Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/0ibK2rFO285XcmwVBGiaWy0mCcA.roa
File:                     0ibK2rFO285XcmwVBGiaWy0mCcA.roa (raw, json)
Hash identifier:          oJQ8kk++bxBUXY2O47Q7nsX7PbhR5uG9qTYOOM+oaS4=
Subject key identifier:   D2:26:CA:DA:B1:4E:DB:CE:57:72:6C:15:04:68:9A:5B:2D:26:09:C0
Certificate issuer:       /CN=2ca61567cb1099855117008fd1d36aa8ada96faf
Certificate serial:       01975E90CE8D6724DD0AACF6056609C5F1FC
Authority key identifier: 2C:A6:15:67:CB:10:99:85:51:17:00:8F:D1:D3:6A:A8:AD:A9:6F:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LKYVZ8sQmYVRFwCP0dNqqK2pb68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/0ibK2rFO285XcmwVBGiaWy0mCcA.roa
Signing time:             Wed 11 Jun 2025 10:37:17 +0000
ROA not before:           Wed 11 Jun 2025 10:37:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48301
IP address blocks:        2a01:f100:100::/48 maxlen: 48
                          2a01:f100:108::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/LKYVZ8sQmYVRFwCP0dNqqK2pb68.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/LKYVZ8sQmYVRFwCP0dNqqK2pb68.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LKYVZ8sQmYVRFwCP0dNqqK2pb68.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5e:90:ce:8d:67:24:dd:0a:ac:f6:05:66:09:c5:f1:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ca61567cb1099855117008fd1d36aa8ada96faf
        Validity
            Not Before: Jun 11 10:37:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d226cadab14edbce57726c1504689a5b2d2609c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:38:b9:29:60:bc:a4:a6:c9:3c:b8:b6:66:9c:
                    7b:99:fd:44:c4:ab:b6:4b:7c:71:ee:57:05:8b:60:
                    eb:1a:c9:44:ec:40:0e:64:5e:f9:ca:93:09:c8:b7:
                    8e:63:43:37:65:f0:cf:50:08:1c:a4:7a:04:9f:ce:
                    33:e0:c6:3f:8f:8c:6d:d4:02:3f:04:b5:80:25:ff:
                    ca:80:3c:93:84:6b:b1:ed:3c:57:9e:f4:7d:a9:d2:
                    9c:7c:a1:2e:8a:5b:38:07:d5:ae:a0:d3:f9:86:87:
                    4a:3f:98:c3:74:c8:ff:37:87:bb:4e:cf:8d:97:30:
                    a7:4d:93:38:da:c5:38:b4:a7:b8:6a:f2:53:2f:56:
                    81:33:48:36:0a:22:8c:05:44:a0:6a:68:f8:a5:b8:
                    95:b5:75:12:ca:84:de:28:18:fd:3b:39:a5:9a:7c:
                    61:b0:fd:48:77:8d:15:21:31:0d:f5:6d:44:36:39:
                    14:8a:f7:3b:8d:71:81:14:55:c3:45:f8:a7:59:07:
                    42:f2:f8:09:1c:c9:24:86:d4:27:4d:76:3c:17:75:
                    88:ef:69:53:5e:e7:bc:a2:1e:ee:45:fa:81:85:56:
                    99:65:0e:08:10:78:c2:b4:5a:74:bc:4b:6a:e7:40:
                    c9:1e:a3:8a:ae:e3:9d:62:cd:aa:ab:5b:37:0b:68:
                    a0:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:26:CA:DA:B1:4E:DB:CE:57:72:6C:15:04:68:9A:5B:2D:26:09:C0
            X509v3 Authority Key Identifier:
