Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/CatpJtFda_C5L7VOLYcMS7IQGMg.roa
File:                     CatpJtFda_C5L7VOLYcMS7IQGMg.roa (raw, json)
Hash identifier:          idVH/OL7AqXzhoz+Z8IbgG5ci5Pbk+MePCPcgx0hXD0=
Subject key identifier:   09:AB:69:26:D1:5D:6B:F0:B9:2F:B5:4E:2D:87:0C:4B:B2:10:18:C8
Certificate issuer:       /CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
Certificate serial:       01965C2354482253E77C00E15421B9639CAE
Authority key identifier: 36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/CatpJtFda_C5L7VOLYcMS7IQGMg.roa
Signing time:             Tue 22 Apr 2025 06:15:41 +0000
ROA not before:           Tue 22 Apr 2025 06:15:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        2a0d:c980::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 09:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5c:23:54:48:22:53:e7:7c:00:e1:54:21:b9:63:9c:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
        Validity
            Not Before: Apr 22 06:15:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09ab6926d15d6bf0b92fb54e2d870c4bb21018c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:97:5f:d0:f1:57:e8:45:70:9a:df:64:1a:58:
                    f6:7a:42:b7:a0:46:c4:f9:bd:b0:a2:5a:eb:99:1f:
                    da:82:ba:ca:51:3c:0c:02:3c:d6:3d:ff:92:ff:9b:
                    35:53:80:24:5f:ed:f8:c1:2b:ad:07:a5:e0:21:db:
                    cb:52:d6:17:d0:89:e9:14:6a:e1:83:3d:58:42:12:
                    bf:ce:b5:13:ca:25:17:ed:82:d0:0d:34:ab:eb:f2:
                    85:3d:e2:18:23:95:3c:fe:72:e1:83:e4:5a:92:4c:
                    df:35:5b:01:15:03:8a:5c:3b:24:f2:4e:3a:56:c7:
                    e7:68:c2:30:8c:87:fc:d9:e1:4c:08:29:65:aa:59:
                    ce:cd:ac:3f:18:4b:85:f0:d3:6a:33:42:e5:28:f7:
                    c1:5b:bd:15:38:cc:a2:cb:31:12:67:a5:06:0c:79:
                    7e:81:ef:06:c3:9f:4d:1a:fe:4a:89:8b:32:d2:6a:
                    30:50:26:8b:ea:5a:27:70:69:9e:0e:15:56:a4:47:
                    4a:02:0f:7b:d1:cf:cd:06:4b:ae:27:bb:47:51:2e:
                    49:d2:95:ef:8f:1f:71:b2:d0:5c:60:a8:76:73:ef:
                    59:e7:d2:2f:19:07:08:37:76:4c:42:30:34:30:84:
                    06:f1:f6:b8:53:d9:0d:a5:f6:5d:5d:d4:c0:c6:d2:
                    f7:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:AB:69:26:D1:5D:6B:F0:B9:2F:B5:4E:2D:87:0C:4B:B2:10:18:C8
            X509v3 Authority Key Identifier:
                keyid:36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/CatpJtFda_C5L7VOLYcMS7IQGMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:c980::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:1d:b2:c9:db:a9:65:95:1b:c2:35:73:c4:d6:e5:70:03:ee:
         c7:27:86:86:55:2d:05:ee:41:c6:9b:76:12:26:20:d8:0e:9f:
         82:36:26:b8:a2:bc:a5:f8:9b:08:bb:90:2c:fd:13:3c:c8:55:
         ec:6c:59:2f:aa:1e:f6:63:be:41:2c:91:67:99:56:c3:57:da:
         82:0d:38:8c:2f:0d:6a:72:85:4d:16:cd:ce:09:ba:9b:b4:3b:
         b1:8e:f4:e2:bd:0c:a5:83:72:fb:36:c2:c5:a0:68:93:db:3d:
         dd:11:62:a6:4c:a2:75:2d:31:4c:23:3d:5f:0c:39:41:ff:de:
         aa:40:21:f2:a9:33:72:ed:3b:87:90:bd:1d:4f:28:14:73:2b:
         a4:82:f9:8d:bd:f1:24:de:37:a9:57:07:52:4d:dc:89:94:4e:
         64:63:a3:88:27:e4:58:d9:61:5e:4d:a3:8e:16:86:6a:80:ff:
         ea:d0:62:e0:94:93:e0:8b:f1:24:34:1f:d5:9f:ad:75:d7:15:
         3e:ad:9d:40:33:57:ff:9a:38:a4:13:b0:10:8b:3a:81:27:57:
         6e:99:71:0d:2e:db:68:9f:91:35:d8:81:ae:fe:d0:fb:9b:51:
         a1:47:08:92:98:36:0c:5a:7f:10:d1:fe:72:91:8e:a6:d6:66:
         30:02:e7:de
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZcI1RIIlPnfADhVCG5Y5yuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjJmYzJmOGFkOGIwMDgzNTdkYmU2ZjAxOTU5NjBjOWRl
NjFiZDUwHhcNMjUwNDIyMDYxNTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWFiNjkyNmQxNWQ2YmYwYjkyZmI1NGUyZDg3MGM0YmIyMTAxOGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Zdf0PFX6EVwmt9kGlj2ekK3oEbE
+b2wolrrmR/agrrKUTwMAjzWPf+S/5s1U4AkX+34wSutB6XgIdvLUtYX0InpFGrh
gz1YQhK/zrUTyiUX7YLQDTSr6/KFPeIYI5U8/nLhg+RakkzfNVsBFQOKXDsk8k46
VsfnaMIwjIf82eFMCCllqlnOzaw/GEuF8NNqM0LlKPfBW70VOMyiyzESZ6UGDHl+
ge8Gw59NGv5KiYsy0mowUCaL6loncGmeDhVWpEdKAg970c/NBkuuJ7tHUS5J0pXv
jx9xstBcYKh2c+9Z59IvGQcIN3ZMQjA0MIQG8fa4U9kNpfZdXdTAxtL3TQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAmraSbRXWvwuS+1Ti2HDEuyEBjIMB8GA1UdIwQY
MBaAFDYi/C+K2LAINX2+bwGVlgyd5hvVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmIt
MDg4MzVkZmY2YzRmLzEvQ2F0cEp0RmRhX0M1TDdWT0xZY01TN0lRR01nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmItMDg4MzVkZmY2YzRm
LzEvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg3JgDAN
BgkqhkiG9w0BAQsFAAOCAQEAZB2yydupZZUbwjVzxNblcAPuxyeGhlUtBe5Bxpt2
EiYg2A6fgjYmuKK8pfibCLuQLP0TPMhV7GxZL6oe9mO+QSyRZ5lWw1fagg04jC8N
anKFTRbNzgm6m7Q7sY704r0MpYNy+zbCxaBok9s93RFipkyidS0xTCM9Xww5Qf/e
qkAh8qkzcu07h5C9HU8oFHMrpIL5jb3xJN43qVcHUk3ciZROZGOjiCfkWNlhXk2j
jhaGaoD/6tBi4JST4IvxJDQf1Z+tddcVPq2dQDNX/5o4pBOwEIs6gSdXbplxDS7b
aJ+RNdiBrv7Q+5tRoUcIkpg2DFp/ENH+cpGOptZmMALn3g==
-----END CERTIFICATE-----