Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/_potATJqOaFRbfrrUyC81tvt8bE.roa
File:                     _potATJqOaFRbfrrUyC81tvt8bE.roa (raw, json)
Hash identifier:          uJ4lvA5jV+wv5Fa9R4ZV8hLyulLrozYlDZcFmzcOKdA=
Subject key identifier:   FE:9A:2D:01:32:6A:39:A1:51:6D:FA:EB:53:20:BC:D6:DB:ED:F1:B1
Certificate issuer:       /CN=35ef79c51e3fa084332064aa0b83608d6e41c12b
Certificate serial:       01981F3A37B57352D9BDC213C3CDA56C9482
Authority key identifier: 35:EF:79:C5:1E:3F:A0:84:33:20:64:AA:0B:83:60:8D:6E:41:C1:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ne95xR4_oIQzIGSqC4NgjW5BwSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/_potATJqOaFRbfrrUyC81tvt8bE.roa
Signing time:             Fri 18 Jul 2025 20:29:25 +0000
ROA not before:           Fri 18 Jul 2025 20:29:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20115
IP address blocks:        157.5.48.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/Ne95xR4_oIQzIGSqC4NgjW5BwSs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/Ne95xR4_oIQzIGSqC4NgjW5BwSs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ne95xR4_oIQzIGSqC4NgjW5BwSs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1f:3a:37:b5:73:52:d9:bd:c2:13:c3:cd:a5:6c:94:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35ef79c51e3fa084332064aa0b83608d6e41c12b
        Validity
            Not Before: Jul 18 20:29:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe9a2d01326a39a1516dfaeb5320bcd6dbedf1b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8c:08:09:25:22:38:55:59:c1:aa:b8:31:2a:
                    b8:f9:f6:b6:70:05:df:46:12:7d:56:a6:e8:47:1c:
                    98:99:ea:31:36:55:d1:8c:30:4e:c9:59:70:35:cc:
                    cd:e0:70:19:ab:2d:8f:2b:14:77:d8:33:58:e7:e6:
                    4e:7c:53:b4:49:ea:4f:90:83:ec:cf:47:49:d1:89:
                    a6:59:b2:60:2a:1d:c0:0c:c5:0d:78:cf:42:ab:9e:
                    d1:cc:ea:2c:29:5f:80:b9:57:52:ec:85:03:02:84:
                    ec:f0:4b:c6:8a:3f:77:3b:dc:3f:be:9b:75:7d:0e:
                    2b:8f:ea:05:eb:0b:fb:a2:d0:04:86:34:b3:05:e6:
                    7d:c5:4d:ff:f2:42:06:ce:9d:4d:0c:24:1e:36:87:
                    c9:98:ea:b3:36:fe:05:07:29:10:0c:57:04:ce:9f:
                    5e:c7:d4:af:11:41:f0:e1:34:10:42:fa:15:94:ff:
                    7f:57:62:82:91:b1:1d:37:a3:30:b8:35:8e:18:0c:
                    6e:64:ec:38:ff:87:03:d7:4e:df:c7:81:ed:6b:bb:
                    70:43:84:50:15:f2:4e:69:94:d5:c0:28:58:60:5d:
                    05:53:fe:80:2f:7a:06:92:31:12:95:3e:63:bc:c4:
                    8f:1e:de:a5:ee:29:46:03:37:c8:0b:df:ff:ae:7c:
                    96:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:9A:2D:01:32:6A:39:A1:51:6D:FA:EB:53:20:BC:D6:DB:ED:F1:B1
            X509v3 Authority Key Identifier:
