Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/Pm3ij8drL7WRD0R4R54qP4eC7Q0.roa
File:                     Pm3ij8drL7WRD0R4R54qP4eC7Q0.roa (raw, json)
Hash identifier:          hzWkutnsJx/Qg99NS0sDlr/7EdarXvXso1X585eWACI=
Subject key identifier:   3E:6D:E2:8F:C7:6B:2F:B5:91:0F:44:78:47:9E:2A:3F:87:82:ED:0D
Certificate issuer:       /CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
Certificate serial:       0198377007A31A0F0CB005C5350B79A7F457
Authority key identifier: D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/Pm3ij8drL7WRD0R4R54qP4eC7Q0.roa
Signing time:             Wed 23 Jul 2025 13:19:05 +0000
ROA not before:           Wed 23 Jul 2025 13:19:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207490
IP address blocks:        80.72.16.0/23 maxlen: 23
                          80.72.26.0/23 maxlen: 24
                          2a00:8740:500::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:37:70:07:a3:1a:0f:0c:b0:05:c5:35:0b:79:a7:f4:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
        Validity
            Not Before: Jul 23 13:19:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e6de28fc76b2fb5910f4478479e2a3f8782ed0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:60:58:5f:a7:3f:ce:be:1a:eb:b8:28:03:01:
                    14:a6:5b:c9:a2:02:0b:a2:2f:f0:92:8c:03:5e:e8:
                    eb:52:fe:ab:d3:a2:37:be:42:91:e5:80:fc:5d:27:
                    f2:e4:15:71:5a:86:33:bf:4f:13:15:65:59:36:2c:
                    23:74:04:50:83:35:14:5b:9b:2e:7d:82:10:c4:31:
                    18:f4:fa:f6:e8:1f:b9:2d:1a:4e:24:90:ca:77:8d:
                    11:33:21:84:9d:f9:3f:97:46:b4:c7:ed:18:46:25:
                    8c:ac:52:a6:2a:d2:d2:fa:10:12:fa:af:05:fd:31:
                    99:c3:cb:d3:16:47:bc:b2:cd:b1:10:58:56:02:41:
                    7b:6e:67:33:2d:6f:6c:be:8b:0d:51:43:fd:fe:0a:
                    3d:11:c0:b7:a1:7d:09:a6:e5:36:0e:62:e3:e5:5d:
                    d6:66:bb:0e:63:54:57:ec:d6:dd:cd:df:04:97:62:
                    5b:b5:36:55:24:50:bf:1f:fb:69:3b:7c:38:f8:12:
                    a2:a1:7a:0a:4a:d4:d0:37:24:1d:a2:9c:9f:21:ca:
                    a1:9a:e8:34:67:87:dc:00:33:39:c0:45:1f:e7:aa:
                    a8:d8:30:c2:c2:9a:ea:be:f7:90:19:ea:24:3e:ab:
                    81:37:90:a5:5d:0f:0b:13:b2:d8:50:3f:bc:d5:ca:
                    a3:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:6D:E2:8F:C7:6B:2F:B5:91:0F:44:78:47:9E:2A:3F:87:82:ED:0D
            X509v3 Authority Key Identifier:
                keyid:D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/Pm3ij8drL7WRD0R4R54qP4eC7Q0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.72.16.0/23
                  80.72.26.0/23
                IPv6:
                  2a00:8740:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         5e:83:0a:99:ea:12:01:ad:4c:fc:9d:1f:fd:cd:ca:57:6e:6d:
         ab:9e:5d:2d:1d:50:78:29:e0:c4:5a:7c:c4:dd:de:9b:dc:ca:
         66:1d:be:70:38:3e:dc:d9:e7:ab:b8:2a:26:18:62:6e:63:b5:
         36:13:6b:fc:78:3d:7a:91:25:6a:70:c6:b4:99:ef:d1:55:f9:
         ad:0d:b9:90:ac:0a:62:46:90:e2:09:38:ea:90:46:3b:7f:b3:
         6f:fb:53:19:40:d8:75:52:d5:8d:39:bf:5e:b0:ac:b7:9b:e5:
         53:08:d5:81:96:84:0c:2f:bd:b8:ee:70:ac:f7:10:2a:f0:10:
         e9:bc:19:5d:35:57:32:7f:31:b7:44:ec:8d:d7:cf:24:fb:4a:
         27:f2:49:bf:49:93:11:6b:7e:a6:a2:80:b6:3c:00:83:79:f4:
         82:00:01:87:dc:cc:bc:c8:1d:5c:27:04:01:0d:c6:40:be:27:
         0f:88:27:54:7c:14:1b:35:b0:7f:6d:d3:1f:96:64:19:03:df:
         e2:90:a6:45:bb:85:36:0e:7b:20:ed:6e:61:9b:a5:5d:b0:ec:
         be:23:64:f4:4f:c4:b6:cc:00:6a:ff:08:ca:fd:4d:01:1d:a9:
         bd:6a:c6:c7:10:7f:14:0f:af:15:98:27:19:79:05:4b:df:1d:
         dc:b6:98:fd
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZg3cAejGg8MsAXFNQt5p/RXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZTk3MDMzYTM2YWE5YmNjMGMyZjE2N2U2MjBkN2NhMTQ5
M2NiZWEwHhcNMjUwNzIzMTMxOTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTZkZTI4ZmM3NmIyZmI1OTEwZjQ0Nzg0NzllMmEzZjg3ODJlZDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GBYX6c/zr4a67goAwEUplvJogIL
oi/wkowDXujrUv6r06I3vkKR5YD8XSfy5BVxWoYzv08TFWVZNiwjdARQgzUUW5su
fYIQxDEY9Pr26B+5LRpOJJDKd40RMyGEnfk/l0a0x+0YRiWMrFKmKtLS+hAS+q8F
/TGZw8vTFke8ss2xEFhWAkF7bmczLW9svosNUUP9/go9EcC3oX0JpuU2DmLj5V3W
ZrsOY1RX7Nbdzd8El2JbtTZVJFC/H/tpO3w4+BKioXoKStTQNyQdopyfIcqhmug0
Z4fcADM5wEUf56qo2DDCwprqvveQGeokPquBN5ClXQ8LE7LYUD+81cqjEQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFD5t4o/Hay+1kQ9EeEeeKj+Hgu0NMB8GA1UdIwQY
MBaAFNPpcDOjaqm8wMLxZ+Yg18oUk8vqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMt
ZGJmOWQ0MWYxNzk4LzEvUG0zaWo4ZHJMN1dSRDBSNFI1NHFQNGVDN1EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMtZGJmOWQ0MWYxNzk4
LzEvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQBUEgQAwQB
UEgaMA4EAgACMAgDBgAqAIdABTANBgkqhkiG9w0BAQsFAAOCAQEAXoMKmeoSAa1M
/J0f/c3KV25tq55dLR1QeCngxFp8xN3em9zKZh2+cDg+3Nnnq7gqJhhibmO1NhNr
/Hg9epElanDGtJnv0VX5rQ25kKwKYkaQ4gk46pBGO3+zb/tTGUDYdVLVjTm/XrCs
t5vlUwjVgZaEDC+9uO5wrPcQKvAQ6bwZXTVXMn8xt0TsjdfPJPtKJ/JJv0mTEWt+
pqKAtjwAg3n0ggABh9zMvMgdXCcEAQ3GQL4nD4gnVHwUGzWwf23TH5ZkGQPf4pCm
RbuFNg57IO1uYZulXbDsviNk9E/EtswAav8Iyv1NAR2pvWrGxxB/FA+vFZgnGXkF
S98d3LaY/Q==
-----END CERTIFICATE-----