                keyid:2C:A6:15:67:CB:10:99:85:51:17:00:8F:D1:D3:6A:A8:AD:A9:6F:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LKYVZ8sQmYVRFwCP0dNqqK2pb68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/0ibK2rFO285XcmwVBGiaWy0mCcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2a714e-c7d3-47b5-8c57-caa7d5b482c5/1/LKYVZ8sQmYVRFwCP0dNqqK2pb68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f100:100::/48
                  2a01:f100:108::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:67:da:ad:de:4f:e7:9f:51:bd:05:d0:01:b9:e2:8b:6a:27:
         59:f3:32:71:42:5f:34:af:03:f2:47:af:ce:e7:04:85:42:ca:
         2e:0a:46:f2:c4:f6:cd:97:28:f8:cf:01:3f:8e:4a:cf:74:37:
         36:d5:59:36:65:48:a9:bc:c2:0f:7b:8a:65:15:c5:4d:4f:70:
         35:91:ce:1a:ac:65:66:ea:40:77:27:ec:53:e7:60:73:3e:a7:
         6d:f5:ae:2b:08:8c:57:f4:0d:05:7b:0b:41:ad:b3:85:05:88:
         02:05:53:e5:62:9b:54:f8:51:71:3a:16:80:c5:d8:9a:d8:77:
         24:1a:5f:67:75:5d:53:1f:98:e4:d0:aa:72:05:e6:39:d7:30:
         30:95:6c:c7:87:a5:d0:ef:a6:75:28:9a:5b:b8:1c:d6:f6:ec:
         70:5f:39:d6:0e:d6:c3:07:50:b5:70:41:ea:9c:97:d5:c3:21:
         db:5f:ba:4c:b6:3e:c1:6d:c9:66:d7:32:c0:ed:3c:27:8f:00:
         01:38:bc:58:52:d5:ab:d3:e2:ff:8b:7c:9a:e8:cf:30:e5:68:
         79:21:16:cc:89:b1:d1:23:10:8e:aa:2b:cb:50:46:3e:4f:d1:
         7b:5e:38:c2:ad:28:a8:f2:62:62:76:89:f8:0d:a2:78:86:ac:
         88:ba:2c:49
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZdekM6NZyTdCqz2BWYJxfH8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYTYxNTY3Y2IxMDk5ODU1MTE3MDA4ZmQxZDM2YWE4YWRh
OTZmYWYwHhcNMjUwNjExMTAzNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjI2Y2FkYWIxNGVkYmNlNTc3MjZjMTUwNDY4OWE1YjJkMjYwOWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ji5KWC8pKbJPLi2Zpx7mf1ExKu2
S3xx7lcFi2DrGslE7EAOZF75ypMJyLeOY0M3ZfDPUAgcpHoEn84z4MY/j4xt1AI/
BLWAJf/KgDyThGux7TxXnvR9qdKcfKEuils4B9WuoNP5hodKP5jDdMj/N4e7Ts+N
lzCnTZM42sU4tKe4avJTL1aBM0g2CiKMBUSgamj4pbiVtXUSyoTeKBj9Ozmlmnxh
sP1Id40VITEN9W1ENjkUivc7jXGBFFXDRfinWQdC8vgJHMkkhtQnTXY8F3WI72lT
Xue8oh7uRfqBhVaZZQ4IEHjCtFp0vEtq50DJHqOKruOdYs2qq1s3C2igzwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNImytqxTtvOV3JsFQRomlstJgnAMB8GA1UdIwQY
MBaAFCymFWfLEJmFURcAj9HTaqitqW+vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEtZVlo4c1FtWVZSRndDUDBkTnFxSzJwYjY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8yYTcxNGUtYzdkMy00N2I1LThjNTct
Y2FhN2Q1YjQ4MmM1LzEvMGliSzJyRk8yODVYY213VkJHaWFXeTBtQ2NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8yYTcxNGUtYzdkMy00N2I1LThjNTctY2FhN2Q1YjQ4MmM1
LzEvTEtZVlo4c1FtWVZSRndDUDBkTnFxSzJwYjY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgHxAAEA
AwcAKgHxAAEIMA0GCSqGSIb3DQEBCwUAA4IBAQCEZ9qt3k/nn1G9BdABueKLaidZ
8zJxQl80rwPyR6/O5wSFQsouCkbyxPbNlyj4zwE/jkrPdDc21Vk2ZUipvMIPe4pl
FcVNT3A1kc4arGVm6kB3J+xT52BzPqdt9a4rCIxX9A0FewtBrbOFBYgCBVPlYptU
+FFxOhaAxdia2HckGl9ndV1TH5jk0KpyBeY51zAwlWzHh6XQ76Z1KJpbuBzW9uxw
XznWDtbDB1C1cEHqnJfVwyHbX7pMtj7Bbclm1zLA7TwnjwABOLxYUtWr0+L/i3ya
6M8w5Wh5IRbMibHRIxCOqivLUEY+T9F7XjjCrSio8mJidon4DaJ4hqyIuixJ
-----END CERTIFICATE-----