                    c3:09:c1:79:ca:c8:f6:47:2a:cc:cd:8d:98:84:80:
                    c9:0e:59:73:6b:6e:33:68:26:e2:44:25:af:ed:e0:
                    ac:db:41:ef:2d:6b:cc:80:27:08:4c:0d:e2:a1:f1:
                    fd:ac:af:49:72:3e:85:7a:8e:b3:bc:27:b2:e7:bd:
                    66:8e:33:78:a8:75:ba:3a:73:41:19:69:a2:35:63:
                    e6:dc:db:18:dc:08:40:9a:5a:64:5e:ae:73:53:cc:
                    e0:71:37:09:08:66:65:66:4c:59:8d:6a:f9:df:09:
                    ab:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:83:BD:38:25:23:FB:95:0C:8D:29:0B:BA:CD:7F:8C:56:44:63:96
            X509v3 Authority Key Identifier:
                keyid:45:EF:FE:98:C2:4C:3D:6D:60:87:C8:D1:D3:F9:01:B8:CC:D4:00:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/2YO9OCUj-5UMjSkLus1_jFZEY5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f440::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:40:fe:97:ae:d7:3c:36:de:f2:45:b4:fd:e6:ff:44:3a:35:
         4e:b2:47:8f:e4:d0:9d:b7:91:28:b1:4b:34:25:fd:d9:0c:c9:
         57:9a:1e:2d:dc:5c:6c:8d:75:a6:80:94:ae:9a:2a:b0:26:f2:
         87:68:cf:ee:62:b0:28:e3:94:4c:62:12:62:06:d2:39:e4:af:
         19:33:a9:b7:15:7c:29:1a:c4:bb:c3:6e:be:e9:31:59:b2:2c:
         d6:f0:28:6f:cb:3b:43:a3:c9:b3:19:fd:ba:19:cc:a7:ae:6c:
         8d:c5:0a:9c:d0:4d:64:49:9f:52:61:b4:e8:02:c4:31:f7:f1:
         63:95:0c:a7:e2:dc:87:1a:64:9c:ec:5d:60:ab:74:89:e4:a4:
         53:61:f7:75:4f:ea:c1:54:15:a0:fb:54:9a:e6:74:e6:1e:5d:
         0d:22:7b:9f:ab:0a:98:47:08:95:0c:15:5e:3d:38:3c:04:70:
         4a:6e:40:71:a5:37:64:e4:6d:19:10:0e:e1:a2:64:61:b6:33:
         6d:05:ed:5f:a3:01:8e:ae:4e:fa:14:03:69:db:0b:70:96:2f:
         51:33:48:2e:05:16:88:a7:55:64:67:52:a3:d2:0d:57:c1:e7:
         17:ed:8c:c7:f6:a6:07:e3:5f:d6:95:41:fc:82:0e:52:0d:6b:
         1a:5d:ba:92
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfWwySuRdCMJCxUlE49lScwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZWZmZTk4YzI0YzNkNmQ2MDg3YzhkMWQzZjkwMWI4Y2Nk
NDAwODgwHhcNMjUwNzA0MTg0NjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTgzYmQzODI1MjNmYjk1MGM4ZDI5MGJiYWNkN2Y4YzU2NDQ2Mzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MkS3z96eZ27NKQzJj7vvU0IqJH8
j49crIhJLrxOv0iCS2k9Zm0jreIMMbc2paYxzjNkHJKDIfOe9W/WhmTtEmZ263oe
YyOq8rcYpK5yonm+z0X4iklLOCuY0SfRaJOLsffIMfRqDXqSgCnOzHrCvhl2nT4K
3YjZ2EFGNkMsPOZ7AkJqu5TyuSRyesdllr1Le7+f+1bDCcF5ysj2RyrMzY2YhIDJ
Dllza24zaCbiRCWv7eCs20HvLWvMgCcITA3iofH9rK9Jcj6Feo6zvCey571mjjN4
qHW6OnNBGWmiNWPm3NsY3AhAmlpkXq5zU8zgcTcJCGZlZkxZjWr53wmrBQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNmDvTglI/uVDI0pC7rNf4xWRGOWMB8GA1UdIwQY
MBaAFEXv/pjCTD1tYIfI0dP5AbjM1ACIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmVfLW1NSk1QVzFnaDhqUjBfa0J1TXpVQUlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8xZTRhNjQtN2FhMC00Yzk0LTliYjAt
ZGViN2I5MTg5MTY5LzEvMllPOU9DVWotNVVNalNrTHVzMV9qRlpFWTVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8xZTRhNjQtN2FhMC00Yzk0LTliYjAtZGViN2I5MTg5MTY5
LzEvUmVfLW1NSk1QVzFnaDhqUjBfa0J1TXpVQUlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgH0QDAN
BgkqhkiG9w0BAQsFAAOCAQEAkUD+l67XPDbe8kW0/eb/RDo1TrJHj+TQnbeRKLFL
NCX92QzJV5oeLdxcbI11poCUrpoqsCbyh2jP7mKwKOOUTGISYgbSOeSvGTOptxV8
KRrEu8NuvukxWbIs1vAob8s7Q6PJsxn9uhnMp65sjcUKnNBNZEmfUmG06ALEMffx
Y5UMp+LchxpknOxdYKt0ieSkU2H3dU/qwVQVoPtUmuZ05h5dDSJ7n6sKmEcIlQwV
Xj04PARwSm5AcaU3ZORtGRAO4aJkYbYzbQXtX6MBjq5O+hQDadsLcJYvUTNILgUW
iKdVZGdSo9INV8HnF+2Mx/amB+Nf1pVB/IIOUg1rGl26kg==
-----END CERTIFICATE-----