                keyid:35:EF:79:C5:1E:3F:A0:84:33:20:64:AA:0B:83:60:8D:6E:41:C1:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ne95xR4_oIQzIGSqC4NgjW5BwSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/_potATJqOaFRbfrrUyC81tvt8bE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/Ne95xR4_oIQzIGSqC4NgjW5BwSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.5.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         40:d2:08:ca:24:f5:5b:2d:be:04:03:ff:fe:87:50:be:27:de:
         31:7a:3a:23:04:0f:3e:bc:03:93:04:cd:75:0f:83:db:e9:75:
         6f:11:21:79:d4:f1:0d:ca:4a:d7:ae:ca:d6:a5:41:46:5b:03:
         6d:14:72:3b:c9:b6:47:01:54:e7:46:1e:8a:90:d8:69:d6:60:
         4b:51:d0:9d:d1:19:08:3d:08:ac:46:96:c3:db:54:7f:ff:b8:
         b2:7a:52:0b:5a:80:c4:f9:d3:d4:be:f4:37:43:b7:03:fc:da:
         50:37:ec:9e:f1:7c:cf:fb:c5:90:26:c0:a4:a3:67:69:75:41:
         7c:c5:f0:9c:ff:09:72:ca:74:ae:b2:14:33:32:c1:0f:1e:26:
         8e:79:01:29:9f:e9:d3:b8:80:fd:24:8b:fe:18:02:bd:59:30:
         de:c8:c9:30:f9:7b:40:59:e5:9c:c9:a4:8d:81:7b:5b:6b:ce:
         ec:b0:f4:ba:a7:66:4d:0c:42:81:1c:ff:4d:05:0e:75:5b:95:
         8e:6a:cd:c5:95:ce:75:e2:41:21:64:7d:5a:05:eb:52:62:18:
         c3:78:93:17:f5:10:c4:ee:91:f1:e9:7b:ce:50:83:60:d6:cd:
         38:f6:26:41:9d:1e:7a:60:1e:ab:b4:06:6b:10:d2:60:ca:00:
         bc:46:ac:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgfOje1c1LZvcITw82lbJSCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZWY3OWM1MWUzZmEwODQzMzIwNjRhYTBiODM2MDhkNmU0
MWMxMmIwHhcNMjUwNzE4MjAyOTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTlhMmQwMTMyNmEzOWExNTE2ZGZhZWI1MzIwYmNkNmRiZWRmMWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYwICSUiOFVZwaq4MSq4+fa2cAXf
RhJ9VqboRxyYmeoxNlXRjDBOyVlwNczN4HAZqy2PKxR32DNY5+ZOfFO0SepPkIPs
z0dJ0YmmWbJgKh3ADMUNeM9Cq57RzOosKV+AuVdS7IUDAoTs8EvGij93O9w/vpt1
fQ4rj+oF6wv7otAEhjSzBeZ9xU3/8kIGzp1NDCQeNofJmOqzNv4FBykQDFcEzp9e
x9SvEUHw4TQQQvoVlP9/V2KCkbEdN6MwuDWOGAxuZOw4/4cD107fx4Hta7twQ4RQ
FfJOaZTVwChYYF0FU/6AL3oGkjESlT5jvMSPHt6l7ilGAzfIC9//rnyWlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6aLQEyajmhUW3661MgvNbb7fGxMB8GA1UdIwQY
MBaAFDXvecUeP6CEMyBkqguDYI1uQcErMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmU5NXhSNF9vSVF6SUdTcUM0TmdqVzVCd1NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9kM2YwZjMtZGRlZC00MmRjLTgyZTAt
ZTNkOTUzMWRmZDJiLzEvX3BvdEFUSnFPYUZSYmZyclV5QzgxdHZ0OGJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9kM2YwZjMtZGRlZC00MmRjLTgyZTAtZTNkOTUzMWRmZDJi
LzEvTmU5NXhSNF9vSVF6SUdTcUM0TmdqVzVCd1NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDnQUwMA0G
CSqGSIb3DQEBCwUAA4IBAQBA0gjKJPVbLb4EA//+h1C+J94xejojBA8+vAOTBM11
D4Pb6XVvESF51PENykrXrsrWpUFGWwNtFHI7ybZHAVTnRh6KkNhp1mBLUdCd0RkI
PQisRpbD21R//7iyelILWoDE+dPUvvQ3Q7cD/NpQN+ye8XzP+8WQJsCko2dpdUF8
xfCc/wlyynSushQzMsEPHiaOeQEpn+nTuID9JIv+GAK9WTDeyMkw+XtAWeWcyaSN
gXtba87ssPS6p2ZNDEKBHP9NBQ51W5WOas3Flc514kEhZH1aBetSYhjDeJMX9RDE
7pHx6XvOUINg1s049iZBnR56YB6rtAZrENJgygC8Rqw1
-----END CERTIFICATE-----