Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/pVuQNJU51qgXl6EvAs9OvUZiHUE.roa
File:                     pVuQNJU51qgXl6EvAs9OvUZiHUE.roa (raw, json)
Hash identifier:          XUDf5S7yPcb9MpJyYVaXItAlTEOXiUY5SbWs4iqB1Mk=
Subject key identifier:   A5:5B:90:34:95:39:D6:A8:17:97:A1:2F:02:CF:4E:BD:46:62:1D:41
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       01980E6BE7D5340D3F38F823CE5DA4E9D93D
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/pVuQNJU51qgXl6EvAs9OvUZiHUE.roa
Signing time:             Tue 15 Jul 2025 14:10:09 +0000
ROA not before:           Tue 15 Jul 2025 14:10:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211798
IP address blocks:        2a03:5840:124::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 22:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0e:6b:e7:d5:34:0d:3f:38:f8:23:ce:5d:a4:e9:d9:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jul 15 14:10:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a55b90349539d6a81797a12f02cf4ebd46621d41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e8:f2:11:a0:72:84:1a:db:4b:cf:5f:fc:46:
                    e8:b3:d7:a0:5a:f8:db:ad:2f:e4:c2:1d:32:28:b2:
                    16:fb:1c:ae:a6:f1:c2:a8:f0:4f:8d:6b:da:7e:49:
                    2a:aa:1d:a4:48:99:d6:2b:75:b2:73:95:ca:f1:9e:
                    15:47:72:8a:05:d1:05:f4:81:96:c0:72:af:d8:85:
                    2f:22:15:4c:49:2f:04:4f:07:8d:3c:46:38:ca:8b:
                    e0:3b:ae:1d:a2:42:c5:b9:66:49:45:8b:ce:c7:85:
                    a5:30:28:16:ea:2e:b7:7d:ab:3d:6c:3f:77:1b:f5:
                    ed:f8:aa:6e:59:c9:b2:8d:68:25:35:e7:4a:a5:98:
                    5e:b2:a7:de:fd:a8:e2:f0:7f:c2:6a:ee:7a:df:b8:
                    af:a3:08:df:c7:59:2e:9d:08:fb:49:c3:7c:15:66:
                    7e:d2:17:4f:f1:dd:a7:34:37:c9:36:63:11:da:75:
                    64:d2:51:77:1b:9d:0a:34:83:28:a3:b9:1b:3d:5d:
                    a0:31:ff:f8:60:1f:0a:c8:88:d2:97:f0:5c:d1:07:
                    99:2d:00:15:8d:d1:db:59:ac:1b:f7:07:1d:91:b8:
                    09:d8:36:0c:66:a7:d2:b8:bd:c3:27:d4:36:2b:a3:
                    12:78:79:f0:68:c3:b8:ee:55:03:fb:55:95:51:b9:
                    38:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:5B:90:34:95:39:D6:A8:17:97:A1:2F:02:CF:4E:BD:46:62:1D:41
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/pVuQNJU51qgXl6EvAs9OvUZiHUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:124::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:39:e1:b1:89:06:6f:4b:cd:6a:a4:2d:7f:14:ba:5c:fd:3f:
         4e:21:e8:e8:9c:2f:f9:d9:2c:28:85:75:a2:a5:a5:f8:d3:6a:
         00:e8:88:8b:ef:13:b3:3d:1d:f8:cb:08:fd:61:97:62:ac:c2:
         9c:1f:b6:76:e5:6b:5c:e2:62:56:aa:b8:6b:51:68:ad:22:5a:
         2c:79:55:42:3b:29:66:75:41:c3:55:62:b6:a6:48:19:93:ba:
         24:a3:5c:6f:8e:d2:d8:07:2e:fc:bd:e7:b8:ab:27:04:0a:32:
         a8:a5:d0:d6:0f:d6:34:b3:3a:25:2b:fc:f8:e3:55:cb:07:93:
         1e:74:28:97:e8:a5:bd:17:51:51:c6:5c:52:bc:bf:17:a4:fc:
         2f:f2:5f:67:4e:7a:60:4b:d7:c0:bb:eb:e4:23:ba:e4:c6:a2:
         27:33:7d:80:13:85:ca:15:e3:1b:63:be:5b:ce:e1:63:72:3e:
         a7:24:df:fe:98:17:6e:8e:27:3b:3b:af:ce:f2:fb:b8:78:51:
         0b:23:0f:ab:47:b7:c9:1b:5e:f7:52:0f:fc:e0:ec:00:d2:c1:
         31:f1:38:f0:ef:d2:11:33:8c:1f:d3:d9:61:d2:22:51:05:4e:
         7e:f8:41:d3:42:7f:3f:9a:e4:13:81:2d:27:6d:5b:75:a3:86:
         fd:3b:49:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgOa+fVNA0/OPgjzl2k6dk9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUwNzE1MTQxMDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTViOTAzNDk1MzlkNmE4MTc5N2ExMmYwMmNmNGViZDQ2NjIxZDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOjyEaByhBrbS89f/Ebos9egWvjb
rS/kwh0yKLIW+xyupvHCqPBPjWvafkkqqh2kSJnWK3Wyc5XK8Z4VR3KKBdEF9IGW
wHKv2IUvIhVMSS8ETweNPEY4yovgO64dokLFuWZJRYvOx4WlMCgW6i63fas9bD93
G/Xt+KpuWcmyjWglNedKpZhesqfe/aji8H/Cau5637ivowjfx1kunQj7ScN8FWZ+
0hdP8d2nNDfJNmMR2nVk0lF3G50KNIMoo7kbPV2gMf/4YB8KyIjSl/Bc0QeZLQAV
jdHbWawb9wcdkbgJ2DYMZqfSuL3DJ9Q2K6MSeHnwaMO47lUD+1WVUbk4eQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKVbkDSVOdaoF5ehLwLPTr1GYh1BMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvcFZ1UU5KVTUxcWdYbDZFdkFzOU92VVppSFVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEk
MA0GCSqGSIb3DQEBCwUAA4IBAQAGOeGxiQZvS81qpC1/FLpc/T9OIejonC/52Swo
hXWipaX402oA6IiL7xOzPR34ywj9YZdirMKcH7Z25Wtc4mJWqrhrUWitIloseVVC
OylmdUHDVWK2pkgZk7oko1xvjtLYBy78vee4qycECjKopdDWD9Y0szolK/z441XL
B5MedCiX6KW9F1FRxlxSvL8XpPwv8l9nTnpgS9fAu+vkI7rkxqInM32AE4XKFeMb
Y75bzuFjcj6nJN/+mBdujic7O6/O8vu4eFELIw+rR7fJG173Ug/84OwA0sEx8Tjw
79IRM4wf09lh0iJRBU5++EHTQn8/muQTgS0nbVt1o4b9O0lk
-----END CERTIFICATE-----